我正在尝试使用 ssh 密钥登录我的服务器(我使用 putty 来执行此操作),但每次尝试连接时都会显示Network error: Connection refused
。我相信公钥有问题,但不确定。密钥如下所示:
rsa-key-public AAAAB3NzaC1yc2EAAAABJQAAAQEAx+KoPhVxfBrnN8cFb+hG9MveY0cfNpn9mAcN
hsfkEvxeG2EqLRYtaXUBXPgl3uILvXYbqG7HSBq/kZe/AICn/aK89rCGAozEepde
aYmy9EtmfPU8pFgTrgMils8X6b5kPPxCBZ2pfeL/q4SUke+/xpV1x98py6PHM8Vm
JaBciqvaa89QLvWf3IUuxm7798WvGUPlSMtuE2wnYsyJ4W65nBCs4PCROpaPmcmq
iP0VF+Vm5vC3W/F00PC1w3R3BMdDoS2VJj7jQTR1Ralbn9cM185/pZY8lvkX4lEQ
MJvvwRM1Oy/g+J7+RbPR/XTrrRmKQq5mnWU0ICV5qvTnsc+Lyw==
但都在一行中。我使用 puttygen 创建密钥,默认情况下它看起来像这样:
---- BEGIN SSH2 PUBLIC KEY ----
Comment: "rsa-key-public"
AAAAB3NzaC1yc2EAAAABJQAAAQEAx+KoPhVxfBrnN8cFb+hG9MveY0cfNpn9mAcN
hsfkEvxeG2EqLRYtaXUBXPgl3uILvXYbqG7HSBq/kZe/AICn/aK89rCGAozEepde
aYmy9EtmfPU8pFgTrgMils8X6b5kPPxCBZ2pfeL/q4SUke+/xpV1x98py6PHM8Vm
JaBciqvaa89QLvWf3IUuxm7798WvGUPlSMtuE2wnYsyJ4W65nBCs4PCROpaPmcmq
iP0VF+Vm5vC3W/F00PC1w3R3BMdDoS2VJj7jQTR1Ralbn9cM185/pZY8lvkX4lEQ
MJvvwRM1Oy/g+J7+RbPR/XTrrRmKQq5mnWU0ICV5qvTnsc+Lyw==
---- END SSH2 PUBLIC KEY ----
输出cat /etc/ssh/sshd_config
:
