我一直无法使用 pubkey 身份验证进行 ssh。我一直在设置一个新服务器,但它无法正常工作。
我对默认 sshd_config 的更改是这样设置的:
sed -i 's/#PasswordAuthentication.*/PasswordAuthentication no/' /etc/ssh/sshd_config
sed -i 's/#PermitRootLogin.*/PermitRootLogin no/' /etc/ssh/sshd_config
sed -i 's/X11Forwarding.*/X11Forwarding no/' /etc/ssh/sshd_config
从服务器运行:
user@storage:~/.ssh$ sudo /usr/sbin/sshd -d -p 2222
debug1: sshd version OpenSSH_8.2, OpenSSL 1.1.1f 31 Mar 2020
debug1: private host key #0: ssh-rsa SHA256:nC8X55Nqg+Tl222a3FtJy304XPzIpEU9LwXxFB5iTa8
debug1: private host key #1: ecdsa-sha2-nistp256 SHA256:DpGM4IpHZ4RVwH1AUhnle9Ts51y2vrgLFBtGC+sa1Ho
debug1: private host key #2: ssh-ed25519 SHA256:6//2szDkpcZRGEdamM0/kgvH5xYR19/pQmTrjtLSGNU
debug1: rexec_argv[0]='/usr/sbin/sshd'
debug1: rexec_argv[1]='-d'
debug1: rexec_argv[2]='-p'
debug1: rexec_argv[3]='2222'
debug1: Set /proc/self/oom_score_adj from 0 to -1000
debug1: Bind to port 2222 on 0.0.0.0.
Server listening on 0.0.0.0 port 2222.
debug1: Bind to port 2222 on ::.
Server listening on :: port 2222.
debug1: Server will not fork when running in debugging mode.
debug1: rexec start in 5 out 5 newsock 5 pipe -1 sock 8
debug1: sshd version OpenSSH_8.2, OpenSSL 1.1.1f 31 Mar 2020
debug1: private host key #0: ssh-rsa SHA256:nC8X55Nqg+Tl222a3FtJy304XPzIpEU9LwXxFB5iTa8
debug1: private host key #1: ecdsa-sha2-nistp256 SHA256:DpGM4IpHZ4RVwH1AUhnle9Ts51y2vrgLFBtGC+sa1Ho
debug1: private host key #2: ssh-ed25519 SHA256:6//2szDkpcZRGEdamM0/kgvH5xYR19/pQmTrjtLSGNU
debug1: inetd sockets after dupping: 3, 3
Connection from 192.168.1.10 port 34130 on 192.168.1.13 port 2222 rdomain ""
debug1: Local version string SSH-2.0-OpenSSH_8.2p1 Ubuntu-4ubuntu0.1
debug1: Remote protocol version 2.0, remote software version OpenSSH_8.2p1 Ubuntu-4ubuntu0.1
debug1: match: OpenSSH_8.2p1 Ubuntu-4ubuntu0.1 pat OpenSSH* compat 0x04000000
debug1: permanently_set_uid: 126/65534 [preauth]
debug1: list_hostkey_types: rsa-sha2-512,rsa-sha2-256,ssh-rsa,ecdsa-sha2-nistp256,ssh-ed25519 [preauth]
debug1: SSH2_MSG_KEXINIT sent [preauth]
debug1: SSH2_MSG_KEXINIT received [preauth]
debug1: kex: algorithm: curve25519-sha256 [preauth]
debug1: kex: host key algorithm: ecdsa-sha2-nistp256 [preauth]
debug1: kex: client->server cipher: [email protected] MAC: <implicit> compression: none [preauth]
debug1: kex: server->client cipher: [email protected] MAC: <implicit> compression: none [preauth]
debug1: expecting SSH2_MSG_KEX_ECDH_INIT [preauth]
debug1: rekey out after 134217728 blocks [preauth]
debug1: SSH2_MSG_NEWKEYS sent [preauth]
debug1: Sending SSH2_MSG_EXT_INFO [preauth]
debug1: expecting SSH2_MSG_NEWKEYS [preauth]
debug1: SSH2_MSG_NEWKEYS received [preauth]
debug1: rekey in after 134217728 blocks [preauth]
debug1: KEX done [preauth]
debug1: userauth-request for user user service ssh-connection method none [preauth]
debug1: attempt 0 failures 0 [preauth]
debug1: userauth-request for user user service ssh-connection method publickey [preauth]
debug1: attempt 1 failures 0 [preauth]
debug1: userauth_pubkey: test pkalg ssh-ed25519 pkblob ED25519 SHA256:FSrXJhrKh9s4r+GzeZ2NE6Pkwdbp/LNChHNz0OP34jk [preauth]
debug1: temporarily_use_uid: 1000/1000 (e=0/0)
debug1: trying public key file /home/user/.ssh/authorized_keys
debug1: fd 4 clearing O_NONBLOCK
debug1: restore_uid: 0/0
debug1: temporarily_use_uid: 1000/1000 (e=0/0)
debug1: trying public key file /home/user/.ssh/authorized_keys2
debug1: Could not open authorized keys '/home/user/.ssh/authorized_keys2': No such file or directory
debug1: restore_uid: 0/0
Failed publickey for user from 192.168.1.10 port 34130 ssh2: ED25519 SHA256:FSrXJhrKh9s4r+GzeZ2NE6Pkwdbp/LNChHNz0OP34jk
debug1: userauth-request for user user service ssh-connection method publickey [preauth]
debug1: attempt 2 failures 1 [preauth]
debug1: userauth_pubkey: test pkalg ecdsa-sha2-nistp521 pkblob ECDSA SHA256:T62aYA0CM4ZkwiU6GffBRP0j5gP6Jjown8DF/pQsfAE [preauth]
debug1: temporarily_use_uid: 1000/1000 (e=0/0)
debug1: trying public key file /home/user/.ssh/authorized_keys
debug1: fd 4 clearing O_NONBLOCK
debug1: restore_uid: 0/0
debug1: temporarily_use_uid: 1000/1000 (e=0/0)
debug1: trying public key file /home/user/.ssh/authorized_keys2
debug1: Could not open authorized keys '/home/user/.ssh/authorized_keys2': No such file or directory
debug1: restore_uid: 0/0
Failed publickey for user from 192.168.1.10 port 34130 ssh2: ECDSA SHA256:T62aYA0CM4ZkwiU6GffBRP0j5gP6Jjown8DF/pQsfAE
Connection closed by authenticating user user 192.168.1.10 port 34130 [preauth]
debug1: do_cleanup [preauth]
debug1: monitor_read_log: child log fd closed
debug1: do_cleanup
debug1: Killing privsep child 72241
debug1: audit_event: unhandled event 12
我的 homedir、.ssh 和 authorized_keys 的相关权限:
drwxr-xr-x 18 user user 4096 Sep 16 07:31 user/
drwx------ 2 user user 4096 Sep 16 07:31 .ssh/
-rw-r--r-- 1 user user 96 Sep 16 06:42 authorized_keys
作为我设置的实验PasswordAuthentication yes
,并且能够连接。此外,我还能够成功连接到使用 pubkey 身份验证(使用相同密钥)的另一台服务器,因此我知道客户端已正确设置密钥以供使用。