ssh 权限被拒绝(公钥,键盘交互)

ssh 权限被拒绝(公钥,键盘交互)

为什么我坚持要问一个问题

我快速搜索了一下这个问题,并尝试了一些解决方案。但都没有用。

我做了什么

Termux 作为主机。安装了apt install openssh,创建了公钥ssh-keygen,密码为空。然后我继续使用cat id_rsa.pub >> authorized_keys。尝试在ssh localhost -p 8022 -i id_rsa主机上使用 ssh。没问题。但在ssh IP -p 8022 -i id_rsa客户机上使用,没有运气。我得到Permission denied (publickey,keyboard-interactive)

sshd -d

  • 从主机(成功)

    $ sshd -d
    debug1: sshd version OpenSSH_7.8, OpenSSL 1.1.1  11 Sep 2018
    debug1: private host key #0: ssh-rsa SHA256:iFL8gWX/82tKCisCVLKZBNPOqjhCJkc7FsMnrpgnvLQ
    debug1: private host key #1: ecdsa-sha2-nistp256 SHA256:e6xyxgJ4tsTWSgh/l8ugijsCnJNz10tc+CLtuLFiUvE
    debug1: private host key #2: ssh-ed25519 SHA256:5+j3igYvX5HjpIMV9OikSdhN9JxDzxhHkDfkA7huHp8
    debug1: rexec_argv[0]='/data/data/com.termux/files/usr/bin/sshd'
    debug1: rexec_argv[1]='-d'
    debug1: Bind to port 8022 on ::.
    Server listening on :: port 8022.
    debug1: Bind to port 8022 on 0.0.0.0.
    Server listening on 0.0.0.0 port 8022.
    debug1: Server will not fork when running in debugging mode.
    debug1: rexec start in 7 out 7 newsock 7 pipe -1 sock 10
    debug1: inetd sockets after dupping: 5, 5
    Connection from 127.0.0.1 port 54583 on 127.0.0.1 port 8022
    debug1: Client protocol version 2.0; client software version OpenSSH_7.8
    debug1: match: OpenSSH_7.8 pat OpenSSH* compat 0x04000000
    debug1: Local version string SSH-2.0-OpenSSH_7.8
    debug1: list_hostkey_types: rsa-sha2-512,rsa-sha2-256,ssh-rsa,ecdsa-sha2-nistp256,ssh-ed25519
    debug1: SSH2_MSG_KEXINIT sent
    debug1: SSH2_MSG_KEXINIT received
    debug1: kex: algorithm: curve25519-sha256
    debug1: kex: host key algorithm: ecdsa-sha2-nistp256
    debug1: kex: client->server cipher: [email protected] MAC: <implicit> compression: none
    debug1: kex: server->client cipher: [email protected] MAC: <implicit> compression: none
    debug1: expecting SSH2_MSG_KEX_ECDH_INIT
    debug1: rekey after 134217728 blocks
    debug1: SSH2_MSG_NEWKEYS sent
    debug1: expecting SSH2_MSG_NEWKEYS
    debug1: SSH2_MSG_NEWKEYS received
    debug1: rekey after 134217728 blocks
    debug1: KEX done
    debug1: userauth-request for user u0_a121 service ssh-connection method none
    debug1: attempt 0 failures 0
    Failed none for u0_a121 from 127.0.0.1 port 54583 ssh2
    debug1: userauth-request for user u0_a121 service ssh-connection method publickey
    debug1: attempt 1 failures 0
    debug1: userauth_pubkey: test pkalg rsa-sha2-512 pkblob RSA SHA256:R9btL/xmY/LOZrXIoPjARJxTpAkWUyR4QB5bAIVlEh0
    debug1: temporarily_use_uid: 10121/10121 (e=10121/10121)
    debug1: trying public key file /data/data/com.termux/files/home/.ssh/authorized_keys
    debug1: fd 9 clearing O_NONBLOCK
    debug1: /data/data/com.termux/files/home/.ssh/authorized_keys:2: matching key found: RSA SHA256:R9btL/xmY/LOZrXIoPjARJxTpAkWUyR4QB5bAIVlEh0
    debug1: /data/data/com.termux/files/home/.ssh/authorized_keys:2: key options: agent-forwarding port-forwarding pty user-rc x11-forwarding
    Accepted key RSA SHA256:R9btL/xmY/LOZrXIoPjARJxTpAkWUyR4QB5bAIVlEh0 found at /data/data/com.termux/files/home/.ssh/authorized_keys:2
    debug1: restore_uid: (unprivileged)
    Postponed publickey for u0_a121 from 127.0.0.1 port 54583 ssh2
    debug1: userauth-request for user u0_a121 service ssh-connection method publickey
    debug1: attempt 2 failures 0
    debug1: temporarily_use_uid: 10121/10121 (e=10121/10121)
    debug1: trying public key file /data/data/com.termux/files/home/.ssh/authorized_keys
    debug1: fd 9 clearing O_NONBLOCK
    debug1: /data/data/com.termux/files/home/.ssh/authorized_keys:2: matching key found: RSA SHA256:R9btL/xmY/LOZrXIoPjARJxTpAkWUyR4QB5bAIVlEh0
    debug1: /data/data/com.termux/files/home/.ssh/authorized_keys:2: key options: agent-forwarding port-forwarding pty user-rc x11-forwarding
    Accepted key RSA SHA256:R9btL/xmY/LOZrXIoPjARJxTpAkWUyR4QB5bAIVlEh0 found at /data/data/com.termux/files/home/.ssh/authorized_keys:2
    debug1: restore_uid: (unprivileged)
    debug1: auth_activate_options: setting new authentication options
    Accepted publickey for u0_a121 from 127.0.0.1 port 54583 ssh2: RSA SHA256:R9btL/xmY/LOZrXIoPjARJxTpAkWUyR4QB5bAIVlEh0
    debug1: active: key options: agent-forwarding port-forwarding pty user-rc x11-forwarding
    debug1: Entering interactive session for SSH2.
    debug1: server_init_dispatch
    debug1: server_input_channel_open: ctype session rchan 0 win 1048576 max 16384
    debug1: input_session_request
    debug1: channel 0: new [server-session]
    debug1: session_new: session 0
    debug1: session_open: channel 0
    debug1: session_open: session 0: link with channel 0debug1: session_open: session 0: link with channel 0
    debug1: server_input_channel_open: confirm session
    debug1: server_input_global_request: rtype [email protected] want_reply 0
    debug1: server_input_channel_req: channel 0 request pty-req reply 1
    debug1: session_by_channel: session 0 channel 0
    debug1: session_input_channel_req: session 0 req pty-req
    debug1: Allocating pty.
    debug1: session_pty_req: session 0 alloc /dev/pts/2
    debug1: server_input_channel_req: channel 0 request env reply 0
    debug1: session_by_channel: session 0 channel 0
    debug1: session_input_channel_req: session 0 req env
    debug1: server_input_channel_req: channel 0 request shell reply 1
    debug1: session_by_channel: session 0 channel 0
    debug1: session_input_channel_req: session 0 req shell
    Starting session: shell on pts/2 for u0_a121 from 127.0.0.1 port 54583 id 0
    debug1: Setting controlling tty using TIOCSCTTY.
    
