我在 Windows 10 上。需要 ssh 到 Linux CentOS 服务器。尝试 Putty 和 Windows SSH(在功能中打开。Powershell?)。
使用 PuttyGen,我生成了一个私有和公共 RSA 密钥对 - rsa 和 rsa.pub ,没有任何密码。这两个文件都在我的桌面上。server333 在 C:\Users\johndoe.ssh\known_hosts 中有一个条目。我的 Windows PC 上的 .ssh 目录中没有其他文件或目录。公钥也被复制到linux盒子的/home/johndoe/.ssh/authorized_keys
我试过ssh -i rsa -vvv server333
了,但它不起作用。这是日志:
c:\Users\johndoe\Desktop>ssh -i rsa -vvv server333
OpenSSH_for_Windows_7.7p1, LibreSSL 2.6.5
debug3: Failed to open file:C:/Users/johndoe/.ssh/config error:2
debug3: Failed to open file:C:/ProgramData/ssh/ssh_config error:2
debug2: resolving "server333" port 22
debug2: ssh_connect_direct: needpriv 0
debug1: Connecting to server333 [1.2.3.4] port 22.
debug1: Connection established.
key_load_public: invalid format
debug1: identity file rsa type -1
debug3: Failed to open file:c:/Users/johndoe/Desktop/rsa-cert error:2
debug3: Failed to open file:c:/Users/johndoe/Desktop/rsa-cert.pub error:2
debug1: key_load_public: No such file or directory
debug1: identity file rsa-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_for_Windows_7.7
debug1: Remote protocol version 2.0, remote software version OpenSSH_7.4
debug1: match: OpenSSH_7.4 pat OpenSSH* compat 0x04000000
debug2: fd 3 setting O_NONBLOCK
debug1: Authenticating to server333:22 as 'corp\\johndoe'
debug3: hostkeys_foreach: reading file "C:\\Users\\johndoe/.ssh/known_hosts"
debug3: record_hostkey: found key type RSA in file C:\\Users\\johndoe/.ssh/known_hosts:1
debug3: load_hostkeys: loaded 1 keys from server333
debug3: Failed to open file:C:/Users/johndoe/.ssh/known_hosts2 error:2
debug3: Failed to open file:C:/ProgramData/ssh/ssh_known_hosts error:2
debug3: Failed to open file:C:/ProgramData/ssh/ssh_known_hosts2 error:2
debug3: order_hostkeyalgs: prefer hostkeyalgs: [email protected],rsa-sha2-512,rsa-sha2-256,ssh-rsa
debug3: send packet: type 20
debug1: SSH2_MSG_KEXINIT sent
debug3: receive packet: type 20
debug1: SSH2_MSG_KEXINIT received
debug2: local client KEXINIT proposal
debug2: KEX algorithms: curve25519-sha256,[email protected],ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c
debug2: host key algorithms: [email protected],rsa-sha2-512,rsa-sha2-256,ssh-rsa,[email protected],[email protected],[email protected],[email protected],ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519
debug2: ciphers ctos: [email protected],aes128-ctr,aes192-ctr,aes256-ctr,[email protected],[email protected]
debug2: ciphers stoc: [email protected],aes128-ctr,aes192-ctr,aes256-ctr,[email protected],[email protected]
debug2: MACs ctos: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: MACs stoc: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: compression ctos: none
debug2: compression stoc: none
debug2: languages ctos:
debug2: languages stoc:
debug2: first_kex_follows 0
debug2: reserved 0
debug2: peer server KEXINIT proposal
debug2: KEX algorithms: [email protected],ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,diffie-hellman-group-exchange-sha256
debug2: host key algorithms: ssh-rsa,rsa-sha2-512,rsa-sha2-256
debug2: ciphers ctos: [email protected],[email protected],[email protected],aes256-ctr,aes192-ctr,aes128-ctr
debug2: ciphers stoc: [email protected],[email protected],[email protected],aes256-ctr,aes192-ctr,aes128-ctr
debug2: MACs ctos: [email protected],[email protected],[email protected],hmac-sha2-512,hmac-sha2-256,[email protected]
debug2: MACs stoc: [email protected],[email protected],[email protected],hmac-sha2-512,hmac-sha2-256,[email protected]
debug2: compression ctos: none,[email protected]
debug2: compression stoc: none,[email protected]
debug2: languages ctos:
debug2: languages stoc:
debug2: first_kex_follows 0
debug2: reserved 0
debug1: kex: algorithm: [email protected]
debug1: kex: host key algorithm: rsa-sha2-512
debug1: kex: server->client cipher: [email protected] MAC: <implicit> compression: none
debug1: kex: client->server cipher: [email protected] MAC: <implicit> compression: none
debug3: send packet: type 30
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug3: receive packet: type 31
debug1: Server host key: ssh-rsa SHA256:abcd
debug3: hostkeys_foreach: reading file "C:\\Users\\johndoe/.ssh/known_hosts"
debug3: record_hostkey: found key type RSA in file C:\\Users\\johndoe/.ssh/known_hosts:1
debug3: load_hostkeys: loaded 1 keys from server333
debug3: Failed to open file:C:/Users/johndoe/.ssh/known_hosts2 error:2
debug3: Failed to open file:C:/ProgramData/ssh/ssh_known_hosts error:2
debug3: Failed to open file:C:/ProgramData/ssh/ssh_known_hosts2 error:2
debug3: hostkeys_foreach: reading file "C:\\Users\\johndoe/.ssh/known_hosts"
debug3: record_hostkey: found key type RSA in file C:\\Users\\johndoe/.ssh/known_hosts:1
debug3: load_hostkeys: loaded 1 keys from 1.2.3.4
debug3: Failed to open file:C:/Users/johndoe/.ssh/known_hosts2 error:2
debug3: Failed to open file:C:/ProgramData/ssh/ssh_known_hosts error:2
debug3: Failed to open file:C:/ProgramData/ssh/ssh_known_hosts2 error:2
debug1: Host 'server333' is known and matches the RSA host key.
