Ssh

我怎樣才能讓 sshd 告訴我為什麼它無法通過公鑰身份驗證?

  • November 1, 2015

我使用 OpenSSH 6.9p1(在 Lubuntu 上)作為我的 SSH 伺服器。當嘗試連接到它時(在 Cygwin 中使用 SSH 客戶端),我一直被恢復為密碼身份驗證,儘管我已經正確生成了我的密鑰,將它們放在伺服器上的授權密鑰文件中,檢查了權限等。

所以,我看看/var/log/auth.log伺服器說什麼。我發現這個:

Nov  1 09:50:10 er-thinkpad sshd[16148]: Accepted password for joeuser from 192.168.2.6 port 53325 ssh2
Nov  1 09:50:10 er-thinkpad sshd[16148]: pam_unix(sshd:session): session opened for user joeuser by (uid=0)
Nov  1 09:50:10 er-thinkpad systemd-logind[590]: New session 497 of user joeuser.

…在第一行之前沒有關於公鑰認證失敗的任何內容。好的,讓我們增加詳細程度。所以我LogLevelINFOto更改VERBOSE並再試一次。現在我得到:

Nov  1 09:53:12 er-thinkpad sshd[16269]: Connection from 192.168.2.6 port 53349 on 192.168.2.2 port 22
Nov  1 09:53:12 er-thinkpad sshd[16269]: Failed publickey for joeuser from 192.168.2.6 port 53349 ssh2: RSA SHA256:removedthis
Nov  1 09:53:12 er-thinkpad sshd[16269]: Failed publickey for joeuser from 192.168.2.6 port 53349 ssh2: ECDSA SHA256:removedthis
Nov  1 09:53:15 er-thinkpad sshd[16269]: Accepted password for joeuser from 192.168.2.6 port 53349 ssh2
Nov  1 09:53:15 er-thinkpad sshd[16269]: pam_unix(sshd:session): session opened for user joeuser by (uid=0)
Nov  1 09:53:15 er-thinkpad systemd-logind[590]: New session 499 of user joeuser.
Nov  1 09:53:15 er-thinkpad sshd[16269]: User child is on pid 16271
Nov  1 09:53:15 er-thinkpad sshd[16271]: Starting session: shell on pts/5 for joeuser from 192.168.2.6 port 53349

太好了,它失敗了,但為什麼它失敗了?我怎樣才能讓 sshd 告訴我呢?


PS - 如您所知,這是客戶所看到的:

debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /home/joeuser/.ssh/id_rsa
debug1: Authentications that can continue: publickey,password
debug1: Skipping ssh-dss key /home/joeuser/.ssh/id_dsa for not in PubkeyAcceptedKeyTypes
debug1: Offering ECDSA public key: /home/joeuser/.ssh/id_ecdsa
debug1: Authentications that can continue: publickey,password
debug1: Trying private key: /home/joeuser/.ssh/id_ed25519
debug1: Next authentication method: password

在伺服器端,將日誌級別設置為DEBUG3. 在客戶端,使用該-vvv選項連接(這也為您DEBUG3提供客戶端)。

引用自:https://serverfault.com/questions/733082