我正在尝试从我的 Windows 10 机器执行 ssh 到 pi 服务器的最基本任务。我尝试使用带密码和不带密码的密钥,这两个密钥都是在 Windows 中使用 putty 和 bitvise 生成的。我可以通过用户/密码进行 SSH。PubkeyAuthentication 设置为是,因为这似乎是尝试通过公钥和私钥完成身份验证的核心。我尝试了配置文件中的一大堆附加开关,但都没有用。您会在配置文件中看到我尝试过的附加开关,现在已被注释掉。完整分解如下,包括调试信息。我完全不知所措,因为据我所知,这应该是可行的。
系统信息
Raspberry Pi 5.0 服务器
- openssh-server
- Linux rpi 6.1.0-rpi7-rpi-2712 #1 SMP PREEMPT Debian 1:6.1.63-1+rpt1
(2023-11-24) aarch64 GNU/Linux
- Debian Version: 12.4
Windows 10 / Intel(最新补丁)
- Putty v0.80 or Bitvise SSH v9.33
pi 服务器上的 bob 用户目录结构 - 注意:没有 authorized_keys2 文件
root@rpi:/home/bob/.ssh# ls -al
total 12
drwx------ 2 bob bob 4096 Jan 5 14:28 .
drwx------ 24 bob bob 4096 Jan 5 11:47 ..
-rw-r--r-- 1 bob bob 1591 Jan 5 14:28 authorized_keys
root@rpi:/home/bob/.ssh#
调试信息
root@rpi:/home/bob/.ssh# /usr/sbin/sshd -d -p 2222
debug1: sshd version OpenSSH_9.2, OpenSSL 3.0.11 19 Sep 2023
debug1: private host key #0: ssh-rsa SHA256:sanatized
debug1: private host key #1: ecdsa-sha2-nistp256 SHA256:sanatized
debug1: private host key #2: ssh-ed25519 SHA256:sanatized
debug1: rexec_argv[0]='/usr/sbin/sshd'
debug1: rexec_argv[1]='-d'
debug1: rexec_argv[2]='-p'
debug1: rexec_argv[3]='2222'
debug1: Set /proc/self/oom_score_adj from 0 to -1000
debug1: Bind to port 2222 on 0.0.0.0.
Server listening on 0.0.0.0 port 2222.
debug1: Bind to port 2222 on ::.
Server listening on :: port 2222.
debug1: Server will not fork when running in debugging mode.
debug1: rexec start in 5 out 5 newsock 5 pipe -1 sock 8
debug1: sshd version OpenSSH_9.2, OpenSSL 3.0.11 19 Sep 2023
debug1: private host key #0: ssh-rsa SHA256:sanatized
debug1: private host key #1: ecdsa-sha2-nistp256 SHA256:sanatized
debug1: private host key #2: ssh-ed25519 SHA256:sanatized
debug1: inetd sockets after dupping: 3, 3
Connection from 192.168.1.50 port 53633 on 192.168.1.2 port 2222 rdomain ""
debug1: Local version string SSH-2.0-OpenSSH_9.2p1 Debian-2+deb12u2
debug1: Remote protocol version 2.0, remote software version PuTTY_Release_0.80
debug1: compat_banner: no match: PuTTY_Release_0.80
debug1: permanently_set_uid: 102/65534 [preauth]
debug1: list_hostkey_types: rsa-sha2-512,rsa-sha2-256,ecdsa-sha2-nistp256,ssh-ed25519 [preauth]
debug1: SSH2_MSG_KEXINIT sent [preauth]
debug1: SSH2_MSG_KEXINIT received [preauth]
debug1: kex: algorithm: [email protected] [preauth]
debug1: kex: host key algorithm: ssh-ed25519 [preauth]
debug1: kex: client->server cipher: aes256-ctr MAC: hmac-sha2-256 compression: none [preauth]
debug1: kex: server->client cipher: aes256-ctr MAC: hmac-sha2-256 compression: none [preauth]
debug1: expecting SSH2_MSG_KEX_ECDH_INIT [preauth]
debug1: SSH2_MSG_KEX_ECDH_INIT received [preauth]
debug1: ssh_packet_send2_wrapped: resetting send seqnr 3 [preauth]
debug1: rekey out after 4294967296 blocks [preauth]
debug1: SSH2_MSG_NEWKEYS sent [preauth]
debug1: Sending SSH2_MSG_EXT_INFO [preauth]
debug1: expecting SSH2_MSG_NEWKEYS [preauth]
debug1: ssh_packet_read_poll2: resetting read seqnr 3 [preauth]
