如何使用密钥通过 PuTTY 从 Windows SSH Ubuntu

如何使用密钥通过 PuTTY 从 Windows SSH Ubuntu

我正在尝试使用 ssh 密钥登录我的服务器(我使用 putty 来执行此操作),但每次尝试连接时都会显示Network error: Connection refused。我相信公钥有问题,但不确定。密钥如下所示:

rsa-key-public AAAAB3NzaC1yc2EAAAABJQAAAQEAx+KoPhVxfBrnN8cFb+hG9MveY0cfNpn9mAcN
hsfkEvxeG2EqLRYtaXUBXPgl3uILvXYbqG7HSBq/kZe/AICn/aK89rCGAozEepde
aYmy9EtmfPU8pFgTrgMils8X6b5kPPxCBZ2pfeL/q4SUke+/xpV1x98py6PHM8Vm
JaBciqvaa89QLvWf3IUuxm7798WvGUPlSMtuE2wnYsyJ4W65nBCs4PCROpaPmcmq
iP0VF+Vm5vC3W/F00PC1w3R3BMdDoS2VJj7jQTR1Ralbn9cM185/pZY8lvkX4lEQ
MJvvwRM1Oy/g+J7+RbPR/XTrrRmKQq5mnWU0ICV5qvTnsc+Lyw==

但都在一行中。我使用 puttygen 创建密钥,默认情况下它看起来像这样:

---- BEGIN SSH2 PUBLIC KEY ----
Comment: "rsa-key-public"
AAAAB3NzaC1yc2EAAAABJQAAAQEAx+KoPhVxfBrnN8cFb+hG9MveY0cfNpn9mAcN
hsfkEvxeG2EqLRYtaXUBXPgl3uILvXYbqG7HSBq/kZe/AICn/aK89rCGAozEepde
aYmy9EtmfPU8pFgTrgMils8X6b5kPPxCBZ2pfeL/q4SUke+/xpV1x98py6PHM8Vm
JaBciqvaa89QLvWf3IUuxm7798WvGUPlSMtuE2wnYsyJ4W65nBCs4PCROpaPmcmq
iP0VF+Vm5vC3W/F00PC1w3R3BMdDoS2VJj7jQTR1Ralbn9cM185/pZY8lvkX4lEQ
MJvvwRM1Oy/g+J7+RbPR/XTrrRmKQq5mnWU0ICV5qvTnsc+Lyw==
---- END SSH2 PUBLIC KEY ----

输出cat /etc/ssh/sshd_config

# Package generated configuration file
# See the sshd_config(5) manpage for details

# What ports, IPs and protocols we listen for
#Port 2222
# Use these options to restrict which interfaces/protocols sshd will bind to 
ListenAddress 192.168.1.20
Protocol 2
# HostKeys for protocol version 2
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_ecdsa_key
HostKey /etc/ssh/ssh_host_ed25519_key
#Privilege Separation is turned on for security
UsePrivilegeSeparation yes

# Lifetime and size of ephemeral version 1 server key 
KeyRegenerationinterval 3600
ServerKeyBits 2048

# Logging
SyslogFacility AUTH 
LogLevel INFO

# Authentication:
LoginGraceTime 120
PermitRootLogin prohibit-password 
StrictModes yes

RSAAuthentication yes
PubkeyAuthentication yes
AuthorizedKeysFile ~/.ssh/authorized_keys

# Don't read the user's ~/.rhosts and ~/.shosts files
IgnoreRhosts yes
# For this to work you will also need host keys in /etc/ssh_known_hosts 
RhostsRSAAuthentication no
# similar for protocol version 2 
HostbasedAuthentication no
# Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication 
#IgnoreUserKnownHosts yes

# To enable empty passwords, change to yes (NOT RECOMMENDED) 
PermitEmptyPasswords no

# Change to yes to enable challenge-response passwords (beware issues with 
# some PAM modules and threads)
ChallengeResponseAuthentication no

# Change to no to disable tunnelled clear text passwords 
PasswordAuthentication yes

# Kerberos options
#KerberosAuthentication no 
#KerberosGetAFSToken no 
#KerberosOrLocalPasswd yes 
#KerberosTicketCleanup yes

# GSSAPI options
#GSSAPIAuthentication no
#GSSAPICleanupCredentials yes

Xl1Forwarding yes 
Xl1DisplayOffset 10 
PrintMotd no
PrintLastLog yes 
TCPKeepAlive yes 
#UseLogin no

