再次感到困惑,为什么 ssh 密钥认证无法从 W10 上的 WSL 到我的 Centos 7 服务器起作用

再次感到困惑,为什么 ssh 密钥认证无法从 W10 上的 WSL 到我的 Centos 7 服务器起作用

我已生成 ssh 密钥,我已取消注释公钥身份验证,并在 /etc/ssh/sshd_config 文件中将其设置为 yes。有人发现我的配置中遗漏或不理解的内容了吗?输入密码让我很难过。._。

wsl home ssh 文件夹 -- ~/.ssh

weh@workPC:/mnt/c/Users/weh/Downloads$ ls -l ~/.ssh
total 16
-rw------- 1 weh weh  1675 Jun  2 09:27 id_rsa
-rw-r--r-- 1 weh weh   399 Jun  2 09:27 id_rsa.pub
-rw-r--r-- 1 weh weh 10832 Jul 20 10:41 known_hosts

centos sshd 文件夹 /etc/ssh

ls -l /etc/ssh
total 276
-rw-r--r--. 1 root root     242153 Apr 12 09:05 moduli
-rw-r--r--. 1 root root       2208 Apr 12 09:05 ssh_config
-rw-------. 1 root root       4471 Jul 27 12:18 sshd_config
-rw-r-----. 1 root ssh_keys    227 Apr 23  2016 ssh_host_ecdsa_key
-rw-r--r--. 1 root root        162 Apr 23  2016 ssh_host_ecdsa_key.pub
-rw-r-----. 1 root ssh_keys    387 Apr 23  2016 ssh_host_ed25519_key
-rw-r--r--. 1 root root         82 Apr 23  2016 ssh_host_ed25519_key.pub
-rw-r-----. 1 root ssh_keys   1679 Apr 23  2016 ssh_host_rsa_key
-rw-r--r--. 1 root root        382 Apr 23  2016 ssh_host_rsa_key.pub

centos sshd_config 文件

#$OpenBSD: sshd_config,v 1.93 2014/01/10 05:59:19 djm Exp $                                                                                      

# This is the sshd server system-wide configuration file.  See                                                                                          
# sshd_config(5) for more information.                                                                                                                  

# This sshd was compiled with PATH=/usr/local/bin:/usr/bin                                                                                              

# The strategy used for options in the default sshd_config shipped with                                                                                 
# OpenSSH is to specify options with their default value where                                                                                          
# possible, but leave them commented.  Uncommented options override the                                                                                 
# default value.                                                                                                                                        

# If you want to change the port on a SELinux system, you have to tell                                                                                  
# SELinux about this change.                                                                                                                            
# semanage port -a -t ssh_port_t -p tcp #PORTNUMBER                                                                                                     
#                                                                                                                                                       
#Port 22                                                                                                                                                
#AddressFamily any                                                                                                                                      
#ListenAddress 0.0.0.0                                                                                                                                  
#ListenAddress ::                                                                                                                                       

# The default requires explicit activation of protocol 1                                                                                                
#Protocol 2                                                                                                                                             

# HostKey for protocol version 1                                                                                                                        
#HostKey /etc/ssh/ssh_host_key                                                                                                                          
# HostKeys for protocol version 2                                                                                                                       
HostKey /etc/ssh/ssh_host_rsa_key                                                                                                                       
#HostKey /etc/ssh/ssh_host_dsa_key                                                                                                                      
HostKey /etc/ssh/ssh_host_ecdsa_key                                                                                                                     
HostKey /etc/ssh/ssh_host_ed25519_key                                                                                                                   

# Lifetime and size of ephemeral version 1 server key                                                                                                   
#KeyRegenerationInterval 1h                                                                                                                             
#ServerKeyBits 1024                                                                                                                                     

# Ciphers and keying                                                                                                                                    
#RekeyLimit default none                                                                                                                                

# Logging                                                                                                                                               
# obsoletes QuietMode and FascistLogging                                                                                                                
#SyslogFacility AUTH                                                                                                                                    
SyslogFacility AUTHPRIV                                                                                                                                 
#LogLevel INFO                                                                                                                                          
LogLevel DEBUG                                                                                                                                          

# Authentication:                                                                                                                                       

#LoginGraceTime 2m                                                                                                                                      
#PermitRootLogin yes                                                                                                                                    
#StrictModes yes                                                                                                                                        
#MaxAuthTries 6                                                                                                                                         
MaxAuthTries 2                                                                                                                                          
#MaxSessions 10                                                                                                                                         
MaxSessions 6        
#GSSAPIEnablek5users no

