将 paramiko 与 ssh-rsa-cert-v01@openssh.com 公共证书一起使用时身份验证失败
我正在使用一个内部系统,当请求 SSH 密钥时,它返回三个文件:
- id_rsa (大概是私钥)
- id_rsa.pub (大概是公钥)
- id_rsa-cert (A 公钥证书?)
-cert 文件开始与 [email protected] 这导致我相信这确实是上面链接的公钥,尽管大多数消息来源都提到了-cert.pub 扩展名。
如果我使用 SSH 代理连接到计算机,似乎一切都正常工作,并且 -cert 文件被识别为“类型 4”:
OpenSSH_8.2p1 Ubuntu-4ubuntu0.4, OpenSSL 1.1.1f 31 Mar 2020
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: include /etc/ssh/ssh_config.d/*.conf matched no files
debug1: /etc/ssh/ssh_config line 21: Applying options for *
debug2: resolve_canonicalize: hostname 10.176.34.90 is address
debug2: ssh_connect_direct
debug1: Connecting to 10.176.34.90 [10.176.34.90] port 22.
debug1: Connection established.
debug1: identity file /tmp/id_rsa type 0
debug1: identity file /tmp/id_rsa-cert type 4
debug1: Local version string SSH-2.0-OpenSSH_8.2p1 Ubuntu-4ubuntu0.4
debug1: Remote protocol version 2.0, remote software version OpenSSH_7.4
debug1: match: OpenSSH_7.4 pat OpenSSH_7.0*,OpenSSH_7.1*,OpenSSH_7.2*,OpenSSH_7.3*,OpenSSH_7.4*,OpenSSH_7.5*,OpenSSH_7.6*,OpenSSH_7.7* compat 0x04000002
debug2: fd 3 setting O_NONBLOCK
debug1: Authenticating to 10.176.34.90:22 as 'ec2-user'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: local client KEXINIT proposal
debug2: KEX algorithms: curve25519-sha256,[email protected],ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,ext-info-c
debug2: host key algorithms: [email protected],[email protected],[email protected],ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],ssh-ed25519,[email protected],rsa-sha2-512,rsa-sha2-256,ssh-rsa
debug2: ciphers ctos: [email protected],aes128-ctr,aes192-ctr,aes256-ctr,[email protected],[email protected]
debug2: ciphers stoc: [email protected],aes128-ctr,aes192-ctr,aes256-ctr,[email protected],[email protected]
debug2: MACs ctos: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: MACs stoc: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: compression ctos: none,[email protected],zlib
debug2: compression stoc: none,[email protected],zlib
debug2: languages ctos:
debug2: languages stoc:
debug2: first_kex_follows 0
debug2: reserved 0
debug2: peer server KEXINIT proposal
debug2: KEX algorithms: curve25519-sha256,[email protected],ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: host key algorithms: ssh-rsa,rsa-sha2-512,rsa-sha2-256,ecdsa-sha2-nistp256,ssh-ed25519
debug2: ciphers ctos: [email protected],aes128-ctr,aes192-ctr,aes256-ctr,[email protected],[email protected],aes128-cbc,aes192-cbc,aes256-cbc,blowfish-cbc,cast128-cbc,3des-cbc
debug2: ciphers stoc: [email protected],aes128-ctr,aes192-ctr,aes256-ctr,[email protected],[email protected],aes128-cbc,aes192-cbc,aes256-cbc,blowfish-cbc,cast128-cbc,3des-cbc
debug2: MACs ctos: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: MACs stoc: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: compression ctos: none,[email protected]
debug2: compression stoc: none,[email protected]
debug2: languages ctos:
debug2: languages stoc:
debug2: first_kex_follows 0
debug2: reserved 0
debug1: kex: algorithm: curve25519-sha256
debug1: kex: host key algorithm: ecdsa-sha2-nistp256
debug1: kex: server->client cipher: [email protected] MAC: <implicit> compression: none
debug1: kex: client->server cipher: [email protected] MAC: <implicit> compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:dcU1jNy+H6haaVGW/O3KKyeQljaFII4B8uztw//VxLM
debug1: Host '10.176.34.90' is known and matches the ECDSA host key.
