无法使用 PuTTY 进行 Kerberos 身份验证,但可以使用 WinSCP

无法使用 PuTTY 进行 Kerberos 身份验证,但可以使用 WinSCP

我一直在使用带有 Kerberos 身份验证的 PuTTY 连接到工作服务器,但不小心用空白模板覆盖了我的设置(不确定为什么“保存”和“加载”按钮紧挨着……)。现在,即使我认为我已经按照之前的方式设置了设置,我也无法使用 PuTTY 进行连接;我收到错误消息

已断开连接:无可用的受支持身份验证方法(服务器发送:)

我在网上看到了很多关于该消息何时返回以及服务器发送公钥的信息,但我的消息中服务器什么都没发送,我在网上找不到。我尝试获取新的 Kerberos 密钥,让 PuTTY 手动查找密钥,并gssapi32.dll自己指定文件,但都无济于事。

让我感到奇怪的是,WinSCP 可以正常连接到服务器,并且那里的连接设置没有什么特别之处。但是,当我让 WinSCP 打开 PuTTY 会话时,我尝试连接时收到相同的错误消息。我已经检查过以确保 WinSCP 不会只是打开已保存的会话,但这并没有解决问题。

我在 Windows 10 上使用 PuTTY 版本 0.70 和 WinSCP 版本 5.13.3

编辑:根据要求,以下是来自 PuTTY 和 WinSCP 会话的日志:

油灰:

    =~=~=~=~=~=~=~=~=~=~=~= PuTTY log 2019.06.07 10:11:18 =~=~=~=~=~=~=~=~=~=~=~=
Event Log: Writing new session log (SSH packets mode) to file: putty.log
Event Log: Connecting to 131.225.64.57 port 22
Event Log: We claim version: SSH-2.0-PuTTY_Release_0.70
Event Log: Server version: SSH-2.0-OpenSSH_5.3
Event Log: We believe remote version has SSH-2 channel request bug
Event Log: Using SSH protocol version 2
Event Log: Doing Diffie-Hellman group exchange
Event Log: Doing Diffie-Hellman key exchange with hash SHA-256
Event Log: Server also has ssh-dss host key, but we don't know it
Event Log: Host key fingerprint is:
Event Log: ssh-rsa 2048 3d:3f:3f:b4:37:90:97:a7:28:a6:bf:3d:e8:40:0b:d4
Event Log: Initialised AES-256 SDCTR client->server encryption
Event Log: Initialised HMAC-SHA-256 client->server MAC algorithm
Event Log: Initialised AES-256 SDCTR server->client encryption
Event Log: Initialised HMAC-SHA-256 server->client MAC algorithm                                   .
Event Log: Using SSPI from SECUR32.DLL
Event Log: Attempting GSSAPI authentication
Event Log: GSSAPI authentication initialisation failed
Event Log: No credentials are available in the security package.
Event Log: Disconnected: No supported authentication methods available (server sent: )

温SCP:

. 2019-06-07 10:04:51.839 --------------------------------------------------------------------------
. 2019-06-07 10:04:51.840 WinSCP Version 5.13.3 (Build 8565) (OS 10.0.17763 - Windows 10 Home)
. 2019-06-07 10:04:51.840 Configuration: HKCU\Software\Martin Prikryl\WinSCP 2\
. 2019-06-07 10:04:51.840 Log level: Normal
. 2019-06-07 10:04:51.840 Local account: MATT-OMEN\mattd
. 2019-06-07 10:04:51.840 Working directory: C:\Program Files (x86)\WinSCP
. 2019-06-07 10:04:51.840 Process ID: 19196
. 2019-06-07 10:04:51.840 Command-line: "C:\Program Files (x86)\WinSCP\WinSCP.exe" 
. 2019-06-07 10:04:51.840 Time zone: Current: GMT+2, Standard: GMT+1 (Romance Standard Time), DST: GMT+2 (Romance Daylight Time), DST Start: 3/31/2019, DST End: 10/27/2019
. 2019-06-07 10:04:51.841 Login time: Friday, June 7, 2019 10:04:51 AM
. 2019-06-07 10:04:51.841 --------------------------------------------------------------------------
. 2019-06-07 10:04:51.841 Session name: DarkSide (Site)
. 2019-06-07 10:04:51.841 Host name: ds50srv01.fnal.gov (Port: 22)
. 2019-06-07 10:04:51.841 User name: mdowning (Password: No, Key file: No, Passphrase: No)
. 2019-06-07 10:04:51.841 Tunnel: No
. 2019-06-07 10:04:51.841 Transfer Protocol: SFTP (SCP)
. 2019-06-07 10:04:51.841 Ping type: Off, Ping interval: 30 sec; Timeout: 15 sec
. 2019-06-07 10:04:51.841 Disable Nagle: No
. 2019-06-07 10:04:51.841 Proxy: None
. 2019-06-07 10:04:51.841 Send buffer: 262144
. 2019-06-07 10:04:51.841 SSH protocol version: 2; Compression: No
. 2019-06-07 10:04:51.841 Bypass authentication: No
. 2019-06-07 10:04:51.841 Try agent: Yes; Agent forwarding: No; TIS/CryptoCard: No; KI: Yes; GSSAPI: Yes
. 2019-06-07 10:04:51.841 GSSAPI: Forwarding: No; Libs: gssapi32,sspi,custom; Custom: 
. 2019-06-07 10:04:51.841 Ciphers: aes,chacha20,blowfish,3des,WARN,arcfour,des; Ssh2DES: No
. 2019-06-07 10:04:51.841 KEX: ecdh,dh-gex-sha1,dh-group14-sha1,rsa,WARN,dh-group1-sha1
. 2019-06-07 10:04:51.841 SSH Bugs: Auto,Auto,Auto,Auto,Auto,Auto,Auto,Auto,Auto,Auto,Auto,Auto,Auto
. 2019-06-07 10:04:51.841 Simple channel: Yes
. 2019-06-07 10:04:51.841 Return code variable: Autodetect; Lookup user groups: Auto
. 2019-06-07 10:04:51.841 Shell: default
. 2019-06-07 10:04:51.841 EOL: LF, UTF: Auto
. 2019-06-07 10:04:51.841 Clear aliases: Yes, Unset nat.vars: Yes, Resolve symlinks: Yes; Follow directory symlinks: No
. 2019-06-07 10:04:51.841 LS: ls -la, Ign LS warn: Yes, Scp1 Comp: No
. 2019-06-07 10:04:51.841 SFTP Bugs: Auto,Auto
. 2019-06-07 10:04:51.841 SFTP Server: default
. 2019-06-07 10:04:51.842 Local directory: C:\Users\mattd\OneDrive\Documents\PocarLab\walter, Remote directory: /ds50/app/user/mdowning/simul, Update: Yes, Cache: Yes
. 2019-06-07 10:04:51.842 Cache directory changes: Yes, Permanent: Yes
. 2019-06-07 10:04:51.842 Recycle bin: Delete to: No, Overwritten to: No, Bin path: 
. 2019-06-07 10:04:51.842 DST mode: Unix
. 2019-06-07 10:04:51.842 --------------------------------------------------------------------------
. 2019-06-07 10:04:51.875 Looking up host "ds50srv01.fnal.gov" for SSH connection
