Ssh

SSH 公鑰身份驗證不適用於 PuTTY

  • August 21, 2012

我創建了一個虛擬機並安裝了 Redhat 6。我在使用公鑰身份驗證進行連接時遇到問題。

我可以在我的 Windows 主機上使用 PuTTY 連接到 redhat 來賓,在那裡我會被提示輸入密碼。我正在嘗試為 root 使用者設置公鑰身份驗證,因此我創建了一個~/.ssh我認為具有正確權限的文件夾。

[root@redhat ~]# cd ~/.ssh
[root@redhat .ssh]# pwd
/root/.ssh
[root@redhat .ssh]# ls -la
total 16
drwx------. 2 root root 4096 Aug 21 16:28 .
dr-x------. 3 root root 4096 Aug 20 17:20 ..
-rw-r--r--. 1 root root  250 Aug 20 17:20 authorized_keys
-rw-r--r--. 1 root root  391 Aug 21 16:28 known_hosts

我在載入我的私鑰的情況下執行 Pageant,這與其他主機一起成功,所以我認為這不是問題。

當我嘗試 PuTTY 到 VM 來賓時,系統提示我輸入密碼。

如果我檢查 PuTTY 事件日誌,我會發現以下消息。

2012-08-21 17:29:41 Pageant is running. Requesting keys.
2012-08-21 17:29:41 Pageant has 1 SSH-2 keys
2012-08-21 17:29:46 Trying Pageant key #0
2012-08-21 17:29:46 Server refused our key

我啟用了代理轉發,我偶然發現的一件事是有人建議在調試模式下執行另一個 sshd 副本,我試過了。(我已經剪掉了部分輸出以保持簡短)。

[root@redhat ~]# /usr/sbin/sshd -d -p 2222
debug1: sshd version OpenSSH_5.3p1
debug1: read PEM private key done: type RSA
debug1: private host key: #0 type 1 RSA
debug1: read PEM private key done: type DSA
debug1: private host key: #1 type 2 DSA
<...>
debug1: Bind to port 2222 on 0.0.0.0.
Server listening on 0.0.0.0 port 2222.
<...>

此時我使用命令從 vm 上的另一個會話連接ssh localhost -p 2222

<...>
Connection from ::1 port 36844
debug1: Client protocol version 2.0; client software version OpenSSH_5.3
debug1: match: OpenSSH_5.3 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.3
<...>
debug1: userauth-request for user root service ssh-connection method none
debug1: attempt 0 failures 0
debug1: PAM: initializing for "root"
debug1: PAM: setting PAM_RHOST to "localhost"
debug1: userauth-request for user root service ssh-connection method publickey
debug1: attempt 1 failures 0
debug1: test whether pkalg/pkblob are acceptable
debug1: PAM: setting PAM_TTY to "ssh"
debug1: temporarily_use_uid: 0/0 (e=0/0)
debug1: trying public key file /root/.ssh/authorized_keys
debug1: fd 4 clearing O_NONBLOCK
debug1: matching key found: file /root/.ssh/authorized_keys, line 1
Found matching RSA key: <snip>
debug1: restore_uid: 0/0
Postponed publickey for root from ::1 port 36844 ssh2
debug1: userauth-request for user root service ssh-connection method publickey
debug1: attempt 2 failures 0
debug1: temporarily_use_uid: 0/0 (e=0/0)
debug1: trying public key file /root/.ssh/authorized_keys
debug1: fd 4 clearing O_NONBLOCK
debug1: matching key found: file /root/.ssh/authorized_keys, line 1
Found matching RSA key: <snip>
debug1: restore_uid: 0/0
debug1: ssh_rsa_verify: signature correct
debug1: do_pam_account: called
Accepted publickey for root from ::1 port 36844 ssh2
debug1: monitor_child_preauth: root has been authenticated by privileged process
<...>

至此,我已經使用我的公鑰成功地進行了身份驗證,然後按 註銷Ctrl-D

debug1: Received SIGCHLD.
<...>
Received disconnect from ::1: 11: disconnected by user
<...>
[root@redhat ~]#

奇怪的是,使用 SSH 代理轉發足以成功地對在調試模式下執行的 sshd 進行身份驗證,但不是在埠 22 上執行的“正常”sshd。

有誰知道為什麼會這樣?

謝謝!

您目錄上的 SELinux 上下文/root/.ssh很可能是錯誤的。

通過以下方式驗證問題:

ls -alZ /root/.ssh

這些文件的類型應為ssh_home_t.

解決問題:

restorecon -r -v /root/.ssh

引用自:https://serverfault.com/questions/419516