Windows 10 sshd-无密码传入 ssh 需要密码

tag-icon tag-icon linux windows permissions sshd
Windows 10 sshd-无密码传入 ssh 需要密码

我正在尝试从 Linux Mint 19.1 主机到 Windows 10 主机设置无密码、无密码短语的 ssh。Windows 10 主机上有 OpenSSH_for_Windows_7.7p1。这是 Microsoft 的 OpenSSH 端口。

我可以为管理员帐户设置此功能,但非特权帐户对我来说不起作用。管理员帐户的操作方式不同。

我尝试过很多不同的方法,但是我觉得下面这个方法应该有效,但是它出了什么问题:

我使用 mkdir 和 echo >(或 mkdir 和 cygwin vi - 结果相同)创建了一个 /Users/Alden Stromberg/.ssh/authorized_keys 文件。

然后我使用 OpenSSHUtils试图设置正确的权限:

PS C:\Users\Alden Stromberg\.ssh> Import-Module 'C:\Program Files\WindowsPowerShell\Modules\OpenSSHUtils\0.0.2.0\OpenSSHUtils.psd1'

PS C:\Users\Alden Stromberg\.ssh> Repair-AuthorizedKeyPermission .\authorized_keys                                                   
  [*] .\authorized_keys 

'NT AUTHORITY\SYSTEM' has the following access to '.\authorized_keys': 'Deny'-'ExecuteFile'.
Shall I make it Allow FullControl?
[Y] Yes  [A] Yes to All  [N] No  [L] No to All  [S] Suspend  [?] Help (default is "Y"):  
Exception calling "SetAccessRule" with "1" argument(s): "This access control list is not in canonical form and therefore cannot be  
modified."
At C:\Program Files\WindowsPowerShell\Modules\OpenSSHUtils\0.0.2.0\OpenSSHUtils.psm1:399 char:17
+                 $acl.SetAccessRule($ace)
+                 ~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (:) [], MethodInvocationException
    + FullyQualifiedErrorId : InvalidOperationException

'NT AUTHORITY\SYSTEM' now has FullControl access to '.\authorized_keys'. 

'DESKTOP-A31M9SV\None' should not have access to '.\authorized_keys'..
Shall I remove this access?
[Y] Yes  [A] Yes to All  [N] No  [L] No to All  [S] Suspend  [?] Help (default is "Y"):
Exception calling "RemoveAccessRule" with "1" argument(s): "This access control list is not in canonical form and therefore cannot  
be modified."
At C:\Program Files\WindowsPowerShell\Modules\OpenSSHUtils\0.0.2.0\OpenSSHUtils.psm1:490 char:20
+                 if(-not ($acl.RemoveAccessRule($ace)))
+                    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (:) [], MethodInvocationException
    + FullyQualifiedErrorId : InvalidOperationException


'Everyone' should not have access to '.\authorized_keys'..
Shall I remove this access?
[Y] Yes  [A] Yes to All  [N] No  [L] No to All  [S] Suspend  [?] Help (default is "Y"):  
Exception calling "RemoveAccessRule" with "1" argument(s): "This access control list is not in canonical form and therefore cannot  
be modified."
At C:\Program Files\WindowsPowerShell\Modules\OpenSSHUtils\0.0.2.0\OpenSSHUtils.psm1:490 char:20
+                 if(-not ($acl.RemoveAccessRule($ace)))
+                    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (:) [], MethodInvocationException
    + FullyQualifiedErrorId : InvalidOperationException


'NT SERVICE\sshd' needs Read access to '.\authorized_keys'.
Shall I make the above change?
[Y] Yes  [A] Yes to All  [N] No  [L] No to All  [S] Suspend  [?] Help (default is "Y"):
Exception calling "AddAccessRule" with "1" argument(s): "This access control list is not in canonical form and therefore cannot be  
modified."
At C:\Program Files\WindowsPowerShell\Modules\OpenSSHUtils\0.0.2.0\OpenSSHUtils.psm1:564 char:21
+                     $acl.AddAccessRule($ace)
+                     ~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (:) [], MethodInvocationException
    + FullyQualifiedErrorId : InvalidOperationException

'NT SERVICE\sshd' now has Read access to '.\authorized_keys'.
Set-Acl : The process does not possess the 'SeSecurityPrivilege' privilege which is required for this operation.
At C:\Program Files\WindowsPowerShell\Modules\OpenSSHUtils\0.0.2.0\OpenSSHUtils.psm1:582 char:9 
+         Set-Acl -Path $FilePath -AclObject $acl -Confirm:$false
+         ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : PermissionDenied: (C:\Users\Alden ...authorized_keys:String) [Set-Acl], PrivilegeNotHeldException      
    + FullyQualifiedErrorId : System.Security.AccessControl.PrivilegeNotHeldException,Microsoft.PowerShell.Commands.SetAclCommand    

      Repaired permissions

为了修复非规范的 ACL,我尝试了:

icacls.exe .\authorized_keys /reset /T /C /L /Q

...但随后重新运行 Repair-AuthorizedKeyPermission 并没有任何效果。

我做错了什么?0.0.2.0\OpenSSHUtils.psm1 是否已过期?

为了完整起见,以下是适用于管理员帐户的操作:

get-acl c:\ProgramData\ssh\ssh_host_dsa_key | set-acl c:\ProgramData\ssh\administrators_authorized_keys

谢谢!

答案1

对我来说,解决这个问题的方法是使用文件comment out末尾的这两行代码C:\ProgramData\ssh\sshd_config

Match Group administrators
      AuthorizedKeysFile __PROGRAMDATA__/ssh/administrators_authorized_keys

然后重新启动 sshd。之后(并将公钥添加到 ~/.ssh/authorized_keys 并确保该文件具有正确的权限),系统不再提示我输入密码。

答案2

使非管理员帐户能够进行无密码身份验证的一种方法如下: https://www.techpaste.com/2015/06/windows-ssh-server-setup-and-configuration/

简而言之,将这些内容放入您的 中sshd_config,根据需要取消注释预先存在的条目,位于c:\ProgramData\ssh\

PermitRootLogin yes
StrictModes no
RSAAuthentication yes
PubkeyAuthentication yes
AuthorizedKeysFile .ssh/authorized_keys
IgnoreUserKnownHosts yes

然后net stop sshdnet start sshd

这可能意味着您的authorized_keys可被计算机上的每个人读取,但至少它是有效的。

相关内容