Windows 2016 上的 openSSH 服务器和来自 RHEL 9 ssh 客户端的 ssh 连接问题

问题描述 投票:0回答:1

我已经在我的windows 2016标准版上安装了最新版本的openSSH OpenSSH-Win64-v9.5.0.0.msi

这是 PROGRAMDATA\ssh 下 sshd_config 中唯一启用的参数集

# Logging
SyslogFacility LOCAL0
LogLevel DEBUG3
# Authentication:
PubkeyAuthentication yes
# The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2
# but this is overridden so installations will only check .ssh/authorized_keys
AuthorizedKeysFile  .ssh/authorized_keys
PasswordAuthentication no   
# override default of no subsystems
Subsystem   sftp    sftp-server.exe
Subsystem powershell c:/progra~1/powershell/7/pwsh.exe -sshs -nologo 
Match Group administrators
    AuthorizedKeysFile __PROGRAMDATA__/ssh/administrators_authorized_keys

在 Windows 2016 中,我以这种模式创建了私钥/公钥: 使用管理员帐户:

ssh-keygen -t ed25519

Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in C:\Users\username/.ssh/id_ed25519.
Your public key has been saved in C:\Users\username/.ssh/id_ed25519.pub.
The key fingerprint is:
SHA256:OIzc1yE7joL2Bzy8!gS0j8eGK7bYaH1FmF3sDuMeSj8 username@LOCAL-HOSTNAME

The key's randomart image is:
+--[ED25519 256]--+
|        .        |
|         o       |
|    . + + .      |
|   o B * = .     |
|   o= B S .      |
|   .=B O o       |
|  + =+% o        |
| *oo.O.E         |
|+.o+=o. .        |
+----[SHA256]-----+

所以现在我有私钥和公钥 c:\用户管理员.ssh\id_ed25519.pub c:\用户管理员.ssh\id_ed25519

我已从 c:\users dministrator.ssh\id_ed25519.pub 复制到 C:\ProgramData\ssh dministrators_authorized_keys 并运行以下命令:

$acl = Get-Acl C:\ProgramData\ssh\administrators_authorized_keys
$acl.SetAccessRuleProtection($true, $false)
$administratorsRule = New-Object system.security.accesscontrol.filesystemaccessrule("Administrators","FullControl","Allow")
$systemRule = New-Object system.security.accesscontrol.filesystemaccessrule("SYSTEM","FullControl","Allow")
$acl.SetAccessRule($administratorsRule)
$acl.SetAccessRule($systemRule)
$acl | Set-Acl

我已在 Windows 2016 上重新启动 openSSH 服务器。

现在我已将私钥从 c:\users dministrator.ssh\id_ed25519 复制到我的 Linux 计算机 (RHEL 9) 下的 /root/sshwinprivatekey

从 Linux 端我执行命令:

ssh -i /root/sshwinprivatekey administrator@IPWIN_2016

但答案是 

Permission denied (publickey,keyboard-interactive).

如果我查看 Windows 2016 上的 openSSH 服务器端,会显示此输出,但 linux 上的私钥与 Windows 上的公钥完全匹配...所以我无法理解...为什么告诉我 “公钥身份验证测试: ED25519 密钥不允许”