debug1: Found key in /home/wonderb0lt/.ssh/known_hosts:2
debug2: set_newkeys: mode 1
debug1: rekey out after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug2: set_newkeys: mode 0
debug1: rekey in after 134217728 blocks
debug1: Will attempt key: /tmp/id_rsa RSA SHA256:kmgmx/E7PzCEHvzSPIooMKpEHqmmCDMoRLMAF3JRvug explicit agent
debug1: Will attempt key: /tmp/id_rsa RSA-CERT SHA256:kmgmx/E7PzCEHvzSPIooMKpEHqmmCDMoRLMAF3JRvug explicit
debug2: pubkey_prepare: done
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<rsa-sha2-256,rsa-sha2-512>
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Offering public key: /tmp/id_rsa RSA SHA256:kmgmx/E7PzCEHvzSPIooMKpEHqmmCDMoRLMAF3JRvug explicit agent
debug2: we sent a publickey packet, wait for reply
debug1: Authentications that can continue: publickey
debug1: Offering public key: /tmp/id_rsa RSA-CERT SHA256:kmgmx/E7PzCEHvzSPIooMKpEHqmmCDMoRLMAF3JRvug explicit
debug2: we sent a publickey packet, wait for reply
debug1: Server accepts key: /tmp/id_rsa RSA-CERT SHA256:kmgmx/E7PzCEHvzSPIooMKpEHqmmCDMoRLMAF3JRvug explicit
debug2: sign_and_send_pubkey: using private key "/tmp/id_rsa" for certificate
debug1: Authentication succeeded (publickey).
但是,当我尝试进行类似的连接尝试时在 paramiko 中使用以下代码:
pkey = RSAKey.from_private_key_file('/tmp/kx/id_rsa')
pkey.load_certificate('/tmp/kx/id_rsa-cert')
c = SSHClient()
c.set_missing_host_key_policy(AutoAddPolicy())
c.connect(hostname='10.176.33.64', username='ec2-user', pkey=pkey, allow_agent=False, look_for_keys=False)
print(c.exec_command('ls -l'))
我遇到了身份验证异常:
DEBUG:paramiko.transport:starting thread (client mode): 0x6f9d3a60
DEBUG:paramiko.transport:Local version/idstring: SSH-2.0-paramiko_2.9.2
DEBUG:paramiko.transport:Remote version/idstring: SSH-2.0-OpenSSH_7.4
INFO:paramiko.transport:Connected (version 2.0, client OpenSSH_7.4)
DEBUG:paramiko.transport:=== Key exchange possibilities ===
DEBUG:paramiko.transport:kex algos: curve25519-sha256, [email protected], ecdh-sha2-nistp256, ecdh-sha2-nistp384, ecdh-sha2-nistp521, diffie-hellman-group-exchange-sha256, diffie-hellman-group16-sha512, diffie-hellman-group18-sha512, diffie-hellman-group-exchange-sha1, diffie-hellman-group14-sha256, diffie-hellman-group14-sha1, diffie-hellman-group1-sha1
DEBUG:paramiko.transport:server key: ssh-rsa, rsa-sha2-512, rsa-sha2-256, ecdsa-sha2-nistp256, ssh-ed25519
DEBUG:paramiko.transport:client encrypt: [email protected], aes128-ctr, aes192-ctr, aes256-ctr, [email protected], [email protected], aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, 3des-cbc
DEBUG:paramiko.transport:server encrypt: [email protected], aes128-ctr, aes192-ctr, aes256-ctr, [email protected], [email protected], aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, 3des-cbc
DEBUG:paramiko.transport:client mac: [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], hmac-sha2-256, hmac-sha2-512, hmac-sha1
DEBUG:paramiko.transport:server mac: [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], hmac-sha2-256, hmac-sha2-512, hmac-sha1
DEBUG:paramiko.transport:client compress: none, [email protected]
DEBUG:paramiko.transport:server compress: none, [email protected]
DEBUG:paramiko.transport:client lang: <none>
DEBUG:paramiko.transport:server lang: <none>
DEBUG:paramiko.transport:kex follows: False
DEBUG:paramiko.transport:=== Key exchange agreements ===
DEBUG:paramiko.transport:Kex: [email protected]
DEBUG:paramiko.transport:HostKey: ssh-ed25519
DEBUG:paramiko.transport:Cipher: aes128-ctr
DEBUG:paramiko.transport:MAC: hmac-sha2-256
DEBUG:paramiko.transport:Compression: none
DEBUG:paramiko.transport:=== End of kex handshake ===
DEBUG:paramiko.transport:kex engine KexCurve25519 specified hash_algo <built-in function openssl_sha256>
DEBUG:paramiko.transport:Switch to new keys ...
