Windows 使用私钥 SSH 进入 CentOS - 不起作用

Windows 使用私钥 SSH 进入 CentOS - 不起作用

我在 Windows 10 上。需要 ssh 进入 Linux CentOS 服务器。尝试使用 Putty 和 Windows SSH(在功能中打开..Powershell?)。

使用 PuttyGen,我生成了一对私钥和公钥 RSA 密钥 - rsa 和 rsa.pub,没有任何密码。这两个文件都在我的桌面上。server333 在 C:\Users\johndoe.ssh\known_hosts 中有一个条目。我的 Windows PC 上的 .ssh 目录中没有其他文件或目录。公钥也被复制到 Linux 机器的 /home/johndoe/.ssh/authorized_keys 中

我试过了ssh -i rsa -vvv server333,但是没有用。以下是日志:

c:\Users\johndoe\Desktop>ssh -i rsa -vvv server333
OpenSSH_for_Windows_7.7p1, LibreSSL 2.6.5
debug3: Failed to open file:C:/Users/johndoe/.ssh/config error:2
debug3: Failed to open file:C:/ProgramData/ssh/ssh_config error:2
debug2: resolving "server333" port 22
debug2: ssh_connect_direct: needpriv 0
debug1: Connecting to server333 [1.2.3.4] port 22.
debug1: Connection established.
key_load_public: invalid format
debug1: identity file rsa type -1
debug3: Failed to open file:c:/Users/johndoe/Desktop/rsa-cert error:2
debug3: Failed to open file:c:/Users/johndoe/Desktop/rsa-cert.pub error:2
debug1: key_load_public: No such file or directory
debug1: identity file rsa-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_for_Windows_7.7
debug1: Remote protocol version 2.0, remote software version OpenSSH_7.4
debug1: match: OpenSSH_7.4 pat OpenSSH* compat 0x04000000
debug2: fd 3 setting O_NONBLOCK
debug1: Authenticating to server333:22 as 'corp\\johndoe'
debug3: hostkeys_foreach: reading file "C:\\Users\\johndoe/.ssh/known_hosts"
debug3: record_hostkey: found key type RSA in file C:\\Users\\johndoe/.ssh/known_hosts:1
debug3: load_hostkeys: loaded 1 keys from server333
debug3: Failed to open file:C:/Users/johndoe/.ssh/known_hosts2 error:2
debug3: Failed to open file:C:/ProgramData/ssh/ssh_known_hosts error:2
debug3: Failed to open file:C:/ProgramData/ssh/ssh_known_hosts2 error:2
debug3: order_hostkeyalgs: prefer hostkeyalgs: [email protected],rsa-sha2-512,rsa-sha2-256,ssh-rsa
debug3: send packet: type 20
debug1: SSH2_MSG_KEXINIT sent
debug3: receive packet: type 20
debug1: SSH2_MSG_KEXINIT received
debug2: local client KEXINIT proposal
debug2: KEX algorithms: curve25519-sha256,[email protected],ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c
debug2: host key algorithms: [email protected],rsa-sha2-512,rsa-sha2-256,ssh-rsa,[email protected],[email protected],[email protected],[email protected],ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519
debug2: ciphers ctos: [email protected],aes128-ctr,aes192-ctr,aes256-ctr,[email protected],[email protected]
debug2: ciphers stoc: [email protected],aes128-ctr,aes192-ctr,aes256-ctr,[email protected],[email protected]
debug2: MACs ctos: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: MACs stoc: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: compression ctos: none
debug2: compression stoc: none
debug2: languages ctos:
debug2: languages stoc:
debug2: first_kex_follows 0
debug2: reserved 0
debug2: peer server KEXINIT proposal
debug2: KEX algorithms: [email protected],ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,diffie-hellman-group-exchange-sha256
debug2: host key algorithms: ssh-rsa,rsa-sha2-512,rsa-sha2-256
debug2: ciphers ctos: [email protected],[email protected],[email protected],aes256-ctr,aes192-ctr,aes128-ctr
debug2: ciphers stoc: [email protected],[email protected],[email protected],aes256-ctr,aes192-ctr,aes128-ctr
debug2: MACs ctos: [email protected],[email protected],[email protected],hmac-sha2-512,hmac-sha2-256,[email protected]
debug2: MACs stoc: [email protected],[email protected],[email protected],hmac-sha2-512,hmac-sha2-256,[email protected]
debug2: compression ctos: none,[email protected]
debug2: compression stoc: none,[email protected]
debug2: languages ctos:
debug2: languages stoc:
debug2: first_kex_follows 0
debug2: reserved 0
debug1: kex: algorithm: [email protected]
debug1: kex: host key algorithm: rsa-sha2-512
debug1: kex: server->client cipher: [email protected] MAC: <implicit> compression: none
debug1: kex: client->server cipher: [email protected] MAC: <implicit> compression: none
debug3: send packet: type 30
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug3: receive packet: type 31
debug1: Server host key: ssh-rsa SHA256:abcd
debug3: hostkeys_foreach: reading file "C:\\Users\\johndoe/.ssh/known_hosts"
debug3: record_hostkey: found key type RSA in file C:\\Users\\johndoe/.ssh/known_hosts:1
debug3: load_hostkeys: loaded 1 keys from server333
debug3: Failed to open file:C:/Users/johndoe/.ssh/known_hosts2 error:2
debug3: Failed to open file:C:/ProgramData/ssh/ssh_known_hosts error:2
debug3: Failed to open file:C:/ProgramData/ssh/ssh_known_hosts2 error:2
debug3: hostkeys_foreach: reading file "C:\\Users\\johndoe/.ssh/known_hosts"
debug3: record_hostkey: found key type RSA in file C:\\Users\\johndoe/.ssh/known_hosts:1
debug3: load_hostkeys: loaded 1 keys from 1.2.3.4
debug3: Failed to open file:C:/Users/johndoe/.ssh/known_hosts2 error:2
debug3: Failed to open file:C:/ProgramData/ssh/ssh_known_hosts error:2
debug3: Failed to open file:C:/ProgramData/ssh/ssh_known_hosts2 error:2
debug1: Host 'server333' is known and matches the RSA host key.
debug1: Found key in C:\\Users\\johndoe/.ssh/known_hosts:1
debug3: send packet: type 21
debug2: set_newkeys: mode 1
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug3: receive packet: type 21
debug1: SSH2_MSG_NEWKEYS received
debug2: set_newkeys: mode 0
debug1: rekey after 134217728 blocks
debug3: unable to connect to pipe \\\\.\\pipe\\openssh-ssh-agent, error: 2
debug1: pubkey_prepare: ssh_get_authentication_socket: The socket is not connected
debug2: key: rsa (0000000000000000), explicit
debug3: send packet: type 5
debug3: receive packet: type 7
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<rsa-sha2-256,rsa-sha2-512>
debug3: receive packet: type 6
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug3: send packet: type 50
debug3: receive packet: type 53
debug3: input_userauth_banner
NOTICE TO USERS
=============================================================================
This is an official computer system and is the property of
ACME, Inc. It is for authorized users only. Unauthorized users are
prohibited. Users (authorized or unauthorized) have no explicit or
implicit expectation of privacy. Any or all uses of this system may be
subject to one or more of the following actions: interception,
monitoring, recording, auditing, inspection and disclosing to security
personnel and law enforcement personnel, as well as authorized officials
of other agencies, both domestic and foreign. By using this system, the
user consents to these actions. Unauthorized or improper use of this
system may result in administrative disciplinary action and civil and
criminal penalties. By accessing this system you indicate your awareness
of and consent to these terms and conditions of use. Discontinue access
immediately if you do not agree to the conditions stated in this notice.
=============================================================================
debug3: receive packet: type 51
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
debug3: start over, passed a different list publickey,gssapi-keyex,gssapi-with-mic,password
debug3: preferred publickey,keyboard-interactive,password
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Trying private key: rsa
debug3: sign_and_send_pubkey: RSA SHA256:zyxw
debug3: send packet: type 50
debug2: we sent a publickey packet, wait for reply
debug3: receive packet: type 51
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
debug2: we did not send a packet, disable method
debug3: authmethod_lookup password
debug3: remaining preferred: ,password
debug3: authmethod_is_enabled password
debug1: Next authentication method: password
debug3: failed to open file:c:/dev/tty error:3
debug1: read_passphrase: can't open /dev/tty: No such file or directory
corp\johndoe@server333's password:

答案1

最终弄清楚了-这里有两个问题:

  1. 如果您不指定用户名,Windows SSH 默认为 DOMAIN\johndoe(这显然是 Windows 用户名),而 Linux 服务器只期望 johndoe。要修复此问题,请调用ssh johndoe@server333而不是,ssh server333然后尝试输入用户名。

  2. 它还要求文件名具有限制性权限(只有您(所有者)必须具有权限,其他人都不应该拥有权限)。要解决此问题,请从文件的安全权限中删除所有其他用户

一旦我完成了这两项操作,它就会像魔法一样工作。您不需要将公钥放在本地 home/.ssh 文件夹中。您只需将私钥命名为 id_rsa(不带任何扩展名),然后将其放在 home/.ssh 文件夹中,然后使用ssh johndoe@server333

相关内容