我正在尝试在 Windows 服务器上设置 OpenSSH 来测试 SSH.NET,但我需要使用密钥而不是密码进行身份验证,但我遇到了问题。
我可以使用用户名和密码通过 PuTTY 登录到 OpenSSH 服务器,但是当我在 PuTTY 中设置私钥时,我不断收到错误:Server refused our key
我的步骤:
- Windows 服务器:
- 已安装 OpenSSH 服务器
- 启动 OpenSSH 服务器和代理服务
- 将工作站上 PuTTY 的密钥生成器文本框中的公钥复制到
%UserProfile%\.ssh\authorized_keys- 我发现这文章,但它是关于连接到 Linux 服务器并使用诸如的命令
chmod 700 ~/.ssh;我不确定它是否与此相关或者是否应该在 Windows 服务器上完成。
- 我发现这文章,但它是关于连接到 Linux 服务器并使用诸如的命令
- 重新启动 OpenSSH 服务器和代理
- 工作站:
- 在我的工作站上安装了 PuTTY
- 运行 PuTTY 密钥生成器并生成公钥和私钥
- 保存了我的公钥和私钥
- 打开PuTTY并在SSH | Auth部分下添加私钥文件
- 单击“打开”,出现错误
Server refused our key,并提示输入密码
有什么建议/想法吗?
sshd_config:# This is the sshd server system-wide configuration file. # See sshd_config(5) for more information. # The strategy used for options in the default sshd_config shipped with # OpenSSH is to specify options with their default value where possible, # but leave them commented. Uncommented options override the default value. # override default of no subsystems Subsystem sftp sftp-server.exe # Logging SyslogFacility LOCAL0 LogLevel DEBUG3 # The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2 # but this is overridden so installations will only check .ssh/authorized_keys AuthorizedKeysFile .ssh/authorized_keys Match Group administrators AuthorizedKeysFile __PROGRAMDATA__/ssh/administrators_authorized_keys #Port 22 #AddressFamily any #ListenAddress 0.0.0.0 #ListenAddress :: #HostKey __PROGRAMDATA__/ssh/ssh_host_rsa_key #HostKey __PROGRAMDATA__/ssh/ssh_host_dsa_key #HostKey __PROGRAMDATA__/ssh/ssh_host_ecdsa_key #HostKey __PROGRAMDATA__/ssh/ssh_host_ed25519_key # Ciphers and keying #RekeyLimit default none # Logging #SyslogFacility AUTH #LogLevel INFO # Authentication: #LoginGraceTime 2m #PermitRootLogin prohibit-password #StrictModes yes #MaxAuthTries 6 #MaxSessions 10 #PubkeyAuthentication yes #AuthorizedPrincipalsFile none # For this to work you will also need host keys in %programData%/ssh/ssh_known_hosts #HostbasedAuthentication no # Change to yes if you don't trust ~/.ssh/known_hosts for HostbasedAuthentication #IgnoreUserKnownHosts no # Don't read the user's ~/.rhosts and ~/.shosts files #IgnoreRhosts yes # To disable tunneled clear text passwords, change to no here! #PasswordAuthentication yes #PermitEmptyPasswords no # GSSAPI options #GSSAPIAuthentication no #AllowAgentForwarding yes #AllowTcpForwarding yes #GatewayPorts no #PermitTTY yes #PrintMotd yes #PrintLastLog yes #TCPKeepAlive yes #UseLogin no #PermitUserEnvironment no #ClientAliveInterval 0 #ClientAliveCountMax 3 #UseDNS no #PidFile /var/run/sshd.pid #MaxStartups 10:30:100 #PermitTunnel no #ChrootDirectory none #VersionAddendum none # no default banner path #Banner none # Example of overriding settings on a per-user basis #Match User anoncvs # AllowTcpForwarding no # PermitTTY no # ForceCommand cvs server- 日志:
debug2: fd 3 setting O_NONBLOCK debug3: sock_set_v6only: set socket 3 IPV6_V6ONLY debug1: Bind to port 22 on ::. Server listening on :: port 22. debug2: fd 4 setting O_NONBLOCK debug1: Bind to port 22 on 0.0.0.0. Server listening on 0.0.0.0 port 22. debug3: fd 5 is not O_NONBLOCK debug3: spawning "E:\\ssh\\OpenSSH-Win64\\sshd.exe" -R debug3: send_rexec_state: entering fd = 8 config len 291 debug3: ssh_msg_send: type 0 debug3: send_rexec_state: done debug1: inetd sockets after dupping: 4, 4 Connection from x.x.x.72 port 53482 on x.x.x.x port 22 debug1: Local version string SSH-2.0-OpenSSH_for_Windows_8.1 debug1: Remote protocol version 2.0, remote software version WinSCP_release_5.17.6 debug1: no match: WinSCP_release_5.17.6 debug2: fd 4 setting O_NONBLOCK debug3: spawning "E:\\ssh\\OpenSSH-Win64\\sshd.exe" -y debug2: Network child is on pid 7688 debug3: send_rexec_state: entering fd = 6 config len 291 debug3: ssh_msg_send: type 0 debug3: send_rexec_state: done debug3: ssh_msg_send: type 0 debug3: ssh_msg_send: type 0 debug3: preauth child monitor started debug1: list_hostkey_types: rsa-sha2-512,rsa-sha2-256,ssh-rsa,ecdsa-sha2-nistp256,ssh-ed25519 [preauth] debug3: send packet: type 20 [preauth] debug1: SSH2_MSG_KEXINIT sent [preauth] debug3: receive packet: type 20 [preauth] debug1: SSH2_MSG_KEXINIT received [preauth] debug2: local server KEXINIT proposal [preauth] debug2: KEX algorithms: curve25519-sha256,[email protected],ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1 [preauth] debug2: host key algorithms: rsa-sha2-512,rsa-sha2-256,ssh-rsa,ecdsa-sha2-nistp256,ssh-ed25519 [preauth] debug2: ciphers ctos: [email protected],aes128-ctr,aes192-ctr,aes256-ctr,[email protected],[email protected] [preauth] debug2: ciphers stoc: [email protected],aes128-ctr,aes192-ctr,aes256-ctr,[email protected],[email protected] [preauth] debug2: MACs ctos: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-sha1 [preauth] debug2: MACs stoc: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-sha1 [preauth] debug2: compression ctos: none,[email protected] [preauth] debug2: compression stoc: none,[email protected] [preauth] debug2: languages ctos: [preauth] debug2: languages stoc: [preauth] debug2: first_kex_follows 0 [preauth] debug2: reserved 0 [preauth] debug2: peer client KEXINIT proposal [preauth] debug2: KEX algorithms: [email protected],ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,rsa2048-sha256,rsa1024-sha1,diffie-hellman-group1-sha1 [preauth] debug2: host key algorithms: ssh-ed25519,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-rsa,ssh-dss [preauth] debug2: ciphers ctos: aes256-ctr,aes256-cbc,[email protected],aes192-ctr,aes192-cbc,aes128-ctr,aes128-cbc,[email protected],3des-ctr,3des-cbc,blowfish-ctr,blowfish-cbc,arcfour256,arcfour128 [preauth] debug2: ciphers stoc: aes256-ctr,aes256-cbc,[email protected],aes192-ctr,aes192-cbc,aes128-ctr,aes128-cbc,[email protected],3des-ctr,3des-cbc,blowfish-ctr,blowfish-cbc,arcfour256,arcfour128 [preauth] debug2: MACs ctos: hmac-sha2-256,hmac-sha1,hmac-sha1-96,hmac-md5,[email protected],[email protected],[email protected],[email protected] [preauth] debug2: MACs stoc: hmac-sha2-256,hmac-sha1,hmac-sha1-96,hmac-md5,[email protected],[email protected],[email protected],[email protected] [preauth] debug2: compression ctos: none,zlib,[email protected] [preauth] debug2: compression stoc: none,zlib,[email protected] [preauth] debug2: languages ctos: [preauth] debug2: languages stoc: [preauth] debug2: first_kex_follows 0 [preauth] debug2: reserved 0 [preauth] debug1: kex: algorithm: [email protected] [preauth] debug1: kex: host key algorithm: ssh-ed25519 [preauth] debug1: kex: client->server cipher: aes256-ctr MAC: hmac-sha2-256 compression: none [preauth] debug1: kex: server->client cipher: aes256-ctr MAC: hmac-sha2-256 compression: none [preauth] debug1: expecting SSH2_MSG_KEX_ECDH_INIT [preauth] debug3: receive packet: type 30 [preauth] debug3: mm_sshkey_sign entering [preauth] debug3: mm_request_send entering: type 6 [preauth] debug3: mm_sshkey_sign: waiting for MONITOR_ANS_SIGN [preauth] debug3: mm_request_receive_expect entering: type 7 [preauth] debug3: mm_request_receive entering [preauth] debug3: mm_request_receive entering debug3: monitor_read: checking request 6 debug3: mm_answer_sign debug3: mm_answer_sign: KEX signature 000000EAA5308050(83) debug3: mm_request_send entering: type 7 debug2: monitor_read: 6 used once, disabling now debug3: send packet: type 31 [preauth] debug3: send packet: type 21 [preauth] debug2: set_newkeys: mode 1 [preauth] debug1: rekey out after 4294967296 blocks [preauth] debug1: SSH2_MSG_NEWKEYS sent [preauth] debug1: expecting SSH2_MSG_NEWKEYS [preauth] debug3: receive packet: type 21 [preauth] debug1: SSH2_MSG_NEWKEYS received [preauth] debug2: set_newkeys: mode 0 [preauth] debug1: rekey in after 4294967296 blocks [preauth] debug1: KEX done [preauth] debug3: receive packet: type 5 [preauth] debug3: send packet: type 6 [preauth] debug3: receive packet: type 50 [preauth] debug1: userauth-request for user [email protected] service ssh-connection method none [preauth] debug1: attempt 0 failures 0 [preauth] debug3: mm_getpwnamallow entering [preauth] debug3: mm_request_send entering: type 8 [preauth] debug3: mm_getpwnamallow: waiting for MONITOR_ANS_PWNAM [preauth] debug3: mm_request_receive_expect entering: type 9 [preauth] debug3: mm_request_receive entering [preauth] debug3: mm_request_receive entering debug3: monitor_read: checking request 8 debug3: mm_answer_pwnamallow debug2: parse_server_config: config reprocess config len 291 debug3: checking match for 