1628 2024-08-05 17:07:59.786 debug2: fd 3 setting O_NONBLOCK
1628 2024-08-05 17:07:59.786 debug3: sock_set_v6only: set socket 3 IPV6_V6ONLY
1628 2024-08-05 17:07:59.786 debug1: Bind to port 22 on ::.
1628 2024-08-05 17:07:59.786 Server listening on :: port 22.
1628 2024-08-05 17:07:59.786 debug2: fd 4 setting O_NONBLOCK
1628 2024-08-05 17:07:59.786 debug1: Bind to port 22 on 0.0.0.0.
1628 2024-08-05 17:07:59.786 Server listening on 0.0.0.0 port 22.
1628 2024-08-05 17:07:59.786 debug3: pselect: installing signal handler for 3, previous 00007FF63BB28E40
1628 2024-08-05 17:07:59.786 debug3: pselect: installing signal handler for 6, previous 00007FF63BB28D40
1628 2024-08-05 17:07:59.786 debug3: pselect: installing signal handler for 7, previous 00007FF63BB28E30
1628 2024-08-05 17:07:59.786 debug3: pselect: installing signal handler for 8, previous 00007FF63BB28E30
1628 2024-08-05 17:07:59.786 debug3: pselect_notify_setup: initializing
1628 2024-08-05 17:07:59.786 debug2: fd 7 setting O_NONBLOCK
1628 2024-08-05 17:07:59.786 debug2: fd 5 setting O_NONBLOCK
1628 2024-08-05 17:07:59.786 debug3: pselect_notify_setup: pid 1628 saved 1628 pipe0 7 pipe1 5
1628 2024-08-05 17:08:05.606 debug3: fd 6 is not O_NONBLOCK
1628 2024-08-05 17:08:05.606 debug3: spawning "C:\\Program Files\\OpenSSH\\sshd.exe" -R as subprocess
1628 2024-08-05 17:08:05.621 debug3: send_rexec_state: entering fd = 10 config len 2272
1628 2024-08-05 17:08:05.621 debug3: ssh_msg_send: type 0
1628 2024-08-05 17:08:05.621 debug3: send_rexec_state: done
5044 2024-08-05 17:08:05.653 debug1: inetd sockets after dupping: 4, 4
5044 2024-08-05 17:08:05.653 debug3: process_channel_timeouts: setting 0 timeouts
5044 2024-08-05 17:08:05.653 debug3: channel_clear_timeouts: clearing
5044 2024-08-05 17:08:05.653 Connection from 192.168.1.200 port 49076 on 192.168.1.51 port 22
5044 2024-08-05 17:08:05.653 debug1: Local version string SSH-2.0-OpenSSH_for_Windows_9.5
5044 2024-08-05 17:08:05.654 debug1: Remote protocol version 2.0, remote software version OpenSSH_8.7
5044 2024-08-05 17:08:05.654 debug1: compat_banner: match: OpenSSH_8.7 pat OpenSSH* compat 0x04000000
5044 2024-08-05 17:08:05.654 debug2: fd 4 setting O_NONBLOCK
5044 2024-08-05 17:08:05.684 debug3: spawning "C:\\Program Files\\OpenSSH\\sshd.exe" -y as user
5044 2024-08-05 17:08:05.684 debug2: Network child is on pid 1552
5044 2024-08-05 17:08:05.684 debug3: send_rexec_state: entering fd = 6 config len 2272
5044 2024-08-05 17:08:05.684 debug3: ssh_msg_send: type 0
5044 2024-08-05 17:08:05.684 debug3: send_rexec_state: done
5044 2024-08-05 17:08:05.684 debug3: ssh_msg_send: type 0
5044 2024-08-05 17:08:05.684 debug3: ssh_msg_send: type 0
5044 2024-08-05 17:08:05.684 debug3: preauth child monitor started
5044 2024-08-05 17:08:05.700 debug3: append_hostkey_type: ssh-rsa key not permitted by HostkeyAlgorithms [preauth]
5044 2024-08-05 17:08:05.700 debug1: list_hostkey_types: rsa-sha2-512,rsa-sha2-256,ecdsa-sha2-nistp256,ssh-ed25519 [preauth]
5044 2024-08-05 17:08:05.700 debug3: send packet: type 20 [preauth]
5044 2024-08-05 17:08:05.700 debug1: SSH2_MSG_KEXINIT sent [preauth]
5044 2024-08-05 17:08:05.700 debug3: receive packet: type 20 [preauth]
5044 2024-08-05 17:08:05.700 debug1: SSH2_MSG_KEXINIT received [preauth]
5044 2024-08-05 17:08:05.700 debug2: local server KEXINIT proposal [preauth]
5044 2024-08-05 17:08:05.700 debug2: KEX algorithms: curve25519-sha256,[email protected],ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,[email protected] [preauth]
