Fedora 36 - 无法连接到 ssh - 权限被拒绝(公钥)

Fedora 36 - 无法连接到 ssh - 权限被拒绝(公钥)

我正在尝试从我雇主的网站进行 git clone,但是我被困在“权限被拒绝(公钥)。”错误消息中。

现在,我只想使用 ssh 命令连接到主机。添加了 -o HostKeyAlgorithms=ssh-rsa ,因为否则它会立即放弃。

这是有问题的部分:

debug1: Offering public key: ./id_rsa.pub RSA SHA256:sNpI3H2pUhdB/HFFjhF6qW+SHtpaMTY5+b5qk5aDo9s explicit agent
debug3: send packet: type 50
debug2: we sent a publickey packet, wait for reply
debug3: receive packet: type 51
debug1: Authentications that can continue: publickey
debug2: we did not send a packet, disable method
debug1: No more authentication methods to try.
[email protected]: Permission denied (publickey).

我尝试的方法都不起作用。我将加密策略更改为 LEGACY(听说较新的 Fedora 不支持 rsa)。

我创建了一个配置文件,其内容如下:

Host *
PubkeyAcceptedAlgorithms +ssh-rsa
PubkeyAcceptedKeyTypes +ssh-rsa
PubKeyAuthentication yes
IdentityFile ./id_rsa.pub

至少 PubkeyAcceptedAlgorithms +ssh-rsa 的部分似乎起了一定作用,因为它为我消除了一个错误(我无法再复制这个错误,可能是因为政策改变了)。

这些是权限,摆弄它们似乎不会改变任何事情,特别是因为互联网对这些权限应该是什么存在着不同的意见。

-rwx------. 1 michal michal  124 Jul 22 06:08 config
-rw-------. 1 michal michal 1831 Jul 18 10:25 id_rsa
-rw-r--r--. 1 michal michal  406 Jul 18 10:25 id_rsa.pub
-rwx------. 1 michal michal  640 Jul 21 17:54 known_hosts

我发现接收数据包:类型 51 错误是身份验证失败,但我不知道该怎么做。有人说这可能是用户名的问题,但我不确定我应该比较哪个用户名,因为我没有在任何地方提供我的凭据,只有 rsa 密钥。

我被明确告知要使用 rsa,而不是 ed25519,因此按照该标准生成是不可能的(无论如何,它不起作用,因为我尝试过)。

我甚至看到了解决方案“从 .ssh 中删除 id_rsa.pub 文件”,但显然这并没有起到多大作用,只有在与配置中的“IdentityFile ./id_rsa.pub”配对时才会出错(当我从配置中删除这部分时,仍然会出现权限被拒绝的错误)。

我还能调试什么?AuthorizedKeys 文件是通过我雇主的网站上传到服务器上的,至少我是这么理解的,因为我在那里上传了我的公钥,并且该网站声明该密钥有效。我无法访问服务器,因此无法检查日志。

如果有帮助,请在此处查找完整日志(我删除了 IP、端口号和其他可能敏感的数据):

ssh -v -v -v  -p xxxx xx.xx.xx.xx -o HostKeyAlgorithms=ssh-rsa
OpenSSH_8.8p1, OpenSSL 3.0.5 5 Jul 2022
debug1: Reading configuration data /home/michal/.ssh/config
debug1: /home/michal/.ssh/config line 1: Applying options for *
debug1: Reading configuration data /etc/ssh/ssh_config
debug3: /etc/ssh/ssh_config line 55: Including file /etc/ssh/ssh_config.d/50-redhat.conf depth 0
debug1: Reading configuration data /etc/ssh/ssh_config.d/50-redhat.conf
debug2: checking match for 'final all' host xxx.xxx.xxx.xxx originally xxx.xxx.xxx.xxx
debug3: /etc/ssh/ssh_config.d/50-redhat.conf line 3: not matched 'final'
debug2: match not found
debug3: /etc/ssh/ssh_config.d/50-redhat.conf line 5: Including file /etc/crypto-policies/back-ends/openssh.config depth 1 (parse only)
debug1: Reading configuration data /etc/crypto-policies/back-ends/openssh.config
debug3: gss kex names ok: [gss-curve25519-sha256-,gss-nistp256-sha256-,gss-group14-sha256-,gss-group16-sha512-,gss-gex-sha1-,gss-group14-sha1-,gss-group1-sha1-]
debug3: kex names ok: [curve25519-sha256,[email protected],ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1]
debug1: configuration requests final Match pass
debug2: resolve_canonicalize: hostname xxx.xxx.xxx.xxx is address
debug1: re-parsing configuration
debug1: Reading configuration data /home/michal/.ssh/config
debug1: /home/michal/.ssh/config line 1: Applying options for *
debug2: add_identity_file: ignoring duplicate key ./id_rsa.pub
debug1: Reading configuration data /etc/ssh/ssh_config
debug3: /etc/ssh/ssh_config line 55: Including file /etc/ssh/ssh_config.d/50-redhat.conf depth 0
debug1: Reading configuration data /etc/ssh/ssh_config.d/50-redhat.conf
debug2: checking match for 'final all' host xxx.xxx.xxx.xxx originally xxx.xxx.xxx.xxx
debug3: /etc/ssh/ssh_config.d/50-redhat.conf line 3: matched 'final'
debug2: match found
debug3: /etc/ssh/ssh_config.d/50-redhat.conf line 5: Including file /etc/crypto-policies/back-ends/openssh.config depth 1
debug1: Reading configuration data /etc/crypto-policies/back-ends/openssh.config
debug3: gss kex names ok: [gss-curve25519-sha256-,gss-nistp256-sha256-,gss-group14-sha256-,gss-group16-sha512-,gss-gex-sha1-,gss-group14-sha1-,gss-group1-sha1-]
debug3: kex names ok: [curve25519-sha256,[email protected],ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1]
debug3: expanded UserKnownHostsFile '~/.ssh/known_hosts' -> '/home/michal/.ssh/known_hosts'
debug3: expanded UserKnownHostsFile '~/.ssh/known_hosts2' -> '/home/michal/.ssh/known_hosts2'
debug3: ssh_connect_direct: entering
debug1: Connecting to xxx.xxx.xxx.xxx [xxx.xxx.xxx.xxx] port xxxx.
debug3: set_sock_tos: set socket 3 IP_TOS 0x48
debug1: Connection established.
debug1: identity file ./id_rsa.pub type 0
debug1: identity file ./id_rsa.pub-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_8.8
debug1: Remote protocol version 2.0, remote software version xxxx (SSHD-CORE-2.0.0)
debug1: compat_banner: no match: xxxx (SSHD-CORE-2.0.0)
debug2: fd 3 setting O_NONBLOCK
debug1: Authenticating to xxx.xxx.xxx.xxx:xxxx as 'michal'
debug3: send packet: type 20
debug1: SSH2_MSG_KEXINIT sent
debug3: receive packet: type 20
debug1: SSH2_MSG_KEXINIT received
debug2: local client KEXINIT proposal
debug2: KEX algorithms: curve25519-sha256,[email protected],ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c
debug2: host key algorithms: ssh-rsa
debug2: ciphers ctos: [email protected],[email protected],aes256-ctr,aes256-cbc,[email protected],aes128-ctr,aes128-cbc,3des-cbc
debug2: ciphers stoc: [email protected],[email protected],aes256-ctr,aes256-cbc,[email protected],aes128-ctr,aes128-cbc,3des-cbc
debug2: MACs ctos: [email protected],[email protected],[email protected],[email protected],hmac-sha2-256,hmac-sha1,[email protected],hmac-sha2-512
debug2: MACs stoc: [email protected],[email protected],[email protected],[email protected],hmac-sha2-256,hmac-sha1,[email protected],hmac-sha2-512
debug2: compression ctos: none,[email protected],zlib
debug2: compression stoc: none,[email protected],zlib
debug2: languages ctos:
debug2: languages stoc:
debug2: first_kex_follows 0
debug2: reserved 0
debug2: peer server KEXINIT proposal
debug2: KEX algorithms: ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group18-sha512,diffie-hellman-group17-sha512,diffie-hellman-group16-sha512,diffie-hellman-group15-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: host key algorithms: ssh-rsa
debug2: ciphers ctos: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,aes192-cbc,aes256-cbc
debug2: ciphers stoc: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,aes192-cbc,aes256-cbc
debug2: MACs ctos: hmac-md5,hmac-sha1,hmac-sha2-256,hmac-sha2-512,hmac-sha1-96,hmac-md5-96
debug2: MACs stoc: hmac-md5,hmac-sha1,hmac-sha2-256,hmac-sha2-512,hmac-sha1-96,hmac-md5-96
debug2: compression ctos: none
debug2: compression stoc: none
debug2: languages ctos:
debug2: languages stoc:
debug2: first_kex_follows 0
debug2: reserved 0
debug1: kex: algorithm: ecdh-sha2-nistp256
debug1: kex: host key algorithm: ssh-rsa
debug1: kex: server->client cipher: aes256-ctr MAC: hmac-sha2-256 compression: none
debug1: kex: client->server cipher: aes256-ctr MAC: hmac-sha2-256 compression: none
debug1: kex: ecdh-sha2-nistp256 need=32 dh_need=32
debug1: kex: ecdh-sha2-nistp256 need=32 dh_need=32
debug3: send packet: type 30
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug3: receive packet: type 31
debug1: SSH2_MSG_KEX_ECDH_REPLY received
debug1: Server host key: ssh-rsa SHA256:JL7soi70bRRq805BuKRCOlfzYwyh8wH3Q/a8bVrqIfQ
debug3: put_host_port: [xxx.xxx.xxx.xxx]:xxxx
debug3: put_host_port: [xxx.xxx.xxx.xxx]:xxxx
debug3: record_hostkey: found key type RSA in file /home/michal/.ssh/known_hosts:1
debug3: load_hostkeys_file: loaded 1 keys from [xxx.xxx.xxx.xxx]:xxxx
debug1: load_hostkeys: fopen /home/michal/.ssh/known_hosts2: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts2: No such file or directory
debug1: Host '[xxx.xxx.xxx.xxx]:xxxx' is known and matches the RSA host key.
debug1: Found key in /home/michal/.ssh/known_hosts:1
debug3: send packet: type 21
debug2: set_newkeys: mode 1
debug1: rekey out after 4294967296 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug3: receive packet: type 21
debug1: SSH2_MSG_NEWKEYS received
debug2: set_newkeys: mode 0
debug1: rekey in after 4294967296 blocks
debug1: Will attempt key: ./id_rsa.pub RSA SHA256:sNpI3H2pUhdB/HFFjhF6qW+SHtpaMTY5+b5qk5aDo9s explicit agent
debug2: pubkey_prepare: done
debug3: send packet: type 5
debug3: receive packet: type 6
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug3: send packet: type 50
debug3: receive packet: type 51
debug1: Authentications that can continue: publickey
debug3: start over, passed a different list publickey
debug3: preferred gssapi-with-mic,publickey,keyboard-interactive,password
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Offering public key: ./id_rsa.pub RSA SHA256:sNpI3H2pUhdB/HFFjhF6qW+SHtpaMTY5+b5qk5aDo9s explicit agent
debug3: send packet: type 50
debug2: we sent a publickey packet, wait for reply
debug3: receive packet: type 51
debug1: Authentications that can continue: publickey
debug2: we did not send a packet, disable method
debug1: No more authentication methods to try.
[email protected]: Permission denied (publickey).

答案1

IdentityFile ./id_rsa.pub

这可能是错误的密钥文件。请尝试使用“id_rsa”而不是“id_rsa.pub”。

创建密钥时通常的方式,不带“.pub”扩展名的文件包含密钥的私有部分。密钥“.pub”扩展名包含密钥的公共部分,该部分会被复制到其他站点。当您想要使用密钥登录时,您必须使用密钥的私有部分,该部分位于没有扩展名的文件中。

相关内容