我使用 PuttyGen 创建了一个密钥,如下所示(并保存了私钥和公钥文件):
然后我在 CoreFTP 设置中使用该密钥:
我停止/重新启动了 CoreFTP。
我能够从客户端机器 Telnet 到端口 22。
我在 WinSCP 中的高级:SSH/身份验证“私钥文件”中使用了私钥。
当我尝试连接时,WinSCP 显示“服务器的主机密钥无效”。CoreFTP 仅显示两行:
connected
disconnected()
另外,尽管我打开了所有日志记录并为其指定了文件名,但我无法从 CoreFTP 创建任何日志文件。
在 WinSCP 中,我还执行了工具/清理并检查了“缓存的主机密钥”和“临时文件夹”。我重新安装了 FileZilla 客户端,并给出了相同的错误“服务器的主机密钥无效”。因此,这表明问题出在服务器上,而不是客户端上。
正在读这个邮政,但我在 CoreFTP 中找不到任何地方来指定主机私钥/公钥对。但它确实有一个用于证书的地方。
我发现这可能是问题的根源,但不确定如何纠正它:
它是使用 SHA 和 2048 位自行生成的。
客户端日志:
WinSCP
. 2019-05-22 09:34:56.009 Looking up host "x.x.x.x" for SSH connection
. 2019-05-22 09:34:56.009 Connecting to x.x.x.x port 22
. 2019-05-22 09:34:56.013 We claim version: SSH-2.0-WinSCP_release_5.15.1
. 2019-05-22 09:34:56.026 Server version: SSH-2.0-CoreFTP-0.3.3
. 2019-05-22 09:34:56.026 Using SSH protocol version 2
. 2019-05-22 09:34:56.030 Doing Diffie-Hellman group exchange
. 2019-05-22 09:34:56.033 Doing Diffie-Hellman key exchange with hash SHA-256
. 2019-05-22 09:34:56.724 Server's host key is invalid
* 2019-05-22 09:34:56.770 (EFatal) Server's host key is invalid
SmartFTP
2019-05-22T14:28:47Z Resolving host name "x.x.x.x"
2019-05-22T14:28:47Z Connecting to x.x.x.x Port: 22
2019-05-22T14:28:47Z Connected to x.x.x.x.
2019-05-22T14:28:47Z SSH protocol version reply. Client Id: SSH-2.0-SmartFTP
2019-05-22T14:28:47Z SSH-2.0-CoreFTP-0.3.3
2019-05-22T14:28:47Z Starting SSH session. Remote Id: "SSH-2.0-CoreFTP-0.3.3"
2019-05-22T14:28:47Z Server Algorithm Suite
Key Exchange: diffie-hellman-group1-sha1,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256
Server Host Key: ssh-rsa,rsa-sha2-512,rsa-sha2-256,ssh-dss,ecdsa-sha2-nistp521
Client to Server Encryption: aes128-ctr,aes192-ctr,aes256-ctr
Server to Client Encryption: aes128-ctr,aes192-ctr,aes256-ctr
Client to Server HMAC: hmac-sha2-256,hmac-sha2-512,hmac-sha2-384,hmac-sha1
Server to Client HMAC: hmac-sha2-256,hmac-sha2-512,hmac-sha2-384,hmac-sha1
Client to Server Compression: none,none
Server to Client Compression: none,none
2019-05-22T14:28:47Z Selected Algorithm Suite
Key Exchange: diffie-hellman-group-exchange-sha256
Server Host Key: ecdsa-sha2-nistp521
Client to Server Encryption: aes128-ctr
Server to Client Encryption: aes128-ctr
Client to Server HMAC: hmac-sha1
Server to Client HMAC: hmac-sha1
Client to Server Compression: none
Server to Client Compression: none
2019-05-22T14:28:47Z Client Algorithm Suite
Key Exchange: curve25519-sha256,[email protected],ecdh-sha2-nistp256,ecdh-sha2-nistp521,ecdh-sha2-nistp384,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1,ext-info-c
Server Host Key: ssh-ed25519,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,rsa-sha2-256,rsa-sha2-512,ssh-rsa,x509v3-ecdsa-sha2-nistp256,x509v3-ecdsa-sha2-nistp384,x509v3-ecdsa-sha2-nistp521,x509v3-rsa2048-sha256,x509v3-ssh-rsa
Client to Server Encryption: [email protected],[email protected],aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,aes192-cbc,aes256-cbc,3des-cbc
Server to Client Encryption: [email protected],[email protected],aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,aes192-cbc,aes256-cbc,3des-cbc
Client to Server HMAC: hmac-sha1,hmac-sha2-256,hmac-sha2-512
Server to Client HMAC: hmac-sha1,hmac-sha2-256,hmac-sha2-512
Client to Server Compression: [email protected],none
Server to Client Compression: [email protected],none
2019-05-22T14:28:47Z Key Exchange Algorithm: diffie-hellman-group-exchange-sha256
2019-05-22T14:28:47Z Invalid host key.
2019-05-22T14:28:47Z Exception. Error=0x80072745
答案1
这是 SFTP 和 SSH 内置的故障安全机制,用于防止中间人攻击。您必须验证并接受服务器的证书,然后才能开始安全传输。
如果您使用 WinSCP 命令行实用程序,则可以使用 /hostkey 参数指定 CoreFTP 服务器的指纹,这样它就会自动启动传输而无需提示。
另一个选项是作为将运行脚本的用户登录,然后使用 winscp 命令行建立连接。它应该提示您接受服务器的密钥并将其保存在用户设置中。
如果您更换服务器,您必须记得重新信任,或者更新客户端的 /hostkey 设置。