无法连接到 OpenSSHD 服务器。
情况如下:
client $ ls -al .ssh/
total 16
drwx------ 2 administrateur administrateur 4096 Nov 30 15:32 ./
drwxr-x--- 14 administrateur administrateur 4096 Nov 30 15:32 ../
-rw------- 1 administrateur administrateur 2675 Nov 30 15:04 id_rsa
-rw------- 1 administrateur administrateur 1768 Nov 30 15:01 known_hosts
server $ ls -al .ssh/
total 12
drwx------ 2 git git 4096 nov. 30 15:34 .
drwxr-x--- 9 git git 4096 nov. 30 15:34 ..
-rw------- 1 git git 886 nov. 30 15:12 authorized_keys
发生的情况如下:
client $ ssh-copy-id git@server
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
git@server_s password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh 'git@server'"
and check to make sure that only the key(s) you wanted were added.
client $ ssh-add -l
3072 SHA256:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX administrateur@CLIENT (RSA)
client $ ssh git@server
git@server_s password:
所以我尝试在端口 1234 上以调试模式运行服务器,然后执行以下操作ssh -p 1234 git@server
:
server $ sudo $(which sshd) -d -p 1234
debug1: sshd version OpenSSH_6.6.1, OpenSSL 1.0.1f 6 Jan 2014
debug1: key_parse_private2: missing begin marker
debug1: read PEM private key done: type RSA
debug1: private host key: #0 type 1 RSA
debug1: key_parse_private2: missing begin marker
debug1: read PEM private key done: type DSA
debug1: private host key: #1 type 2 DSA
debug1: key_parse_private2: missing begin marker
debug1: read PEM private key done: type ECDSA
debug1: private host key: #2 type 3 ECDSA
debug1: private host key: #3 type 4 ED25519
debug1: rexec_argv[0]='/usr/sbin/sshd'
debug1: rexec_argv[1]='-d'
debug1: rexec_argv[2]='-p'
debug1: rexec_argv[3]='1234'
Set /proc/self/oom_score_adj from 0 to -1000
debug1: Bind to port 1234 on 0.0.0.0.
Server listening on 0.0.0.0 port 1234.
debug1: Bind to port 1234 on ::.
Server listening on :: port 1234.
### Connecting from client to server on port 1234 ###
debug1: Server will not fork when running in debugging mode.
debug1: rexec start in 5 out 5 newsock 5 pipe -1 sock 8
debug1: inetd sockets after dupping: 3, 3
Connection from x.y.z.t1 port 47084 on x.y.z.t2 port 1234
debug1: Client protocol version 2.0; client software version OpenSSH_8.9p1 Ubuntu-3
debug1: match: OpenSSH_8.9p1 Ubuntu-3 pat OpenSSH* compat 0x04000000
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.6.1p1 Ubuntu-2ubuntu2.13
debug1: permanently_set_uid: 104/65534 [preauth]
debug1: list_hostkey_types: ssh-rsa,ssh-dss,ecdsa-sha2-nistp256,ssh-ed25519 [preauth]
debug1: SSH2_MSG_KEXINIT sent [preauth]
debug1: SSH2_MSG_KEXINIT received [preauth]
debug1: kex: client->server [email protected] <implicit> none [preauth]
debug1: kex: server->client [email protected] <implicit> none [preauth]
debug1: expecting SSH2_MSG_KEX_ECDH_INIT [preauth]
debug1: SSH2_MSG_NEWKEYS sent [preauth]
debug1: expecting SSH2_MSG_NEWKEYS [preauth]
debug1: SSH2_MSG_NEWKEYS received [preauth]
debug1: KEX done [preauth]
debug1: userauth-request for user git service ssh-connection method none [preauth]
debug1: attempt 0 failures 0 [preauth]
debug1: PAM: initializing for "git"
debug1: PAM: setting PAM_RHOST to "par-postgres01.orion.lan"
debug1: PAM: setting PAM_TTY to "ssh"
### Now appears the ssh prompt so I type the password instead ###
debug1: userauth-request for user git service ssh-connection method password [preauth]
debug1: attempt 1 failures 0 [preauth]
debug1: PAM: password authentication accepted for git
debug1: do_pam_account: called
Accepted password for git from x.y.z.t1 port 47086 ssh2
debug1: monitor_child_preauth: git has been authenticated by privileged process
debug1: monitor_read_log: child log fd closed
debug1: PAM: establishing credentials
User child is on pid 11239
debug1: SELinux support disabled
debug1: PAM: establishing credentials
debug1: permanently_set_uid: 105/115
debug1: Entering interactive session for SSH2.
debug1: server_init_dispatch_20
debug1: server_input_channel_open: ctype session rchan 0 win 1048576 max 16384
debug1: input_session_request
debug1: channel 0: new [server-session]
debug1: session_new: session 0
debug1: session_open: channel 0
debug1: session_open: session 0: link with channel 0
debug1: server_input_channel_open: confirm session
debug1: server_input_global_request: rtype [email protected] want_reply 0
debug1: server_input_channel_req: channel 0 request pty-req reply 1
debug1: session_by_channel: session 0 channel 0
debug1: session_input_channel_req: session 0 req pty-req
debug1: Allocating pty.