# Package generated configuration file
# See the sshd_config(5) manpage for details
# What ports, IPs and protocols we listen for
#Port 2222
# Use these options to restrict which interfaces/protocols sshd will bind to
ListenAddress 192.168.1.20
Protocol 2
# HostKeys for protocol version 2
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_ecdsa_key
HostKey /etc/ssh/ssh_host_ed25519_key
#Privilege Separation is turned on for security
UsePrivilegeSeparation yes
# Lifetime and size of ephemeral version 1 server key
KeyRegenerationinterval 3600
ServerKeyBits 2048
# Logging
SyslogFacility AUTH
LogLevel INFO
# Authentication:
LoginGraceTime 120
PermitRootLogin prohibit-password
StrictModes yes
RSAAuthentication yes
PubkeyAuthentication yes
AuthorizedKeysFile ~/.ssh/authorized_keys
# Don't read the user's ~/.rhosts and ~/.shosts files
IgnoreRhosts yes
# For this to work you will also need host keys in /etc/ssh_known_hosts
RhostsRSAAuthentication no
# similar for protocol version 2
HostbasedAuthentication no
# Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication
#IgnoreUserKnownHosts yes
# To enable empty passwords, change to yes (NOT RECOMMENDED)
PermitEmptyPasswords no
# Change to yes to enable challenge-response passwords (beware issues with
# some PAM modules and threads)
ChallengeResponseAuthentication no
# Change to no to disable tunnelled clear text passwords
PasswordAuthentication yes
# Kerberos options
#KerberosAuthentication no
#KerberosGetAFSToken no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes
# GSSAPI options
#GSSAPIAuthentication no
#GSSAPICleanupCredentials yes
Xl1Forwarding yes
Xl1DisplayOffset 10
PrintMotd no
PrintLastLog yes
TCPKeepAlive yes
#UseLogin no
#MaxStartups 10:30:60
*Banner /etc/issue.net
# Allow client to pass locale environment variables
AcceptEnv LANG LC *
Subsystem sftp /usr/lib/openssh/sftp-server
# Set this to 'yes' to enable PAM authentication, account processing,
# and session processing. If this is enabled, PAM authentication will
# be allowed through the ChallengeResponseAuthentication and
# PasswordAuthentication. Depending on your PAM configuration,
# PAM authentication via ChallengeResponseAuthentication may bypass
# the setting of *PermitRootLogin without-password*.
# If you just want the PAM account and session checks to run without
# PAM authentication, then enable this but set PasswordAuthentication
# and ChallengeResponseAuthentication to 'no'.
UsePAM no
输出service ssh status
/ systemctl status ssh.service
:
peter@PM-server:-$ service ssh status
● ssh.service - OpenBSD Secure Shell server
Loaded: loaded (/lib/systemd/systemissh.service; enabled; vendor preset: enabled)
Active: active (running) since Mon 2017-04-03 16:02:13 CEST; 3h 37min ago
Main PID: 1577 (sshd)
Tasks: 7 (limit: 4915)
Memory: 23.1M
CPU: 3.774s
CGroup: /system.slice/ssh.service
├─1577 /usr/sbin/sshd -D
├─2351 sshd: peter [priv]
├─2359 sshd: peter@pts/0
├─2360 -bash
├─2395 systemctl status ssh.service
└─2400 pager
Apr 03 16:25:11 PM-server sudo[2030] :pam_unix(sudo:session): session opened for user root by peter(uid=0)
Apr 03 16:32:45 PM-server sudo[2030] :pam_unix(sudo:session): session closed for user root
Apr 03 16:50:45 PM-server sshd[2068] : Accepted password for peter from 192.168.1.19 port 57813 ssh2
Apr 03 17:19:14 PM-server sudo[2135] peter : TTY=pts/0 ; PWD/home ; USER=root ; COMMAND/bin/chown peter:peter peter
