我尝试对 Hetzner 备份空间进行 SSH 密钥认证。首先,我在自己的机器上生成公钥和私钥,然后使用以下命令:
server> cat .ssh/id_rsa.pub >> storagebox_authorized_keys
执行此命令后
echo -e "mkdir .ssh \n chmod 700 .ssh \n put storagebox_authorized_keys .ssh/authorized_keys \n chmod 600 .ssh/authorized_keys" | sftp <username>@<username>.your-storagebox.de
登录sftp后出现错误:
Load key "/root/.ssh/id_rsa.pub": invalid format
调试:
OpenSSH_7.6p1 Ubuntu-4ubuntu0.2, OpenSSL 1.0.2n 7 Dec 2017
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug1: /etc/ssh/ssh_config line 53: Applying options for user.your-backup.de
debug1: Connecting to user.your-backup.de [2a01:4f8:b19:3000::14] port 22.
debug1: Connection established.
debug1: permanently_set_uid: 0/0
debug1: identity file /root/.ssh/id_rsa.pub type 0
debug1: key_load_public: No such file or directory
debug1: identity file /root/.ssh/id_rsa.pub-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_7.6p1 Ubuntu-4ubuntu0.2
debug1: Remote protocol version 2.0, remote software version mod_sftp
debug1: no match: mod_sftp
debug1: Authenticating to user.your-backup.de:22 as 'user'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: ecdh-sha2-nistp256
debug1: kex: host key algorithm: ssh-rsa
debug1: kex: server->client cipher: aes128-ctr MAC: [email protected] compression: none
debug1: kex: client->server cipher: aes128-ctr MAC: [email protected] compression: none
debug1: sending SSH2_MSG_KEX_ECDH_INIT
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ssh-rsa SHA256:EXMPL
debug1: Host 'user.your-backup.de' is known and matches the RSA host key.
debug1: Found key in /root/.ssh/known_hosts:1
debug1: rekey after 4294967296 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey after 4294967296 blocks
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: Offering public key: RSA SHA256:EXMPL /root/.ssh/id_rsa.pub
debug1: Server accepts key: pkalg ssh-rsa blen 279
Load key "/root/.ssh/id_rsa.pub": invalid format
debug1: Next authentication method: password
我该如何解决这个问题?
更新内容id_rsa.pub:
ssh-rsa string with slash and symbols
生成该调试输出的命令行: 。两个文件的内容相同。ssh -v [email protected]
UPD2:删除以下几行后/etc/ssh/ssh_config
Host user.your-backup.de
User u198752
IdentityFile ~/.ssh/id_rsa.pub
我生成了新的 ssh-key,但没有密钥密码,并且出现了新的错误:
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug1: Connecting to user.your-backup.de [2a01:4f8:b19:3000::14] port 22.
debug1: Connection established.
debug1: permanently_set_uid: 0/0
debug1: identity file /root/.ssh/id_rsa type 0
debug1: key_load_public: No such file or directory
debug1: identity file /root/.ssh/id_rsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /root/.ssh/id_dsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /root/.ssh/id_dsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /root/.ssh/id_ecdsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /root/.ssh/id_ecdsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /root/.ssh/id_ed25519 type -1
debug1: key_load_public: No such file or directory
debug1: identity file /root/.ssh/id_ed25519-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_7.6p1 Ubuntu-4ubuntu0.2
debug1: Remote protocol version 2.0, remote software version mod_sftp
debug1: no match: mod_sftp
debug1: Authenticating to user.your-backup.de:22 as 'u198752'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: ecdh-sha2-nistp256
debug1: kex: host key algorithm: ssh-rsa
debug1: kex: server->client cipher: aes128-ctr MAC: [email protected] compression: none
debug1: kex: client->server cipher: aes128-ctr MAC: [email protected] compression: none
debug1: sending SSH2_MSG_KEX_ECDH_INIT
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ssh-rsa SHA256:exmpl
debug1: Host 'user.your-backup.de' is known and matches the RSA host key.
