使用 RSA 密钥的 SSH - 权限被拒绝
作为 USER1,我需要从 MACHINE_2 通过 SSH 访问 MACHINE_1,而无需提供密码。
我使用命令 C:\cygwin64\bin\ssh-keygen -t rsa 创建了一对 RSA 密钥(private_key、public_key)。
我已将两个文件 private_key 和 public_key 放在文件夹 C:\cygwin64\home\USER1\.ssh\machines_1_2\ 中。
在 MACHINE_1 上,我将 public_key 文件的内容复制到文件 D:\cygwin\home\USER1\.ssh\authorized_keys 中。
在 MACHINE_2 上,我创建了文件 C:\cygwin64\home\USER1\.ssh\config,其中添加了以下几行:
Host 192.168.77.45
Port 22
IdentityFile ~/.ssh/machines_1_2/private_key
当我尝试通过 SSH 进入 MACHINE_1,我收到“权限被拒绝”消息(请参阅下面的输出)。
USER1@MACHINE_2$ ssh -v 192.168.77.45
OpenSSH_8.9p1, OpenSSL 1.1.1m 14 Dec 2021
debug1: Reading configuration data /etc/ssh_config
debug1: Connecting to 192.168.77.45 [192.168.77.45] port 22.
debug1: Connection established.
debug1: identity file /cygdrive/c/Users/USER1/.ssh/id_rsa type -1
debug1: identity file /cygdrive/c/Users/USER1/.ssh/id_rsa-cert type -1
debug1: identity file /cygdrive/c/Users/USER1/.ssh/id_ecdsa type -1
debug1: identity file /cygdrive/c/Users/USER1/.ssh/id_ecdsa-cert type -1
debug1: identity file /cygdrive/c/Users/USER1/.ssh/id_ecdsa_sk type -1
debug1: identity file /cygdrive/c/Users/USER1/.ssh/id_ecdsa_sk-cert type -1
debug1: identity file /cygdrive/c/Users/USER1/.ssh/id_ed25519 type -1
debug1: identity file /cygdrive/c/Users/USER1/.ssh/id_ed25519-cert type -1
debug1: identity file /cygdrive/c/Users/USER1/.ssh/id_ed25519_sk type -1
debug1: identity file /cygdrive/c/Users/USER1/.ssh/id_ed25519_sk-cert type -1
debug1: identity file /cygdrive/c/Users/USER1/.ssh/id_xmss type -1
debug1: identity file /cygdrive/c/Users/USER1/.ssh/id_xmss-cert type -1
debug1: identity file /cygdrive/c/Users/USER1/.ssh/id_dsa type -1
debug1: identity file /cygdrive/c/Users/USER1/.ssh/id_dsa-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_8.9
debug1: Remote protocol version 2.0, remote software version OpenSSH_6.7
debug1: compat_banner: match: OpenSSH_6.7 pat OpenSSH* compat 0x04000000
debug1: Authenticating to 192.168.77.45:22 as 'MACHINE_1+USER1'
debug1: load_hostkeys: fopen /cygdrive/c/Users/USER1/.ssh/known_hosts2: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh_known_hosts: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh_known_hosts2: No such file or directory
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: [email protected]
debug1: kex: host key algorithm: ecdsa-sha2-nistp256
debug1: kex: server->client cipher: [email protected] MAC: <implicit> compression: none
debug1: kex: client->server cipher: [email protected] MAC: <implicit> compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: SSH2_MSG_KEX_ECDH_REPLY received
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:qSH/p+CitL49lw4RPcwmVd8P+e02Ot1yjTSagmyiZhA
debug1: load_hostkeys: fopen /cygdrive/c/Users/USER1/.ssh/known_hosts2: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh_known_hosts: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh_known_hosts2: No such file or directory
debug1: Host '192.168.77.45' is known and matches the ECDSA host key.
debug1: Found key in /cygdrive/c/Users/USER1/.ssh/known_hosts:1
debug1: rekey out after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey in after 134217728 blocks
debug1: Will attempt key: /cygdrive/c/Users/USER1/.ssh/id_rsa
debug1: Will attempt key: /cygdrive/c/Users/USER1/.ssh/id_ecdsa
debug1: Will attempt key: /cygdrive/c/Users/USER1/.ssh/id_ecdsa_sk
debug1: Will attempt key: /cygdrive/c/Users/USER1/.ssh/id_ed25519
debug1: Will attempt key: /cygdrive/c/Users/USER1/.ssh/id_ed25519_sk
debug1: Will attempt key: /cygdrive/c/Users/USER1/.ssh/id_xmss
debug1: Will attempt key: /cygdrive/c/Users/USER1/.ssh/id_dsa
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,keyboard-interactive
debug1: Next authentication method: publickey
debug1: Trying private key: /cygdrive/c/Users/USER1/.ssh/id_rsa
debug1: Trying private key: /cygdrive/c/Users/USER1/.ssh/id_ecdsa
debug1: Trying private key: /cygdrive/c/Users/USER1/.ssh/id_ecdsa_sk
debug1: Trying private key: /cygdrive/c/Users/USER1/.ssh/id_ed25519
debug1: Trying private key: /cygdrive/c/Users/USER1/.ssh/id_ed25519_sk
debug1: Trying private key: /cygdrive/c/Users/USER1/.ssh/id_xmss
debug1: Trying private key: /cygdrive/c/Users/USER1/.ssh/id_dsa
debug1: Next authentication method: keyboard-interactive
debug1: Authentications that can continue: publickey,keyboard-interactive
debug1: No more authentication methods to try.
