希望你们一切都好!
我正在尝试通过 bash 脚本访问 sftp 服务器,以便下载一些文件,然后将它们加载到表中。就这么简单!
我按照设置 SFTP 公钥认证我认为我做的还不错。
- 我确实创建了公共/私人 rsa 文件(没有密码)
- 我在服务器端将 id_rsa.pub 复制为 authorized_keys
- 我按照上面链接中提到的步骤设置了权限(700)
一开始,一切都运行正常,例如,当我尝试运行该命令时,我得到了预期的结果,即该命令运行时没有询问我密码。sftp /usr/ls.command [email protected]
ls
但是现在,当我尝试运行相同的命令时,我得到以下结果:
Permission denied (publickey,password). Couldn't read packet:
Connection reset by peer
我已经重新创建了公钥/私钥,将公钥复制到服务器端并设置了权限,但它不起作用。
这是本地端的 ls
root@server:~/.ssh> ls -lrt /root/.ssh/
total 12
-r-------- 1 root root 3538 Feb 7 09:54 known_hosts
-rw------- 1 root root 397 Jun 28 08:59 id_rsa.pub
-rw------- 1 root root 1679 Jun 28 08:59 id_rsa
这是服务器端的 ls:
sftp> ls -rlt
-rwx------ 1 meli sftpserver 397 Jun 28 10:01 authorized_keys
sftp>
这是 sftp -vvv 的输出[电子邮件保护]命令:
OpenSSH_5.9p1 Debian-5ubuntu1.4, OpenSSL 1.0.1 14 Mar 2012
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug2: ssh_connect: needpriv 0
debug1: Connecting to host.xxx.com [0.0.0.0] port 22.
debug1: Connection established.
debug1: permanently_set_uid: 0/0
debug3: Incorrect RSA1 identifier
这句话引起了我的注意:
debug3: Could not load "/root/.ssh/id_rsa" as a RSA1 public key
其余输出:
debug1: identity file /root/.ssh/id_rsa type 1
debug1: Checking blacklist file /usr/share/ssh/blacklist.RSA-2048
debug1: Checking blacklist file /etc/ssh/blacklist.RSA-2048
debug1: identity file /root/.ssh/id_rsa-cert type -1
debug1: identity file /root/.ssh/id_dsa type -1
debug1: identity file /root/.ssh/id_dsa-cert type -1
debug1: identity file /root/.ssh/id_ecdsa type -1
debug1: identity file /root/.ssh/id_ecdsa-cert type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_7.2p2 Ubuntu-4ubuntu2.2
debug1: match: OpenSSH_7.2p2 Ubuntu-4ubuntu2.2 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.9p1 Debian-5ubuntu1.4
debug2: fd 3 setting O_NONBLOCK
debug3: load_hostkeys: loading entries for host "host.xxx.com" from file "/root/.ssh/known_hosts"
debug3: load_hostkeys: found key type ECDSA in file /root/.ssh/known_hosts:8
debug3: load_hostkeys: loaded 1 keys
debug3: order_hostkeyalgs: prefer hostkeyalgs: xxx
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-sha1 none
debug1: kex: client->server aes128-ctr hmac-sha1 none
debug1: sending SSH2_MSG_KEX_ECDH_INIT
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ECDSA 7c:23:46:da:52:31:6e:75:d2:a3:7a:13:03:b6:7d:21
debug3: load_hostkeys: loading entries for host "host.xxx.com" from file "/root/.ssh/known_hosts"
debug3: load_hostkeys: found key type ECDSA in file /root/.ssh/known_hosts:8
debug3: load_hostkeys: loaded 1 keys
debug3: load_hostkeys: loading entries for host "0.0.0.0" from file "/root/.ssh/known_hosts"
debug3: load_hostkeys: found key type ECDSA in file /root/.ssh/known_hosts:9
debug3: load_hostkeys: loaded 1 keys
debug1: Host 'host.xxx.com' is known and matches the ECDSA host key.
debug1: Found key in /root/.ssh/known_hosts:8
debug1: ssh_ecdsa_verify: signature correct
debug2: kex_derive_keys
debug2: set_newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug2: set_newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug2: key: /root/.ssh/id_rsa (0x7f8bf66ed8e0)
debug2: key: /root/.ssh/id_dsa ((nil))
debug2: key: /root/.ssh/id_ecdsa ((nil))
debug1: Authentications that can continue: publickey,password
debug3: start over, passed a different list publickey,password
debug3: preferred gssapi-keyex,gssapi-with-mic,publickey,keyboard-interactive,password
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /root/.ssh/id_rsa
debug3: send_pubkey_test
debug2: we sent a publickey packet, wait for reply
debug1: Authentications that can continue: publickey,password
debug1: Trying private key: /root/.ssh/id_dsa
debug3: no such identity: /root/.ssh/id_dsa
debug1: Trying private key: /root/.ssh/id_ecdsa
debug3: no such identity: /root/.ssh/id_ecdsa
debug2: we did not send a packet, disable method
debug3: authmethod_lookup password
debug3: remaining preferred: ,password
debug3: authmethod_is_enabled password
debug1: Next authentication method: password
password:
有什么想法吗?谢谢!
答案1
sftp -b 似乎只能与非交互式身份验证结合使用。这就是为什么在批处理模式下使用 sftp 时不会提示您输入密码的原因。