debug1: SSH2_MSG_NEWKEYS received [preauth]
debug1: rekey in after 4294967296 blocks [preauth]
debug1: KEX done [preauth]
debug1: userauth-request for user bob service ssh-connection method none [preauth]
debug1: attempt 0 failures 0 [preauth]
debug1: PAM: initializing for "bob"
debug1: PAM: setting PAM_RHOST to "192.168.1.50"
debug1: PAM: setting PAM_TTY to "ssh"
debug1: userauth-request for user bob service ssh-connection method publickey [preauth]
debug1: attempt 1 failures 0 [preauth]
debug1: userauth_pubkey: publickey test pkalg rsa-sha2-512 pkblob RSA SHA256:sanatized [preauth]
debug1: temporarily_use_uid: 1000/1000 (e=0/0)
debug1: trying public key file /home/bob/.ssh/authorized_keys
debug1: fd 4 clearing O_NONBLOCK
debug1: restore_uid: 0/0
debug1: temporarily_use_uid: 1000/1000 (e=0/0)
debug1: trying public key file /home/bob/.ssh/authorized_keys2
debug1: Could not open user 'bob' authorized keys '/home/bob/.ssh/authorized_keys2': No such file or directory
debug1: restore_uid: 0/0
Failed publickey for bob from 192.168.1.50 port 53633 ssh2: RSA SHA256:sanatized
Received disconnect from 192.168.1.50 port 53633:14: No supported authentication methods available [preauth]
Disconnected from authenticating user bob 192.168.1.50 port 53633 [preauth]
debug1: do_cleanup [preauth]
debug1: monitor_read_log: child log fd closed
debug1: do_cleanup
debug1: PAM: cleanup
debug1: Killing privsep child 91169
debug1: audit_event: unhandled event 12
sshd_conf
Include /etc/ssh/sshd_config.d/*.conf
#Port 22
#AddressFamily any
#ListenAddress 0.0.0.0
#ListenAddress ::
#HostKey /etc/ssh/ssh_host_rsa_key
#HostKey /etc/ssh/ssh_host_ecdsa_key
#HostKey /etc/ssh/ssh_host_ed25519_key
# Ciphers and keying
#RekeyLimit default none
# Logging
#SyslogFacility AUTH
#LogLevel INFO
# Authentication:
#LoginGraceTime 2m
#PermitRootLogin prohibit-password
#PermitRootLogin no
#StrictModes yes
#MaxAuthTries 6
#MaxSessions 10
#UseDNS yes
PubkeyAuthentication yes
#PubkeyAcceptedAlgorithms +ssh-rsa
#pubkeyacceptedkeytypes [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa,ssh-rsa,[email protected]
#RSAAuthentication yes
# Expect .ssh/authorized_keys2 to be disregarded by default in future.
#AuthorizedKeysFile .ssh/authorized_keys .ssh/authorized_keys2
#AuthorizedPrincipalsFile none
#AuthorizedKeysCommand none
#AuthorizedKeysCommandUser nobody
# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
#HostbasedAuthentication no
# Change to yes if you don't trust ~/.ssh/known_hosts for
# HostbasedAuthentication
#IgnoreUserKnownHosts no
# Don't read the user's ~/.rhosts and ~/.shosts files
#IgnoreRhosts yes
# To disable tunneled clear text passwords, change to no here!
PasswordAuthentication no
#PermitEmptyPasswords no
# Change to yes to enable challenge-response passwords (beware issues with
# some PAM modules and threads)
KbdInteractiveAuthentication no
# Kerberos options
#KerberosAuthentication no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes
#KerberosGetAFSToken no
# GSSAPI options
#GSSAPIAuthentication no
#GSSAPICleanupCredentials yes
#GSSAPIStrictAcceptorCheck yes
#GSSAPIKeyExchange no
# Set this to 'yes' to enable PAM authentication, account processing,
# and session processing. If this is enabled, PAM authentication will
# be allowed through the KbdInteractiveAuthentication and
# PasswordAuthentication. Depending on your PAM configuration,
# PAM authentication via KbdInteractiveAuthentication may bypass
# the setting of "PermitRootLogin prohibit-password".
# If you just want the PAM account and session checks to run without
# PAM authentication, then enable this but set PasswordAuthentication
# and KbdInteractiveAuthentication to 'no'.
UsePAM yes
#AllowAgentForwarding yes
#AllowTcpForwarding yes
#GatewayPorts no
X11Forwarding yes
#X11DisplayOffset 10
#X11UseLocalhost yes
#PermitTTY yes
PrintMotd no
#PrintLastLog yes
#TCPKeepAlive yes
#PermitUserEnvironment no
#Compression delayed
#ClientAliveInterval 0
#ClientAliveCountMax 3
#UseDNS no
#PidFile /run/sshd.pid
#MaxStartups 10:30:100
#PermitTunnel no
#ChrootDirectory none
#VersionAddendum none
# no default banner path
#Banner none
# Allow client to pass locale environment variables
AcceptEnv LANG LC_*
# override default of no subsystems
Subsystem sftp /usr/lib/openssh/sftp-server
# Example of overriding settings on a per-user basis
#Match User anoncvs
# X11Forwarding no
# AllowTcpForwarding no
# PermitTTY no
# ForceCommand cvs server
这不是我第一次设置 sshd/ssh,而且我已经花了 4 个小时,却没有任何进展。
授权密钥
---- BEGIN SSH2 PUBLIC KEY ----
Comment: "rsa-key-20240105"
AAAAB3NzaC1yc2EAAAADAQABAAABAQCQVTdfgmqDh/D7ogHiavN/iFJHHZQNn1wQ
oRxubicn27UPJ+TbBWvBQlrChxJ9tFsV8E1KThSpgcPB9Y/mrWCsw5q8HxT7wTbe
fjkG3C0TMRp+Of+ZfGz8XuZNeWednxyYmBb1DHnL1wNPo2H6pa64Jg6iJLbVx4Ov
2XSgBHorSAMPmaafL/NThT9SIuf7ABMfSLb1VbTXaUZV3Vrlc0Eh8Tzl0+3TSFB6
jqjZs6HYisR4PoloH8aXTReEQz1uB1zjCw/fX0lMyM8YmzFAGgQ+Nb/pHt7mO52M
Fi4+FKPhigIvnIDTjCRCB67OOYTz7Du4NrNcxaLwpv1BmVHSV3n1
---- END SSH2 PUBLIC KEY ----
---- BEGIN SSH2 PUBLIC KEY ----
Comment: Generated by Shannon@BANZAI.
AAAAB3NzaC1yc2EAAAADAQABAAACAQC4OqOD5oSi5bk3LKd0UTjdqFdCbB0MWfNJ6uiLlhcH
8dBZAYU3PyTSE1CH/cfBw8rX5kezDw+fi8lywmcM8Td8jaJxYpqz+FQuiVwjs7RzIVzRMfm2
2cFaN5gT3uNJpSD6gkpHsRfkca9l6QkZXCSHUtJMyWM3Uzs+2K7DrOXeInC+1mI4GAEPQ79V
OkYkS4aCvEV6olUtlk+lX9RrZgEKCNkZPS8qE7CAPDOP2Wsq6pddmvrfDHw/ffl1Hp/K2EFl
aECqGgXIgYFFOYDMI68IYs0spddqBIUETV4h4jbonnlJwJtLVYwkKiXnscTl9/y2E4k1Yvth
i1aAGqCxfMOuoySynZWwJjR3rMNt+AxCkt5RJcetHDPytnsl/9ACgNsdz/a33TzxuyMxCC27
uCne55jfvCqbwiWdvBn9ce5wnC9DswnCmafwFxpVLYJ3u3/QJEdOchubWawK8XZ0Rvu0SJr1
Qo0a6p8g40StG8s1e2diz27/ugS7/DnbdqSAUsatVnMr55bdeKZW4cmGB+HHYNFV+gmyM/Yw
06aO6cad2qdL2p/nBJ55+EllcLPfZr2dq4r7g/btcuEUPYnI0VqLqJ7XWn/A7JXyPKSvrJZJ
oTqznJRb2LRGpBtUi0PHou0Bcgk4FW+Kem3qwOScaKcD6n0ZweOdDtENoYFpDL5RcQ==
---- END SSH2 PUBLIC KEY ----
---- BEGIN SSH2 PUBLIC KEY ----
Comment: "rsa-key-20021012"
AAAAB3NzaC1yc2EAAAABJQAAAIEAuEn3JILP5WY3phNemJR6at3vz60QyWEEAcnr
5LFOKXhRhAOv/XSZikHwEweyGRNo/mkVIYP81KzD09sv5nRhTqpfsbIL2prYnhzx
GaicLXO4kM3Ni3FBUp0diPHobg6kHxDyktyJguWt9DwHvyDpSxgTthEc/QKqDd+b
4uBDKNE=
---- END SSH2 PUBLIC KEY ----
答案1
您的 authorized_keys 文件的格式不正确。
请参阅 man 8 sshd 以了解在 authorized_keys 文件中应输入的内容:
https://manpages.debian.org/bookworm/openssh-server/sshd.8.en.html#AUTHORIZED_KEYS_FILE_FORMAT
答案2
嗯,这确实是个问题。快速跑了一下
ssh-keygen -i -f ssh2.pub > openssh.pub
将输出弹出到授权密钥中,现在一切正常。我觉得自己很聪明。我以前从来没有这样做过,我想自从我上次设置新的 Linux 机器以来,情况已经发生了变化。感谢您找出问题所在,我会明智地继续前进。祝一切顺利,新年快乐!