我无法使用公钥 (ssh) 连接我的其中一台服务器。它上周还可以用,但现在我不知道该去哪里搜索。
我有一个脚本,它应该使用 scp 获取文件以在本地使用它们,但是它失败并出现错误:
identity_sign: private key /home/yprox/.ssh/ansiblekey contents do not match public
因此,我已检查本地公钥是否与我的私钥匹配:
diff <(ssh-keygen -e -y -f ansiblekey) <(ssh-keygen -e -y -f ansiblekey.pub)
生成的公钥与现有的公钥匹配。
我已经检查了文件访问权限:
-rw------- 1 yprox yprox 1,7K févr. 17 16:21 ansiblekey
-rw-r--r-- 1 yprox yprox 381 oct. 17 2014 ansiblekey.pub
-rw------- 1 yprox yprox 1,1K oct. 22 17:07 authorized_keys
-rw-r--r-- 1 yprox yprox 190 avril 24 2018 config
-rw-r--r-- 1 yprox yprox 1,6K févr. 17 16:36 known_hosts
我觉得这很好。
我还检查了我的公钥是否存在authorized_keys于远程主机上。
我fail2ban在远程主机上有一个设置,但监狱中没有任何与我的本地机器匹配的东西(我已经签入ssh并sshd监禁)。
使用相同的密钥,我能够从另一台主机连接到远程。
我不知道该在哪里搜索,造成这种中断的原因是什么?
编辑: 这是我尝试连接时收到的调试日志:
OpenSSH_7.9p1 Debian-10+deb10u2, OpenSSL 1.1.1d 10 Sep 2019
debug1: Reading configuration data /home/yprox/.ssh/config
debug1: /home/yprox/.ssh/config line 7: Applying options for <**** host rule ****>
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug2: resolving "<**** host *****>" port 22
debug2: ssh_connect_direct
debug1: Connecting to <**** host *****> [<**** ip *****>] port 22.
debug1: Connection established.
debug1: identity file /home/yprox/.ssh/ansiblekey type 0
debug1: identity file /home/yprox/.ssh/ansiblekey-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_7.9p1 Debian-10+deb10u2
debug1: Remote protocol version 2.0, remote software version OpenSSH_7.9p1 Debian-10+deb10u2
debug1: match: OpenSSH_7.9p1 Debian-10+deb10u2 pat OpenSSH* compat 0x04000000
debug2: fd 4 setting O_NONBLOCK
debug1: Authenticating to <**** host *****>:22 as 'yprox'
debug3: hostkeys_foreach: reading file "/home/yprox/.ssh/known_hosts"
debug3: record_hostkey: found key type ECDSA in file /home/yprox/.ssh/known_hosts:3
debug3: load_hostkeys: loaded 1 keys from <**** host *****>
debug3: send packet: type 20
debug1: SSH2_MSG_KEXINIT sent
debug3: receive packet: type 20
debug1: SSH2_MSG_KEXINIT received
debug3: send packet: type 30
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug3: receive packet: type 31
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:pEExIOBHhUC2p9ydEia4yCr+WwE3bMig019SnOroKQG
debug3: hostkeys_foreach: reading file "/home/yprox/.ssh/known_hosts"
debug3: record_hostkey: found key type ECDSA in file /home/yprox/.ssh/known_hosts:3
debug3: load_hostkeys: loaded 1 keys from <**** host *****>
debug3: hostkeys_foreach: reading file "/home/yprox/.ssh/known_hosts"
debug3: record_hostkey: found key type ECDSA in file /home/yprox/.ssh/known_hosts:4
debug3: load_hostkeys: loaded 1 keys from <**** ip *****>
debug1: Host '<**** host *****>' is known and matches the ECDSA host key.
debug1: Found key in /home/yprox/.ssh/known_hosts:3
debug3: send packet: type 21
debug2: set_newkeys: mode 1
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug3: receive packet: type 21
debug1: SSH2_MSG_NEWKEYS received
debug2: set_newkeys: mode 0
debug1: rekey after 134217728 blocks
debug1: Will attempt key: /home/yprox/.ssh/ansiblekey RSA SHA256:rTLOngYPB/5uMLYARR03XoU1eHUoaY3WaYE/8n23SeG explicit
debug2: pubkey_prepare: done
debug3: send packet: type 5
debug3: receive packet: type 7
debug1: SSH2_MSG_EXT_INFO received
debug3: receive packet: type 6
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug3: send packet: type 50
debug3: receive packet: type 51
debug1: Authentications that can continue: publickey,password
debug3: start over, passed a different list publickey,password
debug3: preferred gssapi-keyex,gssapi-with-mic,publickey,keyboard-interactive,password
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Offering public key: /home/yprox/.ssh/ansiblekey RSA SHA256:rTLOngYPB/5uMLYARR03XoU1eHUoaY3WaYE/8n23SeG explicit
debug3: send packet: type 50
debug2: we sent a publickey packet, wait for reply
debug3: receive packet: type 51
debug1: Authentications that can continue: publickey,password
debug2: we did not send a packet, disable method
debug3: authmethod_lookup password
debug3: remaining preferred: ,password
debug3: authmethod_is_enabled password
debug1: Next authentication method: password