我正在使用 docker ubuntu 容器在本地计算机上设置 SSH 实验室。我已经以交互方式启动了容器,并使用其他工具在其上安装了 open ssh。我确保将容器转发:22 到我的本地主机:2222
docker pull ubuntu
docker run -it --name ubunut-ssh-lab -p 2222:22 ubuntu /bin/bash
apt-get update
apt-get install -y openssh-server
然后在 sshd_config 中,我将 PubKeyAuth 启用为 yes,并将 pub key 从本地计算机复制到容器目录 .ssh/authroized_keys 文件。重新启动了服务。我仍然得到root@localhost:权限被拒绝(公钥)。
我使用 -v(详细)arg 运行 ssh 连接。
ssh -v -i id_ubuntu_lab -p 2222 root@localhost
OpenSSH_9.3p2, LibreSSL 3.3.6
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 21: include /etc/ssh/ssh_config.d/* matched no files
debug1: /etc/ssh/ssh_config line 54: Applying options for *
debug1: Authenticator provider $SSH_SK_PROVIDER did not resolve; disabling
debug1: Connecting to localhost port 2222.
debug1: Connection established.
debug1: identity file id_ubuntu_lab type 0
debug1: identity file id_ubuntu_lab-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_9.3
debug1: Remote protocol version 2.0, remote software version OpenSSH_8.9p1 Ubuntu-3ubuntu0.4
debug1: compat_banner: match: OpenSSH_8.9p1 Ubuntu-3ubuntu0.4 pat OpenSSH* compat 0x04000000
debug1: Authenticating to localhost:2222 as 'root'
debug1: load_hostkeys: fopen /Users/sourabhdhingra/.ssh/known_hosts2: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts2: No such file or directory
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: [email protected]
debug1: kex: host key algorithm: ssh-ed25519
debug1: kex: server->client cipher: [email protected] MAC: <implicit> compression: none
debug1: kex: client->server cipher: [email protected] MAC: <implicit> compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: SSH2_MSG_KEX_ECDH_REPLY received
debug1: Server host key: ssh-ed25519 SHA256:QanR0+0tbO3ombtQ17EvYU/yUoWTXJtBdZz7pPRHD7U
debug1: load_hostkeys: fopen /Users/sourabhdhingra/.ssh/known_hosts2: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts2: No such file or directory
debug1: checking without port identifier
debug1: load_hostkeys: fopen /Users/sourabhdhingra/.ssh/known_hosts2: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts2: No such file or directory
debug1: hostkeys_find_by_key_hostfile: hostkeys file /Users/sourabhdhingra/.ssh/known_hosts2 does not exist
debug1: hostkeys_find_by_key_hostfile: hostkeys file /etc/ssh/ssh_known_hosts does not exist
debug1: hostkeys_find_by_key_hostfile: hostkeys file /etc/ssh/ssh_known_hosts2 does not exist
The authenticity of host '[localhost]:2222 ([::1]:2222)' can't be established.
ED25519 key fingerprint is SHA256:QanR0+0tbO3ombtQ17EvYU/yUoWTXJtBdZz7pPRHD7U.
This key is not known by any other names.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added '[localhost]:2222' (ED25519) to the list of known hosts.
debug1: rekey out after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey in after 134217728 blocks
debug1: get_agent_identities: bound agent to hostkey
debug1: get_agent_identities: ssh_fetch_identitylist: agent contains no identities
debug1: Will attempt key: id_ubuntu_lab RSA SHA256:XghbmDcG+wgAFNV4/BdCxjwRtsnlBsmq9BiKmxEj5hU explicit
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<ssh-ed25519,[email protected],ssh-rsa,rsa-sha2-256,rsa-sha2-512,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,[email protected],[email protected]>
debug1: kex_input_ext_info: [email protected]=<0>
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Offering public key: id_ubuntu_lab RSA SHA256:XghbmDcG+wgAFNV4/BdCxjwRtsnlBsmq9BiKmxEj5hU explicit
debug1: Authentications that can continue: publickey
debug1: No more authentication methods to try.
root@localhost: Permission denied (publickey).
我收到以上日志和错误!我在此处附加我的 sshd_config 文件以供分析。请检查并帮助这里出了什么问题。
PermitRootLogin without-password
PubkeyAuthentication yes
AuthorizedKeysFile .ssh/authorized_keys .ssh/authorized_keys2
PasswordAuthentication no
PermitEmptyPasswords yes
这是输出ls -la
drwxr-xr-x 2 root root 4096 Oct 22 13:54 .
drwxr-xr-x 1 root root 4096 Oct 22 13:44 ..
-rw------- 1 501 dialout 602 Oct 22 13:54 authorized_keys
注意:我只包含 sshd_config 中未注释的行。
这里有什么问题呢?无法连接?
答案1
/root
使用 docker Ubuntu 容器时,默认情况下映像中可能没有该目录。
在这种情况下,尝试cd ~
与 docker 进行交互式会话将给出以下结果:
root@4e56fee1ea11:/# cd ~
bash: cd: /root: No such file or directory
因此请执行额外的步骤!
mkdir /root
mv .ssh /root
service ssh restart
然后从本地计算机登录
ssh -p 2222 root@localhost
感谢您的贡献!