. 2019-06-07 10:04:51.894 Connecting to 131.225.64.57 port 22
. 2019-06-07 10:04:52.371 We claim version: SSH-2.0-WinSCP_release_5.13.3
. 2019-06-07 10:04:53.263 Server version: SSH-2.0-OpenSSH_5.3
. 2019-06-07 10:04:53.263 We believe remote version has SSH-2 channel request bug
. 2019-06-07 10:04:53.263 Using SSH protocol version 2
. 2019-06-07 10:04:53.263 Have a known host key of type rsa2
. 2019-06-07 10:04:53.633 Doing Diffie-Hellman group exchange
. 2019-06-07 10:04:53.896 Doing Diffie-Hellman key exchange with hash SHA-256
. 2019-06-07 10:04:54.655 Server also has ssh-dss host key, but we don't know it
. 2019-06-07 10:04:54.655 Host key fingerprint is:
. 2019-06-07 10:04:54.655 ssh-rsa 2048 3d:3f:3f:b4:37:90:97:a7:28:a6:bf:3d:e8:40:0b:d4 txbqNaAYtPldQ6hr/OlzTnoKdxEd4e/EB6q7PcGR7n0=
. 2019-06-07 10:04:54.689 Host key matches cached key
. 2019-06-07 10:04:54.690 Initialised AES-256 SDCTR client->server encryption
. 2019-06-07 10:04:54.690 Initialised HMAC-SHA-256 client->server MAC algorithm
. 2019-06-07 10:04:54.690 Initialised AES-256 SDCTR server->client encryption
. 2019-06-07 10:04:54.690 Initialised HMAC-SHA-256 server->client MAC algorithm
! 2019-06-07 10:04:55.998 Using username "mdowning".
. 2019-06-07 10:04:56.607 Server offered these authentication methods: gssapi-keyex,gssapi-with-mic
. 2019-06-07 10:04:56.612 Using GSSAPI from GSSAPI32.DLL
. 2019-06-07 10:04:56.612 Attempting GSSAPI authentication
. 2019-06-07 10:04:56.934 GSSAPI authentication initialised
. 2019-06-07 10:04:57.340 GSSAPI authentication initialised
. 2019-06-07 10:04:57.340 GSSAPI authentication loop finished OK
. 2019-06-07 10:04:57.716 Access granted
. 2019-06-07 10:04:57.716 Opening session as main channel
. 2019-06-07 10:04:58.891 Opened main channel
. 2019-06-07 10:05:01.318 Started a shell/command
. 2019-06-07 10:05:01.353 --------------------------------------------------------------------------
. 2019-06-07 10:05:01.353 Using SFTP protocol.
. 2019-06-07 10:05:01.353 Doing startup conversation with host.
> 2019-06-07 10:05:01.367 Type: SSH_FXP_INIT, Size: 5, Number: -1
< 2019-06-07 10:05:01.675 Type: SSH_FXP_VERSION, Size: 95, Number: -1
. 2019-06-07 10:05:01.675 SFTP version 3 negotiated.
. 2019-06-07 10:05:01.675 Unknown server extension [email protected]="1"
. 2019-06-07 10:05:01.675 Supports [email protected] extension version "2"
. 2019-06-07 10:05:01.675 Unknown server extension [email protected]="2"
. 2019-06-07 10:05:01.675 We believe the server has signed timestamps bug
. 2019-06-07 10:05:01.675 We will use UTF-8 strings until server sends an invalid UTF-8 string as with SFTP version 3 and older UTF-8 strings are not mandatory
. 2019-06-07 10:05:01.675 Limiting packet size to OpenSSH sftp-server limit of 262148 bytes
. 2019-06-07 10:05:01.675 Changing directory to "/ds50/app/user/mdowning/simul".
. 2019-06-07 10:05:01.675 Getting real path for '/ds50/app/user/mdowning/simul'
> 2019-06-07 10:05:01.675 Type: SSH_FXP_REALPATH, Size: 38, Number: 16
< 2019-06-07 10:05:01.869 Type: SSH_FXP_NAME, Size: 79, Number: 16
