我正在尝试使用 cygwin sshd 连接到 Windows 8 VM。我已经安装了它,它似乎运行正常。本地 - 即在 Windows 机器上的 cygwin 终端中 - 如果我 ssh 到 localhost,它就可以正常工作。远程 - 从另一台机器 - 它会失败。
问题似乎与用户名有关。用户是“ingres”,是机器 (MASPA05-VM01) 的本地用户。但是,该机器是域的一部分,因此 /etc/password 条目如下所示:
MASPA05-VM01+ingres:*:...
当我在本地使用 ssh 时,它会提示我输入密码,我输入后它就可以正常工作了。如果我以“ingres”的身份远程执行此操作,即 ssh ingres@maspa05-vm01,它会提示我输入密码但拒绝输入密码。如果我按照 /etc/passwd 使用完整用户名(ssh MASPA05-VM01+ingres@maspa05-vm01),它会立即断开连接。
这是 ssh -vvv 输出:
OpenSSH_6.1p1, OpenSSL 1.0.1e 11 Feb 2013
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 20: Applying options for *
debug2: ssh_connect: needpriv 0
debug1: Connecting to maspa05-vm01 [10.100.11.139] port 22.
debug1: Connection established.
debug3: Incorrect RSA1 identifier
debug3: Could not load "/devsrc/home_ingres/.ssh/id_rsa" as a RSA1 public key
debug1: identity file /devsrc/home_ingres/.ssh/id_rsa type 1
debug1: identity file /devsrc/home_ingres/.ssh/id_rsa-cert type -1
debug1: identity file /devsrc/home_ingres/.ssh/id_dsa type -1
debug1: identity file /devsrc/home_ingres/.ssh/id_dsa-cert type -1
debug1: identity file /devsrc/home_ingres/.ssh/id_ecdsa type -1
debug1: identity file /devsrc/home_ingres/.ssh/id_ecdsa-cert type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_7.2
debug1: match: OpenSSH_7.2 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.1
debug2: fd 3 setting O_NONBLOCK
debug3: load_hostkeys: loading entries for host "maspa05-vm01" from file "/devsrc/home_ingres/.ssh/known_hosts"
debug3: load_hostkeys: found key type ECDSA in file /devsrc/home_ingres/.ssh/known_hosts:1
debug3: load_hostkeys: loaded 1 keys
debug3: order_hostkeyalgs: prefer hostkeyalgs: [email protected],[email protected],[email protected],ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit: ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: [email protected],[email protected],[email protected],ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,[email protected],[email protected],[email protected],[email protected],ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,[email protected]
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,[email protected]
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,[email protected],hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,[email protected],hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,[email protected],hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,[email protected],hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,[email protected],zlib
debug2: kex_parse_kexinit: none,[email protected],zlib
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: kex_parse_kexinit: [email protected],ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1
debug2: kex_parse_kexinit: ssh-rsa,rsa-sha2-512,rsa-sha2-256,ecdsa-sha2-nistp256,ssh-ed25519
debug2: kex_parse_kexinit: [email protected],aes128-ctr,aes192-ctr,aes256-ctr,[email protected],[email protected]
debug2: kex_parse_kexinit: [email protected],aes128-ctr,aes192-ctr,aes256-ctr,[email protected],[email protected]
debug2: kex_parse_kexinit: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: kex_parse_kexinit: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: kex_parse_kexinit: none,[email protected]
debug2: kex_parse_kexinit: none,[email protected]
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: mac_setup: found hmac-sha1
debug1: kex: server->client aes128-ctr hmac-sha1 none
debug2: mac_setup: found hmac-sha1
debug1: kex: client->server aes128-ctr hmac-sha1 none
debug1: sending SSH2_MSG_KEX_ECDH_INIT
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ECDSA 50:8d:52:92:a7:ee:8a:cc:d5:28:4d:de:27:e1:12:c9
debug3: load_hostkeys: loading entries for host "maspa05-vm01" from file "/devsrc/home_ingres/.ssh/known_hosts"
debug3: load_hostkeys: found key type ECDSA in file /devsrc/home_ingres/.ssh/known_hosts:1
debug3: load_hostkeys: loaded 1 keys
debug3: load_hostkeys: loading entries for host "10.100.11.139" from file "/devsrc/home_ingres/.ssh/known_hosts"
debug3: load_hostkeys: found key type ECDSA in file /devsrc/home_ingres/.ssh/known_hosts:2
debug3: load_hostkeys: loaded 1 keys
debug1: Host 'maspa05-vm01' is known and matches the ECDSA host key.
debug1: Found key in /devsrc/home_ingres/.ssh/known_hosts:1
debug1: ssh_ecdsa_verify: signature correct
debug2: kex_derive_keys
debug2: set_newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug2: set_newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug2: key: /devsrc/home_ingres/.ssh/id_rsa (0xb7d030b8)
debug2: key: /devsrc/home_ingres/.ssh/id_dsa ((nil))
debug2: key: /devsrc/home_ingres/.ssh/id_ecdsa ((nil))
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug3: start over, passed a different list publickey,password,keyboard-interactive
debug3: preferred publickey,keyboard-interactive,password
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /devsrc/home_ingres/.ssh/id_rsa
debug3: send_pubkey_test
debug2: we sent a publickey packet, wait for reply
Connection closed by 10.100.11.139
我尝试使用公钥,但存在同样的问题。有人能建议解决方法吗?
更新:这是 sshd 日志(事件查看器)的输出
The description for Event ID 0 from source sshd cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer.
If the event originated on another computer, the display information had to be saved with the event.
The following information was included with the event:
sshd: PID 2400: fatal: seteuid 197611: Operation not permitted
这意味着 sshd 进程缺少权限。但是它以 SYSTEM 帐户运行。
答案1
好的,所以 seteuid 错误让我走上了正确的道路。我曾尝试运行 ssh-host-config 几次以使其重新创建所需的用户,但没有成功。所以我最终删除了该服务(cygrunsrv --remove sshd)并重新运行它。然后我重新运行 ssh-host-config 并创建了用户。即使它提示您输入密码,我也必须在服务启动之前从计算机管理中设置密码。
无论如何,现在它可以工作了。