ssh-copy-id 成功但仍收到密码提示

tag-icon tag-icon ssh ssh-tunneling openssh sshd
ssh-copy-id 成功但仍收到密码提示

我必须连接到我的工作电脑,并且我正在使用此配置,

Host work
  User          name
  HostName      192.168.31.***
  ProxyCommand  ssh.exe p***@middle_host nc %h %p

middle_host是我在连接到实际桌面之前必须连接的组织网络。我已经成功完成了ssh-copy-id.但是,当我尝试使用要求输入密码的ssh work方式连接时middle_host,但工作电脑却没有。我签authorized_keys入了middle_host,我的公钥就在那里。但如果没有密码提示,它仍然无法连接。

不同文件的权限middle_host
stat -c "%a" ~>>700
stat -c "%a" ~/.ssh/700
stat -c "%a" ~/.ssh/authorized_keys600

我已经检查了这些答案并按照答案进行操作,但无法解决它
为什么使用公钥身份验证时,我仍然收到 ssh 密码提示?
ssh-copy-id成功,但仍提示输入密码

回答评论:

  1. 我在 middle_host (CentOs) 中没有 root 访问权限,所以我不知道如何检查 sshd 日志
  2. 我尝试使用 来连接到中间主机ssh -v middle_host。它抛出Unable to negotiate with ***** port 22: no matching key exchange method found. Their offer: diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1.所以我尝试了-oKexAlgorithms=+diffie-hellman-group1-sha1,现在输出显示为
OpenSSH_8.2p1 Ubuntu-4ubuntu0.1, OpenSSL 1.1.1f  31 Mar 2020
debug1: Reading configuration data /home/koushik/.ssh/config
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: include /etc/ssh/ssh_config.d/*.conf matched no files
debug1: /etc/ssh/ssh_config line 21: Applying options for *
debug1: Connecting to ***.**.**.*** [***.**.**.***] port 22.
debug1: Connection established.
debug1: identity file /home/koushik/.ssh/id_rsa type 0
debug1: identity file /home/koushik/.ssh/id_rsa-cert type -1
debug1: identity file /home/koushik/.ssh/id_dsa type -1
debug1: identity file /home/koushik/.ssh/id_dsa-cert type -1
debug1: identity file /home/koushik/.ssh/id_ecdsa type -1
debug1: identity file /home/koushik/.ssh/id_ecdsa-cert type -1
debug1: identity file /home/koushik/.ssh/id_ecdsa_sk type -1
debug1: identity file /home/koushik/.ssh/id_ecdsa_sk-cert type -1
debug1: identity file /home/koushik/.ssh/id_ed25519 type -1
debug1: identity file /home/koushik/.ssh/id_ed25519-cert type -1
debug1: identity file /home/koushik/.ssh/id_ed25519_sk type -1
debug1: identity file /home/koushik/.ssh/id_ed25519_sk-cert type -1
debug1: identity file /home/koushik/.ssh/id_xmss type -1
debug1: identity file /home/koushik/.ssh/id_xmss-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_8.2p1 Ubuntu-4ubuntu0.1
debug1: Remote protocol version 2.0, remote software version OpenSSH_4.3
debug1: match: OpenSSH_4.3 pat OpenSSH_2*,OpenSSH_3*,OpenSSH_4* compat 0x00000002
debug1: Authenticating to ***.**.**.***:22 as '****'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: diffie-hellman-group1-sha1
debug1: kex: host key algorithm: ssh-rsa
debug1: kex: server->client cipher: aes128-ctr MAC: hmac-sha1 compression: none
debug1: kex: client->server cipher: aes128-ctr MAC: hmac-sha1 compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ssh-rsa SHA256:mDzOdf7c6GdlUbdzYqOPpD23W1gyyixbjxeUxHU0YlE
debug1: Host '***.**.**.***' is known and matches the RSA host key.
debug1: Found key in /home/koushik/.ssh/known_hosts:1
debug1: rekey out after 4294967296 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey in after 4294967296 blocks
debug1: Will attempt key: /home/koushik/.ssh/id_rsa RSA SHA256:PqSSI5hAPS2zK9l+rOA7TZ01onuarhil6Fhee27+zG8
debug1: Will attempt key: /home/koushik/.ssh/id_dsa
debug1: Will attempt key: /home/koushik/.ssh/id_ecdsa
debug1: Will attempt key: /home/koushik/.ssh/id_ecdsa_sk
debug1: Will attempt key: /home/koushik/.ssh/id_ed25519
debug1: Will attempt key: /home/koushik/.ssh/id_ed25519_sk
debug1: Will attempt key: /home/koushik/.ssh/id_xmss
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,gssapi-with-mic,password
debug1: Next authentication method: gssapi-with-mic
debug1: Unspecified GSS failure.  Minor code may provide more information
No Kerberos credentials available (default cache: FILE:/tmp/krb5cc_1000)


debug1: Unspecified GSS failure.  Minor code may provide more information
No Kerberos credentials available (default cache: FILE:/tmp/krb5cc_1000)


debug1: Next authentication method: publickey
debug1: Offering public key: /home/koushik/.ssh/id_rsa RSA SHA256:PqSSI5hAPS2zK9l+rOA7TZ01onuarhil6Fhee27+zG8
debug1: Server accepts key: /home/koushik/.ssh/id_rsa RSA SHA256:PqSSI5hAPS2zK9l+rOA7TZ01onuarhil6Fhee27+zG8
debug1: Authentication succeeded (publickey).
Authenticated to ***.**.**.*** ([***.**.**.***]:22).
debug1: channel 0: new [client-session]
debug1: Entering interactive session.
debug1: pledge: network
debug1: Sending environment.
debug1: Sending env LANG = C.UTF-8
Last login: Sun Feb 14 14:18:00 2021 from -----

答案1

首先,您在 SSH 配置中声明了用户,但在 ProxyCommand 中使用了不同的用户名。

其次,middle_host 使用旧版本的 OpenSSH v4.3,而客户端使用 OpenSSH v8.2p1。旧版本的 OpenSSH 使用旧版本的 Diffie Hellman (DH) 密钥交换,更高版本不再支持。在中间系统支持的三个 DH 参数中,Group-14 较好,而 Group-1 最差。因此,执行以下命令,并指定 Group-14:

ssh -v -o HostKeyAlgorithms=ssh-dss -o KexAlgorithms=diffie-hellman-group14-sha1 middle_host

边注:

将 OpenSSH v4.3 服务器暴露到互联网上是一个坏主意。考虑使用 VPN。

相关内容