5044 2024-08-05 17:08:05.700 debug2: host key algorithms: rsa-sha2-512,rsa-sha2-256,ecdsa-sha2-nistp256,ssh-ed25519 [preauth]
5044 2024-08-05 17:08:05.700 debug2: ciphers ctos: [email protected],aes128-ctr,aes192-ctr,aes256-ctr,[email protected],[email protected] [preauth]
5044 2024-08-05 17:08:05.700 debug2: ciphers stoc: [email protected],aes128-ctr,aes192-ctr,aes256-ctr,[email protected],[email protected] [preauth]
5044 2024-08-05 17:08:05.700 debug2: MACs ctos: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-sha2-256,hmac-sha2-512 [preauth]
5044 2024-08-05 17:08:05.700 debug2: MACs stoc: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-sha2-256,hmac-sha2-512 [preauth]
5044 2024-08-05 17:08:05.700 debug2: compression ctos: none,[email protected] [preauth]
5044 2024-08-05 17:08:05.700 debug2: compression stoc: none,[email protected] [preauth]
5044 2024-08-05 17:08:05.700 debug2: languages ctos:  [preauth]
5044 2024-08-05 17:08:05.700 debug2: languages stoc:  [preauth]
5044 2024-08-05 17:08:05.700 debug2: first_kex_follows 0  [preauth]
5044 2024-08-05 17:08:05.700 debug2: reserved 0  [preauth]
5044 2024-08-05 17:08:05.700 debug2: peer client KEXINIT proposal [preauth]
5044 2024-08-05 17:08:05.700 debug2: KEX algorithms: curve25519-sha256,[email protected],ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,ext-info-c,[email protected] [preauth]
5044 2024-08-05 17:08:05.700 debug2: host key algorithms: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],ssh-ed25519,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,[email protected],[email protected],rsa-sha2-512,rsa-sha2-256 [preauth]
5044 2024-08-05 17:08:05.700 debug2: ciphers ctos: [email protected],[email protected],aes256-ctr,[email protected],aes128-ctr [preauth]
5044 2024-08-05 17:08:05.700 debug2: ciphers stoc: [email protected],[email protected],aes256-ctr,[email protected],aes128-ctr [preauth]
5044 2024-08-05 17:08:05.700 debug2: MACs ctos: [email protected],[email protected],[email protected],[email protected],hmac-sha2-256,hmac-sha1,[email protected],hmac-sha2-512 [preauth]
5044 2024-08-05 17:08:05.700 debug2: MACs stoc: [email protected],[email protected],[email protected],[email protected],hmac-sha2-256,hmac-sha1,[email protected],hmac-sha2-512 [preauth]
5044 2024-08-05 17:08:05.700 debug2: compression ctos: none,[email protected],zlib [preauth]
5044 2024-08-05 17:08:05.700 debug2: compression stoc: none,[email protected],zlib [preauth]
5044 2024-08-05 17:08:05.700 debug2: languages ctos:  [preauth]
5044 2024-08-05 17:08:05.700 debug2: languages stoc:  [preauth]
5044 2024-08-05 17:08:05.700 debug2: first_kex_follows 0  [preauth]
5044 2024-08-05 17:08:05.700 debug2: reserved 0  [preauth]
5044 2024-08-05 17:08:05.700 debug3: kex_choose_conf: will use strict KEX ordering [preauth]
5044 2024-08-05 17:08:05.700 debug1: kex: algorithm: curve25519-sha256 [preauth]
5044 2024-08-05 17:08:05.700 debug1: kex: host key algorithm: ssh-ed25519 [preauth]
5044 2024-08-05 17:08:05.700 debug1: kex: client->server cipher: [email protected] MAC: <implicit> compression: none [preauth]
5044 2024-08-05 17:08:05.700 debug1: kex: server->client cipher: [email protected] MAC: <implicit> compression: none [preauth]
5044 2024-08-05 17:08:05.700 debug1: expecting SSH2_MSG_KEX_ECDH_INIT [preauth]
5044 2024-08-05 17:08:05.700 debug3: receive packet: type 30 [preauth]
5044 2024-08-05 17:08:05.700 debug1: SSH2_MSG_KEX_ECDH_INIT received [preauth]
5044 2024-08-05 17:08:05.715 debug3: mm_sshkey_sign: entering [preauth]
