Linux

Windows SSH 使用私鑰進入 CentOS - 不工作

  • December 9, 2020

我在 Windows 10 上。需要 ssh 到 Linux CentOS 伺服器。嘗試 Putty 和 Windows SSH(在功能中打開。Powershell?)。

使用 PuttyGen,我生成了一個私有和公共 RSA 密鑰對 - rsa 和 rsa.pub ,沒有任何密碼。這兩個文件都在我的桌面上。server333 在 C:\Users\johndoe.ssh\known_hosts 中有一個條目。我的 Windows PC 上的 .ssh 目錄中沒有其他文件或目錄。公鑰也被複製到linux盒子的/home/johndoe/.ssh/authorized_keys

我試過ssh -i rsa -vvv server333了,但它不起作用。這是日誌:

c:\Users\johndoe\Desktop>ssh -i rsa -vvv server333
OpenSSH_for_Windows_7.7p1, LibreSSL 2.6.5
debug3: Failed to open file:C:/Users/johndoe/.ssh/config error:2
debug3: Failed to open file:C:/ProgramData/ssh/ssh_config error:2
debug2: resolving "server333" port 22
debug2: ssh_connect_direct: needpriv 0
debug1: Connecting to server333 [1.2.3.4] port 22.
debug1: Connection established.
key_load_public: invalid format
debug1: identity file rsa type -1
debug3: Failed to open file:c:/Users/johndoe/Desktop/rsa-cert error:2
debug3: Failed to open file:c:/Users/johndoe/Desktop/rsa-cert.pub error:2
debug1: key_load_public: No such file or directory
debug1: identity file rsa-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_for_Windows_7.7
debug1: Remote protocol version 2.0, remote software version OpenSSH_7.4
debug1: match: OpenSSH_7.4 pat OpenSSH* compat 0x04000000
debug2: fd 3 setting O_NONBLOCK
debug1: Authenticating to server333:22 as 'corp\\johndoe'
debug3: hostkeys_foreach: reading file "C:\\Users\\johndoe/.ssh/known_hosts"
debug3: record_hostkey: found key type RSA in file C:\\Users\\johndoe/.ssh/known_hosts:1
debug3: load_hostkeys: loaded 1 keys from server333
debug3: Failed to open file:C:/Users/johndoe/.ssh/known_hosts2 error:2
debug3: Failed to open file:C:/ProgramData/ssh/ssh_known_hosts error:2
debug3: Failed to open file:C:/ProgramData/ssh/ssh_known_hosts2 error:2
debug3: order_hostkeyalgs: prefer hostkeyalgs: ssh-rsa-cert-v01@openssh.com,rsa-sha2-512,rsa-sha2-256,ssh-rsa
debug3: send packet: type 20
debug1: SSH2_MSG_KEXINIT sent
debug3: receive packet: type 20
debug1: SSH2_MSG_KEXINIT received
debug2: local client KEXINIT proposal
debug2: KEX algorithms: curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c
debug2: host key algorithms: ssh-rsa-cert-v01@openssh.com,rsa-sha2-512,rsa-sha2-256,ssh-rsa,ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-ed25519-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519
debug2: ciphers ctos: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
debug2: ciphers stoc: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
debug2: MACs ctos: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: MACs stoc: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: compression ctos: none
debug2: compression stoc: none
debug2: languages ctos:
debug2: languages stoc:
debug2: first_kex_follows 0
debug2: reserved 0
debug2: peer server KEXINIT proposal
debug2: KEX algorithms: curve25519-sha256@libssh.org,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,diffie-hellman-group-exchange-sha256
debug2: host key algorithms: ssh-rsa,rsa-sha2-512,rsa-sha2-256
debug2: ciphers ctos: chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr
debug2: ciphers stoc: chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr
debug2: MACs ctos: hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,umac-128@openssh.com
debug2: MACs stoc: hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,umac-128@openssh.com
debug2: compression ctos: none,zlib@openssh.com
debug2: compression stoc: none,zlib@openssh.com
debug2: languages ctos:
debug2: languages stoc:
debug2: first_kex_follows 0
debug2: reserved 0
debug1: kex: algorithm: curve25519-sha256@libssh.org
debug1: kex: host key algorithm: rsa-sha2-512
debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug3: send packet: type 30
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug3: receive packet: type 31
debug1: Server host key: ssh-rsa SHA256:abcd
debug3: hostkeys_foreach: reading file "C:\\Users\\johndoe/.ssh/known_hosts"
debug3: record_hostkey: found key type RSA in file C:\\Users\\johndoe/.ssh/known_hosts:1
debug3: load_hostkeys: loaded 1 keys from server333
