我正尝试使用 Globalscape EFT 作为 ssh 服务从 RHEL8 连接到 Windows 2016 Server。
[acoder@rhel8]# ssh [email protected]
EFT Login - %DATE% %TIME% - Please enter valid credentials to continue [email protected]: Permission denied (publickey).
[acoder@rhel8]#
我已与 EFT 服务器管理员确认,他们用于导入 Globalscape EFT 的 id_rsa.pub 文件的 md5sum 与我自己的 id_rsa.pub 相匹配。我们的 kex、密码和 mac 也匹配。
失败的 ssh 连接的完整详细输出(从我的角度看):
[acoder@rhel8]# ssh -v [email protected]
OpenSSH_8.0p1, OpenSSL 1.1.1k FIPS 25 Mar 2021
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Reading configuration data /etc/ssh/ssh_config.d/05-redhat.conf
debug1: Reading configuration data /etc/crypto-policies/back-ends/openssh.config
debug1: configuration requests final Match pass
debug1: re-parsing configuration
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Reading configuration data /etc/ssh/ssh_config.d/05-redhat.conf
debug1: Reading configuration data /etc/crypto-policies/back-ends/openssh.config
debug1: FIPS mode initialized
debug1: Connecting to vrdownload.dph.ga.gov [3.141.217.44] port 22.
debug1: Connection established.
debug1: identity file /home/acoder/.ssh/id_rsa type 0
debug1: identity file /home/acoder/.ssh/id_rsa-cert type -1
debug1: identity file /home/acoder/.ssh/id_dsa type -1
debug1: identity file /home/acoder/.ssh/id_dsa-cert type -1
debug1: identity file /home/acoder/.ssh/id_ecdsa type -1
debug1: identity file /home/acoder/.ssh/id_ecdsa-cert type -1
debug1: identity file /home/acoder/.ssh/id_ed25519 type -1
debug1: identity file /home/acoder/.ssh/id_ed25519-cert type -1
debug1: identity file /home/acoder/.ssh/id_xmss type -1
debug1: identity file /home/acoder/.ssh/id_xmss-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_8.0
debug1: Remote protocol version 2.0, remote software version 1.82_sshlib Globalscape
debug1: no match: 1.82_sshlib Globalscape
debug1: Authenticating to vrdownload.dph.ga.gov:22 as 'RemoteUser'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: diffie-hellman-group-exchange-sha256
debug1: kex: host key algorithm: ssh-rsa
debug1: kex: server->client cipher: aes256-ctr MAC: hmac-sha2-256 compression: none
debug1: kex: client->server cipher: aes256-ctr MAC: hmac-sha2-256 compression: none
debug1: kex: diffie-hellman-group-exchange-sha256 need=32 dh_need=32
debug1: kex: diffie-hellman-group-exchange-sha256 need=32 dh_need=32
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(2048<8192<8192) sent
debug1: got SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: got SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Server host key: ssh-rsa SHA256:1WnR3yBUoA62gpUpvV3v8s5xCiz5fLFhbw42pKdOVjQ
debug1: Host 'vrdownload.dph.ga.gov' is known and matches the RSA host key.
debug1: Found key in /home/acoder/.ssh/known_hosts:4
debug1: rekey out after 4294967296 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey in after 4294967296 blocks
debug1: Will attempt key: /home/acoder/.ssh/id_rsa RSA SHA256:ro17/srlJ4pU8V169VdnHYqpGBI6ZZPUUQOEExrmOHs
debug1: Will attempt key: /home/acoder/.ssh/id_dsa
debug1: Will attempt key: /home/acoder/.ssh/id_ecdsa
debug1: Will attempt key: /home/acoder/.ssh/id_ed25519
debug1: Will attempt key: /home/acoder/.ssh/id_xmss
debug1: SSH2_MSG_SERVICE_ACCEPT received
EFT Login - %DATE% %TIME% - Please enter valid credentials to continuedebug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Offering public key: /home/acoder/.ssh/id_rsa RSA SHA256:ro17/srlJ4pU8V169VdnHYqpGBI6ZZPUUQOEExrmOHs
debug1: send_pubkey_test: no mutual signature algorithm
debug1: Trying private key: /home/acoder/.ssh/id_dsa
debug1: Trying private key: /home/acoder/.ssh/id_ecdsa
debug1: Trying private key: /home/acoder/.ssh/id_ed25519
debug1: Trying private key: /home/acoder/.ssh/id_xmss
debug1: No more authentication methods to try.
[email protected]: Permission denied (publickey).
检查我的公钥的格式:
# ssh-keygen -l -f id_rsa.pub
3072 SHA256:ro17/srlJ4pU8V169VdnHYqpGBI6ZZPUUQOEExrmOHs root@nbs (RSA)
是否应将我的 id_rsa.pub 文件导出为其他格式以供 EFT 使用?
我还能尝试什么方法来让我的公钥成功导入 Globalscape EFT 吗?