Apr 03 17:19:14 PM-server sudo[2135] :pam_unix(sudo:session): session opened for user root by peter(uid=0)
Apr 03 17:19:14 PM-server sudo[2135] :pam_unix(sudo:session): session closed for user root
Apr 03 19:25:09 PM-server sshd[2351] : Accepted password for peter from 192.168.1.19 port 56635 ssh2
Apr 03 19:26:05 PM-server sudo[2372] peter : TTY=pts/0 ; PWD/home/peter ; USER=root ; COMMAND/bin/systemctl
Apr 03 19:26:05 PM-server sudo[2372] :pam_unix(sudo:session): session opened for user root by peter(uid=0)
Apr 03 19:28:14 PM-server sudo[2372] :pam unix(sudo:session): session closed for user root
输出sudo sshd -T
port 22
protocol 2
addressfamily any
listenaddress [::]:22
listenaddress 0.0.0.0:22
usepam yes
serverkeybits 1024
logingracetime 120
keyregenerationinterval 3600
x11displayoffset 10
maxauthtries 6
maxsessions 10
clientaliveinterval 0
clientalivecountmax 3
streamlocalbindmask 0177
permitrootlogin without-password
ignorerhosts yes
ignoreuserknownhosts no
rhostsrsaauthentication no
hostbasedauthentication no
hostbasedusesnamefrompacketonly no
rsaauthentication yes
pubkeyauthentication yes
kerberosauthentication no
kerberosorlocalpasswd yes
kerberosticketcleanup yes
gssapiauthentication no
gssapikeyexchange no
gssapicleanupcredentials yes
gssapistrictacceptorcheck yes
gssapistorecredentialsonrekey no
passwordauthentication yes
kbdinteractiveauthentication no
challengeresponseauthentication no
printmotd no
printlastlog yes
x11forwarding yes
x11uselocalhost yes
permittty yes
permituserrc yes
strictmodes yes
tcpkeepalive yes
permitemptypasswords no
permituserenvironment no
uselogin no
compression delayed
gatewayports no
usedns no
allowtcpforwarding yes
allowagentforwarding yes
allowstreamlocalforwarding yes
streamlocalbindunlink no
useprivilegeseparation yes
fingerprinthash SHA256
pidfile /var/run/sshd.pid
xauthlocation /usr/bin/xauth
ciphers [email protected],aes128-ctr,aes192-ctr,aes256- ctr,[email protected],[email protected]
macs [email protected],[email protected],hmac-sha2-256- [email protected],[email protected],[email protected],umac- [email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-sha1
versionaddendum none
kexalgorithms [email protected],ecdh-sha2-nistp256,ecdh-sha2- nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman- group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14- sha256,diffie-hellman-group14-sha1
hostbasedacceptedkeytypes ecdsa-sha2-nistp256-cert- [email protected],[email protected],ecdsa-sha2-nistp521- [email protected],[email protected],ssh-rsa-cert- [email protected],ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh- ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa
hostkeyalgorithms [email protected],ecdsa-sha2- [email protected],[email protected],ssh- [email protected],[email protected],ecdsa-sha2- nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519,rsa-sha2-512,rsa- sha2-256,ssh-rsa
pubkeyacceptedkeytypes [email protected],ecdsa- [email protected],[email protected],ssh- [email protected],[email protected],ecdsa-sha2- nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519,rsa-sha2-512,rsa- sha2-256,ssh-rsa
loglevel INFO
syslogfacility AUTH
authorizedkeysfile .ssh/authorized_keys .ssh/authorized_keys2
hostkey /etc/ssh/ssh_host_rsa_key
hostkey /etc/ssh/ssh_host_ecdsa_key
hostkey /etc/ssh/ssh_host_ed25519_key
acceptenv LANG
acceptenv LC_*
authenticationmethods any
