我尝试使用 Windows 10 的附加功能设置 sshd,如所述这里我确实做了SSH 服务器的初始配置按照要求。但是当我尝试像这样通过 ssh 进行连接时:
ssh mycompany.com\[email protected]
我被提示输入密码(我输入了域帐户密码)。但终端返回
Permission denied, please try again
也许这与许可有关?
我在 C:\ProgramData\ssh\sshd_config 中添加了以下几行:
AllowUsers *
并重新启动Restart-Service sshd但仍然一样。我尝试使用 git-bash 和 power-shell 从另一台机器使用 ssh 登录。我已经在这台机器上安装了 OpenSSH-Client。
在服务器端我确实尝试在 C:\Windows\System32\OpenSSH 中运行:
sshd.exe -d
然后确实产生了以下结果:
debug1: rexec_argv[0]='C:\\Windows\\System32\\OpenSSH\\sshd.exe'
debug1: rexec_argv[1]='-d'
debug1: Bind to port 22 on ::.
Server listening on :: port 22.
debug1: Bind to port 22 on 0.0.0.0.
Server listening on 0.0.0.0 port 22.
debug1: Server will not fork when running in debugging mode.
Connection from 20.1.20.2 port 54915 on 20.1.20.1 port 22
debug1: Client protocol version 2.0; client software version OpenSSH_for_Windows_7.7
debug1: match: OpenSSH_for_Windows_7.7 pat OpenSSH* compat 0x04000000
debug1: Local version string SSH-2.0-OpenSSH_for_Windows_7.7
debug1: sshd version OpenSSH_for_Windows_7.7, LibreSSL 2.6.5
debug1: list_hostkey_types: ssh-rsa,rsa-sha2-512,rsa-sha2-256,ecdsa-sha2-nistp256,ssh-ed25519 [preauth]
debug1: SSH2_MSG_KEXINIT sent [preauth]
debug1: SSH2_MSG_KEXINIT received [preauth]
debug1: kex: algorithm: curve25519-sha256 [preauth]
debug1: kex: host key algorithm: ecdsa-sha2-nistp256 [preauth]
debug1: kex: client->server cipher: [email protected] MAC: <implicit> compression: none [preauth]
debug1: kex: server->client cipher: [email protected] MAC: <implicit> compression: none [preauth]
debug1: expecting SSH2_MSG_KEX_ECDH_INIT [preauth]
debug1: rekey after 134217728 blocks [preauth]
debug1: SSH2_MSG_NEWKEYS sent [preauth]
debug1: expecting SSH2_MSG_NEWKEYS [preauth]
debug1: SSH2_MSG_NEWKEYS received [preauth]
debug1: rekey after 134217728 blocks [preauth]
debug1: KEX done [preauth]
debug1: userauth-request for user [email protected] service ssh-connection method none [preauth]
debug1: attempt 0 failures 0 [preauth]
debug1: user n matched group list administrators at line 84
debug1: userauth-request for user [email protected] service ssh-connection method keyboard-interactive [preauth]
debug1: attempt 1 failures 0 [preauth]
debug1: keyboard-interactive devs [preauth]
debug1: auth2_challenge: [email protected] devs= [preauth]
debug1: kbdint_alloc: devices '' [preauth]
debug1: userauth-request for user [email protected] service ssh-connection method password [preauth]
debug1: attempt 2 failures 1 [preauth]
lookup_principal_name: User principal name lookup failed for user 'corp\\mystrangename1' (explicit: 1355, implicit: 1355)
Accepted password for [email protected] from 20.1.20.2 port 54915 ssh2
debug1: monitor_child_preauth: [email protected] has been authenticated by privileged process
debug1: monitor_read_log: child log fd closed
debug1: Not running as SYSTEM: skipping loading user profile
CreateProcessAsUserW failed error:1314
fork of unprivileged child failed
debug1: do_cleanup
PS C:\Windows\system32\OpenSSH>
我的 sshd_config 是:
# This is the sshd server system-wide configuration file. See
# sshd_config(5) for more information.
# The strategy used for options in the default sshd_config shipped with
# OpenSSH is to specify options with their default value where
# possible, but leave them commented. Uncommented options override the
# default value.
#Port 22
#AddressFamily any
#ListenAddress 0.0.0.0
#ListenAddress ::
#HostKey __PROGRAMDATA__/ssh/ssh_host_rsa_key
#HostKey __PROGRAMDATA__/ssh/ssh_host_dsa_key
#HostKey __PROGRAMDATA__/ssh/ssh_host_ecdsa_key
#HostKey __PROGRAMDATA__/ssh/ssh_host_ed25519_key
# Ciphers and keying
#RekeyLimit default none
# Logging
#SyslogFacility AUTH
#LogLevel INFO
# Authentication:
#LoginGraceTime 2m
#PermitRootLogin prohibit-password
#StrictModes yes
#MaxAuthTries 6
#MaxSessions 10
#PubkeyAuthentication yes
# The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2
# but this is overridden so installations will only check .ssh/authorized_keys
AuthorizedKeysFile .ssh/authorized_keys
#AuthorizedPrincipalsFile none
# For this to work you will also need host keys in %programData%/ssh/ssh_known_hosts
#HostbasedAuthentication no
# Change to yes if you don't trust ~/.ssh/known_hosts for
# HostbasedAuthentication
#IgnoreUserKnownHosts no
# Don't read the user's ~/.rhosts and ~/.shosts files
#IgnoreRhosts yes
# To disable tunneled clear text passwords, change to no here!
#PasswordAuthentication yes
#PermitEmptyPasswords no
#AllowAgentForwarding yes
#AllowTcpForwarding yes
#GatewayPorts no
#PermitTTY yes
#PrintMotd yes
#PrintLastLog yes
#TCPKeepAlive yes
#UseLogin no
#PermitUserEnvironment no
#ClientAliveInterval 0
#ClientAliveCountMax 3
#UseDNS no
#PidFile /var/run/sshd.pid
#MaxStartups 10:30:100
#PermitTunnel no
#ChrootDirectory none
#VersionAddendum none
# no default banner path
#Banner none
# override default of no subsystems
Subsystem sftp sftp-server.exe
# Example of overriding settings on a per-user basis
#Match User anoncvs
# AllowTcpForwarding no
# PermitTTY no
# ForceCommand cvs server
Match Group administrators
AuthorizedKeysFile __PROGRAMDATA__/ssh/administrators_authorized_keys
AllowUsers *
是否需要一些特殊的东西才能使其与活动目录用户帐户一起工作?
答案1
根据 ssh 客户端和配置,其中一个选项应该可以起作用。
选项1
其中一个选项是转义反斜杠\\:
ssh mycompany.com\\[email protected]
选项 2
另一种方法是使用-l登录名参数:
ssh -l [email protected] 20.1.20.1
答案2
我最终遵循解决方法虽然我没有找到针对活动目录用户的解决方案:
简洁版本
创建具有强密码的本地帐户localusername并使用该帐户进行连接:
ssh [email protected]
详细版本
创建新的本地帐户(我采用传统方式):
Computer Managemet以管理员身份运行- 导航至
Local Users and Groups>Users - 右键单击>新用户...
- 设置用户名
localusername最好不要有空格 - 设置非常强的密码
- [x] 密码永不过期
- [创建]、[关闭]
- 设置用户名
使用该帐户通过 SSH 连接,即ssh [email protected]