我尝试使用 Xshell 从 AWS SSH 到新的 EC2 服务器,但出现以下错误。这是否意味着客户端的公钥没有添加到服务器端的authorized_keys中?如何验证哪个 RCA 出现错误然后进行修复?
[bastion-ro@ip-10-1-X-XX ~]$ ssh [email protected]
Permission denied (publickey,gssapi-keyex,gssapi-with-mic).
[bastion-ro@ip-10-1-X-XX .ssh]$ cat /etc/redhat-release
Red Hat Enterprise Linux Server release 7.5 (Maipo)
感谢您的任何建议。
答案1
如果不检查服务器端日志,您就无法确定问题所在。跑步时ssh -v
你只能猜测。如果它能明确地显示出了什么问题,那么潜在的攻击就会变得更容易,它会为攻击者揭示重要的信息。下面是一个例子:
debug1: Host '192.168.1.1' is known and matches the ECDSA host key.
debug1: Found key in /home/jiri/.ssh/known_hosts:30
debug1: rekey out after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey in after 134217728 blocks
debug1: Will attempt key: /tmp/test RSA SHA256:vOJarZ7K6aLtlnPvQnzx1MxA/36iV4xkubPY4PhlEKA explicit
客户端正在尝试使用 ssh 密钥/tmp/test
。
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<ssh-ed25519,[email protected],ssh-rsa,rsa-sha2-256,rsa-sha2-512,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,[email protected],[email protected]>
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,keyboard-interactive
debug1: Next authentication method: publickey
debug1: Offering public key: /tmp/test RSA SHA256:vOJarZ7K6aLtlnPvQnzx1MxA/36iV4xkubPY4PhlEKA explicit
debug1: Authentications that can continue: publickey,keyboard-interactive
服务器不高兴,它没有显示debug1: Authentication succeeded (publickey).
debug1: Next authentication method: keyboard-interactive
debug1: Authentications that can continue: publickey,keyboard-interactive
debug1: No more authentication methods to try.
[email protected]: Permission denied (publickey,keyboard-interactive).
您无法知道是否用户错误、密钥丢失或应用了密钥限制而导致身份验证失败。在上面的示例中,用户根本不存在。