. 2019-06-07 10:05:01.869 Real path is '/ds50/app/user/mdowning/simul'
. 2019-06-07 10:05:01.869 Trying to open directory "/ds50/app/user/mdowning/simul".
> 2019-06-07 10:05:01.869 Type: SSH_FXP_LSTAT, Size: 38, Number: 263
< 2019-06-07 10:05:02.375 Type: SSH_FXP_ATTRS, Size: 37, Number: 263
. 2019-06-07 10:05:02.375 Getting current directory name.
. 2019-06-07 10:05:02.422 Listing directory "/ds50/app/user/mdowning/simul".
> 2019-06-07 10:05:02.422 Type: SSH_FXP_OPENDIR, Size: 38, Number: 523
< 2019-06-07 10:05:02.674 Type: SSH_FXP_HANDLE, Size: 13, Number: 523
> 2019-06-07 10:05:02.674 Type: SSH_FXP_READDIR, Size: 13, Number: 780
< 2019-06-07 10:05:03.706 Type: SSH_FXP_NAME, Size: 1451, Number: 780
> 2019-06-07 10:05:03.706 Type: SSH_FXP_READDIR, Size: 13, Number: 1036
< 2019-06-07 10:05:04.619 Type: SSH_FXP_STATUS, Size: 28, Number: 1036
< 2019-06-07 10:05:04.619 Status code: 1
> 2019-06-07 10:05:04.619 Type: SSH_FXP_CLOSE, Size: 13, Number: 1284
. 2019-06-07 10:05:04.619 ..;d;0;2018-08-13T16:23:41.000Z;3;"mdowning" [52643];"darkside" [9985];rwxr-s--x;0
. 2019-06-07 10:05:04.620 max_s1_frac_cut_fixed_acceptance_full_stats.root;-;3947179;2017-04-21T17:28:37.000Z;3;"mdowning" [52643];"darkside" [9985];rw-r--r--;0
. 2019-06-07 10:05:04.620 setup_root;-;357;2017-04-21T17:28:37.000Z;3;"mdowning" [52643];"darkside" [9985];rw-r--r--;0
. 2019-06-07 10:05:04.620 setup_root~;-;0;2017-04-21T17:28:37.000Z;3;"mdowning" [52643];"darkside" [9985];rw-r--r--;0
. 2019-06-07 10:05:04.620 my_copy;d;0;2017-04-21T17:28:57.000Z;3;"mdowning" [52643];"darkside" [9985];rwxr-sr-x;0
. 2019-06-07 10:05:04.620 TBA.jpg;-;10746;2017-05-09T16:06:24.000Z;3;"mdowning" [52643];"darkside" [9985];rw-r--r--;0
. 2019-06-07 10:05:04.620 .generic.C.swo;-;20480;2017-05-05T01:10:51.000Z;3;"mdowning" [52643];"darkside" [9985];rw-r--r--;2
. 2019-06-07 10:05:04.620 Tdrift.jpg;-;11275;2017-05-09T16:12:33.000Z;3;"mdowning" [52643];"darkside" [9985];rw-r--r--;0
. 2019-06-07 10:05:04.620 .generic.C.swp;-;16384;2017-04-25T20:27:08.000Z;3;"mdowning" [52643];"darkside" [9985];rw-r--r--;2
. 2019-06-07 10:05:04.620 generic.root;-;4036;2017-05-16T14:47:57.000Z;3;"mdowning" [52643];"darkside" [9985];rw-r--r--;0
. 2019-06-07 10:05:04.620 generic.C;-;16398;2017-05-16T14:31:41.000Z;3;"mdowning" [52643];"darkside" [9985];rw-r--r--;0
. 2019-06-07 10:05:04.673 Startup conversation with host finished.
. 2019-06-07 10:05:10.430 Closing connection.
. 2019-06-07 10:05:10.430 Sending special code: 12
. 2019-06-07 10:05:10.431 Sent EOF message

答案1

WinSCP 用途GSSAPI32.DLL

. 2019-06-07 10:04:56.612 使用 GSSAPI32.DLL 中的 GSSAPI

而PuTTY使用SECUR32.DLL

事件日志:使用来自 SECUR32.DLL 的 SSPI


您正在使用 64 位 PuTTY。

0.71 版之前的 64 位 PuTTY 错误地尝试加载 32 位版本的 MIT Kerberos DLL。这显然会失败,PuTTY 会回退到 Microsoft SSPI(您的系统可能未设置,因此也会失败)。这是在 PuTTY 0.71 中已修复

因此,要么升级到 PuTTY 0.71。或者,如果你坚持使用较旧的 PuTTY 版本,则必须在“用户提供的 GSSAPI 库路径”“连接 > SSH > 身份验证 > GSSAPI”

答案2

查看所有软件的位数后,问题似乎解决了。我运行的是 64 位 PuTTY,但它试图查找 32 位 Kerberos 文件。我将其定向到 64 位 Kerberos 文件,然后我就能连接到服务器了。感谢 Martin 和 grawity!

相关内容