[email protected]: Permission denied (publickey,keyboard-interactive).
我想知道这两个“.ssh”目录之间是否没有混淆: C:\cygwin64\home\USER1\.ssh\ 和 C:\Users\USER1\.ssh\ 就我个人而言,我通常总是处理 C:\cygwin64\home\USER1\.ssh\ 目录...而不是另一个。
此外,MACHINE_1 和 MACHINE_2 是两台安装了“Cygwin”的“Windows”计算机。 在 MACHINE_1 上,cygwin 版本为 3.3.4。 在 MACHINE_2 上,cygwin 版本为 1.7.33。
你能帮我调查一下出了什么问题吗?
============ 编辑 1 ================
我安装了新的 Cygwin(v. 3.3.4)在 MACHINE_2 上。
我仍然有同样的问题。
=============编辑2================
它看起来像config文件未被读取。
============编辑3================
我把config文件以及 C:\Users\USER1\.ssh\ 目录中的 machines_1_2 目录,而不是 C:\cygwin64\home\USER1\.ssh\< /代码> 目录。
它允许我通过 SSH 访问 MACHINE_1,而无需输入密码。
直到今天,我一直使用 C:\cygwin64\home\USER1\.ssh\ 目录...
据我所知:
$ set | grep HOME
HOME=/cygdrive/c/Users/USER1
/etc/passwd 和 /etc/group 自 1.7.34 版本起不再自动生成。 在我较旧的 Cygwin 配置(版本 1.7.33)中,用户的主目录设置为 /home/USER1 即 C:\cygwin64\home\USER1
我想开发人员有充分的理由做出这样的改变,但对于像我这样的人来说,解决问题需要宝贵的时间和精力,但这并不会让我的工作变得更有趣或有趣。这让我觉得自己很愚蠢。我的两分钱。
From MACHINE_2, as USER1, I need to SSH into MACHINE_1 without having to provide a password.
I created a pair of RSA keys (private_key, public_key) using the command C:\cygwin64\bin\ssh-keygen -t rsa.
I have put the two files private_key and public_key in the folder C:\cygwin64\home\USER1\.ssh\machines_1_2\.
On MACHINE_1, I copied the contents of the public_key file into the file D:\cygwin\home\USER1\.ssh\authorized_keys.
On MACHINE_2, I created the file C:\cygwin64\home\USER1\.ssh\config in which I put the following lines:
Host 192.168.77.45
Port 22
IdentityFile ~/.ssh/machines_1_2/private_key
When I try to SSH into MACHINE_1, I get a "Permission denied" message (see the output below).
USER1@MACHINE_2$ ssh -v 192.168.77.45
OpenSSH_8.9p1, OpenSSL 1.1.1m 14 Dec 2021
debug1: Reading configuration data /etc/ssh_config
debug1: Connecting to 192.168.77.45 [192.168.77.45] port 22.
debug1: Connection established.