  • 来自客户机(权限被拒绝)

    $ sshd -d
    debug1: sshd version OpenSSH_7.8, OpenSSL 1.1.1  11 Sep 2018
    debug1: private host key #0: ssh-rsa SHA256:iFL8gWX/82tKCisCVLKZBNPOqjhCJkc7FsMnrpgnvLQ
    debug1: private host key #1: ecdsa-sha2-nistp256 SHA256:e6xyxgJ4tsTWSgh/l8ugijsCnJNz10tc+CLtuLFiUvE
    debug1: private host key #2: ssh-ed25519 SHA256:5+j3igYvX5HjpIMV9OikSdhN9JxDzxhHkDfkA7huHp8
    debug1: rexec_argv[0]='/data/data/com.termux/files/usr/bin/sshd'
    debug1: rexec_argv[1]='-d'
    debug1: Bind to port 8022 on ::.
    Server listening on :: port 8022.
    debug1: Bind to port 8022 on 0.0.0.0.
    Server listening on 0.0.0.0 port 8022.
    debug1: Server will not fork when running in debugging mode.
    debug1: rexec start in 7 out 7 newsock 7 pipe -1 sock 10
    debug1: inetd sockets after dupping: 5, 5
    Connection from 192.168.0.154 port 45802 on 192.168.0.197 port 8022
    debug1: Client protocol version 2.0; client software version OpenSSH_7.4p1 Debian-10+deb9u4
    debug1: match: OpenSSH_7.4p1 Debian-10+deb9u4 pat OpenSSH_7.0*,OpenSSH_7.1*,OpenSSH_7.2*,OpenSSH_7.3*,OpenSSH_7.4*,OpenSSH_7.5*,OpenSSH_7.6*,OpenSSH_7.7* compat 0x04000002
    debug1: Local version string SSH-2.0-OpenSSH_7.8
    debug1: list_hostkey_types: rsa-sha2-512,rsa-sha2-256,ssh-rsa,ecdsa-sha2-nistp256,ssh-ed25519
    debug1: SSH2_MSG_KEXINIT sent
    debug1: SSH2_MSG_KEXINIT received
    debug1: kex: algorithm: curve25519-sha256
    debug1: kex: host key algorithm: ecdsa-sha2-nistp256
    debug1: kex: client->server cipher: [email protected] MAC: <implicit> compression: none
    debug1: kex: server->client cipher: [email protected] MAC: <implicit> compression: none
    debug1: expecting SSH2_MSG_KEX_ECDH_INIT
    debug1: rekey after 134217728 blocks
    debug1: SSH2_MSG_NEWKEYS sent
    debug1: expecting SSH2_MSG_NEWKEYS
    debug1: SSH2_MSG_NEWKEYS received
    debug1: rekey after 134217728 blocks
    debug1: KEX done
    debug1: userauth-request for user izzatnasrun service ssh-connection method none
    debug1: attempt 0 failures 0
    Failed none for izzatnasrun from 192.168.0.154 port 45802 ssh2
    debug1: userauth-request for user izzatnasrun service ssh-connection method keyboard-interactive
    debug1: attempt 1 failures 0
    debug1: keyboard-interactive devs
    debug1: auth2_challenge: user=izzatnasrun devs=
    debug1: kbdint_alloc: devices ''
    Failed keyboard-interactive for izzatnasrun from 192.168.0.154 port 45802 ssh2
    Connection closed by authenticating user izzatnasrun 192.168.0.154 port 45802
    debug1: do_cleanup
    

笔记

  • 主机上的权限如下

    chmod 600 ~/.ssh/authorized_keys
    chmod 700 ~/.ssh
    chmod 700 ~
    
  • Termux sshd 默认设置为 8022

  • Termux 不接受密码,因此PasswordAuthentication no是必须的

答案1

公钥应该在客户机上创建。因此,客户机ssh-keygencat id_rsa.pub >> authorized_keys主机都id_rsa.pub来自客户机和authorized_keys主机。

相关内容