我正在尝试使用 ssh RSA 密钥从 Ubuntu(WLS) 连接到 RHEL7 服务器。但它不起作用,而相同的当从另一台 RHEL7 主机使用时,密钥有效。
- 我检查了所有文件权限
- 另一方的授权密钥中没有“from 子句”
- 我明确地对 ssh 使用 -i 选项
从 Ubuntu:
Ubuntu$ md5sum .ssh/id_rsa
986428c7e5882c26c9ba2b9ca403fbe3 .ssh/id_rsa
Ubuntu$ ssh -l "ansible_install" -i ~/.ssh/id_rsa -vvv -p 6000 rhel7-target
sshd debug:
debug1: userauth-request for user ansible_install service ssh-connection method publickey [preauth]
debug1: attempt 1 failures 0 [preauth]
debug2: input_userauth_request: try method publickey [preauth]
debug1: userauth_pubkey: test whether pkalg/pkblob are acceptable for RSA SHA256:KNOpLJ8hyXysUkO9PlVuBap/YpcIB67D9dxBBOKy0bo [preauth]
debug3: mm_key_allowed entering [preauth]
debug3: mm_request_send entering: type 22 [preauth]
debug3: mm_key_allowed: waiting for MONITOR_ANS_KEYALLOWED [preauth]
debug3: mm_request_receive_expect entering: type 23 [preauth]
debug3: mm_request_receive entering [preauth]
debug3: mm_request_receive entering
debug3: monitor_read: checking request 22
debug3: mm_answer_keyallowed entering
debug3: mm_answer_keyallowed: key_from_blob: 0x55cc1cfca760
debug1: temporarily_use_uid: 4001/4001 (e=0/0)
debug1: trying public key file /home/ansible_install/.ssh/authorized_keys
debug1: fd 4 clearing O_NONBLOCK
debug2: key not found
debug1: restore_uid: 0/0
debug3: mm_answer_keyallowed: key 0x55cc1cfca760 is not allowed
Failed publickey for ansible_install from 2.252.221.223 port 53431 ssh2: RSA SHA256:KNOpLJ8hyXysUkO9PlVuBap/YpcIB67D9dxBBOKy0bo
ssh debug:
debug1: identity file /home/ivabrezi/.ssh/id_rsa type 0
debug1: key_load_public: No such file or directory
... (this is non-sense, the file is there)
debug2: key: /home/ivabrezi/.ssh/id_rsa (0x7fffe1905f90), explicit
debug3: send packet: type 5
debug3: receive packet: type 7
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<rsa-sha2-256,rsa-sha2-512>
debug3: receive packet: type 6
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug3: send packet: type 50
debug3: receive packet: type 53
debug3: input_userauth_banner
WARNING:
...
debug3: receive packet: type 51
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
debug3: start over, passed a different list publickey,gssapi-keyex,gssapi-with-mic,password
debug3: preferred gssapi-keyex,gssapi-with-mic,publickey,keyboard-interactive,password
debug3: authmethod_lookup gssapi-keyex
debug3: remaining preferred: gssapi-with-mic,publickey,keyboard-interactive,password
debug3: authmethod_is_enabled gssapi-keyex
debug1: Next authentication method: gssapi-keyex
debug1: No valid Key exchange context
debug2: we did not send a packet, disable method
...
debug1: Next authentication method: gssapi-with-mic
debug1: Unspecified GSS failure. Minor code may provide more information
No Kerberos credentials available (default cache: FILE:/tmp/krb5cc_1000)
debug1: Unspecified GSS failure. Minor code may provide more information
No Kerberos credentials available (default cache: FILE:/tmp/krb5cc_1000)
debug2: we did not send a packet, disable method
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Offering public key: RSA SHA256:KNOpLJ8hyXysUkO9PlVuBap/YpcIB67D9dxBBOKy0bo /home/ivabrezi/.ssh/id_rsa
debug3: send_pubkey_test
debug3: send packet: type 50
debug2: we sent a publickey packet, wait for reply
debug3: receive packet: type 51
RHEL 也一样:
# md5sum ~/.ssh/id_rsa
986428c7e5882c26c9ba2b9ca403fbe3 /root/.ssh/id_rsa
# ssh -l "ansible_install" -i ~/.ssh/id_rsa rhel7-target
sshd debug
debug1: userauth-request for user ansible_install service ssh-connection method publickey [preauth]
debug1: attempt 1 failures 0 [preauth]
debug2: input_userauth_request: try method publickey [preauth]
debug1: userauth_pubkey: test whether pkalg/pkblob are acceptable for RSA SHA256:Rm7/A+A+sNr/1jeSVOe29DKa/F+eWOCGf+zba8LIy1s [preauth]
debug3: mm_key_allowed entering [preauth]
debug3: mm_request_send entering: type 22 [preauth]
debug3: mm_key_allowed: waiting for MONITOR_ANS_KEYALLOWED [preauth]
debug3: mm_request_receive_expect entering: type 23 [preauth]
debug3: mm_request_receive entering [preauth]
debug3: mm_request_receive entering
debug3: monitor_read: checking request 22
debug3: mm_answer_keyallowed entering
debug3: mm_answer_keyallowed: key_from_blob: 0x5607a9495770
debug1: temporarily_use_uid: 4001/4001 (e=0/0)
debug1: trying public key file /home/ansible_install/.ssh/authorized_keys
debug1: fd 4 clearing O_NONBLOCK
debug1: matching key found: file /home/ansible_install/.ssh/authorized_keys, line 1 RSA SHA256:Rm7/A+A+sNr/1jeSVOe29DKa/F+eWOCGf+zba8LIy1s
debug1: restore_uid: 0/0
debug3: mm_answer_keyallowed: key 0x5607a9495770 is allowed
ssh debug:
debug1: Offering RSA public key: /root/.ssh/id_rsa
debug3: send_pubkey_test
debug3: send packet: type 50
debug2: we sent a publickey packet, wait for reply
debug3: receive packet: type 60
debug1: Server accepts key: pkalg rsa-sha2-512 blen 279
debug2: input_userauth_pk_ok: fp SHA256:Rm7/A+A+sNr/1jeSVOe29DKa/F+eWOCGf+zba8LIy1s
debug3: sign_and_send_pubkey: RSA SHA256:Rm7/A+A+sNr/1jeSVOe29DKa/F+eWOCGf+zba8LIy1s
debug3: send packet: type 50
debug3: receive packet: type 52
debug1: Authentication succeeded (publickey).
Ubuntu 是否可能对其 ssh 做了一些安全保护,因此它不再能够连接到 RHEL?我 20 多年前在 AIX 上看到过类似的事情(但那是由 gcc 中的一个错误引起的)。
答案1
您的帖子说您使用的是相同的密钥,但日志表明您每次连接尝试都使用了两个不同的密钥。
根据日志,来自 RHEL 客户端的成功密钥为RSA SHA256:Rm7/A+A+sNr/1jeSVOe29DKa/F+eWOCGf+zba8LIy1s
。而根据日志,来自 Ubuntu WSL 客户端的失败密钥为 。RSA SHA256:KNOpLJ8hyXysUkO9PlVuBap/YpcIB67D9dxBBOKy0bo
如您所见,您实际上并没有使用相同的密钥。
当然,您不应该在系统之间共享相同的密钥,而是使用不同的密钥,这两个密钥都在服务器的authorized_keys
文件中获得授权。