我买了一台支持 SFTP 的 Brother ADS-2700W 扫描仪。不幸的是,SFTP 连接不起作用。我在 ArchLinux 上使用 OpenSSH 来访问 SFTP 文件夹。如果我尝试从本地主机进行 SSH 连接,一切都会顺利进行,公钥身份验证也是如此。我已经添加了旧密钥算法来支持扫描仪,但身份验证仍然失败。我尝试了密码和公钥身份验证,日志消息完全相同。
下面,您可以找到 SSHD 设置、扫描仪设置和 SSH 上的日志输出。Brother 不提供任何其他错误消息或日志。
希望有人能帮助我。非常感谢。
sshd 配置
[root@Thinkpad .ssh]# cat /etc/ssh/sshd_config
#Legacy changes
KexAlgorithms +diffie-hellman-group14-sha1
Match group sshusers
# ChrootDirectory /home/scan_folder/ # Deactivated for testing SSH connection
X11Forwarding no
AllowTcpForwarding no
PasswordAuthentication yes
# ForceCommand internal-sftp # Deactivated for testing SSH connection
[root@Thinkpad ssh]# cat /etc/passwd |grep scanuser & cat /etc/group |grep sshusers
scanuser:x:1002:1002::/home/scan_folder:/bin/bash
sshusers:x:1002:
[root@Thinkpad .ssh]# ls -al /home/scan_folder/.ssh/
insgesamt 24
drwx------ 2 scanuser sshusers 4096 19. Mai 21:51 .
drwxr-xr-x 13 root root 4096 18. Mai 22:48 ..
-rw------- 1 scanuser sshusers 1370 23. Mai 14:46 authorized_keys
-rw------- 1 scanuser sshusers 3381 23. Mai 14:38 id_rsa
-rw-r--r-- 1 scanuser sshusers 743 23. Mai 14:38 id_rsa.pub
-rw-r--r-- 1 scanuser sshusers 659 18. Mai 22:54 known_hosts
[root@Thinkpad .ssh]# cat authorized_keys
ssh-rsa AAAAB3N<... rsa key ...> root@<... brother hostname ...>
[root@Thinkpad .ssh]# cat id_rsa.pub
ssh-rsa AAAAB3N<... rsa key ...> scanuser@Thinkpad
Brother ADS-2700W SFTP 配置
SSHD 上的连接日志
Mai 23 15:04:02 Thinkpad sshd[12572]: debug1: Forked child 13205.
Mai 23 15:04:02 Thinkpad sshd[13205]: debug1: Set /proc/self/oom_score_adj to 0
Mai 23 15:04:02 Thinkpad sshd[13205]: debug1: rexec start in 5 out 5 newsock 5 pipe 7 sock 8
Mai 23 15:04:02 Thinkpad sshd[13205]: debug1: inetd sockets after dupping: 4, 4
Mai 23 15:04:02 Thinkpad sshd[13205]: Connection from 192.168.1.195 port 48226 on 192.168.1.190 port 22 rdomain ""
Mai 23 15:04:02 Thinkpad sshd[13205]: debug1: Local version string SSH-2.0-OpenSSH_8.6
Mai 23 15:04:02 Thinkpad sshd[13205]: debug1: Remote protocol version 2.0, remote software version libssh2_1.4.3
Mai 23 15:04:02 Thinkpad sshd[13205]: debug1: compat_banner: no match: libssh2_1.4.3
Mai 23 15:04:02 Thinkpad sshd[13205]: debug1: permanently_set_uid: 65534/65534 [preauth]
Mai 23 15:04:02 Thinkpad sshd[13205]: debug1: list_hostkey_types: rsa-sha2-512,rsa-sha2-256,ssh-rsa,ecdsa-sha2-nistp256,ssh-ed25519 [preauth]
Mai 23 15:04:02 Thinkpad sshd[13205]: debug1: SSH2_MSG_KEXINIT sent [preauth]
Mai 23 15:04:02 Thinkpad sshd[13205]: debug1: SSH2_MSG_KEXINIT received [preauth]
Mai 23 15:04:02 Thinkpad sshd[13205]: debug1: kex: algorithm: diffie-hellman-group14-sha1 [preauth]
Mai 23 15:04:02 Thinkpad sshd[13205]: debug1: kex: host key algorithm: ssh-rsa [preauth]
Mai 23 15:04:02 Thinkpad sshd[13205]: debug1: kex: client->server cipher: aes128-ctr MAC: hmac-sha1 compression: none [preauth]
Mai 23 15:04:02 Thinkpad sshd[13205]: debug1: kex: server->client cipher: aes128-ctr MAC: hmac-sha1 compression: none [preauth]
Mai 23 15:04:02 Thinkpad sshd[13205]: debug1: expecting SSH2_MSG_KEX_ECDH_INIT [preauth]
Mai 23 15:04:02 Thinkpad sshd[13205]: debug1: SSH2_MSG_KEX_ECDH_INIT received [preauth]
Mai 23 15:04:02 Thinkpad sshd[13205]: debug1: rekey out after 4294967296 blocks [preauth]
Mai 23 15:04:02 Thinkpad sshd[13205]: debug1: SSH2_MSG_NEWKEYS sent [preauth]
Mai 23 15:04:02 Thinkpad sshd[13205]: debug1: expecting SSH2_MSG_NEWKEYS [preauth]
Mai 23 15:04:02 Thinkpad sshd[13205]: debug1: SSH2_MSG_NEWKEYS received [preauth]
Mai 23 15:04:02 Thinkpad sshd[13205]: debug1: rekey in after 4294967296 blocks [preauth]
Mai 23 15:04:02 Thinkpad sshd[13205]: debug1: KEX done [preauth]
Mai 23 15:04:02 Thinkpad sshd[13205]: Connection closed by 192.168.1.195 port 48226 [preauth]
Mai 23 15:04:02 Thinkpad sshd[13205]: debug1: do_cleanup [preauth]
Mai 23 15:04:02 Thinkpad sshd[13205]: debug1: monitor_read_log: child log fd closed
Mai 23 15:04:02 Thinkpad sshd[13205]: debug1: do_cleanup
Mai 23 15:04:02 Thinkpad sshd[13205]: debug1: Killing privsep child 13206
答案1
扫描仪无法验证服务器,而不是相反。从日志中可以看到它没有达到用户身份验证步骤。
您已在扫描仪中配置此项:
服务器公钥:
scanuser.pub
但这不是服务器的公钥。文件名听起来很像用户的公钥,与服务器身份验证无关。
服务器的公钥应该取自/etc/ssh/ssh_rsa_host_key.pub
。