我正在尝试配置 SSHD 以允许在 Windows Server 2012 上的 Cygwin 下进行公钥身份验证。目前我的问题是访问被拒绝。我已确认我的公钥在用户的 .ssh 目录中的 authorized_keys 和 authorized_keys2 中保存为一行。下面您将找到我用来连接的命令、我尝试使用私钥连接 SSH 的详细输出以及我的 SSHD 配置。我尝试使用的私钥是 RSA PEM 格式。
我也尝试在我的配置中添加 RSAAuthentication Yes,但导致 SSHD 在启动时失败。
当 SSHD 配置中的 RSAAuthentication YES 时,我收到以下错误。
cygrunsrv: Error starting a service: QueryServiceStatus: Win32 error 1062: The service has not been started.
SSH 连接命令
ssh -v -i id_rsa.pem <USER>@<SERVER ADDRESS>
SSHD 配置
PasswordAuthentication no
UsePAM no
PubkeyAuthentication yes
详细输出
OpenSSH_6.2p2, OSSLShim 0.9.8r 8 Dec 2011
debug1: Reading configuration data /etc/ssh_config
debug1: /etc/ssh_config line 20: Applying options for *
debug1: /etc/ssh_config line 53: Applying options for *
debug1: Connecting to ec2-54-186-180-177.us-west-2.compute.amazonaws.com [54.186.180.177] port 22.
debug1: Connection established.
debug1: identity file id_rsa.pem type -1
debug1: identity file id_rsa.pem-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.2
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.3
debug1: match: OpenSSH_5.3 pat OpenSSH_5*
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Server host key: RSA a6:a5:57:ef:09:14:7b:0b:cc:29:7b:01:fa:ac:c8:ea
debug1: Host 'ec2-54-186-180-177.us-west-2.compute.amazonaws.com' is known and matches the RSA host key.
debug1: Found key in /Users/cyotee/.ssh/known_hosts:6
Warning: the RSA host key for 'ec2-54-186-180-177.us-west-2.compute.amazonaws.com' differs from the key for the IP address '54.186.180.177'
Offending key for IP in /Users/cyotee/.ssh/known_hosts:5
Matching host key in /Users/cyotee/.ssh/known_hosts:6
Are you sure you want to continue connecting (yes/no)? yes
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Trying private key: id_rsa.pem
debug1: read PEM private key done: type RSA
debug1: Authentications that can continue: publickey
debug1: No more authentication methods to try.
Permission denied (publickey).
答案1
根据我的经验,问题通常是服务器端的文件权限不正确。尝试相应地修改文件权限。
chown -R 用户名 ~用户名/.ssh
chmod 700 ~用户名/.ssh
chmod 600 ~用户名/.ssh/authorized_keys
答案2
如果你能告诉我们结尾您的公钥应该是类似于您的计算机上的公钥(在名为下的<user>@<host>文件中)和您复制到 的远程服务器上的公钥),您用来连接的计算机也可以显示命令输出的内容。 <filename>.pub/.ssh/authorized_keyshostname
如果您从另一台计算机复制密钥,则强烈不建议这样做,这可能是您的问题......