我正在尝试使用公钥(DSA)从 Ubuntu 计算机(Win 10 上的 VM)ssh 到 Linux 服务器。然而,Ubuntu 上的 OpenSSH 客户端不会尝试将公钥作为身份验证方法,即使我已将以下行添加到 /etc/ssh/ssh_config 中:
PubkeyAuthentication yes
PubkeyAcceptedKeyTypes +ssh-dss.
.ssh目录的权限设置为700,id_dsa文件的权限设置为600。
这是调试日志:
The authenticity of host '************' can't be established.
RSA key fingerprint is SHA256:cPAuJmw7PjOgBYDN2TYfFscDVTbcsj0rT6HFJH9SDFI.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added '*****************' (RSA) to the list of known hosts.
debug2: bits set: 4095/8192
debug3: send packet: type 21
debug2: set_newkeys: mode 1
debug1: rekey out after 4294967296 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug3: receive packet: type 21
debug1: SSH2_MSG_NEWKEYS received
debug2: set_newkeys: mode 0
debug1: rekey in after 4294967296 blocks
debug1: Will attempt key: .ssh/id_dsa explicit
debug2: pubkey_prepare: done
debug3: send packet: type 5
debug3: receive packet: type 6
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug3: send packet: type 50
debug3: receive packet: type 51
debug1: Authentications that can continue: gssapi-keyex,gssapi-with-mic
debug3: start over, passed a different list gssapi-keyex,gssapi-with-mic
debug3: preferred gssapi-with-mic,publickey,keyboard-interactive,password
debug3: authmethod_lookup gssapi-with-mic
debug3: remaining preferred: publickey,keyboard-interactive,password
debug3: authmethod_is_enabled gssapi-with-mic
debug1: Next authentication method: gssapi-with-mic
debug1: Unspecified GSS failure. Minor code may provide more information
No Kerberos credentials available (default cache: FILE:/tmp/krb5cc_1000)
debug1: Unspecified GSS failure. Minor code may provide more information
No Kerberos credentials available (default cache: FILE:/tmp/krb5cc_1000)
debug2: we did not send a packet, disable method
debug1: No more authentication methods to try.
*****************: Permission denied (gssapi-keyex,gssapi-with-mic).
有人可以解释一下为什么 publickey 不在此处的身份验证方法中:
debug1: Authentications that can continue: gssapi-keyex,gssapi-with-mic
提前致谢,
更新:
我在服务器上的另一个端口(2222)上启动 sshd,然后就可以连接了。所以问题出在端口 22 上,由于某种原因服务器不允许公钥身份验证。当使用端口 22 时,我在日志中看到了这一点:
debug1: Authentications that can continue: gssapi-keyex,gssapi-with-mic
这里服务器不允许在端口 22 上对我的用户 ID 进行公钥身份验证,但是服务器允许在端口 2222 上进行公钥身份验证:
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic
服务器不允许在端口 22 上对我的用户 ID 进行公钥身份验证的原因可能是什么?
答案1
问题与我的互联网连接有关 - 它不允许在端口 22 上进行公钥身份验证。切换到另一个连接后,SSH 公钥身份验证工作正常。