debug1: Found key in C:\\Users\\johndoe/.ssh/known_hosts:1
debug3: send packet: type 21
debug2: set_newkeys: mode 1
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug3: receive packet: type 21
debug1: SSH2_MSG_NEWKEYS received
debug2: set_newkeys: mode 0
debug1: rekey after 134217728 blocks
debug3: unable to connect to pipe \\\\.\\pipe\\openssh-ssh-agent, error: 2
debug1: pubkey_prepare: ssh_get_authentication_socket: The socket is not connected
debug2: key: rsa (0000000000000000), explicit
debug3: send packet: type 5
debug3: receive packet: type 7
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<rsa-sha2-256,rsa-sha2-512>
debug3: receive packet: type 6
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug3: send packet: type 50
debug3: receive packet: type 53
debug3: input_userauth_banner
NOTICE TO USERS
=============================================================================
This is an official computer system and is the property of
ACME, Inc. It is for authorized users only. Unauthorized users are
prohibited. Users (authorized or unauthorized) have no explicit or
implicit expectation of privacy. Any or all uses of this system may be
subject to one or more of the following actions: interception,
monitoring, recording, auditing, inspection and disclosing to security
personnel and law enforcement personnel, as well as authorized officials
of other agencies, both domestic and foreign. By using this system, the
user consents to these actions. Unauthorized or improper use of this
system may result in administrative disciplinary action and civil and
criminal penalties. By accessing this system you indicate your awareness
of and consent to these terms and conditions of use. Discontinue access
immediately if you do not agree to the conditions stated in this notice.
=============================================================================
debug3: receive packet: type 51
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
debug3: start over, passed a different list publickey,gssapi-keyex,gssapi-with-mic,password
debug3: preferred publickey,keyboard-interactive,password
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Trying private key: rsa
debug3: sign_and_send_pubkey: RSA SHA256:zyxw
debug3: send packet: type 50
debug2: we sent a publickey packet, wait for reply
debug3: receive packet: type 51
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
debug2: we did not send a packet, disable method
debug3: authmethod_lookup password
debug3: remaining preferred: ,password
debug3: authmethod_is_enabled password
debug1: Next authentication method: password
debug3: failed to open file:c:/dev/tty error:3
debug1: read_passphrase: can't open /dev/tty: No such file or directory
corp\johndoe@server333's password:
您似乎没有在 SSH 主机服务器上定义用户名。
您仍然可以这样做,但您必须定义
user
on SSH 配置文件,例如:然后您可以使用以下命令远程服务器:
注意:确保配置文件有
600
权限您说您运行的命令与您实际运行的命令不同。
你说你做了什么:
你实际上做了什么:
在这里,我们看到 ssh 抱怨它找不到您指定的密钥文件。
从命令中删除
.pub
后缀,确保密钥文件确实存在,然后重试。Putty 和 PowerShell 生成/使用不同的密钥格式。使用 SSH,所有的星星都必须对齐,由于 PowerShell 和 Putty 之间的不一致,您可能没有使用正确的密钥格式。如果您在 Putty 中生成了一个密钥并将相应的公钥上传到服务器,您将无法通过 PowerShell 登录,因为它需要不同的密钥格式。
我会尝试重新生成密钥并从头开始。确保这次保持一致。如果您使用 PowerShell 生成了 RSA 密钥,请确保将相应的 RSA 公钥(也由 PowerShell 生成)上传到服务器。
为 PowerShell 和 Putty 生成单独的密钥对可能更容易。然后,您需要将两个公钥(一个用于 Putty,一个用于 PowerShell)上传到服务器上的 authorized_keys 文件。
https://www.ssh.com/ssh/keygen/#choosing-an-algorithm-and-key-size
https://www.rfc-editor.org/rfc/rfc4716#:~:text=In%20order%20to%20implement%20public,bytes%20 exclude%20line%20termination%20characters。
https://www.digitalocean.com/community/tutorials/understanding-the-ssh-encryption-and-connection-process
终于想通了 - 这里有两个问题:
如果不指定用户名,Windows SSH 默认为 DOMAIN\johndoe(这显然是 Windows 用户名),而 linux 服务器只需要 johndoe。要修复此呼叫
ssh johndoe@server333
而不是,ssh server333
然后尝试输入用户名。它还要求文件名具有限制性权限(只有您,所有者,必须拥有权限,其他人都不应该)。要解决此问题,请从文件的安全权限中删除所有其他用户
一旦我做了两个,它就像一个魅力。您不需要将公钥放在本地 home/.ssh 文件夹中。您可以将您的私钥命名为 id_rsa(不带任何扩展名),并将其放在 home/.ssh 文件夹中,然后使用连接到服务器
ssh johndoe@server333