debug1: identity file /cygdrive/c/Users/USER1/.ssh/id_rsa type -1
debug1: identity file /cygdrive/c/Users/USER1/.ssh/id_rsa-cert type -1
debug1: identity file /cygdrive/c/Users/USER1/.ssh/id_ecdsa type -1
debug1: identity file /cygdrive/c/Users/USER1/.ssh/id_ecdsa-cert type -1
debug1: identity file /cygdrive/c/Users/USER1/.ssh/id_ecdsa_sk type -1
debug1: identity file /cygdrive/c/Users/USER1/.ssh/id_ecdsa_sk-cert type -1
debug1: identity file /cygdrive/c/Users/USER1/.ssh/id_ed25519 type -1
debug1: identity file /cygdrive/c/Users/USER1/.ssh/id_ed25519-cert type -1
debug1: identity file /cygdrive/c/Users/USER1/.ssh/id_ed25519_sk type -1
debug1: identity file /cygdrive/c/Users/USER1/.ssh/id_ed25519_sk-cert type -1
debug1: identity file /cygdrive/c/Users/USER1/.ssh/id_xmss type -1
debug1: identity file /cygdrive/c/Users/USER1/.ssh/id_xmss-cert type -1
debug1: identity file /cygdrive/c/Users/USER1/.ssh/id_dsa type -1
debug1: identity file /cygdrive/c/Users/USER1/.ssh/id_dsa-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_8.9
debug1: Remote protocol version 2.0, remote software version OpenSSH_6.7
debug1: compat_banner: match: OpenSSH_6.7 pat OpenSSH* compat 0x04000000
debug1: Authenticating to 192.168.77.45:22 as 'MACHINE_1+USER1'
debug1: load_hostkeys: fopen /cygdrive/c/Users/USER1/.ssh/known_hosts2: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh_known_hosts: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh_known_hosts2: No such file or directory
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: [email protected]
debug1: kex: host key algorithm: ecdsa-sha2-nistp256
debug1: kex: server->client cipher: [email protected] MAC: <implicit> compression: none
debug1: kex: client->server cipher: [email protected] MAC: <implicit> compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: SSH2_MSG_KEX_ECDH_REPLY received
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:qSH/p+CitL49lw4RPcwmVd8P+e02Ot1yjTSagmyiZhA
debug1: load_hostkeys: fopen /cygdrive/c/Users/USER1/.ssh/known_hosts2: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh_known_hosts: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh_known_hosts2: No such file or directory
debug1: Host '192.168.77.45' is known and matches the ECDSA host key.
debug1: Found key in /cygdrive/c/Users/USER1/.ssh/known_hosts:1
debug1: rekey out after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey in after 134217728 blocks
debug1: Will attempt key: /cygdrive/c/Users/USER1/.ssh/id_rsa
debug1: Will attempt key: /cygdrive/c/Users/USER1/.ssh/id_ecdsa
debug1: Will attempt key: /cygdrive/c/Users/USER1/.ssh/id_ecdsa_sk
debug1: Will attempt key: /cygdrive/c/Users/USER1/.ssh/id_ed25519
debug1: Will attempt key: /cygdrive/c/Users/USER1/.ssh/id_ed25519_sk
debug1: Will attempt key: /cygdrive/c/Users/USER1/.ssh/id_xmss
debug1: Will attempt key: /cygdrive/c/Users/USER1/.ssh/id_dsa
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,keyboard-interactive
debug1: Next authentication method: publickey
debug1: Trying private key: /cygdrive/c/Users/USER1/.ssh/id_rsa
debug1: Trying private key: /cygdrive/c/Users/USER1/.ssh/id_ecdsa
debug1: Trying private key: /cygdrive/c/Users/USER1/.ssh/id_ecdsa_sk
debug1: Trying private key: /cygdrive/c/Users/USER1/.ssh/id_ed25519
debug1: Trying private key: /cygdrive/c/Users/USER1/.ssh/id_ed25519_sk
debug1: Trying private key: /cygdrive/c/Users/USER1/.ssh/id_xmss
debug1: Trying private key: /cygdrive/c/Users/USER1/.ssh/id_dsa
debug1: Next authentication method: keyboard-interactive
debug1: Authentications that can continue: publickey,keyboard-interactive
debug1: No more authentication methods to try.
[email protected]: Permission denied (publickey,keyboard-interactive).
I was wondering if there was not a confusion between the two ".ssh" directories:C:\cygwin64\home\USER1\.ssh\ and C:\Users\USER1\.ssh\
Personally, I always usually deal with the C:\cygwin64\home\USER1\.ssh\ directory... not the other one.
Also, MACHINE_1 and MACHINE_2 are two "Windows" machines with "Cygwin" installed.
On MACHINE_1, the cygwin version is 3.3.4.
On MACHINE_2, the cygwin version is 1.7.33.
Can you help me investigate what's going wrong?
============= Edit 1 ================
I installed a new Cygwin (v. 3.3.4) on MACHINE_2.
I still have the same problem.
============= Edit 2 ================
It looks like the config file is not been read.
============= Edit 3 ================
I put the config file and the machines_1_2 directory in the C:\Users\USER1\.ssh\ directory instead of the C:\cygwin64\home\USER1\.ssh\ directory.
It allowed me to SSH into MACHINE_1 without having to enter a password.
Until this day, I always used the C:\cygwin64\home\USER1\.ssh\ directory...
As I could understand:
$ set | grep HOME
HOME=/cygdrive/c/Users/USER1
/etc/passwd and /etc/group are no longer automatically generated since version 1.7.34.
In my older Cygwin configuration (the version 1.7.33), the user's home directory was set to /home/USER1 that is to say C:\cygwin64\home\USER1
I guess developers have good reasons for making such changes but for people like me it takes precious time and nerves to fix the problems and that does not make my work more fun or interesting. It makes me feel stupid. My two cents.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
最新版本的 openssh 默认删除了 rsa 支持,因此您应该在 ssh 配置中启用它:
Recent version openssh remove rsa support by default, so you should enable it in your ssh config: