我的意思是从 Win 10 + msys2 客户端 (PC1) ssh 到 Win 11 + OpenSSH 服务器 (PC2)。我按照 PC2 中的常规程序通过 Powershell 启用 OpenSSH 服务器(就像我之前成功完成的那样,尽管是在 Win 10 服务器上)。
在 PC1 中,我已将 添加server2
到~/.ssh/config
,其中键为/home/USER1/.ssh/id_ed25519b
。在 PC2 中,我已将匹配键的内容添加id_ed25519b.pub
到C:\ProgramData\ssh\administrators_authorized_keys
和C:\Users\user2\.ssh\authorized_keys
。我还添加了其他键来尝试(如下面的消息所示),但这并不重要。然后,
[PC1]$ ssh -v server2 -i /home/USER1/.ssh/id_ed25519b
OpenSSH_8.2p1, OpenSSL 1.1.1g 21 Apr 2020
debug1: Reading configuration data /home/USER1/.ssh/config
debug1: /home/USER1/.ssh/config line 6: Applying options for *
debug1: /home/USER1/.ssh/config line 15: Applying options for server2
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Authenticator provider $SSH_SK_PROVIDER did not resolve; disabling
debug1: Connecting to <ip PC2> [<ip PC2>] port 22.
debug1: Connection established.
debug1: identity file /home/USER1/.ssh/id_ed25519b type -1
debug1: identity file /home/USER1/.ssh/id_ed25519b-cert type -1
debug1: identity file /home/USER1/.ssh/id_rsa type -1
debug1: identity file /home/USER1/.ssh/id_rsa-cert type -1
debug1: identity file /home/USER1/.ssh/id_ed25519b type -1
debug1: identity file /home/USER1/.ssh/id_ed25519b-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_8.2
debug1: Remote protocol version 2.0, remote software version OpenSSH_for_Windows_8.1
debug1: match: OpenSSH_for_Windows_8.1 pat OpenSSH* compat 0x04000000
debug1: Authenticating to <ip PC2>:22 as 'user2'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: curve25519-sha256
debug1: kex: host key algorithm: ecdsa-sha2-nistp256
debug1: kex: server->client cipher: [email protected] MAC: <implicit> compression: none
debug1: kex: client->server cipher: [email protected] MAC: <implicit> compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:********************************************
debug1: Host '<ip PC2>' is known and matches the ECDSA host key.
debug1: Found key in /home/USER1/.ssh/known_hosts:47
debug1: rekey out after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey in after 134217728 blocks
debug1: Will attempt key: /home/USER1/.ssh/id_ed25519b explicit
debug1: Will attempt key: /home/USER1/.ssh/id_rsa explicit
debug1: Will attempt key: /home/USER1/.ssh/id_ed25519b explicit
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<ssh-ed25519,ssh-rsa,rsa-sha2-256,rsa-sha2-512,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521>
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: Next authentication method: publickey
=================================================================== START MODIFIED
debug1: Trying private key: /home/USER1/.ssh/id_ed25519b <---- **** THIS SHOULD HAVE WORKED ****
=================================================================== END MODIFIED
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: Trying private key: /home/USER1/.ssh/id_rsa
Enter passphrase for key '/home/USER1/.ssh/id_rsa': <Ctrl>+C
我认为可能有帮助的唯一两点(而且我不确定如何进一步挖掘)是:
我不确定文件/目录权限是否是个问题。我不记得以前在 Win 10 中进行过类似的配置时需要做任何特殊的事情。我知道
~/.ssh
其他文件需要特定的权限,而且我在 Linux 中已经多次进行过这样的配置。在 PC2 中,我打开了管理员 PS5.1 提示符。以下这我做到了
PS C:\Windows\system32> Stop-Service sshd
PS C:\Windows\system32> sshd.exe -d
查看服务器中的调试消息。本质上,我得到了Authetication refused. Failed publickey...
这是整个输出。
PS C:\Windows\system32> sshd.exe -d
debug1: sshd version OpenSSH_for_Windows_8.1, LibreSSL 3.0.2
debug1: get_passwd: LookupAccountName() failed: 1332.
debug1: private host key #0: ssh-rsa SHA256:***************************************
debug1: private host key #1: ecdsa-sha2-nistp256 SHA256:***************************************
debug1: private host key #2: ssh-ed25519 SHA256:***************************************
debug1: rexec_argv[0]='C:\\Windows\\System32\\OpenSSH\\sshd.exe'
debug1: rexec_argv[1]='-d'
debug1: Bind to port 22 on ::.
Server listening on :: port 22.
debug1: Bind to port 22 on 0.0.0.0.
Server listening on 0.0.0.0 port 22.
debug1: Server will not fork when running in debugging mode.
Connection from <ip PC1> port 52107 on <ip PC2> port 22
debug1: Local version string SSH-2.0-OpenSSH_for_Windows_8.1
debug1: Remote protocol version 2.0, remote software version OpenSSH_8.2
debug1: match: OpenSSH_8.2 pat OpenSSH* compat 0x04000000
debug1: list_hostkey_types: rsa-sha2-512,rsa-sha2-256,ssh-rsa,ecdsa-sha2-nistp256,ssh-ed25519 [preauth]
debug1: SSH2_MSG_KEXINIT sent [preauth]
debug1: SSH2_MSG_KEXINIT received [preauth]
debug1: kex: algorithm: curve25519-sha256 [preauth]
debug1: kex: host key algorithm: ecdsa-sha2-nistp256 [preauth]
debug1: kex: client->server cipher: [email protected] MAC: <implicit> compression: none [preauth]
debug1: kex: server->client cipher: [email protected] MAC: <implicit> compression: none [preauth]
debug1: expecting SSH2_MSG_KEX_ECDH_INIT [preauth]
debug1: rekey out after 134217728 blocks [preauth]
debug1: SSH2_MSG_NEWKEYS sent [preauth]
debug1: Sending SSH2_MSG_EXT_INFO [preauth]
debug1: expecting SSH2_MSG_NEWKEYS [preauth]
debug1: SSH2_MSG_NEWKEYS received [preauth]
debug1: rekey in after 134217728 blocks [preauth]
debug1: KEX done [preauth]
debug1: userauth-request for user user2 service ssh-connection method none [preauth]
debug1: attempt 0 failures 0 [preauth]
debug1: user user2 matched group list administrators at line 87
debug1: userauth-request for user user2 service ssh-connection method publickey [preauth]
debug1: attempt 1 failures 0 [preauth]
debug1: trying public key file __PROGRAMDATA__/ssh/administrators_authorized_keys
Authentication refused.
Failed publickey for user2 from <ip PC1> port 52107 ssh2: ED25519 SHA256:***************************************
Connection closed by authenticating user user2 <ip PC1> port 52107 [preauth]
debug1: do_cleanup [preauth]
debug1: monitor_read_log: child log fd closed
debug1: do_cleanup
debug1: Killing privsep child 20400
有关的:
- https://docs.microsoft.com/en-us/windows-server/administration/openssh/openssh_server_configuration
- https://social.technet.microsoft.com/Forums/en-US/09ef4533-243e-4fa1-b2ca-bcbcc08d0f1e/windows-10-pro-openssh-server-permission-denied?forum=win10itprogeneral
- https://github.com/PowerShell/Win32-OpenSSH/wiki/Logging-Facilities
- https://github.com/PowerShell/Win32-OpenSSH/wiki/Security-protection-of-various-files-in-Win32-OpenSSH
- https://docs.microsoft.com/en-us/answers/questions/109609/unable-to-access-the-win10-pc-with-openssh-install.html