我正在尝试在运行以下软件的个人笔记本电脑之间建立 SSH 连接:Windows 11和Powershell 7.3.9我的 VPS 正在运行Debian 12(书虫)。我不是故意使用 Putty。
我首先想清除所有现有的 ssh 密钥(我从 SSH 开始,尝试了几次),然后尝试创建并复制一个新的密钥,一切似乎都按计划进行,但是当我尝试登录时,它一直询问我的密码,如果我只授权公钥连接,我会得到permission denied
sshd_config
我的服务器上的版本与
k4yt3x
删除旧密钥
- 服务器 :删除键
~/.ssh/authorized_keys
- 当地的 :
Remove-Item -Path $env:USERPROFILE\.ssh\* -Force
创建新密钥
ssh-keygen -t rsa -b 4096 -f C:\Users\user\.ssh\id_rsa -N ''
在服务器上复制 ID
我编写并执行了这个脚本电源外壳:
# Public key path
$publicKeyPath = "$env:USERPROFILE\.ssh\id_rsa.pub"
# Server user name, port and domain
$username = "user"
$domain = "domaine"
$port = "port"
# Read public key content
$publicKey = Get-Content $publicKeyPath
# Concatenate public key content with username
$sshContent = "$username`:$publicKey"
# Send the public key to the server and add it to authorized_keys
$sshContent | ssh -p $port "$username@$domain" "cat >> ~/.ssh/authorized_keys"
然后我检查了我的服务器上的权限
chmod 700 ~/.ssh
chmod 600 ~/.ssh/authorized_keys
尽管如此,登录时仍需要输入密码。
结果如下ssh -v -i 'path_to_private_key' user@domain
:
OpenSSH_for_Windows_8.6p1, LibreSSL 3.4.3
debug1: Authenticator provider $SSH_SK_PROVIDER did not resolve; disabling
debug1: Connecting to domaine [adresse_ip] port XXXX.
debug1: Connection established.
debug1: identity file C:\\Users\\user\\.ssh\\id_rsa type 0
debug1: identity file C:\\Users\\user\\.ssh\\id_rsa-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_for_Windows_8.6
debug1: Remote protocol version 2.0, remote software version OpenSSH_9.2p1 Debian-2+deb12u1
debug1: compat_banner: match: OpenSSH_9.2p1 Debian-2+deb12u1 pat OpenSSH* compat 0x04000000
debug1: Authenticating to domaine:port as 'user'
debug1: load_hostkeys: fopen C:\\Users\\user/.ssh/known_hosts2: No such file or directory
debug1: load_hostkeys: fopen __PROGRAMDATA__\\ssh/ssh_known_hosts: No such file or directory
debug1: load_hostkeys: fopen __PROGRAMDATA__\\ssh/ssh_known_hosts2: No such file or directory
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: curve25519-sha256
debug1: kex: host key algorithm: ssh-ed25519
debug1: kex: server->client cipher: [email protected] MAC: <implicit> compression: none
debug1: kex: client->server cipher: [email protected] MAC: <implicit> compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: SSH2_MSG_KEX_ECDH_REPLY received
debug1: Server host key: ssh-ed25519 SHA256:key
debug1: load_hostkeys: fopen C:\\Users\\user/.ssh/known_hosts2: No such file or directory
debug1: load_hostkeys: fopen __PROGRAMDATA__\\ssh/ssh_known_hosts: No such file or directory
debug1: load_hostkeys: fopen __PROGRAMDATA__\\ssh/ssh_known_hosts2: No such file or directory
debug1: Host '[domain]:port' is known and matches the ED25519 host key.
debug1: Found key in C:\\Users\\user/.ssh/known_hosts:1
debug1: rekey out after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey in after 134217728 blocks
debug1: pubkey_prepare: ssh_get_authentication_socket: No such file or directory
debug1: Will attempt key: C:\\Users\\user\\.ssh\\id_rsa RSA SHA256:key explicit
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<ssh-ed25519,[email protected],ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,[email protected],[email protected],ssh-dss,ssh-rsa,rsa-sha2-256,rsa-sha2-512>
debug1: kex_input_ext_info: [email protected] (unrecognised)
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Offering public key: C:\\Users\\user\\.ssh\\id_rsa RSA SHA256:key explicit
debug1: Authentications that can continue: publickey
debug1: No more authentication methods to try.
user@domaine: Permission denied (publickey).
我发现这一行journalctl
:
Date lateHour hostname sudo[2239907]: pam_unix(sudo:auth): authentication failure; logname=user uid=1000 euid=0 tty=/dev/pts/0 ruser=user rhost= user=user
我不明白我错过了什么。
答案1
创建新密钥
ssh-keygen -t ed25519 -C "[email protected]"
当您运行上述命令时,系统将提示您输入以下几行来保存文件的位置。
type $env:USERPROFILE\.ssh\id_rsa.pub | ssh {IP-ADDRESS} "cat >> .ssh/authorized_keys"
将 {IP-ADDRESS} 替换为服务器 IP 地址。
如果您在目标位置还没有 ~/.ssh/authorized_keys 文件,请运行以下 Linux 命令创建一个。再次运行上述命令以将您的密钥复制到服务器。
touch ~/.ssh/authorized_keys