无法获得公钥登录以在 Windows 10 ssh 服务器上工作
[英]Unable to get public-key login to work on Windows 10 ssh server
问题描述
I've installed the Windows 10 ssh package and set up sshd.
我已经安装了 Windows 10 ssh package 并设置了 sshd。 Logging in with a password works great, but I'm unable to get public-key login to work.使用密码登录效果很好,但我无法让公钥登录工作。 I have the same authorized_keys file in .\ssh\authorized_keys as I to on Linux boxes where public-key login works great.我在.\ssh\authorized_keys中有与我在 Linux 盒子上相同的authorized_keys密钥文件,其中公钥登录效果很好。 I also ran:我也跑了:
PS C:\Users\ffoobar> Repair-AuthorizedKeyPermission .\.ssh\authorized_keys
[*] .\.ssh\authorized_keys
'NT SERVICE\sshd' needs Read access to '.\.ssh\authorized_keys'.
Shall I make the above change?
[Y] Yes [A] Yes to All [N] No [L] No to All [S] Suspend [?] Help (default is "Y"): y
'NT SERVICE\sshd' now has Read access to '.\.ssh\authorized_keys'.
Repaired permissions
PS C:\Users\ffoobar> Repair-AuthorizedKeyPermission .\.ssh\authorized_keys
[*] .\.ssh\authorized_keys
looks good
PS C:\Users\ffoobar>
In C:\ProgramData\ssh\sshd_config , I set PubkeyAuthentication yes .在C:\ProgramData\ssh\sshd_config中,我设置PubkeyAuthentication yes 。
Attempting to log in gives:尝试登录给出:
ffoobar@snorri .ssh % ssh -vvvT ffoobar@vorlon.local
OpenSSH_7.9p1, LibreSSL 2.7.3
debug1: Reading configuration data /Users/ffoobar/.ssh/config
debug1: /Users/ffoobar/.ssh/config line 1: Applying options for *
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 48: Applying options for *
debug2: resolving "vorlon.local" port 22
debug2: ssh_connect_direct
debug1: Connecting to vorlon.local [192.168.11.130] port 22.
debug1: Connection established.
debug1: identity file /Users/ffoobar/.ssh/id_rsa type 0
debug1: identity file /Users/ffoobar/.ssh/id_rsa-cert type -1
debug1: identity file /Users/ffoobar/.ssh/id_dsa type -1
debug1: identity file /Users/ffoobar/.ssh/id_dsa-cert type -1
debug1: identity file /Users/ffoobar/.ssh/id_ecdsa type -1
debug1: identity file /Users/ffoobar/.ssh/id_ecdsa-cert type -1
debug1: identity file /Users/ffoobar/.ssh/id_ed25519 type 3
debug1: identity file /Users/ffoobar/.ssh/id_ed25519-cert type -1
debug1: identity file /Users/ffoobar/.ssh/id_xmss type -1
debug1: identity file /Users/ffoobar/.ssh/id_xmss-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_7.9
debug1: Remote protocol version 2.0, remote software version OpenSSH_for_Windows_7.7
debug1: match: OpenSSH_for_Windows_7.7 pat OpenSSH* compat 0x04000000
debug2: fd 5 setting O_NONBLOCK
debug1: Authenticating to vorlon.local:22 as 'ffoobar'
debug3: hostkeys_foreach: reading file "/Users/ffoobar/.ssh/known_hosts"
debug3: record_hostkey: found key type ED25519 in file /Users/ffoobar/.ssh/known_hosts:66
debug3: load_hostkeys: loaded 1 keys from vorlon.local
debug3: order_hostkeyalgs: prefer hostkeyalgs: ssh-ed25519-cert-v01@openssh.com,ssh-ed25519
debug3: send packet: type 20
debug1: SSH2_MSG_KEXINIT sent
debug3: receive packet: type 20
debug1: SSH2_MSG_KEXINIT received
debug2: local client KEXINIT proposal
debug2: KEX algorithms: curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c
debug2: host key algorithms: ssh-ed25519-cert-v01@openssh.com,ssh-ed25519,ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,rsa-sha2-512-cert-v01@openssh.com,rsa-sha2-256-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,rsa-sha2-512,rsa-sha2-256,ssh-rsa
debug2: ciphers ctos: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
debug2: ciphers stoc: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
debug2: MACs ctos: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: MACs stoc: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: compression ctos: none,zlib@openssh.com,zlib
debug2: compression stoc: none,zlib@openssh.com,zlib
debug2: languages ctos:
debug2: languages stoc:
debug2: first_kex_follows 0
debug2: reserved 0
debug2: peer server KEXINIT proposal
debug2: KEX algorithms: curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1
debug2: host key algorithms: ssh-ed25519
debug2: ciphers ctos: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
debug2: ciphers stoc: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
debug2: MACs ctos: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: MACs stoc: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: compression ctos: none
debug2: compression stoc: none
debug2: languages ctos:
debug2: languages stoc:
debug2: first_kex_follows 0
debug2: reserved 0
debug1: kex: algorithm: curve25519-sha256
debug1: kex: host key algorithm: ssh-ed25519
debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug3: send packet: type 30
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug3: receive packet: type 31
debug1: Server host key: ssh-ed25519 SHA256:HKwG3MKIM8Tu2wB3RZ73LKvX0JpqsB0Sq0J5JV3TCFE
debug3: hostkeys_foreach: reading file "/Users/ffoobar/.ssh/known_hosts"
debug3: record_hostkey: found key type ED25519 in file /Users/ffoobar/.ssh/known_hosts:66
debug3: load_hostkeys: loaded 1 keys from vorlon.local
debug3: hostkeys_foreach: reading file "/Users/ffoobar/.ssh/known_hosts"
debug3: record_hostkey: found key type ED25519 in file /Users/ffoobar/.ssh/known_hosts:66
debug3: load_hostkeys: loaded 1 keys from 192.168.11.130
debug1: Host 'vorlon.local' is known and matches the ED25519 host key.