debug1: Found key in /root/.ssh/known_hosts:2
debug1: rekey after 4294967296 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey after 4294967296 blocks
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: Offering public key: RSA SHA256:lexmpl /root/.ssh/id_rsa
debug1: Server accepts key: pkalg ssh-rsa blen 279
debug1: Authentications that can continue: publickey,password
debug1: Trying private key: /root/.ssh/id_dsa
debug1: Trying private key: /root/.ssh/id_ecdsa
debug1: Trying private key: /root/.ssh/id_ed25519
debug1: Next authentication method: password
UPD3:我从头开始执行了所有步骤:创建了一个新的密钥对,将公钥移至 authorized_keys,将 ssh_config 返回到其原始状态。现在调试输出的最后一行是:
debug1: Next authentication method: publickey
debug1: Offering public key: RSA SHA256:EXMPL /root/.ssh/id_rsa
debug1: Server accepts key: pkalg ssh-rsa blen 279
debug1: Authentications that can continue: publickey,password
debug1: Trying private key: /root/.ssh/id_dsa
debug1: Trying private key: /root/.ssh/id_ecdsa
debug1: Trying private key: /root/.ssh/id_ed25519
debug1: Next authentication method: password
答案1
问题出在您的本地计算机上,而不是 Hetzner 备份空间上。
如果在调用时未指定身份文件ssh,则您的某个配置文件中一定有一个错误的名称。它会尝试将公钥加载为私钥。
尝试
ssh -v -F /dev/null [email protected]
作为参考,请与此命令进行比较:
$ ssh -v -i /etc/issue [email protected]
OpenSSH_7.6p1 Ubuntu-4ubuntu0.2, OpenSSL 1.0.2n 7 Dec 2017
...
Load key "/etc/issue": invalid format
该选项-i用于指定私钥,因此在你的配置中某处必须有一些东西尝试加载私人的密钥来自/root/.ssh/id_rsa.pub,但文件包含民众钥匙。
编辑
为了解决您评论中的一些困惑:
- 您可以使用 创建密钥对
ssh-keygen。这会将公钥保存在 中id_rsa.pub,将私钥保存在 中id_rsa(除非您另行指定)。 - 私钥应保持私密,永远不会离开您的系统。
- 公共部分被复制到
authorized_keys目标系统上的文件中,而不是私钥。 - 除非您知道自己在做什么,否则不应更改的公共部分
ssh_config。Host * - 此建议
-F /dev/null只是为了避免加载错误的配置,而不是为了实际使用。
答案2
我也犯了同样的错误。
加载密钥“key_name”:格式无效
我已经解决了。我建议检查两件事:
如果您正在使用
~/.ssh/config,请检查您是否已在此处指定私钥。如果您在此处指定了公钥,您将收到错误。请检查你的
echo $HOME。在某些操作系统(如 Ubuntu/Debian)中,当你输入:$ sudo bash
您的$HOME目录保持不变。我的意思是它不是/root。因此,操作系统正在/home/user/.ssh/目录中寻找 SSH 密钥,但您认为它正在使用/root/.ssh目录。
因此请检查的输出echo $HOME。
答案3
谢谢你的帮助,但我决定使用这教训,它很有帮助。
编辑:使用这个 bash 脚本和钥匙串:
#!/bin/bash
# Remote Server Rsync backup Replication Shell Script
# Local dir location
LOCALBAKPOINT=/iscsi
LOCALBAKDIR=/backups/server1.nixcraft.net.in/wwwroot
# Remote ssh server setup
SSHUER=root
SSHSERVER=server1.nixcraft.net.in
SSHBACKUPROOT=/wwwroot
# Make sure you can log in to remote server without a password
source $HOME/.keychain/$HOSTNAME-sh
# Make sure local backup dir exists
[ ! -d ${LOCALBAKPOINT}${LOCALBAKDIR} ] && mkdir -p ${LOCALBAKPOINT}${LOCALBAKDIR}
# Start backup
/usr/bin/rsync --exclude '*access.log*' --exclude '*error.log*' -avz -e 'ssh ' ${SSHUER}@${SSHSERVER}:${SSHBACKUPROOT} ${LOCALBAKPOINT}${LOCALBAKDIR}
# See if backup failed or not to /var/log/messages file
[ $? -eq 0 ] && logger 'RSYNC BACKUP : Done' || logger 'RSYNC BACKUP : FAILED!'