DEBUG:paramiko.transport:Got EXT_INFO: {'server-sig-algs': b'rsa-sha2-256,rsa-sha2-512'}
DEBUG:paramiko.transport:Adding ssh-ed25519 host key for 10.176.33.64: b'b0878c9bc616a0c5fa69ee252730bc17'
DEBUG:paramiko.transport:Trying SSH key b'00f98d495396b7cdad1fa25c87e3f694'
DEBUG:paramiko.transport:userauth is OK
DEBUG:paramiko.transport:Finalizing pubkey algorithm for key of type '[email protected]'
DEBUG:paramiko.transport:Our pubkey algorithm list: ['rsa-sha2-512', 'rsa-sha2-256', 'ssh-rsa']
DEBUG:paramiko.transport:Server-side algorithm list: ['rsa-sha2-256', 'rsa-sha2-512']
DEBUG:paramiko.transport:Agreed upon 'rsa-sha2-512' pubkey algorithm
INFO:paramiko.transport:Authentication (publickey) failed.
我没有想法。我尝试将 key_filename 的 pkey 参数切换为引用 -cert 文件以及私钥,并且我'在我的绝望中,我还将id_rsa-cert文件重命名为id_rsa-cert.pub,但都无济于事。
每个 SSH 客户端的连接都有效,这让我相信我以某种方式错误地使用了 Paramiko。我知道 Paramiko >=2.9.0 和 server-sig 存在问题-algs,但我认为这不是问题。如果我按照注释建议排除算法,但这只会导致另一个例外,即无法就任何算法达成一致 - 我相当确定我们的服务器只是为了接受这些特定的密钥类型而构建的。
I am working with an internal system that when asking for SSH keys, it returns three files:
- id_rsa (presumably the private key)
- id_rsa.pub (presumably the public key)
- id_rsa-cert (A public key certificate?)
The -cert file begins with [email protected] which leads me to believe it is indeed the above linked public key although most sources speak of the -cert.pub extension.
If I connect to the machine using the SSH agent, it seems that everything's in working order, and the -cert file is recognized as "type 4":
OpenSSH_8.2p1 Ubuntu-4ubuntu0.4, OpenSSL 1.1.1f 31 Mar 2020
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: include /etc/ssh/ssh_config.d/*.conf matched no files
debug1: /etc/ssh/ssh_config line 21: Applying options for *
debug2: resolve_canonicalize: hostname 10.176.34.90 is address
debug2: ssh_connect_direct
debug1: Connecting to 10.176.34.90 [10.176.34.90] port 22.
debug1: Connection established.