5044 2024-08-05 17:08:05.715 debug3: mm_request_send: entering, type 6 [preauth]
5044 2024-08-05 17:08:05.715 debug3: mm_sshkey_sign: waiting for MONITOR_ANS_SIGN [preauth]
5044 2024-08-05 17:08:05.715 debug3: mm_request_receive_expect: entering, type 7 [preauth]
5044 2024-08-05 17:08:05.715 debug3: mm_request_receive: entering [preauth]
5044 2024-08-05 17:08:05.715 debug3: mm_request_receive: entering
5044 2024-08-05 17:08:05.715 debug3: monitor_read: checking request 6
5044 2024-08-05 17:08:05.715 debug3: mm_answer_sign: entering
5044 2024-08-05 17:08:05.715 debug3: mm_answer_sign: ssh-ed25519 KEX signature len=83
5044 2024-08-05 17:08:05.715 debug3: mm_request_send: entering, type 7
5044 2024-08-05 17:08:05.715 debug2: monitor_read: 6 used once, disabling now
5044 2024-08-05 17:08:05.715 debug3: send packet: type 31 [preauth]
5044 2024-08-05 17:08:05.715 debug3: send packet: type 21 [preauth]
5044 2024-08-05 17:08:05.715 debug1: ssh_packet_send2_wrapped: resetting send seqnr 3 [preauth]
5044 2024-08-05 17:08:05.715 debug2: ssh_set_newkeys: mode 1 [preauth]
5044 2024-08-05 17:08:05.715 debug1: rekey out after 4294967296 blocks [preauth]
5044 2024-08-05 17:08:05.715 debug1: SSH2_MSG_NEWKEYS sent [preauth]
5044 2024-08-05 17:08:05.715 debug1: Sending SSH2_MSG_EXT_INFO [preauth]
5044 2024-08-05 17:08:05.715 debug3: send packet: type 7 [preauth]
5044 2024-08-05 17:08:05.715 debug1: expecting SSH2_MSG_NEWKEYS [preauth]
5044 2024-08-05 17:08:05.731 debug3: receive packet: type 21 [preauth]
5044 2024-08-05 17:08:05.731 debug1: ssh_packet_read_poll2: resetting read seqnr 3 [preauth]
5044 2024-08-05 17:08:05.731 debug1: SSH2_MSG_NEWKEYS received [preauth]
5044 2024-08-05 17:08:05.731 debug2: ssh_set_newkeys: mode 0 [preauth]
5044 2024-08-05 17:08:05.731 debug1: rekey in after 4294967296 blocks [preauth]
5044 2024-08-05 17:08:05.731 debug1: KEX done [preauth]
5044 2024-08-05 17:08:05.794 debug3: receive packet: type 5 [preauth]
5044 2024-08-05 17:08:05.794 debug3: send packet: type 6 [preauth]
5044 2024-08-05 17:08:05.794 debug3: receive packet: type 50 [preauth]
5044 2024-08-05 17:08:05.794 debug1: userauth-request for user administrator service ssh-connection method none [preauth]
5044 2024-08-05 17:08:05.794 debug1: attempt 0 failures 0 [preauth]
5044 2024-08-05 17:08:05.794 debug3: mm_getpwnamallow: entering [preauth]
5044 2024-08-05 17:08:05.794 debug3: mm_request_send: entering, type 8 [preauth]
5044 2024-08-05 17:08:05.794 debug3: mm_getpwnamallow: waiting for MONITOR_ANS_PWNAM [preauth]
5044 2024-08-05 17:08:05.794 debug3: mm_request_receive_expect: entering, type 9 [preauth]
5044 2024-08-05 17:08:05.794 debug3: mm_request_receive: entering [preauth]
5044 2024-08-05 17:08:05.794 debug3: mm_request_receive: entering
5044 2024-08-05 17:08:05.794 debug3: monitor_read: checking request 8
5044 2024-08-05 17:08:05.794 debug3: mm_answer_pwnamallow: entering
5044 2024-08-05 17:08:05.794 debug2: parse_server_config_depth: config reprocess config len 2272
5044 2024-08-05 17:08:05.794 debug3: checking match for 'Group administrators' user grydan\\administrator host 192.168.1.200 addr 192.168.1.200 laddr 192.168.1.51 lport 22
5044 2024-08-05 17:08:05.810 debug3: lookup_principal_name: Successfully discovered implicit principal name: 'grydan\\administrator'=>'[email protected]'
5044 2024-08-05 17:08:05.810 debug3: LsaLogonUser Succeeded (Impersonation: 0)
5044 2024-08-05 17:08:05.810 debug1: user grydan\\administrator matched group list administrators at line 88
