我的服务器最近停止提供基于公钥的身份验证。我尝试使用我的 RSA 公钥登录,但只得到:
$ ssh -v <server>
OpenSSH_8.9p1 Ubuntu-3ubuntu0.1, OpenSSL 3.0.2 15 Mar 2022
debug1: Reading configuration data /home/user/.ssh/config
debug1: /home/user/.ssh/config line 33: Applying options for <server>
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: include /etc/ssh/ssh_config.d/*.conf matched no files
debug1: /etc/ssh/ssh_config line 21: Applying options for *
debug1: Connecting to <server> [<ip>] port 22.
debug1: Connection established.
debug1: identity file /home/user/.ssh/id_rsa type 0
debug1: identity file /home/user/.ssh/id_rsa-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_8.9p1 Ubuntu-3ubuntu0.1
debug1: Remote protocol version 2.0, remote software version OpenSSH_6.7p1 Debian-5+deb8u1
debug1: compat_banner: match: OpenSSH_6.7p1 Debian-5+deb8u1 pat OpenSSH* compat 0x04000000
debug1: Authenticating to <server>:22 as 'user'
debug1: load_hostkeys: fopen /home/user/.ssh/known_hosts2: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts2: No such file or directory
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: [email protected]
debug1: kex: host key algorithm: ecdsa-sha2-nistp256
debug1: kex: server->client cipher: [email protected] MAC: <implicit> compression: none
debug1: kex: client->server cipher: [email protected] MAC: <implicit> compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: SSH2_MSG_KEX_ECDH_REPLY received
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:tKraF30I02/eujsuOeMD9Aihjxp/9CXl/lu3c3vGcGs
debug1: load_hostkeys: fopen /home/user/.ssh/known_hosts2: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts2: No such file or directory
debug1: Host '[<server>]:22' is known and matches the ECDSA host key.
debug1: Found key in /home/user/.ssh/known_hosts:31
debug1: rekey out after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey in after 134217728 blocks
debug1: get_agent_identities: bound agent to hostkey
debug1: get_agent_identities: agent returned 1 keys
debug1: Will attempt key: /home/user/.ssh/other_key RSA SHA256:<fingerprint> agent
debug1: Will attempt key: /home/user/.ssh/id_rsa RSA SHA256:<fingerprint> explicit
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: Offering public key: /home/user/.ssh/other_key RSA SHA256:<fingerprint> agent
debug1: send_pubkey_test: no mutual signature algorithm
debug1: Offering public key: /home/user/.ssh/id_rsa RSA SHA256:<fingerprint> explicit
debug1: send_pubkey_test: no mutual signature algorithm
debug1: Next authentication method: password
user@<server>'s password:
关键部分似乎是倒数第三行:
debug1: send_pubkey_test: no mutual signature algorithm
起初我以为这一定与 ssh-rsa 已经已弃用最后默认禁用。然而,事实证明该服务器相当老旧,运行的是 OpenSSH 6.7p1。
也许是因为这个原因,服务器没有告诉我它支持哪些算法——现代 OpenSSH 版本似乎发送了一个SSH2_MSG_EXT_INFO
和kex_input_ext_info: server-sig-algs=…
。
因此我查看了服务器,/etc/ssh/sshd_config
但它看起来很好并且没有提到任何与以下内容相关的内容PubkeyAcceptedKeyTypes
(=PubkeyAcceptedAlgorithms
在较新版本的 OpenSSH 中):
…
KexAlgorithms [email protected],diffie-hellman-group-exchange-sha256
Ciphers [email protected],[email protected],[email protected],aes256-ctr,aes192-ctr,aes128-ctr
MACs [email protected],[email protected],[email protected],[email protected],hmac-sha2-512,hmac-sha2-256,hmac-ripemd160,[email protected]
…
我也尝试使用ssh -Q (sig|PubkeyAcceptedKeyTypes) <server>
来查询支持的签名算法,但与手册页建议的相反(ssh … [-Q query_option] … destination
),似乎这查询客户(?),不是服务器,因为我尝试过的每个服务器都是一样的。
然后我想:等等,但是如果服务器最近没有更新,那么它一定是我的客户端!
确实ssh -o "PubkeyAcceptedAlgorithms=+ssh-rsa" -v <server>
有效!