debug1: identity file /tmp/id_rsa type 0
debug1: identity file /tmp/id_rsa-cert type 4
debug1: Local version string SSH-2.0-OpenSSH_8.2p1 Ubuntu-4ubuntu0.4
debug1: Remote protocol version 2.0, remote software version OpenSSH_7.4
debug1: match: OpenSSH_7.4 pat OpenSSH_7.0*,OpenSSH_7.1*,OpenSSH_7.2*,OpenSSH_7.3*,OpenSSH_7.4*,OpenSSH_7.5*,OpenSSH_7.6*,OpenSSH_7.7* compat 0x04000002
debug2: fd 3 setting O_NONBLOCK
debug1: Authenticating to 10.176.34.90:22 as 'ec2-user'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: local client KEXINIT proposal
debug2: KEX algorithms: curve25519-sha256,[email protected],ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,ext-info-c
debug2: host key algorithms: [email protected],[email protected],[email protected],ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],ssh-ed25519,[email protected],rsa-sha2-512,rsa-sha2-256,ssh-rsa
debug2: ciphers ctos: [email protected],aes128-ctr,aes192-ctr,aes256-ctr,[email protected],[email protected]
debug2: ciphers stoc: [email protected],aes128-ctr,aes192-ctr,aes256-ctr,[email protected],[email protected]
debug2: MACs ctos: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: MACs stoc: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: compression ctos: none,[email protected],zlib
debug2: compression stoc: none,[email protected],zlib
debug2: languages ctos:
debug2: languages stoc:
debug2: first_kex_follows 0
debug2: reserved 0
debug2: peer server KEXINIT proposal
debug2: KEX algorithms: curve25519-sha256,[email protected],ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: host key algorithms: ssh-rsa,rsa-sha2-512,rsa-sha2-256,ecdsa-sha2-nistp256,ssh-ed25519
debug2: ciphers ctos: [email protected],aes128-ctr,aes192-ctr,aes256-ctr,[email protected],[email protected],aes128-cbc,aes192-cbc,aes256-cbc,blowfish-cbc,cast128-cbc,3des-cbc
debug2: ciphers stoc: [email protected],aes128-ctr,aes192-ctr,aes256-ctr,[email protected],[email protected],aes128-cbc,aes192-cbc,aes256-cbc,blowfish-cbc,cast128-cbc,3des-cbc
debug2: MACs ctos: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: MACs stoc: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: compression ctos: none,[email protected]
debug2: compression stoc: none,[email protected]
debug2: languages ctos:
debug2: languages stoc:
debug2: first_kex_follows 0
debug2: reserved 0
debug1: kex: algorithm: curve25519-sha256
debug1: kex: host key algorithm: ecdsa-sha2-nistp256
debug1: kex: server->client cipher: [email protected] MAC: <implicit> compression: none
debug1: kex: client->server cipher: [email protected] MAC: <implicit> compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:dcU1jNy+H6haaVGW/O3KKyeQljaFII4B8uztw//VxLM
debug1: Host '10.176.34.90' is known and matches the ECDSA host key.
debug1: Found key in /home/wonderb0lt/.ssh/known_hosts:2
debug2: set_newkeys: mode 1
debug1: rekey out after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug2: set_newkeys: mode 0
debug1: rekey in after 134217728 blocks
debug1: Will attempt key: /tmp/id_rsa RSA SHA256:kmgmx/E7PzCEHvzSPIooMKpEHqmmCDMoRLMAF3JRvug explicit agent
debug1: Will attempt key: /tmp/id_rsa RSA-CERT SHA256:kmgmx/E7PzCEHvzSPIooMKpEHqmmCDMoRLMAF3JRvug explicit
debug2: pubkey_prepare: done
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<rsa-sha2-256,rsa-sha2-512>
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Offering public key: /tmp/id_rsa RSA SHA256:kmgmx/E7PzCEHvzSPIooMKpEHqmmCDMoRLMAF3JRvug explicit agent
debug2: we sent a publickey packet, wait for reply
debug1: Authentications that can continue: publickey
debug1: Offering public key: /tmp/id_rsa RSA-CERT SHA256:kmgmx/E7PzCEHvzSPIooMKpEHqmmCDMoRLMAF3JRvug explicit
debug2: we sent a publickey packet, wait for reply
debug1: Server accepts key: /tmp/id_rsa RSA-CERT SHA256:kmgmx/E7PzCEHvzSPIooMKpEHqmmCDMoRLMAF3JRvug explicit
debug2: sign_and_send_pubkey: using private key "/tmp/id_rsa" for certificate
debug1: Authentication succeeded (publickey).