debug1: session_new: session 0
debug1: SELinux support disabled
debug1: session_pty_req: session 0 alloc /dev/pts/5
debug1: Ignoring unsupported tty mode opcode 42 (0x2a)
debug1: server_input_channel_req: channel 0 request env reply 0
debug1: session_by_channel: session 0 channel 0
debug1: session_input_channel_req: session 0 req env
debug1: server_input_channel_req: channel 0 request shell reply 1
debug1: session_by_channel: session 0 channel 0
debug1: session_input_channel_req: session 0 req shell
Starting session: shell on pts/5 for git from x.y.z.t1 port 47086
debug1: Setting controlling tty using TIOCSCTTY.
debug1: session_by_tty: session 0 tty /dev/pts/5
debug1: Unable to open session: The name org.freedesktop.ConsoleKit was not provided by any .service files
客户端显示的变量是:
Last login: Wed Nov 30 15:31:22 2022 from client
Environment:
LANG=fr_FR.UTF-8
USER=git
LOGNAME=git
HOME=/git/
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games
MAIL=/var/mail/git
SHELL=/bin/bash
SSH_CLIENT=x.y.z.t1 47086 1234
SSH_CONNECTION=x.y.z.t1 47086 x.y.z.t2 1234
SSH_TTY=/dev/pts/5
TERM=xterm
XDG_SESSION_ID=114077
git@server:~$ déconnexion
Connection to server closed.
这是服务器上的 SSHD 配置:
server $ sudo egrep -v '^(#|$)' /etc/ssh/sshd_config
Port 22
Protocol 2
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_dsa_key
HostKey /etc/ssh/ssh_host_ecdsa_key
HostKey /etc/ssh/ssh_host_ed25519_key
UsePrivilegeSeparation yes
KeyRegenerationInterval 3600
ServerKeyBits 1024
SyslogFacility AUTH
LogLevel INFO
LoginGraceTime 120
PermitRootLogin yes
StrictModes yes
RSAAuthentication yes
PubkeyAuthentication yes
IgnoreRhosts yes
RhostsRSAAuthentication no
HostbasedAuthentication no
PermitEmptyPasswords no
ChallengeResponseAuthentication no
X11Forwarding yes
X11DisplayOffset 10
PrintMotd no
PrintLastLog yes
TCPKeepAlive yes
AcceptEnv LANG LC_*
Subsystem sftp /usr/lib/openssh/sftp-server
UsePAM yes
这是客户端日志:
$ ssh -vv -p1234 git@server
OpenSSH_8.9p1 Ubuntu-3, OpenSSL 3.0.2 15 Mar 2022
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: include /etc/ssh/ssh_config.d/*.conf matched no files
debug1: /etc/ssh/ssh_config line 21: Applying options for *
debug2: resolving "server" port 1234
debug1: Connecting to server [x.y.z.t2] port 1234.
debug1: Connection established.
debug1: identity file /home/administrateur/.ssh/id_rsa type 0
debug1: identity file /home/administrateur/.ssh/id_rsa-cert type -1
debug1: identity file /home/administrateur/.ssh/id_ecdsa type -1
debug1: identity file /home/administrateur/.ssh/id_ecdsa-cert type -1
debug1: identity file /home/administrateur/.ssh/id_ecdsa_sk type -1
debug1: identity file /home/administrateur/.ssh/id_ecdsa_sk-cert type -1
debug1: identity file /home/administrateur/.ssh/id_ed25519 type -1
debug1: identity file /home/administrateur/.ssh/id_ed25519-cert type -1
debug1: identity file /home/administrateur/.ssh/id_ed25519_sk type -1
debug1: identity file /home/administrateur/.ssh/id_ed25519_sk-cert type -1
debug1: identity file /home/administrateur/.ssh/id_xmss type -1
debug1: identity file /home/administrateur/.ssh/id_xmss-cert type -1
debug1: identity file /home/administrateur/.ssh/id_dsa type -1
debug1: identity file /home/administrateur/.ssh/id_dsa-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_8.9p1 Ubuntu-3
debug1: Remote protocol version 2.0, remote software version OpenSSH_6.6.1p1 Ubuntu-2ubuntu2.13
debug1: compat_banner: match: OpenSSH_6.6.1p1 Ubuntu-2ubuntu2.13 pat OpenSSH_6.6.1* compat 0x04000002
debug2: fd 3 setting O_NONBLOCK
debug1: Authenticating to server:1234 as 'git'
debug1: load_hostkeys: fopen /home/administrateur/.ssh/known_hosts2: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts2: No such file or directory
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: local client KEXINIT proposal
debug2: KEX algorithms: curve25519-sha256,[email protected],ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,[email protected],diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,ext-info-c
debug2: host key algorithms: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],ssh-ed25519,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,[email protected],[email protected],rsa-sha2-512,rsa-sha2-256
debug2: ciphers ctos: [email protected],aes128-ctr,aes192-ctr,aes256-ctr,[email protected],[email protected]
debug2: ciphers stoc: [email protected],aes128-ctr,aes192-ctr,aes256-ctr,[email protected],[email protected]