$ ssh -o "PubkeyAcceptedAlgorithms=ssh-rsa" -v <server>
OpenSSH_8.9p1 Ubuntu-3ubuntu0.1, OpenSSL 3.0.2 15 Mar 2022
debug1: Reading configuration data /home/user/.ssh/config
debug1: /home/user/.ssh/config line 33: Applying options for <server>
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: include /etc/ssh/ssh_config.d/*.conf matched no files
debug1: /etc/ssh/ssh_config line 21: Applying options for *
debug1: Connecting to <server> [<ip>] port 22.
debug1: Connection established.
debug1: identity file /home/user/.ssh/id_rsa type 0
debug1: identity file /home/user/.ssh/id_rsa-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_8.9p1 Ubuntu-3ubuntu0.1
debug1: Remote protocol version 2.0, remote software version OpenSSH_6.7p1 Debian-5+deb8u1
debug1: compat_banner: match: OpenSSH_6.7p1 Debian-5+deb8u1 pat OpenSSH* compat 0x04000000
debug1: Authenticating to <server>:22 as 'user'
debug1: load_hostkeys: fopen /home/user/.ssh/known_hosts2: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts2: No such file or directory
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: [email protected]
debug1: kex: host key algorithm: ecdsa-sha2-nistp256
debug1: kex: server->client cipher: [email protected] MAC: <implicit> compression: none
debug1: kex: client->server cipher: [email protected] MAC: <implicit> compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: SSH2_MSG_KEX_ECDH_REPLY received
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:tKraF30I02/eujsuOeMD9Aihjxp/9CXl/lu3c3vGcGs
debug1: load_hostkeys: fopen /home/user/.ssh/known_hosts2: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts2: No such file or directory
debug1: Host '[<server>]:22' is known and matches the ECDSA host key.
debug1: Found key in /home/user/.ssh/known_hosts:31
debug1: rekey out after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey in after 134217728 blocks
debug1: get_agent_identities: bound agent to hostkey
debug1: get_agent_identities: agent returned 1 keys
debug1: Will attempt key: /home/user/.ssh/other_key RSA SHA256:<fingerprint> agent
debug1: Will attempt key: /home/user/.ssh/id_rsa RSA SHA256:<fingerprint> explicit
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: Offering public key: /home/user/.ssh/other_key RSA SHA256:<fingerprint> agent
debug1: Authentications that can continue: publickey,password
debug1: Offering public key: /home/user/.ssh/id_rsa RSA SHA256:<fingerprint> explicit
debug1: Server accepts key: /home/user/.ssh/id_rsa RSA SHA256:<fingerprint> explicit
Enter passphrase for key '/home/user/.ssh/id_rsa':
这怎么可能?即使我的 OpenSSH 客户端(v8.9,见上文)已弃用/禁用 ssh-rsa 和 SHA1[0]:如我们所见,服务器和客户端都同意使用 SHA256 – 这应该完全没问题吧?!
此外,ssh -Q PubkeyAcceptedAlgorithms
列出 ssh-rsa:
$ ssh -Q PubkeyAcceptedAlgorithms
ssh-ed25519
[email protected]
[email protected]
[email protected]
ssh-rsa
rsa-sha2-256
rsa-sha2-512
ssh-dss
ecdsa-sha2-nistp256
ecdsa-sha2-nistp384
ecdsa-sha2-nistp521
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
我还无法PubkeyAcceptedAlgorithms=-ssh-rsa
在我的计算机上的任何地方找到禁用 ssh-rsa 的行(例如),无论是在~/.ssh/config
还是/etc/ssh
任何其他地方。
结论:这对我来说真是一个谜。为什么 ssh-rsa 不再工作了?(我应该提一下,ssh-ed25519 公钥工作得很好。)
现在我只是PubkeyAcceptedAlgorithms=+ssh-rsa
在本地进行配置~/.ssh/config
,但这感觉像是一个我尚未理解的问题的肮脏的解决方法。
--
相关文章其他人有完全相同的问题:服务器运行 OpenSSH v6.7p1,客户端是某些 OpenSSH 版本 > 8,并且 ssh-rsa 身份验证失败:
突然我的ssh需要输入密码--debug1:send_pubkey_test:没有相互签名算法
https://serverfault.com/questions/1064247/ssh-permission-denied-publickey
答案1
我开始认为原因是这个:
OpenSSH 自 7.2 版起支持 RFC8332 RSA/SHA-256/512 签名,并且现有的 ssh-rsa 密钥将在可能的情况下自动使用更强大的算法。
因此,OpenSSH v6.7p1 似乎还不支持 SHA-256/512,并且在遇到 ssh-rsa 密钥时仍想使用 SHA1。特别是调试输出(在成功的情况下)
debug1: Offering public key: /home/user/.ssh/id_rsa RSA SHA256:<fingerprint> explicit
debug1: Server accepts key: /home/user/.ssh/id_rsa RSA SHA256:<fingerprint> explicit
具有误导性,并没有说明在客户端<>服务器通信中使用了哪种散列算法。
此外,请求函数解释了为什么我的服务器没有发送server-sig-algs
:
Servers that accept rsa-sha2-* signatures for client authentication
SHOULD implement the extension negotiation mechanism defined in
[RFC8308], including especially the "server-sig-algs" extension.
总而言之,我成功地浪费了一整晚的时间,但令我大吃一惊的是,OpenSSH 开发人员竟然没有想到使用ssh-rsa
表示“使用 RSA 密钥”、“使用 RSA + SHA1”或“使用 RSA + 任何 SHA 版本”(视情况而定)可能会造成混淆。RFC 至少非常明确。