debug3: Failed to open file:C:/Users/johndoe/.ssh/known_hosts2 error:2
debug3: Failed to open file:C:/ProgramData/ssh/ssh_known_hosts error:2
debug3: Failed to open file:C:/ProgramData/ssh/ssh_known_hosts2 error:2
debug3: hostkeys_foreach: reading file "C:\\Users\\johndoe/.ssh/known_hosts"
debug3: record_hostkey: found key type RSA in file C:\\Users\\johndoe/.ssh/known_hosts:1
debug3: load_hostkeys: loaded 1 keys from 1.2.3.4
debug3: Failed to open file:C:/Users/johndoe/.ssh/known_hosts2 error:2
debug3: Failed to open file:C:/ProgramData/ssh/ssh_known_hosts error:2
debug3: Failed to open file:C:/ProgramData/ssh/ssh_known_hosts2 error:2
debug1: Host 'server333' is known and matches the RSA host key.
debug1: Found key in C:\\Users\\johndoe/.ssh/known_hosts:1
debug3: send packet: type 21
debug2: set_newkeys: mode 1
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug3: receive packet: type 21
debug1: SSH2_MSG_NEWKEYS received
debug2: set_newkeys: mode 0
debug1: rekey after 134217728 blocks
debug3: unable to connect to pipe \\\\.\\pipe\\openssh-ssh-agent, error: 2
debug1: pubkey_prepare: ssh_get_authentication_socket: The socket is not connected
debug2: key: rsa (0000000000000000), explicit
debug3: send packet: type 5
debug3: receive packet: type 7
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<rsa-sha2-256,rsa-sha2-512>
debug3: receive packet: type 6
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug3: send packet: type 50
debug3: receive packet: type 53
debug3: input_userauth_banner
NOTICE TO USERS
=============================================================================
This is an official computer system and is the property of
ACME, Inc. It is for authorized users only. Unauthorized users are
prohibited. Users (authorized or unauthorized) have no explicit or
implicit expectation of privacy. Any or all uses of this system may be
subject to one or more of the following actions: interception,
monitoring, recording, auditing, inspection and disclosing to security
personnel and law enforcement personnel, as well as authorized officials
of other agencies, both domestic and foreign. By using this system, the
user consents to these actions. Unauthorized or improper use of this
system may result in administrative disciplinary action and civil and
criminal penalties. By accessing this system you indicate your awareness
of and consent to these terms and conditions of use. Discontinue access
immediately if you do not agree to the conditions stated in this notice.
=============================================================================
debug3: receive packet: type 51
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
debug3: start over, passed a different list publickey,gssapi-keyex,gssapi-with-mic,password
debug3: preferred publickey,keyboard-interactive,password
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Trying private key: rsa
debug3: sign_and_send_pubkey: RSA SHA256:zyxw
debug3: send packet: type 50
debug2: we sent a publickey packet, wait for reply
debug3: receive packet: type 51
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
debug2: we did not send a packet, disable method
debug3: authmethod_lookup password
debug3: remaining preferred: ,password
debug3: authmethod_is_enabled password
debug1: Next authentication method: password
debug3: failed to open file:c:/dev/tty error:3
debug1: read_passphrase: can't open /dev/tty: No such file or directory
corp\johndoe@server333's password:

您似乎沒有在 SSH 主機伺服器上定義使用者名。

您仍然可以這樣做,但您必須定義useron SSH 配置文件,例如:

vi ~/.ssh/config
...

Host server333
HostName your-server333-ip
User your-user
IdentityFile your-private-key

然後您可以使用以下命令遠端伺服器:

ssh server333

注意:確保配置文件有600權限

您執行的命令與您實際執行的命令不同。

你說你做了什麼:

ssh -i johndoe_privatekey -vvv server333

你實際上做了什麼:

ssh -i johndoe_privatekey.pub -vvv server333

在這裡,我們看到 ssh 抱怨它找不到您指定的密鑰文件。

debug3: Failed to open file:C:/Users/johndoe/Desktop/johndoe_privatekey.pub.pub error:2
debug1: key_load_public: No such file or directory

從命令中刪除.pub後綴,確保密鑰文件確實存在,然後重試。

引用自:https://serverfault.com/questions/1045381