debug2: MACs ctos: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: MACs stoc: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: compression ctos: none,[email protected],zlib
debug2: compression stoc: none,[email protected],zlib
debug2: languages ctos:
debug2: languages stoc:
debug2: first_kex_follows 0
debug2: reserved 0
debug2: peer server KEXINIT proposal
debug2: KEX algorithms: [email protected],ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: host key algorithms: ssh-rsa,ssh-dss,ecdsa-sha2-nistp256,ssh-ed25519
debug2: ciphers ctos: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,[email protected],[email protected],[email protected],aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,[email protected]
debug2: ciphers stoc: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,[email protected],[email protected],[email protected],aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,[email protected]
debug2: MACs ctos: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-md5,hmac-sha1,[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,[email protected],hmac-sha1-96,hmac-md5-96
debug2: MACs stoc: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-md5,hmac-sha1,[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,[email protected],hmac-sha1-96,hmac-md5-96
debug2: compression ctos: none,[email protected]
debug2: compression stoc: none,[email protected]
debug2: languages ctos:
debug2: languages stoc:
debug2: first_kex_follows 0
debug2: reserved 0
debug1: kex: algorithm: [email protected]
debug1: kex: host key algorithm: ssh-ed25519
debug1: kex: server->client cipher: [email protected] MAC: <implicit> compression: none
debug1: kex: client->server cipher: [email protected] MAC: <implicit> compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: SSH2_MSG_KEX_ECDH_REPLY received
debug1: Server host key: ssh-ed25519 SHA256:AkYT7N1FHn9cd1nkTNt1/S5pcXKNkizpM6pifhSV+uY
debug1: load_hostkeys: fopen /home/administrateur/.ssh/known_hosts2: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts2: No such file or directory
debug1: checking without port identifier
debug1: load_hostkeys: fopen /home/administrateur/.ssh/known_hosts2: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts2: No such file or directory
debug1: Host 'server' is known and matches the ED25519 host key.
debug1: Found key in /home/administrateur/.ssh/known_hosts:8
debug1: found matching key w/out port
debug1: check_host_key: hostkey not known or explicitly trusted: disabling UpdateHostkeys
debug2: ssh_set_newkeys: mode 1
debug1: rekey out after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug2: ssh_set_newkeys: mode 0
debug1: rekey in after 134217728 blocks
debug1: get_agent_identities: bound agent to hostkey
debug1: get_agent_identities: agent returned 1 keys
debug1: Will attempt key: /home/administrateur/.ssh/id_rsa RSA SHA256:XOoqCfyDPSinHDaNokW0oo6sauWik03yD6Jp8CVGQKU agent
debug1: Will attempt key: /home/administrateur/.ssh/id_ecdsa
debug1: Will attempt key: /home/administrateur/.ssh/id_ecdsa_sk
debug1: Will attempt key: /home/administrateur/.ssh/id_ed25519
debug1: Will attempt key: /home/administrateur/.ssh/id_ed25519_sk
debug1: Will attempt key: /home/administrateur/.ssh/id_xmss
debug1: Will attempt key: /home/administrateur/.ssh/id_dsa
debug2: pubkey_prepare: done
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: Offering public key: /home/administrateur/.ssh/id_rsa RSA SHA256:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX agent
debug1: send_pubkey_test: no mutual signature algorithm
debug1: Trying private key: /home/administrateur/.ssh/id_ecdsa
debug1: Trying private key: /home/administrateur/.ssh/id_ecdsa_sk
debug1: Trying private key: /home/administrateur/.ssh/id_ed25519
debug1: Trying private key: /home/administrateur/.ssh/id_ed25519_sk
debug1: Trying private key: /home/administrateur/.ssh/id_xmss
debug1: Trying private key: /home/administrateur/.ssh/id_dsa
debug2: we did not send a packet, disable method
debug1: Next authentication method: password
git@server's password:
答案1
send_pubkey_test: no mutual signature algorithm
对我来说,这似乎是相关的线路。您尝试使用的密钥使用了您的服务器不接受的算法。
您在客户端上使用 .ssh 配置文件吗?我发现那些真的很有用。
您可以指定有关主机的大量信息,如下所示:
Host quodlibet
HostName 172.28.104.99
User root
IdentityFile ~/.ssh/name-of-private-key-ecdsa
看起来它正在尝试您拥有的每个密钥,因此指定您要使用的密钥可能会有所帮助。
您能否验证您的密钥是否已添加到authorized_keys 文件中?我通常手动将公钥复制到服务器上该文件的末尾。