Mac不能在任何EC2实例上,可能的OpenSSL问题?
使用我当前的MacBook,在以前的公司中,我能够使用EC2实例。在新公司,它的EC2实例运行了Centos 6,该实例正在运行OpenSSL的旧版本(libssl的旧版本),我似乎无法使用SSH。我总是得到:
允许拒绝(publicKey)。
因此,例如,在一台服务器上,DevOps工程师安装了我的SSH公开密钥,他们白色列出了我的家庭IP地址。
他们向我发送了这个文本块,我将其放在我的〜/.ssh/config文件中。
Host never_dev
HostName neverstaydev.com
User neverst
IdentityFile ~/.ssh/id_ed25519
Host beta
HostName 12.18.125.53
User neverst
IdentityFile ~/.ssh/id_ed25519
我唯一更改的是钥匙的名称,这是正确的。但是,如果我尝试一下:
ssh -v never_dev
我得到:
OpenSSH_8.1p1, LibreSSL 2.7.3
debug1: Reading configuration data /Users/admin/.ssh/config
debug1: /Users/admin/.ssh/config line 1: Applying options for never_dev
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 47: Applying options for *
debug1: Connecting to neverstaydev.com port 22.
debug1: Connection established.
debug1: identity file /Users/admin/.ssh/id_ed25519 type 3
debug1: identity file /Users/admin/.ssh/id_ed25519-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_8.1
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.3
debug1: match: OpenSSH_5.3 pat OpenSSH_5* compat 0x0c000002
debug1: Authenticating to neverstaydev.com:22 as 'neverst'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: diffie-hellman-group-exchange-sha256
debug1: kex: host key algorithm: ssh-rsa
debug1: kex: server->client cipher: aes128-ctr MAC: [email protected] compression: none
debug1: kex: client->server cipher: aes128-ctr MAC: [email protected] compression: none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(2048<3072<8192) sent
debug1: got SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: got SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Server host key: ssh-rsa SHA256:UJ9EFg/QTnxCP+/9/P8b+jSpKozY1IbaN3M5jOoz8e0
debug1: Host 'neverstaydev.com' is known and matches the RSA host key.
debug1: Found key in /Users/admin/.ssh/known_hosts:24
debug1: rekey out after 4294967296 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey in after 4294967296 blocks
debug1: Will attempt key: /Users/admin/.ssh/id_ed25519 ED25519 SHA256:fBRwhBVpzb6ve5cDwmMS1R0UlhzSaVg9E62WW7riRZA explicit
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Offering public key: /Users/admin/.ssh/id_ed25519 ED25519 SHA256:fBRwhBVpzb6ve5cDwmMS1R0UlhzSaVg9E62WW7riRZA explicit
debug1: Authentications that can continue: publickey
debug1: No more authentication methods to try.
[email protected]: Permission denied (publickey).
所有开发人员都在此EC2实例上共享一个帐户,除了我,其他所有人都可以登录。但是我的IP地址已被列入白名单,因为如上所述,我的机器与EC2实例进行了对话。
我在0400和0600的私钥上尝试了不同的权限。这没有效果。
同样,它们具有基于这些机器的AMIS,因此我根据AMI启用了一个新的EC2实例,创建了一个新的密钥对。然后,我尝试使用新的键对来访问新的EC2实例。但是仍然存在同样的问题:
Permission denied (publickey)
这可能导致这件事?
DevOps工程师建议我这样做:
ssh-keygen -t rsa -b 4096 -C "neverstay-key"
现在,然后我给了他们我的公钥,他们将其安装在他们的一边,现在当我尝试向服务器ssh时,我得到了:
ssh-keygen -t rsa -b 4096 -C "lawarance-futurestay-key"
Using my current MacBook, at previous companies I've been able to ssh to EC2 instances. At the new company, which has EC2 instances running Centos 6, which is running an old version of OpenSSL, (an old version of libssl) I cannot seem to ssh. I always get:
Permission denied (publickey).
So, for instance, on one server, the devops engineer installed my ssh public key, and they white listed my home IP address.
They sent me this block of text, which I put in my ~/.ssh/config file.
Host never_dev
HostName neverstaydev.com
User neverst
IdentityFile ~/.ssh/id_ed25519
Host beta
HostName 12.18.125.53
User neverst
IdentityFile ~/.ssh/id_ed25519
The only thing I changed was the name of the key, which is correct. But if I try this:
ssh -v never_dev
I get:
OpenSSH_8.1p1, LibreSSL 2.7.3
debug1: Reading configuration data /Users/admin/.ssh/config
debug1: /Users/admin/.ssh/config line 1: Applying options for never_dev
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 47: Applying options for *
debug1: Connecting to neverstaydev.com port 22.
debug1: Connection established.
debug1: identity file /Users/admin/.ssh/id_ed25519 type 3
debug1: identity file /Users/admin/.ssh/id_ed25519-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_8.1
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.3
debug1: match: OpenSSH_5.3 pat OpenSSH_5* compat 0x0c000002
debug1: Authenticating to neverstaydev.com:22 as 'neverst'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: diffie-hellman-group-exchange-sha256
debug1: kex: host key algorithm: ssh-rsa
debug1: kex: server->client cipher: aes128-ctr MAC: [email protected] compression: none
debug1: kex: client->server cipher: aes128-ctr MAC: [email protected] compression: none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(2048<3072<8192) sent
debug1: got SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: got SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Server host key: ssh-rsa SHA256:UJ9EFg/QTnxCP+/9/P8b+jSpKozY1IbaN3M5jOoz8e0
debug1: Host 'neverstaydev.com' is known and matches the RSA host key.
debug1: Found key in /Users/admin/.ssh/known_hosts:24
debug1: rekey out after 4294967296 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey in after 4294967296 blocks
debug1: Will attempt key: /Users/admin/.ssh/id_ed25519 ED25519 SHA256:fBRwhBVpzb6ve5cDwmMS1R0UlhzSaVg9E62WW7riRZA explicit
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Offering public key: /Users/admin/.ssh/id_ed25519 ED25519 SHA256:fBRwhBVpzb6ve5cDwmMS1R0UlhzSaVg9E62WW7riRZA explicit
debug1: Authentications that can continue: publickey
debug1: No more authentication methods to try.
[email protected]: Permission denied (publickey).
All of the developers are sharing one account on this EC2 instance, and everyone else can log in, except me. But my IP address has been whitelisted, since, as you can see above, my machine engages in dialogue with the EC2 instance.
I've tried different permissions on the private key, both 0400 and 0600. That has no effect.
Likewise, they have AMIs based on these machines, so I spun up a new EC2 instance based on the AMI, creating a new key pair. I then tried to ssh to the new EC2 instance, using the new key pair. But still the same problem:
Permission denied (publickey)
What might cause this?
The devops engineer suggested that I do:
ssh-keygen -t rsa -b 4096 -C "neverstay-key"
Now, and then I gave them my public key, which they installed on their side, and now when I try to ssh to the server, I get:
ssh-keygen -t rsa -b 4096 -C "lawarance-futurestay-key"
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论