#MaxStartups 10:30:60 
*Banner /etc/issue.net

# Allow client to pass locale environment variables 
AcceptEnv LANG LC *

Subsystem sftp /usr/lib/openssh/sftp-server

# Set this to 'yes' to enable PAM authentication, account processing, 
# and session processing. If this is enabled, PAM authentication will 
# be allowed through the ChallengeResponseAuthentication and
# PasswordAuthentication. Depending on your PAM configuration,
# PAM authentication via ChallengeResponseAuthentication may bypass 
# the setting of *PermitRootLogin without-password*.
# If you just want the PAM account and session checks to run without 
# PAM authentication, then enable this but set PasswordAuthentication 
# and ChallengeResponseAuthentication to 'no'.
UsePAM no

输出service ssh status/ systemctl status ssh.service

peter@PM-server:-$ service ssh status
● ssh.service - OpenBSD Secure Shell server
   Loaded: loaded (/lib/systemd/systemissh.service; enabled; vendor preset: enabled)
   Active: active (running) since Mon 2017-04-03 16:02:13 CEST; 3h 37min ago
 Main PID: 1577 (sshd)
    Tasks: 7 (limit: 4915)
   Memory: 23.1M
      CPU: 3.774s
   CGroup: /system.slice/ssh.service 
           ├─1577 /usr/sbin/sshd -D 
           ├─2351 sshd: peter [priv] 
           ├─2359 sshd: peter@pts/0 
           ├─2360 -bash
           ├─2395 systemctl status ssh.service
           └─2400 pager

Apr 03 16:25:11 PM-server sudo[2030] :pam_unix(sudo:session): session opened for user root by peter(uid=0)
Apr 03 16:32:45 PM-server sudo[2030] :pam_unix(sudo:session): session closed for user root
Apr 03 16:50:45 PM-server sshd[2068] : Accepted password for peter from 192.168.1.19 port 57813 ssh2
Apr 03 17:19:14 PM-server sudo[2135]     peter : TTY=pts/0 ;  PWD/home ; USER=root ; COMMAND/bin/chown peter:peter peter
Apr 03 17:19:14 PM-server sudo[2135] :pam_unix(sudo:session): session opened for user root by peter(uid=0)
Apr 03 17:19:14 PM-server sudo[2135] :pam_unix(sudo:session): session closed for user root
Apr 03 19:25:09 PM-server sshd[2351] : Accepted password for peter from 192.168.1.19 port 56635 ssh2
Apr 03 19:26:05 PM-server sudo[2372]     peter : TTY=pts/0 ; PWD/home/peter ; USER=root ; COMMAND/bin/systemctl
Apr 03 19:26:05 PM-server sudo[2372] :pam_unix(sudo:session): session opened for user root by peter(uid=0)
Apr 03 19:28:14 PM-server sudo[2372] :pam unix(sudo:session): session closed for user root

