我使用的是 Windows 10。嘗試 Putty 和 Windows SSH(在功能中開啟.. Powershell?)。
使用 PuttyGen,我產生了一個私人和公共 RSA 金鑰對 - rsa & rsa.pub ,沒有任何密碼。這兩個文件都在我的桌面上。 server333 在 C:\Users\johndoe.ssh\known_hosts 中有一個條目。我的 Windows PC 上的 .ssh 目錄中沒有其他檔案或目錄。公鑰也被複製到linux盒子的/home/johndoe/.ssh/authorized_keys中
我嘗試過ssh -i rsa -vvv server333,但它不起作用。這是日誌:
c:\Users\johndoe\Desktop>ssh -i rsa -vvv server333
OpenSSH_for_Windows_7.7p1, LibreSSL 2.6.5
debug3: Failed to open file:C:/Users/johndoe/.ssh/config error:2
debug3: Failed to open file:C:/ProgramData/ssh/ssh_config error:2
debug2: resolving "server333" port 22
debug2: ssh_connect_direct: needpriv 0
debug1: Connecting to server333 [1.2.3.4] port 22.
debug1: Connection established.
key_load_public: invalid format
debug1: identity file rsa type -1
debug3: Failed to open file:c:/Users/johndoe/Desktop/rsa-cert error:2
debug3: Failed to open file:c:/Users/johndoe/Desktop/rsa-cert.pub error:2
debug1: key_load_public: No such file or directory
debug1: identity file rsa-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_for_Windows_7.7
debug1: Remote protocol version 2.0, remote software version OpenSSH_7.4
debug1: match: OpenSSH_7.4 pat OpenSSH* compat 0x04000000
debug2: fd 3 setting O_NONBLOCK
debug1: Authenticating to server333:22 as 'corp\\johndoe'
debug3: hostkeys_foreach: reading file "C:\\Users\\johndoe/.ssh/known_hosts"
debug3: record_hostkey: found key type RSA in file C:\\Users\\johndoe/.ssh/known_hosts:1
debug3: load_hostkeys: loaded 1 keys from server333
debug3: Failed to open file:C:/Users/johndoe/.ssh/known_hosts2 error:2
debug3: Failed to open file:C:/ProgramData/ssh/ssh_known_hosts error:2
debug3: Failed to open file:C:/ProgramData/ssh/ssh_known_hosts2 error:2
debug3: order_hostkeyalgs: prefer hostkeyalgs: [email protected],rsa-sha2-512,rsa-sha2-256,ssh-rsa
debug3: send packet: type 20
debug1: SSH2_MSG_KEXINIT sent
debug3: receive packet: type 20
debug1: SSH2_MSG_KEXINIT received
debug2: local client KEXINIT proposal
debug2: KEX algorithms: curve25519-sha256,[email protected],ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c
debug2: host key algorithms: [email protected],rsa-sha2-512,rsa-sha2-256,ssh-rsa,[email protected],[email protected],[email protected],[email protected],ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519
debug2: ciphers ctos: [email protected],aes128-ctr,aes192-ctr,aes256-ctr,[email protected],[email protected]
debug2: ciphers stoc: [email protected],aes128-ctr,aes192-ctr,aes256-ctr,[email protected],[email protected]
debug2: MACs ctos: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: MACs stoc: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: compression ctos: none
debug2: compression stoc: none
debug2: languages ctos:
debug2: languages stoc:
debug2: first_kex_follows 0
debug2: reserved 0
debug2: peer server KEXINIT proposal
debug2: KEX algorithms: [email protected],ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,diffie-hellman-group-exchange-sha256
debug2: host key algorithms: ssh-rsa,rsa-sha2-512,rsa-sha2-256
debug2: ciphers ctos: [email protected],[email protected],[email protected],aes256-ctr,aes192-ctr,aes128-ctr
debug2: ciphers stoc: [email protected],[email protected],[email protected],aes256-ctr,aes192-ctr,aes128-ctr
debug2: MACs ctos: [email protected],[email protected],[email protected],hmac-sha2-512,hmac-sha2-256,[email protected]
debug2: MACs stoc: [email protected],[email protected],[email protected],hmac-sha2-512,hmac-sha2-256,[email protected]
debug2: compression ctos: none,[email protected]
debug2: compression stoc: none,[email protected]
debug2: languages ctos:
debug2: languages stoc:
debug2: first_kex_follows 0
debug2: reserved 0
debug1: kex: algorithm: [email protected]
debug1: kex: host key algorithm: rsa-sha2-512
debug1: kex: server->client cipher: [email protected] MAC: <implicit> compression: none
debug1: kex: client->server cipher: [email protected] MAC: <implicit> compression: none
debug3: send packet: type 30
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug3: receive packet: type 31
debug1: Server host key: ssh-rsa SHA256:abcd
debug3: hostkeys_foreach: reading file "C:\\Users\\johndoe/.ssh/known_hosts"
debug3: record_hostkey: found key type RSA in file C:\\Users\\johndoe/.ssh/known_hosts:1
debug3: load_hostkeys: loaded 1 keys from server333
debug3: Failed to open file:C:/Users/johndoe/.ssh/known_hosts2 error:2
debug3: Failed to open file:C:/ProgramData/ssh/ssh_known_hosts error:2
debug3: Failed to open file:C:/ProgramData/ssh/ssh_known_hosts2 error:2
debug3: hostkeys_foreach: reading file "C:\\Users\\johndoe/.ssh/known_hosts"
debug3: record_hostkey: found key type RSA in file C:\\Users\\johndoe/.ssh/known_hosts:1
debug3: load_hostkeys: loaded 1 keys from 1.2.3.4
debug3: Failed to open file:C:/Users/johndoe/.ssh/known_hosts2 error:2
debug3: Failed to open file:C:/ProgramData/ssh/ssh_known_hosts error:2
debug3: Failed to open file:C:/ProgramData/ssh/ssh_known_hosts2 error:2
debug1: Host 'server333' is known and matches the RSA host key.
