Ubuntu 20.04 Windows 10 子系统上的 SSH 忽略 .ssh/config 中指定的 IdentityFile

Ubuntu 20.04 Windows 10 子系统上的 SSH 忽略 .ssh/config 中指定的 IdentityFile

SSH 完全忽略了我在我的.ssh/config文件中指定的身份文件,并且不会使用该密钥对我的工作服务器进行身份验证。这是我的config文件:

Host *
    # This is to fix check_host_cert: certificate signature algorithm ssh-rsa: signature algorithm not supported
    # I tried putting this under *.work but it didn't work, so I put it under *
    CASignatureAlgorithms ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa

Host *.work
    ProxyJump bastion.work.com
    User myusername
    IdentityFile ~/.ssh/work

Compression yes

这个完全相同的配置适用于我的 Ubuntu 18.04 安装,但根本无法在我的 Ubuntu 20.04 Windows 10 子系统上运行。我运行ssh-vvv发现它读取了配置文件并识别了密钥,但没有尝试:

debug1: Reading configuration data /home/myusername/.ssh/config
debug1: /home/myusername/.ssh/config line 1: Applying options for *
debug1: /home/myusername/.ssh/config line 4: Applying options for *.work
debug1: Reading configuration data /etc/ssh/ssh_config
...
debug1: identity file /home/myusername/.ssh/work type 0
debug1: identity file /home/myusername/.ssh/work-cert type -1
...
debug1: Next authentication method: publickey
debug1: Trying private key: /home/myusername/.ssh/id_rsa
debug3: no such identity: /home/myusername/.ssh/id_rsa: No such file or directory
debug1: Trying private key: /home/myusername/.ssh/id_dsa
debug3: no such identity: /home/myusername/.ssh/id_dsa: No such file or directory
debug1: Trying private key: /home/myusername/.ssh/id_ecdsa
debug3: no such identity: /home/myusername/.ssh/id_ecdsa: No such file or directory
debug1: Trying private key: /home/myusername/.ssh/id_ecdsa_sk
debug3: no such identity: /home/myusername/.ssh/id_ecdsa_sk: No such file or directory
debug1: Trying private key: /home/myusername/.ssh/id_ed25519
debug3: no such identity: /home/myusername/.ssh/id_ed25519: No such file or directory
debug1: Trying private key: /home/myusername/.ssh/id_ed25519_sk
debug3: no such identity: /home/myusername/.ssh/id_ed25519_sk: No such file or directory
debug1: Trying private key: /home/myusername/.ssh/id_xmss
debug3: no such identity: /home/myusername/.ssh/id_xmss: No such file or directory
debug2: we did not send a packet, disable method
debug1: No more authentication methods to try.
[email protected]: Permission denied (publickey).
kex_exchange_identification: Connection closed by remote host

它从不尝试/home/myusername/.ssh/work。我怎样才能明确要求 ssh 使用它?

编辑:从今天(20 年 1 月 7 日)开始,我的 Ubuntu 18.04 安装也开始出现完全相同的问题。OpenSSL 有什么变化吗?

编辑(17/06/21):我应该提到,这个问题过了一段时间就自行消失了,但也许这个问题对其他人有用。

答案1

https://help.okta.com/en/prod/Content/Topics/Adv_Server_Access/docs/sftd-ubuntu.htm

对于运行 Ubuntu 20.04 的服务器,您必须允许证书颁发机构 (CA) 使用 ssh-rsa 算法来签署证书。为此,请将以下行添加到 OpenSSH 守护程序文件(即 /etc/ssh/sshd_config 或 /etc/ssh/sshd_config.d/ 下的插入文件)

要修复此问题,请将以下两行添加到 /etc/ssh/sshd_config

受信任用户 CAKeys /etc/ssh/xxxxxxx

CASignatureAlgorithms +ssh-rsa

将 xxxxxxx 替换为您在 /etc/ssh 中找到的公钥

答案2

您还需要IdentitiesOnly yes在主机的配置文件中启用。这将确保ssh使用该密钥,并且只使用该密钥。否则,它将尝试其他密钥,并且远程计算机可能会在多次密钥失败后拒绝授权。

请参阅此示例以了解更多信息。

您还可以通过将以下内容放在文件底部来为所有主机启用此功能.ssh/config

Host *
IdentitiesOnly yes

如果您查看/etc/ssh/ssh_config被拉入并显示在详细日志中的,我们可以看到它有默认键可以尝试:

$ cat /etc/ssh/ssh_config | grep Identity
#   IdentityFile ~/.ssh/id_rsa
#   IdentityFile ~/.ssh/id_dsa
#   IdentityFile ~/.ssh/id_ecdsa
#   IdentityFile ~/.ssh/id_ed25519

您可能会发现更多或更少,但如果拉入任何其他键,则IdentitiesOnly主机的设置会有所帮助。


每台机器都应生成并使用自己的密钥,而不是将密钥复制到另一台机器。务必在主机上删除旧密钥并添加新密钥,并查看主机日志以进行调试。

答案3

对于 AWS LightSail:

  1. 要修复此问题,请将以下两行添加到 /etc/ssh/sshd_config
TrustedUserCAKeys /etc/ssh/lightsail_instance_ca.pub

CASignatureAlgorithms +ssh-rsa
  1. 重新开始
/etc/init.d/ssh restart

问题 登录失败。如果此实例刚刚启动,请过一两分钟再试。

客户端未授权 [769]

相关内容