debug1: Found key in /Users/ffoobar/.ssh/known_hosts:66
debug3: send packet: type 21
debug2: set_newkeys: mode 1
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug3: receive packet: type 21
debug1: SSH2_MSG_NEWKEYS received
debug2: set_newkeys: mode 0
debug1: rekey after 134217728 blocks
debug1: Will attempt key: /Users/ffoobar/.ssh/id_rsa RSA SHA256:NY5qJAraXE9NG58jhLCyHH1maklNoGX7K+IXAIROnjc
debug1: Will attempt key: /Users/ffoobar/.ssh/id_dsa
debug1: Will attempt key: /Users/ffoobar/.ssh/id_ecdsa
debug1: Will attempt key: /Users/ffoobar/.ssh/id_ed25519 ED25519 SHA256:Lwuq6lm1GXb7PEn/Wj41OAAeMdgUXVOA4t7vBkfdtmg
debug1: Will attempt key: /Users/ffoobar/.ssh/id_xmss
debug2: pubkey_prepare: done
debug3: send packet: type 5
debug3: receive packet: type 7
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<ssh-ed25519,ssh-rsa,rsa-sha2-256,rsa-sha2-512,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521>
debug3: receive packet: type 6
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug3: send packet: type 50
debug3: receive packet: type 51
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug3: start over, passed a different list publickey,password,keyboard-interactive
debug3: preferred publickey,keyboard-interactive,password
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Offering public key: /Users/ffoobar/.ssh/id_rsa RSA SHA256:NY5qJAraXE9NG58jhLCyHH1maklNoGX7K+IXAIROnjc
debug3: send packet: type 50
debug2: we sent a publickey packet, wait for reply
debug3: receive packet: type 51
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: Trying private key: /Users/ffoobar/.ssh/id_dsa
debug3: no such identity: /Users/ffoobar/.ssh/id_dsa: No such file or directory
debug1: Trying private key: /Users/ffoobar/.ssh/id_ecdsa
debug3: no such identity: /Users/ffoobar/.ssh/id_ecdsa: No such file or directory
debug1: Offering public key: /Users/ffoobar/.ssh/id_ed25519 ED25519 SHA256:Lwuq6lm1GXb7PEn/Wj41OAAeMdgUXVOA4t7vBkfdtmg
debug3: send packet: type 50
debug2: we sent a publickey packet, wait for reply
debug3: receive packet: type 51
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: Trying private key: /Users/ffoobar/.ssh/id_xmss
debug3: no such identity: /Users/ffoobar/.ssh/id_xmss: No such file or directory
debug2: we did not send a packet, disable method
debug3: authmethod_lookup keyboard-interactive
debug3: remaining preferred: password
debug3: authmethod_is_enabled keyboard-interactive
debug1: Next authentication method: keyboard-interactive
debug2: userauth_kbdint
debug3: send packet: type 50
debug2: we sent a keyboard-interactive packet, wait for reply
debug3: receive packet: type 51
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug3: userauth_kbdint: disable: no info_req_seen
debug2: we did not send a packet, disable method
debug3: authmethod_lookup password
debug3: remaining preferred:
debug3: authmethod_is_enabled password
debug1: Next authentication method: password
ffoobar@vorlon.local's password:
The Windows event log doesn't contain any helpful information. Windows 事件日志不包含任何有用的信息。 Changing SyslogFacility or LogLevel from the defaults results in sshd failing to start.从默认值更改SyslogFacility或LogLevel会导致 sshd 无法启动。
1 个解决方案
解决方案1
3 2020-07-24 08:46:51
Apparently, by default it has to be C:\Program Data\ssh\administrators_authorized_keys显然,默认情况下它必须是 C:\Program Data\ssh\administrators_authorized_keys
Also, you need to make sure this file has limited permissions.此外,您需要确保此文件具有有限的权限。 As administrator, remove inherited permissions on the file:作为管理员,删除文件的继承权限:
C:\ProgramData\ssh> icacls administrators_authorized_keys /inheritance:r C:\ProgramData\ssh> icacls administrators_authorized_keys /inheritance:r
Then manually add read permission for SYSTEM and Administrators only.然后手动添加仅系统和管理员的读取权限。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.
相关问题
为 Windows 10 上的 GitHub 启用多个 SSH 密钥 - Enable Multiple SSH Key for GitHub on Windows 10
Git - 如何删除 SSH Windows 上的键 10 - Git - How to Remove SSH Key on Windows 10
无法获得SSH公钥身份验证 - Can't get SSH public key authentication
无法从Windows SSH登录到ubuntu - Unable to ssh login from windows to ubuntu
无效的公共 ssh 密钥 - Invalid public ssh key
Windows 10 Vagrant 停在“SSH 身份验证方法:私钥” - Windows 10 Vagrant is stopping at “SSH auth method: private key”
Windows 10上的Homestead默认挂起:SSH身份验证方法:私钥 - Homestead on windows 10 hangs on default: SSH auth method: private key
使用在Windows 10计算机中创建的带有Docker Apache Image的公钥 - Use public key created in windows 10 machine with docker apache image
使用SSH Keygen无法连接到Windows 10 GIT上的服务器 - Using SSH Keygen not able to connect to server on Windows 10 GIT
puppetlabs/ntp 是否适用于 windows 10/服务器? - Does puppetlabs/ntp work for windows 10/server?
相关标签