我正在尝试使用 PEM 文件连接到 EC2 实例。
与我同事的 PC 之间的连接很顺畅,但我无法与自己的 PC 之间的连接。
编辑:添加 ssh 连接输出
矿:
$ ssh -i <path-to-pem-file> -v <user>@54.XXX.XXX.XXX
> OpenSSH_7.7p1, OpenSSL 1.1.0h 27 Mar 2018
> debug1: Reading configuration data [omitted]
> debug1: [omitted] line 6: Applying options for bastion-br
> debug1: Reading configuration data /etc/ssh/ssh_config
> debug1: Connecting to 54.XXX.XXX.XXX [54.XXX.XXX.XXX] port XXXX.
> debug1: Connection established.
> debug1: key_load_public: No such file or directory
> debug1: identity file [omitted] type -1
> debug1: key_load_public: No such file or directory
> debug1: identity file [omitted] type -1
> debug1: Local version string SSH-2.0-OpenSSH_7.7
> debug1: Remote protocol version 2.0, remote software version OpenSSH_6.2
> debug1: match: OpenSSH_6.2 pat OpenSSH* compat 0x04000000
> debug1: Authenticating to 54.94.244.114:22 as 'ec2-user'
> debug1: SSH2_MSG_KEXINIT sent
> debug1: SSH2_MSG_KEXINIT received
> debug1: kex: algorithm: ecdh-sha2-nistp256
> debug1: kex: host key algorithm: ecdsa-sha2-nistp256
> debug1: kex: server->client cipher: aes128-ctr MAC: [email protected] compression: none
> debug1: kex: client->server cipher: aes128-ctr MAC: [email protected] compression: none
> debug1: sending SSH2_MSG_KEX_ECDH_INIT
> debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
> debug1: Server host key: ecdsa-sha2-nistp256 SHA256:pX0Of93seImy5DAEsQRPyLlFnehoHio53U8YuYmWexA
> debug1: Host '54.XXX.XXX.XXX' is known and matches the ECDSA host key.
> debug1: Found key in .........../known_hosts:3
> debug1: rekey after 4294967296 blocks
> debug1: SSH2_MSG_NEWKEYS sent
> debug1: expecting SSH2_MSG_NEWKEYS
> debug1: SSH2_MSG_NEWKEYS received
> debug1: rekey after 4294967296 blocks
> debug1: SSH2_MSG_SERVICE_ACCEPT received
> debug1: Authentications that can continue: publickey
> debug1: Next authentication method: publickey
> debug1: Trying private key: [omitted]
> debug1: Authentications that can continue: publickey
> debug1: No more authentication methods to try.
> [email protected]: Permission denied (publickey).
他的:
OpenSSH_7.2p2 Ubuntu-4ubuntu2.4, OpenSSL 1.0.2g 1 Mar 2016
debug1: Reading configuration data [omitted]
debug1: [omitted] line 1: Applying options for old_bastion_br
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug1: Connecting to 54.XXX.XXX.XXX [54.XXX.XXX.XXX] port YYYY.
debug1: Connection established.
debug1: key_load_public: No such file or directory
debug1: identity file [omitted] type -1
debug1: key_load_public: No such file or directory
debug1: identity file [omitted] type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_7.2p2 Ubuntu-4ubuntu2.4
debug1: Remote protocol version 2.0, remote software version OpenSSH_6.2
debug1: match: OpenSSH_6.2 pat OpenSSH* compat 0x04000000
debug1: Authenticating to 54.XXX.XXX.XXX:YYYY as '[omitted]'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: ecdh-sha2-nistp256
debug1: kex: host key algorithm: ecdsa-sha2-nistp256
debug1: kex: server->client cipher: aes128-ctr MAC: [email protected] compression: none
debug1: kex: client->server cipher: aes128-ctr MAC: [email protected] compression: none
debug1: sending SSH2_MSG_KEX_ECDH_INIT
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:pX0Of93se...
debug1: Host '54.XXX.XXX.XXX' is known and matches the ECDSA host key.
debug1: Found key in [omitted]
debug1: rekey after 4294967296 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: rekey after 4294967296 blocks
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Offering RSA public key: bruno@bruno-easycarros-dell
debug1: Server accepts key: pkalg ssh-rsa blen 279
debug1: Authentication succeeded (publickey).
Authenticated to 54.XXX.XXX.XXX ([54.XXX.XXX.XXX]:YYYY).
debug1: channel 0: new [client-session]
debug1: Requesting [email protected]
debug1: Entering interactive session.
debug1: pledge: network
debug1: Requesting authentication agent forwarding.
debug1: Sending environment.
debug1: Sending env LC_PAPER = pt_BR.UTF-8
debug1: Sending env LC_ADDRESS = pt_BR.UTF-8
debug1: Sending env LC_MONETARY = pt_BR.UTF-8
debug1: Sending env LC_NUMERIC = pt_BR.UTF-8
debug1: Sending env LC_TELEPHONE = pt_BR.UTF-8
debug1: Sending env LC_IDENTIFICATION = pt_BR.UTF-8
debug1: Sending env LANG = en_US.UTF-8
debug1: Sending env LC_MEASUREMENT = pt_BR.UTF-8
debug1: Sending env LC_CTYPE = pt_BR.UTF-8
debug1: Sending env LC_TIME = pt_BR.UTF-8
debug1: Sending env LC_NAME = pt_BR.UTF-8
Last login: Fri Apr 20 16:55:34 2018 from 179.XXX.XXX.XXX
两个 PEM 文件都是完全相同的文件,从同一个地方下载,在换行符、字符集或其他方面没有任何区别。
以下是我注意到的一些差异:
字幕:
---他的配置+++我的配置
操作系统
$ uname -a
--- Linux <user> 4.4.0-119-generic #143-Ubuntu SMP Mon Apr 2 16:08:24 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux
+++ Linux <user> 4.16.2-1-MANJARO #1 SMP PREEMPT Thu Apr 12 17:46:07 UTC 2018 x86_64 GNU/Linux
OpenSSH 版本
$ ssh -V
--- OpenSSH_7.2p2 Ubuntu-4ubuntu2.4, OpenSSL 1.0.2g 1 Mar 2016
+++ OpenSSH_7.7p1, OpenSSL 1.1.0h 27 Mar 2018
条目创建于known_hosts
$ tail -n1 ~/.ssh/known_hosts
--- |1|mcQzUN92PAX...|GzyZZUknDcr... ecdsa-sha2-nistp256 AAAAE2VjZHNhL...
+++ 54.XXX.XXX.XXX ecdsa-sha2-nistp256 AAAAE2VjZHNhL...
该AAAAE2VjZHNhL...部分是相同的,我已经使用检查过了diff。
我不知道为什么在我的 PC 上它使用来自主机的纯 IP,而在他的 PC 上它使用某种 base64 编码的字符串,但也许这就是问题所在。
有关 EC2 主机的其他信息
我无法连接的主机安装了以下 OpenSSH 版本:
OpenSSH_6.2p2, OpenSSL 1.0.1k-fips 8 Jan 2015
我的同事能连接到上面的主机。我不能。
然而,有另一台(较新的)主机我可以成功连接其具有以下 OpenSSH 版本:
OpenSSH_7.2p2 Ubuntu-4ubuntu2.4, OpenSSL 1.0.2g 1 Mar 2016
我和我的同事能连接到该主机。
我不知道发生了什么事。