However, when I try to do a similar connection attempt in paramiko with the following code:
pkey = RSAKey.from_private_key_file('/tmp/kx/id_rsa')
pkey.load_certificate('/tmp/kx/id_rsa-cert')
c = SSHClient()
c.set_missing_host_key_policy(AutoAddPolicy())
c.connect(hostname='10.176.33.64', username='ec2-user', pkey=pkey, allow_agent=False, look_for_keys=False)
print(c.exec_command('ls -l'))
I am greeted with an authentication exception:
DEBUG:paramiko.transport:starting thread (client mode): 0x6f9d3a60
DEBUG:paramiko.transport:Local version/idstring: SSH-2.0-paramiko_2.9.2
DEBUG:paramiko.transport:Remote version/idstring: SSH-2.0-OpenSSH_7.4
INFO:paramiko.transport:Connected (version 2.0, client OpenSSH_7.4)
DEBUG:paramiko.transport:=== Key exchange possibilities ===
DEBUG:paramiko.transport:kex algos: curve25519-sha256, [email protected], ecdh-sha2-nistp256, ecdh-sha2-nistp384, ecdh-sha2-nistp521, diffie-hellman-group-exchange-sha256, diffie-hellman-group16-sha512, diffie-hellman-group18-sha512, diffie-hellman-group-exchange-sha1, diffie-hellman-group14-sha256, diffie-hellman-group14-sha1, diffie-hellman-group1-sha1
DEBUG:paramiko.transport:server key: ssh-rsa, rsa-sha2-512, rsa-sha2-256, ecdsa-sha2-nistp256, ssh-ed25519
DEBUG:paramiko.transport:client encrypt: [email protected], aes128-ctr, aes192-ctr, aes256-ctr, [email protected], [email protected], aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, 3des-cbc
DEBUG:paramiko.transport:server encrypt: [email protected], aes128-ctr, aes192-ctr, aes256-ctr, [email protected], [email protected], aes128-cbc, aes192-cbc, aes256-cbc, blowfish-cbc, cast128-cbc, 3des-cbc
DEBUG:paramiko.transport:client mac: [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], hmac-sha2-256, hmac-sha2-512, hmac-sha1
DEBUG:paramiko.transport:server mac: [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], hmac-sha2-256, hmac-sha2-512, hmac-sha1
DEBUG:paramiko.transport:client compress: none, [email protected]
DEBUG:paramiko.transport:server compress: none, [email protected]
DEBUG:paramiko.transport:client lang: <none>
DEBUG:paramiko.transport:server lang: <none>
DEBUG:paramiko.transport:kex follows: False
DEBUG:paramiko.transport:=== Key exchange agreements ===
DEBUG:paramiko.transport:Kex: [email protected]
DEBUG:paramiko.transport:HostKey: ssh-ed25519
DEBUG:paramiko.transport:Cipher: aes128-ctr
DEBUG:paramiko.transport:MAC: hmac-sha2-256
DEBUG:paramiko.transport:Compression: none
DEBUG:paramiko.transport:=== End of kex handshake ===
DEBUG:paramiko.transport:kex engine KexCurve25519 specified hash_algo <built-in function openssl_sha256>
DEBUG:paramiko.transport:Switch to new keys ...
DEBUG:paramiko.transport:Got EXT_INFO: {'server-sig-algs': b'rsa-sha2-256,rsa-sha2-512'}
DEBUG:paramiko.transport:Adding ssh-ed25519 host key for 10.176.33.64: b'b0878c9bc616a0c5fa69ee252730bc17'
DEBUG:paramiko.transport:Trying SSH key b'00f98d495396b7cdad1fa25c87e3f694'
DEBUG:paramiko.transport:userauth is OK
DEBUG:paramiko.transport:Finalizing pubkey algorithm for key of type '[email protected]'
DEBUG:paramiko.transport:Our pubkey algorithm list: ['rsa-sha2-512', 'rsa-sha2-256', 'ssh-rsa']
DEBUG:paramiko.transport:Server-side algorithm list: ['rsa-sha2-256', 'rsa-sha2-512']
DEBUG:paramiko.transport:Agreed upon 'rsa-sha2-512' pubkey algorithm
INFO:paramiko.transport:Authentication (publickey) failed.
I am out of ideas. I've tried to switch out the pkey parameter for key_filename both referring to the -cert file as well as the private key, and I've also renamed the id_rsa-cert file to id_rsa-cert.pub in my desperation, all to no avail.
That the connection per SSH client works leads me to believe I'm using Paramiko wrong somehow. I'm aware of the issue with Paramiko >=2.9.0 and the server-sig-algs, but I don't think that's the issue. If I exclude the algorithms as the note suggests, but that just leads to another exception that no algorithm could be agreed upon - I'm fairly certain our servers are built just to accept these specific key types.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论