使用公钥、密码首选身份验证方法的 SFTP 部分身份验证

使用公钥、密码首选身份验证方法的 SFTP 部分身份验证

我在尝试连接到需要公钥的 SFTP 服务器时遇到问题密码验证。

源服务器是完全最新的 CentOS 7 服务器(SFTP 调试显示OpenSSH_7.4p1, OpenSSL 1.0.2k-fips 26 Jan 2017)。目的是使用一个简单的 bash 脚本来抓取大量文件。

当连接时没有指定首选的身份验证顺序(即使用默认顺序publickey,password),它会陷入提供密钥而从不请求密码的循环:

sftp -v -i uat.key -oBatchMode=no <username>@<host>
...
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: password,publickey
debug1: Next authentication method: publickey
debug1: Trying private key: uat.key
Authenticated with partial success.
debug1: Authentications that can continue: password,publickey
debug1: Trying private key: uat.key
Authenticated with partial success.
debug1: Authentications that can continue: password,publickey
debug1: Trying private key: uat.key
Authenticated with partial success.
...loops forever

当逆转身份验证方法时,它会在继续之前请求密码3次(成功!),这显然会导致自动化问题:

sftp -v -i uat.key -oPreferredAuthentications=password,publickey -oBatchMode=no <username>@<host>
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: password,publickey
debug1: Next authentication method: password
<username>@<host>'s password:
Authenticated with partial success.
debug1: Authentications that can continue: password,publickey
Permission denied, please try again.
<username>@<host>'s password:
Authenticated with partial success.
debug1: Authentications that can continue: password,publickey
Permission denied, please try again.
<username>@<host>'s password:
Authenticated with partial success.
debug1: Authentications that can continue: password,publickey
debug1: Next authentication method: publickey
debug1: Trying private key: uat.key
debug1: Authentication succeeded (publickey).
Authenticated to <username>@<host> ([<ip>]:22).
debug1: channel 0: new [client-session]
debug1: Entering interactive session.
debug1: pledge: network
debug1: Sending environment.
debug1: Sending env LANG = en_GB.UTF-8
debug1: Sending subsystem: sftp
Connected to <username>@<host>.
sftp> exit

我的挖掘让我发现了这一点IBM 文章从 2012 年开始涵盖第二个问题,但是我无法找到第一个命令中部分身份验证循环的解决方法。

有谁更了解 OpenSSH 吗?可以解释一下这个问题吗?

相关内容