当我尝试使用 RSA 密钥与 Azure 存储帐户建立 SFTP 连接时,Azure 仍会提示我输入密码。此问题仅发生在我的笔记本电脑上,该笔记本电脑在 WSL 上运行 Ubuntu 22.04.02 LTS。从 CentOS 服务器连接工作正常。
查看调试日志时我发现以下内容:
$ sftp -v -i ~/.ssh/id_rsa <storage_account>.<user>@<storage_account>.blob.core.windows.net
...
debug1: Local version string SSH-2.0-OpenSSH_8.9p1 Ubuntu-3ubuntu0.1
debug1: Remote protocol version 2.0, remote software version AzureSSH_1.0.0
debug1: compat_banner: no match: AzureSSH_1.0.0
...
debug1: Found key in /home/<me>/.ssh/known_hosts:1
debug1: rekey out after # blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey in after # blocks
debug1: get_agent_identities: bound agent to hostkey
debug1: get_agent_identities: ssh_fetch_identitylist: agent contains no identities
debug1: Will attempt key: /home/<me>/.ssh/id_rsa RSA SHA256:ASUPERLONGSTRINGIN64BITIGUESS explicit
debug1: SSH2_MSG_EXT_INFO received
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: Offering public key: /home/<me>/.ssh/id_rsa RSA SHA256:ASUPERLONGSTRINGIN64BITIGUESS explicit
debug1: send_pubkey_test: no mutual signature algorithm
debug1: Next authentication method: password
<storage_account>.<user>@<storage_account>.blob.core.windows.net's password:
我认为这行就是问题所在:debug1: send_pubkey_test: no mutual signature algorithm
我的服务器的日志记录有效(使用相同的密钥)。
$ sftp -v -i ~/.ssh/id_rsa <storage_account>.<user>@<storage_account>.blob.core.windows.net
...
debug1: Local version string SSH-2.0-OpenSSH_7.4
debug1: Remote protocol version 2.0, remote software version AzureSSH_1.0.0
debug1: no match: AzureSSH_1.0.0
...
debug1: Found key in /home/<me>@<my_server>/.ssh/known_hosts:5
debug1: rekey after # blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey after # blocks
debug1: SSH2_MSG_EXT_INFO received
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: Offering RSA public key: ./.ssh/id_rsa
debug1: Server accepts key: pkalg ssh-rsa blen 535
debug1: Authentication succeeded (publickey).
Authenticated to <storage_account>.<user>@<storage_account>.blob.core.windows.net ([#.#.#.#]:22).
debug1: channel 0: new [client-session]
debug1: Entering interactive session.
debug1: pledge: network
debug1: Sending environment.
debug1: Sending env LANG = en_US.utf8
debug1: Sending subsystem: sftp
Connected to <storage_account>.<user>@<storage_account>.blob.core.windows.net.
sftp>
有人知道发生了什么事吗?
答案1
我找到了解决方案,但根本原因仍然不清楚。
这行字里有暗示:debug1: send_pubkey_test: no mutual signature algorithm
由于某种原因,AzureSSH_1.0.0 无法识别某些(新)SSH 客户端的 RSA 密钥。解决方案是明确设置密钥类型,如下所示:
$ sftp -i ~/.ssh/id_rsa -o 'PubkeyAcceptedKeyTypes +ssh-rsa' <storage_account>.<user>@<storage_account>.blob.core.windows.net
或者像这样设置~/.ssh/config:
Host <storage_account>.blob.core.windows.net
HostName <storage_account>.blob.core.windows.net
PubkeyAcceptedKeyTypes +ssh-rsa
User <storage_account>.<user>