subsystem sftp /usr/lib/openssh/sftp-server
maxstartups 10:30:100
permittunnel no
ipqos lowdelay throughput
rekeylimit 0 0
permitopen any
答案1
通常,Network error: Connection refused
意味着服务器完全拒绝了你的 SSH 连接。它没有遇到 PuTTY 使用的密钥问题,因为它在连接过程中甚至没有进行到使用密钥的阶段。相反,它立即拒绝了连接。这通常是由于服务器没有运行 SSH 服务器(或 SSH 服务器损坏)、您使用了错误的端口或您使用了错误的服务器地址。
但是,您说只有在使用公钥连接时才会收到该错误消息,而使用密码连接则正常。要为传入连接添加公钥,请~/.ssh/authorized_keys
在服务器上添加以下行(如果文件不存在,请创建该文件):
ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEAx+KoPhVxfBrnN8cFb+hG9MveY0cfNpn9mAcNhsfkEvxeG2EqLRYtaXUBXPgl3uILvXYbqG7HSBq/kZe/AICn/aK89rCGAozEepdeaYmy9EtmfPU8pFgTrgMils8X6b5kPPxCBZ2pfeL/q4SUke+/xpV1x98py6PHM8VmJaBciqvaa89QLvWf3IUuxm7798WvGUPlSMtuE2wnYsyJ4W65nBCs4PCROpaPmcmqiP0VF+Vm5vC3W/F00PC1w3R3BMdDoS2VJj7jQTR1Ralbn9cM185/pZY8lvkX4lEQMJvvwRM1Oy/g+J7+RbPR/XTrrRmKQq5mnWU0ICV5qvTnsc+Lyw==
请注意:
- 以。。开始
ssh-rsa
- 中间没有换行符(如果存在请删除)
- 应该是您当前正在使用的公钥(应该以 开头
AAAAB3
)(如果您生成了新密钥,请将其替换为新密钥)
答案2
以下是涵盖整个过程的简短手册:
如何使用密钥通过 PuTTY 从 Windows SSH Ubuntu
一、在 Ubuntu 中生成 SSH“密钥对”并创建authorized_keys
文件
$ssh-keygen -t rsa -b 4096 Enter 生成公钥/私钥 RSA 密钥对。 输入要保存密钥的文件(/home/$用户/.ssh/id_rsa):Enter 创建目录'/home/$用户/.ssh“”。 输入密码(无密码则为空):输入你的密码 Enter 再次输入相同的密码:重新输入你的密码 Enter $ cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys Enter $ chmod go-w ~/ Enter $ chmod 700 ~/.ssh Enter $ chmod 600 ~/.ssh/authorized_keysEnter $ ls -la ~/.sshEnter drwx------ 2 用户用户 4096 4月 2 17:21。 drwxr-xr-x 3 用户用户 4096 4月 2 17:40 .. -rw------- 1 用户 用户 738 апр 2 17:21 authorized_keys -rw------- 1 用户 用户 3243 апр 2 17:15 id_rsa -rw-r--r-- 1 用户 用户 738 апр 2 17:15 id_rsa.pub
请注意我们不需要使用sudo
。如果authorized_keys
已经存在,输出重定向>>
只会附加一个新条目。
进行测试-localhost
使用当前用户的用户名通过 SSH 进行:
$ chmod 600 ~/.ssh/id_rsa.pub
$ ssh $USER@localhost -i ~/.ssh/id_rsa -p 22 -v
其中:(1) 您可以省略选项,因为这些是默认值,(2)将打开详细模式。更多信息可参见-i ~/.ssh/id_rsa -p 22
-v
man ssh
。
请注意,此测试仅会在默认配置下通过/etc/ssh/sshd_config
。以下是默认配置sshd_config
Ubuntu 16.04。
二、将id_rsa
私钥转换成.ppk
格式并使用
哪里.ppk
意味着PuTTY 私钥。
方法 1:puttygen
在 Linux 上使用:
这次额外编辑的想法来自于这个话题.ppk
其中讨论了从到 OpenSSH 兼容格式的转换。
在 Ubuntu 中安装
putty-tools
。打开终端并输入:sudo apt install putty-tools
转换私钥:
puttygen ~/.ssh/id_rsa -O private -o ~/.ssh/converted_id_rsa.ppk
将转换后的私钥(
converted_id_rsa.ppk
)复制到Windows中。使用此
.ppk
密钥和 PuTTY 连接到 Ubuntu。截屏。
方法 2:puttygen
在 Windows 上使用
将私钥(
id_rsa
)复制到 Windows 中。运行“PuTTY 密钥生成器”(
puttygen.exe
)并单击Load
按钮。截屏。切换到
All Files (*.*)
并Open
在 Ubuntu () 中生成id_rsa
私钥文件。截屏。如果有密码,请输入密码,然后单击。将出现一条通知 -再次
OK
单击。OK
截屏。编辑
Key comment
,Key passphrase
如果需要,请单击Save private key
。截屏。将您的新
.ppk
密钥保存在方便的位置。截屏。使用此
.ppk
密钥和 PuTTY 连接到 Ubuntu。截屏。
参考:
答案3
这是密钥的略微不同的格式。将一个密钥转换为另一个密钥的正确方法是使用ssh-keygen
:
ssh-keygen -i -f /path/to/public.key
您的密钥的结果如下所示:
ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEAx+KoPhVxfBrnN8cFb+hG9MveY0cfNpn9mAcNhsfkEvxeG2EqLRYtaXUBXPgl3uILvXYbqG7HSBq/kZe/AICn/aK89rCGAozEepdeaYmy9EtmfPU8pFgTrgMils8X6b5kPPxCBZ2pfeL/q4SUke+/xpV1x98py6PHM8VmJaBciqvaa89QLvWf3IUuxm7798WvGUPlSMtuE2wnYsyJ4W65nBCs4PCROpaPmcmqiP0VF+Vm5vC3W/F00PC1w3R3BMdDoS2VJj7jQTR1Ralbn9cM185/pZY8lvkX4lEQMJvvwRM1Oy/g+J7+RbPR/XTrrRmKQq5mnWU0ICV5qvTnsc+Lyw==
因此,在包含关键标识符的单行上ssh-rsa
,而不是您使用的行。换行符也很重要(可以没有)。
答案4
从 Ubuntu 软件中心安装 openssh-server 包。或者,如果您使用的是没有 GUI 的 Ubuntu Server,请在控制台中运行以下命令:
sudo apt-get install openssh-server
安装完成后,SSH 服务应自动启动。如有必要,您可以通过命令手动启动(或停止、重新启动)该服务:
sudo service ssh start
默认端口号为 22。要更改端口、root 登录权限,您可以通过以下方式编辑 /etc/ssh/sshd_config 文件:
sudo nano /etc/ssh/sshd_config
#
从 sshd_config 文件中删除以端口 22 为前缀的