这里的情况是,我收到了由 AWS 生成的私钥 - 一个 ED25519 密钥 - 并使用 Windows 10/1809 的内置 ssh(OpenSSH_for_Windows_7.7p1、LibreSSL 2.6.5)尝试它,并且它运行良好。
我尝试在同一台 PC 上但在 WSL Ubuntu 18.04.3(OpenSSH_7.6p1 Ubuntu-4ubuntu0.3、OpenSSL 1.0.2n 2017 年 12 月 7 日)内使用相同的密钥,它抱怨密钥格式无效。
调用 ssh -v 显示:
....snip a bit here....
debug1: Authenticating to xxxxxxxx.demo.com:22 as 'jgauthier'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: curve25519-sha256
debug1: kex: host key algorithm: ecdsa-sha2-nistp256
debug1: kex: server->client cipher: aes128-ctr MAC: hmac-sha1 compression: none
debug1: kex: client->server cipher: aes128-ctr MAC: hmac-sha1 compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:fCykR67cJynMNYYYv9jEO5PhYQgcaU0WRy/xmSsTxYQ
debug1: Host 'xxxxxxxx.demo.com' is known and matches the ECDSA host key.
debug1: Found key in /home/jgauthier/.ssh/known_hosts:1
debug1: rekey after 4294967296 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey after 4294967296 blocks
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<rsa-sha2-256,rsa-sha2-512>
debug1: SSH2_MSG_SERVICE_ACCEPT received
------------------------------------------------------------------------------
NOTICE
This IT system is provided for business use in accordance with approved
Policies and Procedures. By logging in, users acknowledge their understanding
that authorized administrators monitors and stores all activity generated on
this system as appropriate for business and security operations and may
disclose such activity or information as permitted by law.
------------------------------------------------------------------------------
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Trying private key: jgauthier_key.pem
Load key "jgauthier_key.pem": invalid format
debug1: No more authentication methods to try.
[email protected]: Permission denied (publickey).
以下是有效代码的最后几行相关内容:
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Trying private key: jgauthier_key.pem
debug1: Authentication succeeded (publickey).
Authenticated to xxxxxxx.demo.com ([nn.nn.nn.nn]:22).
debug1: channel 0: new [client-session]
debug1: Requesting [email protected]
debug1: Entering interactive session.
debug1: pledge: network
debug1: console supports the ansi parsing
debug1: client_input_global_request: rtype [email protected] want_reply 0
Last login: Fri Oct 18 21:30:10 2019 from mm.mm.mm.mm
Last login: Fri Oct 18 21:30:10 2019 from mm.mm.mm.mm
[jgauthier@xxxxxxx ~]$
有什么想法吗?我还没有在同一台 PC 上运行 Ubuntu 18.04.3 的 VirtualBox VM 中尝试过,也没有在其他 Linux 系统上尝试过……
我连接的主机是 CentOS 7.6。它的服务器报告
Remote protocol version 2.0, remote software version OpenSSH_7.4
当我连接时,如果这很重要。
我以为可能是 CR/LF vs LF,但在 WSL Linux 中,我手动编辑了 .pem 文件以删除任何可能的 CR/LF,并确保在文件最后一行后留下一个 LF - 但不行。我甚至对 Windows .ssh 目录中的副本和 WSL ~/.ssh 中的副本进行了比较,发现它们是相同的。
这是关于 ssh 的两个版本(LibreSSL 2.6.5 与 OpenSSL 1.0.2n)的问题吗?