我尝试使用本地 Linux 通过 SSH 连接到我的 Google Cloud 实例。我使用文档生成了密钥
ssh-keygen -t rsa -f ~/.ssh/my-ssh-key -C [用户名]
然后将公钥放入元数据中。但是它不起作用,我总是通过权限被拒绝(公钥)获得拒绝连接。此外,与 Web Shell 的连接也不起作用。使用另一台机器上的旧 ssh 密钥,它可以工作。
有人知道问题可能出在哪里吗?
谨致问候,亚历克斯
答案1
除非您明确告诉它另行操作,否则 SSH 会提供~/.ssh/id_<type>(例如~/.ssh/id_rsa)进行身份验证。
您在非标准位置(在 ~/.ssh 内,但使用非标准文件名)创建了密钥。
由于公钥认证一般来说对你有用,我首先要检查的是 SSH 是否提供了正确的身份验证密钥。你可以在运行时ssh使用-v开关打开一个级别的详细(调试)输出来验证这一点。在消息中,你应该看到类似以下内容:
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /home/you/.ssh/something
看看它提供哪些公钥。(您可能有多Offering ... public key行,用于不同的密钥文件。)如果它不提供您新创建的密钥,那么该密钥永远不会成为身份验证的候选。
如果没有提供您新创建的密钥,请尝试通过添加开关明确告诉 SSH 提供该密钥-i。例如,ssh -i ~/.ssh/my-ssh-key -v username@hostname。请注意,SSH 会将.pub自身添加到需要访问公钥的名称中,因此您需要为私钥文件指定名称。
如果可行,您可以编辑您的文件~/.ssh/config以告诉 SSH 将该密钥提供给该主机。例如,您可以添加如下所示的块。确保将其添加到Host *您可能拥有的任何块之上。
Host hostname
User username
IdentityFile ~/.ssh/my-ssh-key
然后您应该能够使用 进行连接ssh hostname。
请参阅man 1 ssh和man 5 ssh_config了解更多详细信息。
答案2
谢谢你的回答。我想我是这样做的。这是一份日志,也许有什么问题,但我无法识别它。
OpenSSH_7.2p2 Ubuntu-4ubuntu2.2, OpenSSL 1.0.2g 1 Mar 2016
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug1: Connecting to ccc.ccc.cc [aaa.aaa.aaa.aa] port 22.
debug1: Connection established.
debug1: identity file /home/foo/.ssh/id_rsa type 1
debug1: key_load_public: No such file or directory
debug1: identity file /home/foo/.ssh/id_rsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/foo/.ssh/id_dsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/foo/.ssh/id_dsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/foo/.ssh/id_ecdsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/foo/.ssh/id_ecdsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/foo/.ssh/id_ed25519 type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/foo/.ssh/id_ed25519-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_7.2p2 Ubuntu-4ubuntu2.2
debug1: Remote protocol version 2.0, remote software version OpenSSH_6.7p1 Debian-5+deb8u3
debug1: match: OpenSSH_6.7p1 Debian-5+deb8u3 pat OpenSSH* compat 0x04000000
debug1: Authenticating to sdev.meilon.de:22 as 'foo'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: [email protected]
debug1: kex: host key algorithm: ecdsa-sha2-nistp256
debug1: kex: server->client cipher: [email protected] MAC: <implicit> compression: none
debug1: kex: client->server cipher: [email protected] MAC: <implicit> compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:D8f511w+xDWBS2z8E212LT369D3og2J4CYRsmE1ETwM
debug1: Host 'sdev.meilon.de' is known and matches the ECDSA host key.
debug1: Found key in /home/foo/.ssh/known_hosts:1
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /home/foo/.ssh/id_rsa
debug1: Authentications that can continue: publickey
debug1: Offering RSA public key: foo@foo-x1
debug1: Authentications that can continue: publickey
debug1: Trying private key: /home/foo/.ssh/id_dsa
debug1: Trying private key: /home/foo/.ssh/id_ecdsa
debug1: Trying private key: /home/foo/.ssh/id_ed25519
debug1: No more authentication methods to try.
Permission denied (publickey).