'Group administrators' user mycompany\\myuser host x.x.x.72 addr x.x.x.72 laddr x.x.x.x lport 22 debug3: lookup_principal_name: Successfully discovered explicit principal name: 'mycompany\\myuser'=>'[email protected]' debug3: LsaLogonUser Succeeded (Impersonation: 0) debug1: user mycompany\\myuser matched group list administrators at line 89 debug3: match found debug3: reprocess config:90 setting AuthorizedKeysFile __PROGRAMDATA__/ssh/administrators_authorized_keys debug3: mm_answer_pwnamallow: sending MONITOR_ANS_PWNAM: 1 debug3: mm_request_send entering: type 9 debug2: monitor_read: 8 used once, disabling now debug2: input_userauth_request: setting up authctxt for [email protected] [preauth] debug3: mm_inform_authserv entering [preauth] debug3: mm_request_send entering: type 4 [preauth] debug2: input_userauth_request: try method none [preauth] debug3: mm_request_receive entering debug3: monitor_read: checking request 4 debug3: mm_answer_authserv: service=ssh-connection, style= debug2: monitor_read: 4 used once, disabling now debug3: user_specific_delay: user specific delay 0.000ms [preauth] debug3: ensure_minimum_time_since: elapsed 58.995ms, delaying 50.873ms (requested 6.867ms) [preauth] debug3: userauth_finish: failure partial=0 next methods="publickey,password,keyboard-interactive" [preauth] debug3: send packet: type 51 [preauth] debug3: receive packet: type 50 [preauth] debug1: userauth-request for user [email protected] service ssh-connection method publickey [preauth] debug1: attempt 1 failures 0 [preauth] debug2: input_userauth_request: try method publickey [preauth] debug2: userauth_pubkey: valid user [email protected] querying public key ssh-rsa AAAAB3Nza2EAAAABJQAAAQEAoTH5Dd4wzYkYr6WT/IeK+Lwy33KCHXJMxBvKrnaiLq8zamuKSibwu7xn5TUac2ZWXnQ== [preauth] debug1: userauth_pubkey: test pkalg ssh-rsa pkblob RSA SHA256:ERmTsG3EdOUU6A5/1iqPYX3+E3aTF5Ke+5zOs [preauth] debug3: mm_key_allowed entering [preauth] debug3: mm_request_send entering: type 22 [preauth] debug3: mm_key_allowed: waiting for MONITOR_ANS_KEYALLOWED [preauth] debug3: mm_request_receive_expect entering: type 23 [preauth] debug3: mm_request_receive entering [preauth] debug3: mm_request_receive entering debug3: monitor_read: checking request 22 debug3: mm_answer_keyallowed entering debug3: mm_answer_keyallowed: key_from_blob: 000000EAA53A75C0 debug1: trying public key file __PROGRAMDATA__/ssh/administrators_authorized_keys debug3: Bad permissions. Try removing permissions for user: NT AUTHORITY\\Authenticated Users (S-1-5-11) on file C:/ProgramData/ssh/administrators_authorized_keys. Authentication refused. debug3: mm_answer_keyallowed: publickey authentication test: RSA key is not allowed Failed publickey for [email protected] from x.x.x.72 port 53482 ssh2: RSA SHA256:ERmTsG3EdOUU6A5/1iqPYX3+E3aTF5Ke+5zOs debug3: mm_request_send entering: type 23 debug2: userauth_pubkey: authenticated 0 pkalg ssh-rsa [preauth] debug3: user_specific_delay: user specific delay 0.000ms [preauth] debug3: ensure_minimum_time_since: elapsed 2.030ms, delaying 4.837ms (requested 6.867ms) [preauth] debug3: userauth_finish: failure partial=0 next methods="publickey,password,keyboard-interactive" [preauth] debug3: send packet: type 51 [preauth] debug3: receive packet: type 50 [preauth] debug1: userauth-request for user [email protected] service ssh-connection method keyboard-interactive [preauth] debug1: attempt 2 failures 1 [preauth] debug2: input_userauth_request: try method keyboard-interactive [preauth] debug1: keyboard-interactive devs [preauth] debug1: auth2_challenge: [email protected] devs= [preauth] debug1: kbdint_alloc: devices '' [preauth] debug2: auth2_challenge_start: devices [preauth] debug3: user_specific_delay: user specific delay 0.000ms [preauth] debug3: ensure_minimum_time_since: elapsed 0.000ms, delaying 6.867ms (requested 6.867ms) [preauth] debug3: userauth_finish: failure partial=0 next methods="publickey,password,keyboard-interactive" [preauth] debug3: send packet: type 51 [preauth] Connection closed by authenticating user [email protected] x.x.x.72 port 53482 [preauth] debug1: do_cleanup [preauth] debug3: mm_request_receive entering debug1: do_cleanup debug1: Killing privsep child 7688