debug1: Found key in C:\\Users\\johndoe/.ssh/known_hosts:1
debug3: send packet: type 21
debug2: set_newkeys: mode 1
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug3: receive packet: type 21
debug1: SSH2_MSG_NEWKEYS received
debug2: set_newkeys: mode 0
debug1: rekey after 134217728 blocks
debug3: unable to connect to pipe \\\\.\\pipe\\openssh-ssh-agent, error: 2
debug1: pubkey_prepare: ssh_get_authentication_socket: The socket is not connected
debug2: key: rsa (0000000000000000), explicit
debug3: send packet: type 5
debug3: receive packet: type 7
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<rsa-sha2-256,rsa-sha2-512>
debug3: receive packet: type 6
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug3: send packet: type 50
debug3: receive packet: type 53
debug3: input_userauth_banner
NOTICE TO USERS
=============================================================================
This is an official computer system and is the property of
ACME, Inc. It is for authorized users only. Unauthorized users are
prohibited. Users (authorized or unauthorized) have no explicit or
implicit expectation of privacy. Any or all uses of this system may be
subject to one or more of the following actions: interception,
monitoring, recording, auditing, inspection and disclosing to security
personnel and law enforcement personnel, as well as authorized officials
of other agencies, both domestic and foreign. By using this system, the
user consents to these actions. Unauthorized or improper use of this
system may result in administrative disciplinary action and civil and
criminal penalties. By accessing this system you indicate your awareness
of and consent to these terms and conditions of use. Discontinue access
immediately if you do not agree to the conditions stated in this notice.
=============================================================================
debug3: receive packet: type 51
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
debug3: start over, passed a different list publickey,gssapi-keyex,gssapi-with-mic,password
debug3: preferred publickey,keyboard-interactive,password
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Trying private key: rsa
debug3: sign_and_send_pubkey: RSA SHA256:zyxw
debug3: send packet: type 50
debug2: we sent a publickey packet, wait for reply
debug3: receive packet: type 51
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
debug2: we did not send a packet, disable method
debug3: authmethod_lookup password
debug3: remaining preferred: ,password
debug3: authmethod_is_enabled password
debug1: Next authentication method: password
debug3: failed to open file:c:/dev/tty error:3
debug1: read_passphrase: can't open /dev/tty: No such file or directory
corp\johndoe@server333's password:
答案1
您似乎沒有在 SSH 主機伺服器上定義使用者名稱。
您仍然可以執行此操作,但必須定義userSSH 設定文件,例如:
vi ~/.ssh/config
...
Host server333
HostName your-server333-ip
User your-user
IdentityFile your-private-key
然後你可以使用以下命令遠端伺服器:
ssh server333
注意:確保設定檔有600權限
答案2
命令你說您執行的命令與您執行的命令不同實際上跑了。
你所說的你所做的:
ssh -i johndoe_privatekey -vvv server333
你實際上做了什麼:
ssh -i johndoe_privatekey.pub -vvv server333
在這裡我們看到 ssh 抱怨它找不到您指定的密鑰檔案。
debug3: Failed to open file:C:/Users/johndoe/Desktop/johndoe_privatekey.pub.pub error:2
debug1: key_load_public: No such file or directory
從命令中刪除.pub後綴,確保密鑰檔案確實存在,然後重試。
答案3
key_load_public:格式無效
Putty 和 PowerShell 產生/使用不同的金鑰格式。對於 SSH,所有的星星都必須對齊,並且由於 PowerShell 和 Putty 之間的不一致,您可能沒有使用正確的金鑰格式。如果您在 Putty 中產生金鑰並將相應的公鑰上傳到伺服器,您將無法透過 PowerShell 登錄,因為它需要不同的金鑰格式。
我會嘗試重新產生密鑰並從頭開始。確保這次保持一致。如果您使用 PowerShell 產生 RSA 金鑰,請確保將對應的 RSA 公鑰(也由 PowerShell 產生)上傳到伺服器。
為 PowerShell 和 Putty 產生單獨的金鑰對可能會更容易。然後,您需要將兩個公鑰(一個用於 Putty,一個用於 PowerShell)上傳到伺服器上的authorized_keys 檔案。
https://www.ssh.com/ssh/keygen/#choosing-an-algorithm-and-key-size
答案4
終於弄清楚了 - 這裡有兩個問題:
如果您不指定使用者名稱,Windows SSH 預設為 DOMAIN\johndoe(這顯然是 Windows 使用者名稱),而 Linux 伺服器只需要 johndoe。要解決此問題,請呼叫
ssh johndoe@server333而不是,ssh server333然後嘗試輸入使用者名稱。它還要求檔案名稱具有限制性權限(只有您(所有者)必須擁有權限,其他人都不應擁有)。若要解決此問題,請刪除所有其他使用者的檔案安全權限
一旦我完成了這兩件事,它就像一個魅力。您不需要將公鑰放在本機 home/.ssh 資料夾中。您可以將您的私鑰命名為 id_rsa (不含任何副檔名),並將其放在 home/.ssh 資料夾中,然後使用連接到伺服器ssh johndoe@server333