# Set this to 'yes' to enable PAM authentication, account processing,
# and session processing. If this is enabled, PAM authentication will
# be allowed through the ChallengeResponseAuthentication and
# PasswordAuthentication.  Depending on your PAM configuration,
# PAM authentication via ChallengeResponseAuthentication may bypass
# the setting of "PermitRootLogin without-password".
# If you just want the PAM account and session checks to run without
# PAM authentication, then enable this but set PasswordAuthentication
# and ChallengeResponseAuthentication to 'no'.
# WARNING: 'UsePAM no' is not supported in Red Hat Enterprise Linux and may cause several
# problems.
UsePAM yes

#AllowAgentForwarding yes
#AllowTcpForwarding yes
#GatewayPorts no
X11Forwarding yes
#X11DisplayOffset 10
#X11UseLocalhost yes
#PermitTTY yes
#PrintMotd yes
#PrintLastLog yes
#TCPKeepAlive yes
#UseLogin no
UsePrivilegeSeparation sandbox          # Default for new installations.
#PermitUserEnvironment no
#Compression delayed
#ClientAliveInterval 0
#ClientAliveCountMax 3
#ShowPatchLevel no
#UseDNS yes
#PidFile /var/run/sshd.pid
#MaxStartups 10:30:100
#PermitTunnel no
PermitTunnel yes
#ChrootDirectory none
#VersionAddendum none

# no default banner path
#Banner none

# Accept locale-related environment variables
AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE
AcceptEnv XMODIFIERS

# override default of no subsystems
Subsystem       sftp    /usr/libexec/openssh/sftp-server

# Example of overriding settings on a per-user basis
#Match User anoncvs
#       X11Forwarding no
#       AllowTcpForwarding no
#       PermitTTY no
#       ForceCommand cvs server

ssh 从 wsl 到 centos 详细模式

OpenSSH_6.6.1, OpenSSL 1.0.1f 6 Jan 2014
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for my.spout.com
debug1: /etc/ssh/ssh_config line 29: Applying options for *
debug1: Connecting to my.spout.com [8.8.8.8] port 22.
debug1: Connection established.
debug1: identity file /home/weh/.ssh/id_rsa type 1
debug1: identity file /home/weh/.ssh/id_rsa-cert type -1
debug1: identity file /home/weh/.ssh/id_dsa type -1
debug1: identity file /home/weh/.ssh/id_dsa-cert type -1
debug1: identity file /home/weh/.ssh/id_ecdsa type -1
debug1: identity file /home/weh/.ssh/id_ecdsa-cert type -1
debug1: identity file /home/weh/.ssh/id_ed25519 type -1
debug1: identity file /home/weh/.ssh/id_ed25519-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.6.1p1 Ubuntu-2ubuntu2.8
debug1: Remote protocol version 2.0, remote software version OpenSSH_6.6.1
debug1: match: OpenSSH_6.6.1 pat OpenSSH_6.6.1* compat 0x04000000
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr [email protected] none
debug1: kex: client->server aes128-ctr [email protected] none
debug1: sending SSH2_MSG_KEX_ECDH_INIT
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ECDSA a7:ff:43:28:6a:f7:1b:3e:25:14:93:57:d3:c9:57:4c
debug1: Host 'my.spout.com' is known and matches the ECDSA host key.
debug1: Found key in /home/weh/.ssh/known_hosts:3
debug1: ssh_ecdsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /home/weh/.ssh/id_rsa
debug1: Authentications that can continue: publickey,password
debug1: Trying private key: /home/weh/.ssh/id_dsa
debug1: Trying private key: /home/weh/.ssh/id_ecdsa
debug1: Trying private key: /home/weh/.ssh/id_ed25519
debug1: Next authentication method: password
[email protected]'s password:
debug1: Authentication succeeded (password).
Authenticated to my.spout.com ([8.8.8.8]:22).
debug1: channel 0: new [client-session]
debug1: Requesting [email protected]
debug1: Entering interactive session.
debug1: Sending environment.
debug1: Sending env LANG = en_US.UTF-8
Last login: Thu Jul 27 12:18:22 2017 from 8.8.4.4

先感谢您!!

答案1

Jakuje 提醒了我关于 selinux 的事情。我从未遇到过与 ssh 密钥相关的 selinux 问题,但总有第一次!我的 ~/.ssh/* selinux 上下文是 unconfined_u:object_r:unlabeled_t:s0,而它们应该是 unconfined_u:object_r:user_home_t:s0。更改上下文类型后,我能够使用 ssh-copy-id 并直接 ssh 进入!

谢谢你!!

相关内容