我有两台机器,一台 MacOS 和一台 Ubuntu。我在 MacOS 上工作顺利,也就是说,我可以使用我的公钥通过 SSH 连接到服务器。但是,当尝试在新的 Ubuntu 机器上使用相同的私钥和公钥连接到服务器时,它失败了。
需要注意的一点是,MacOS 使用 SSH v1,而 Ubuntu 使用 SSH v2。
1. MacOS
/home/richardm/.ssh/id_rsa
/home/richardm/.ssh/id_rsa.pub
/home/richardm/.ssh/config
/home/richardm/.ssh/known_hosts
配置
Host *
AddKeysToAgent yes
UseKeychain yes
IdentityFile ~/.ssh/id_rsa
ServerAliveInterval 240
User = richard
ForwardAgent yes
StrictHostKeyChecking=no
IdentitiesOnly yes
终端输出:
$ ssh -A -J[电子邮件保护]dev-myco-node01-vvv
debug3: preferred publickey,keyboard-interactive,password
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Offering public key: /Users/richardm/.ssh/id_rsa RSA SHA256:CKEVmfXXXXXXXXXXXXXXXXXXXXXXXXXXXFrkI explicit agent
debug3: send packet: type 50
debug2: we sent a publickey packet, wait for reply
debug3: receive packet: type 60
debug1: Server accepts key: /Users/richardm/.ssh/id_rsa RSA SHA256:CKEVmfXXXXXXXXXXXXXXXXXXXXXXXXXXXFrkI explicit agent
debug3: sign_and_send_pubkey: RSA SHA256:CKEVmfXXXXXXXXXXXXXXXXXXXXXXXXXXXFrkI
debug3: sign_and_send_pubkey: signing using rsa-sha2-512 SHA256:CKEVmfXXXXXXXXXXXXXXXXXXXXXXXXXXXFrkI
debug3: send packet: type 50
debug3: receive packet: type 52
debug1: Authentication succeeded (publickey).
2. Ubuntu
/home/richardm/.ssh/id_rsa
/home/richardm/.ssh/id_rsa.pub
/home/richardm/.ssh/config
/home/richardm/.ssh/known_hosts
配置
Host *
AddKeysToAgent yes
# UseKeychain yes
IdentityFile ~/.ssh/id_rsa
ServerAliveInterval 240
User = richard
ForwardAgent yes
StrictHostKeyChecking=no
IdentitiesOnly yes
终端输出:
$ ssh -A -J[电子邮件保护]richard@dev-myco-node01-vvv
debug3: preferred publickey
debug3: authmethod_lookup publickey
debug3: remaining preferred:
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Offering public key: /home/richardm/.ssh/id_rsa RSA SHA256:CKEVmfXXXXXXXXXXXXXXXXXXXXXXXXXXXFrkI explicit agent
debug3: send packet: type 50
debug2: we sent a publickey packet, wait for reply
debug3: receive packet: type 60
debug1: Server accepts key: /home/richardm/.ssh/id_rsa RSA SHA256:CKEVmfXXXXXXXXXXXXXXXXXXXXXXXXXXXFrkI explicit agent
debug3: sign_and_send_pubkey: using publickey with RSA SHA256:CKEVmfXXXXXXXXXXXXXXXXXXXXXXXXXXXFrkI
debug3: sign_and_send_pubkey: signing using rsa-sha2-512 SHA256:CKEVmfXXXXXXXXXXXXXXXXXXXXXXXXXXXFrkI
sign_and_send_pubkey: signing failed for RSA "/home/richardm/.ssh/id_rsa" from agent: agent refused operation
debug2: we did not send a packet, disable method
debug1: No more authentication methods to try.
[email protected]: Permission denied (publickey).
kex_exchange_identification: Connection closed by remote
答案1
RSA SHA-1 哈希密钥在新版 Ubuntu 中已弃用。为了快速解决问题,您可以在本地计算机上启用 RSA 密钥,在 ~/.ssh/config 或 /etc/ssh/sshd_config 中添加以下行,然后重新启动 sshd 服务。
Host *
PubkeyAcceptedKeyTypes=+ssh-rsa
但是,建议您生成新的安全类型密钥,例如 ed25519 或 rsa-sha2-512 Hash。