Windows Server 2019 OpenSSH SFTP 服务器将不再对用户进行身份验证(连接重置)

Windows Server 2019 OpenSSH SFTP 服务器将不再对用户进行身份验证(连接重置)

我在 Azure 上运行 Microsoft Windows Server 2019 数据中心版本 10.0.17763 Build 17763,并且我的 SFTP 运行正常,直到 Windows 上的最新更新和重新启动或 ActiveDirectory 上的 SFTP 用户名(“vendor1”用户)密码更改破坏了这个 OpenSSH 的工作安装。

现在,当我尝试从客户端计算机进行 SFTP 时,我得到的只是,

xxx.xxx.xxx.xxx 端口 22 重置连接

连接已关闭

可能出了什么问题?有其他人遇到过这个问题并解决了吗?

这是我正在运行的 sshd_config 文件:

# This is the sshd server system-wide configuration file.  See
# sshd_config(5) for more information.

# The strategy used for options in the default sshd_config shipped with
# OpenSSH is to specify options with their default value where
# possible, but leave them commented.  Uncommented options override the
# default value.

#Port 22
#AddressFamily any
#ListenAddress 0.0.0.0
#ListenAddress ::

#HostKey __PROGRAMDATA__/ssh/ssh_host_rsa_key
#HostKey __PROGRAMDATA__/ssh/ssh_host_dsa_key
#HostKey __PROGRAMDATA__/ssh/ssh_host_ecdsa_key
#HostKey __PROGRAMDATA__/ssh/ssh_host_ed25519_key

# Ciphers and keying
#RekeyLimit default none

# Logging
#SyslogFacility AUTH
#LogLevel INFO

# Authentication:

#LoginGraceTime 2m
#PermitRootLogin prohibit-password
#StrictModes yes
#MaxAuthTries 6
#MaxSessions 10

#PubkeyAuthentication yes

# The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2
# but this is overridden so installations will only check .ssh/authorized_keys
AuthorizedKeysFile  .ssh/authorized_keys

#AuthorizedPrincipalsFile none

# For this to work you will also need host keys in %programData%/ssh/ssh_known_hosts
#HostbasedAuthentication no
# Change to yes if you don't trust ~/.ssh/known_hosts for
# HostbasedAuthentication
#IgnoreUserKnownHosts no
# Don't read the user's ~/.rhosts and ~/.shosts files
#IgnoreRhosts yes

# To disable tunneled clear text passwords, change to no here!
PasswordAuthentication yes
#PermitEmptyPasswords no

#AllowAgentForwarding yes
#AllowTcpForwarding yes
#GatewayPorts no
#PermitTTY yes
#PrintMotd yes
#PrintLastLog yes
#TCPKeepAlive yes
#UseLogin no
#PermitUserEnvironment no
#ClientAliveInterval 0
#ClientAliveCountMax 3
#UseDNS no
#PidFile /var/run/sshd.pid
#MaxStartups 10:30:100
#PermitTunnel no
#ChrootDirectory none
#VersionAddendum none

# no default banner path
Banner F:\SFTP-Welcome.txt
#Banner /SFTP-Welcome.txt

# override default of no subsystems
Subsystem   sftp    sftp-server.exe

# Example of overriding settings on a per-user basis
#Match User anoncvs
#   AllowTcpForwarding no
#   PermitTTY no
#   ForceCommand cvs server

#Match Group administrators
#       AuthorizedKeysFile __PROGRAMDATA__/ssh/administrators_authorized_keys

#DenyGroups company\vendors company\auditors
#AllowGroups company\administrators

Match Group vendors
   ChrootDirectory F:\Vendors
   #ChrootDirectory F:\Vendors\%u
   #ChrootDirectory %h
   ForceCommand internal-sftp
   X11Forwarding no
   AllowTcpForwarding no

# no default banner path
#Banner F:\Vendors\SFTP-Welcome.txt
#Banner /SFTP-Welcome.txt

在我的 SFTP 命令中使用 -v(详细)选项(sftp -v[电子邮件保护])得出:

debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: Next authentication method: publickey
debug1: Trying private key: C:\\Users\\mylocalusername/.ssh/id_rsa
debug1: Trying private key: C:\\Users\\mylocalusername/.ssh/id_dsa
debug1: Trying private key: C:\\Users\\mylocalusername/.ssh/id_ecdsa
debug1: Trying private key: C:\\Users\\mylocalusername/.ssh/id_ed25519
debug1: Trying private key: C:\\Users\\mylocalusername/.ssh/id_xmss
debug1: Next authentication method: keyboard-interactive
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: Next authentication method: password
debug1: read_passphrase: can't open /dev/tty: No such file or directory
[email protected]'s password:
debug1: Authentication succeeded (password).
Authenticated to its.my.ip.addrr ([its.my.ip.addrr]:22).
debug1: channel 0: new [client-session]
debug1: Requesting [email protected]
debug1: Entering interactive session.
debug1: pledge: network
Connection reset by its.my.ip.addrr port 22
Connection closed

该用户“mylocalusername”是我的本地客户端 PC Windows 登录名。

相关内容