这是 的输出sudo systemctl

输出sudo sshd -T

    port 22
    protocol 2
    addressfamily any
    listenaddress [::]:22
    listenaddress 0.0.0.0:22
    usepam yes
    serverkeybits 1024
    logingracetime 120
    keyregenerationinterval 3600
    x11displayoffset 10
    maxauthtries 6
    maxsessions 10
    clientaliveinterval 0
    clientalivecountmax 3
    streamlocalbindmask 0177
    permitrootlogin without-password
    ignorerhosts yes
    ignoreuserknownhosts no
    rhostsrsaauthentication no
    hostbasedauthentication no
    hostbasedusesnamefrompacketonly no
    rsaauthentication yes
    pubkeyauthentication yes
    kerberosauthentication no
    kerberosorlocalpasswd yes
    kerberosticketcleanup yes
    gssapiauthentication no
    gssapikeyexchange no
    gssapicleanupcredentials yes
    gssapistrictacceptorcheck yes
    gssapistorecredentialsonrekey no
    passwordauthentication yes
    kbdinteractiveauthentication no
    challengeresponseauthentication no
    printmotd no
    printlastlog yes
    x11forwarding yes
    x11uselocalhost yes
    permittty yes
    permituserrc yes
    strictmodes yes
    tcpkeepalive yes
    permitemptypasswords no
    permituserenvironment no
    uselogin no
    compression delayed
    gatewayports no
    usedns no
    allowtcpforwarding yes
    allowagentforwarding yes
    allowstreamlocalforwarding yes
    streamlocalbindunlink no
    useprivilegeseparation yes
    fingerprinthash SHA256
    pidfile /var/run/sshd.pid
    xauthlocation /usr/bin/xauth
    ciphers [email protected],aes128-ctr,aes192-ctr,aes256-                 ctr,[email protected],[email protected]
    macs [email protected],[email protected],hmac-sha2-256-        [email protected],[email protected],[email protected],umac-        [email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-sha1
    versionaddendum none
    kexalgorithms [email protected],ecdh-sha2-nistp256,ecdh-sha2-                                nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-        group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-        sha256,diffie-hellman-group14-sha1
    hostbasedacceptedkeytypes ecdsa-sha2-nistp256-cert-        [email protected],[email protected],ecdsa-sha2-nistp521-        [email protected],[email protected],ssh-rsa-cert-        [email protected],ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-        ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa
    hostkeyalgorithms [email protected],ecdsa-sha2-        [email protected],[email protected],ssh-        [email protected],[email protected],ecdsa-sha2-        nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519,rsa-sha2-512,rsa-        sha2-256,ssh-rsa
    pubkeyacceptedkeytypes [email protected],ecdsa-        [email protected],[email protected],ssh-        [email protected],[email protected],ecdsa-sha2-        nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519,rsa-sha2-512,rsa-        sha2-256,ssh-rsa
    loglevel INFO
    syslogfacility AUTH
    authorizedkeysfile .ssh/authorized_keys .ssh/authorized_keys2
    hostkey /etc/ssh/ssh_host_rsa_key
    hostkey /etc/ssh/ssh_host_ecdsa_key
    hostkey /etc/ssh/ssh_host_ed25519_key
    acceptenv LANG
    acceptenv LC_*
    authenticationmethods any
    subsystem sftp /usr/lib/openssh/sftp-server
    maxstartups 10:30:100
    permittunnel no
    ipqos lowdelay throughput
    rekeylimit 0 0
    permitopen any

答案1

通常,Network error: Connection refused意味着服务器完全拒绝了你的 SSH 连接。它没有遇到 PuTTY 使用的密钥问题,因为它在连接过程中甚至没有进行到使用密钥的阶段。相反,它立即拒绝了连接。这通常是由于服务器没有运行 SSH 服务器(或 SSH 服务器损坏)、您使用了错误的端口或您使用了错误的服务器地址。


但是,您说只有在使用公钥连接时才会收到该错误消息,而使用密码连接则正常。要为传入连接添加公钥,请~/.ssh/authorized_keys在服务器上添加以下行(如果文件不存在,请创建该文件):

ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEAx+KoPhVxfBrnN8cFb+hG9MveY0cfNpn9mAcNhsfkEvxeG2EqLRYtaXUBXPgl3uILvXYbqG7HSBq/kZe/AICn/aK89rCGAozEepdeaYmy9EtmfPU8pFgTrgMils8X6b5kPPxCBZ2pfeL/q4SUke+/xpV1x98py6PHM8VmJaBciqvaa89QLvWf3IUuxm7798WvGUPlSMtuE2wnYsyJ4W65nBCs4PCROpaPmcmqiP0VF+Vm5vC3W/F00PC1w3R3BMdDoS2VJj7jQTR1Ralbn9cM185/pZY8lvkX4lEQMJvvwRM1Oy/g+J7+RbPR/XTrrRmKQq5mnWU0ICV5qvTnsc+Lyw==

请注意:

  1. 以。。开始ssh-rsa
  2. 中间没有换行符(如果存在请删除)
  3. 应该是您当前正在使用的公钥(应该以 开头AAAAB3)(如果您生成了新密钥,请将其替换为新密钥)

答案2

以下是涵盖整个过程的简短手册:

如何使用密钥通过 PuTTY 从 Windows SSH Ubuntu


一、在 Ubuntu 中生成 SSH“密钥对”并创建authorized_keys文件

$ssh-keygen -t rsa -b 4096 Enter
生成公钥/私钥 RSA 密钥对。
输入要保存密钥的文件(/home/$用户/.ssh/id_rsa):Enter
创建目录'/home/$用户/.ssh“”。
输入密码(无密码则为空):输入你的密码 Enter
再次输入相同的密码:重新输入你的密码 Enter

$ cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys Enter 
$ chmod go-w ~/ Enter
$ chmod 700 ~/.ssh Enter
$ chmod 600 ~/.ssh/authorized_keysEnter

$ ls -la ~/.sshEnter
drwx------ 2 用户用户 4096 4月 2 17:21。
drwxr-xr-x 3 用户用户 4096 4月 2 17:40 ..
-rw------- 1 用户 用户 738 апр 2 17:21 authorized_keys
-rw------- 1 用户 用户 3243 апр 2 17:15 id_rsa
-rw-r--r-- 1 用户 用户 738 апр 2 17:15 id_rsa.pub

请注意我们不需要使用sudo。如果authorized_keys已经存在,输出重定向>>只会附加一个新条目。

进行测试-localhost使用当前用户的用户名通过 SSH 进行:

$ chmod 600 ~/.ssh/id_rsa.pub
$ ssh $USER@localhost -i ~/.ssh/id_rsa -p 22 -v

其中:(1) 您可以省略选项,因为这些是默认值,(2)将打开详细模式。更多信息可参见-i ~/.ssh/id_rsa -p 22-vman ssh

请注意,此测试仅会在默认配置下通过/etc/ssh/sshd_config。以下是默认配置sshd_configUbuntu 16.04。


二、将id_rsa私钥转换成.ppk格式并使用

哪里.ppk意味着PuTTY 私钥

方法 1:puttygen在 Linux 上使用:

这次额外编辑的想法来自于这个话题.ppk其中讨论了从到 OpenSSH 兼容格式的转换。

  1. 在 Ubuntu 中安装putty-tools。打开终端并输入:

     sudo apt install putty-tools
    
  2. 转换私钥:

     puttygen ~/.ssh/id_rsa -O private -o ~/.ssh/converted_id_rsa.ppk
    
  3. 将转换后的私钥(converted_id_rsa.ppk)复制到Windows中。

  4. 使用此.ppk密钥和 PuTTY 连接到 Ubuntu。截屏

方法 2:puttygen在 Windows 上使用

  1. 将私钥(id_rsa)复制到 Windows 中。

  2. 运行“PuTTY 密钥生成器”(puttygen.exe)并单击Load按钮。截屏

  3. 切换到All Files (*.*)Open在 Ubuntu () 中生成id_rsa私钥文件。截屏

  4. 如果有密码,请输入密码,然后单击。将出现一条通知 -再次OK单击。OK截屏

  5. 编辑Key commentKey passphrase如果需要,请单击Save private key截屏

  6. 将您的新.ppk密钥保存在方便的位置。截屏

  7. 使用此.ppk密钥和 PuTTY 连接到 Ubuntu。截屏


参考:

答案3

这是密钥的略微不同的格式。将一个密钥转换为另一个密钥的正确方法是使用ssh-keygen

 ssh-keygen -i -f /path/to/public.key

您的密钥的结果如下所示:

ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEAx+KoPhVxfBrnN8cFb+hG9MveY0cfNpn9mAcNhsfkEvxeG2EqLRYtaXUBXPgl3uILvXYbqG7HSBq/kZe/AICn/aK89rCGAozEepdeaYmy9EtmfPU8pFgTrgMils8X6b5kPPxCBZ2pfeL/q4SUke+/xpV1x98py6PHM8VmJaBciqvaa89QLvWf3IUuxm7798WvGUPlSMtuE2wnYsyJ4W65nBCs4PCROpaPmcmqiP0VF+Vm5vC3W/F00PC1w3R3BMdDoS2VJj7jQTR1Ralbn9cM185/pZY8lvkX4lEQMJvvwRM1Oy/g+J7+RbPR/XTrrRmKQq5mnWU0ICV5qvTnsc+Lyw==

因此,在包含关键标识符的单行上ssh-rsa,而不是您使用的行。换行符也很重要(可以没有)。

答案4

从 Ubuntu 软件中心安装 openssh-server 包。或者,如果您使用的是没有 GUI 的 Ubuntu Server,请在控制台中运行以下命令:

sudo apt-get install openssh-server

安装完成后,SSH 服务应自动启动。如有必要,您可以通过命令手动启动(或停止、重新启动)该服务:

sudo service ssh start

默认端口号为 22。要更改端口、root 登录权限,您可以通过以下方式编辑 /etc/ssh/sshd_config 文件:

sudo nano /etc/ssh/sshd_config

#从 sshd_config 文件中删除以端口 22 为前缀的

相关内容