我正在尝试通过文件运行命令authorized_keys。我已将文件的权限设置为 600 authorized_keys,将.ssh目录的权限设置为 700。
在授权文件中我有以下内容:
command="touch /home/borg/file.txt", restrict ssh-ed25519 <redacted>
然后我尝试使用以下命令 ssh 到该主机:
ssh [email protected]
我使用的用户与文件authorized_keys所属的用户相同。我已经测试了密钥并验证它们确实有效,并且我能够对主机进行正常的 SSH。当我尝试向文件添加命令时,它给了我一个权限被拒绝的错误。我无论如何也想不出问题是什么。请提供任何想法来提供帮助,我已经尝试过了ssh -v,最后得到了以下结果:
debug2: pubkey_prepare: done
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<ssh-ed25519,[email protected],ssh-rsa,rsa-sha2-256,rsa-sha2-512,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,[email protected],[email protected]>
debug1: kex_input_ext_info: [email protected]=<0>
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Offering public key: /home/prod/.ssh/borg_key ED25519 SHA256:<redacted> explicit
debug2: we sent a publickey packet, wait for reply
debug1: Authentications that can continue: publickey
debug2: we did not send a packet, disable method
debug1: No more authentication methods to try.
[email protected]: Permission denied (publickey).
答案1
命令选项结尾的逗号和限制选项之间没有空格:command="...",restrict {keytype} {blob}。请注意 man sshd 中的文字:“... 以下空格分隔的字段:options、keytype、base64 编码的密钥、注释”。空格导致“restrict”成为密钥类型,而“ssh-ed25519”成为实际密钥,两者都是错误的;您的实际密钥被视为注释字段并被忽略。