5044 2024-08-05 17:08:05.810 debug3: match found
5044 2024-08-05 17:08:05.810 debug3: reprocess config:89 setting AuthorizedKeysFile __PROGRAMDATA__/ssh/administrators_authorized_keys
5044 2024-08-05 17:08:05.810 debug3: mm_answer_pwnamallow: sending MONITOR_ANS_PWNAM: 1
5044 2024-08-05 17:08:05.810 debug3: mm_request_send: entering, type 9
5044 2024-08-05 17:08:05.810 debug2: monitor_read: 8 used once, disabling now
5044 2024-08-05 17:08:05.810 debug3: process_channel_timeouts: setting 0 timeouts [preauth]
5044 2024-08-05 17:08:05.810 debug3: channel_clear_timeouts: clearing [preauth]
5044 2024-08-05 17:08:05.810 debug2: input_userauth_request: setting up authctxt for administrator [preauth]
5044 2024-08-05 17:08:05.810 debug3: mm_inform_authserv: entering [preauth]
5044 2024-08-05 17:08:05.810 debug3: mm_request_send: entering, type 4 [preauth]
5044 2024-08-05 17:08:05.810 debug2: input_userauth_request: try method none [preauth]
5044 2024-08-05 17:08:05.810 debug3: userauth_finish: failure partial=0 next methods="publickey,keyboard-interactive" [preauth]
5044 2024-08-05 17:08:05.810 debug3: mm_request_receive: entering
5044 2024-08-05 17:08:05.810 debug3: monitor_read: checking request 4
5044 2024-08-05 17:08:05.810 debug3: mm_answer_authserv: service=ssh-connection, style=
5044 2024-08-05 17:08:05.810 debug2: monitor_read: 4 used once, disabling now
5044 2024-08-05 17:08:05.810 debug3: send packet: type 51 [preauth]
5044 2024-08-05 17:08:05.810 debug3: receive packet: type 50 [preauth]
5044 2024-08-05 17:08:05.810 debug1: userauth-request for user administrator service ssh-connection method publickey [preauth]
5044 2024-08-05 17:08:05.810 debug1: attempt 1 failures 0 [preauth]
5044 2024-08-05 17:08:05.810 debug2: input_userauth_request: try method publickey [preauth]
5044 2024-08-05 17:08:05.810 debug2: userauth_pubkey: valid user administrator querying public key ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMqDYFG0KT0/CeeVVSAJ4E6rNV5LT7Ef6a03pX26melE [preauth]
5044 2024-08-05 17:08:05.810 debug1: userauth_pubkey: publickey test pkalg ssh-ed25519 pkblob ED25519 SHA256:iX0hFjqneuzdGRHYRCfmmQOMl3U3WsaNNODwqiHOp7c [preauth]
5044 2024-08-05 17:08:05.810 debug3: mm_key_allowed: entering [preauth]
5044 2024-08-05 17:08:05.810 debug3: mm_request_send: entering, type 22 [preauth]
5044 2024-08-05 17:08:05.810 debug3: mm_key_allowed: waiting for MONITOR_ANS_KEYALLOWED [preauth]
5044 2024-08-05 17:08:05.810 debug3: mm_request_receive_expect: entering, type 23 [preauth]
5044 2024-08-05 17:08:05.810 debug3: mm_request_receive: entering [preauth]
5044 2024-08-05 17:08:05.810 debug3: mm_request_receive: entering
5044 2024-08-05 17:08:05.810 debug3: monitor_read: checking request 22
5044 2024-08-05 17:08:05.810 debug3: mm_answer_keyallowed: entering
5044 2024-08-05 17:08:05.810 debug1: trying public key file __PROGRAMDATA__/ssh/administrators_authorized_keys
5044 2024-08-05 17:08:05.825 debug2: auth_check_authkeys_file: __PROGRAMDATA__/ssh/administrators_authorized_keys: processed 1/1 lines
5044 2024-08-05 17:08:05.825 debug3: mm_answer_keyallowed: publickey authentication test: ED25519 key is not allowed
5044 2024-08-05 17:08:05.825 Failed publickey for administrator from 192.168.1.200 port 49076 ssh2: ED25519 SHA256:iX0hFjqneuzdGRHYRCfmmQOMl3U3WsaNNODwqiHOp7c
5044 2024-08-05 17:08:05.825 debug3: mm_request_send: entering, type 23
5044 2024-08-05 17:08:05.825 debug2: userauth_pubkey: authenticated 0 pkalg ssh-ed25519 [preauth]
5044 2024-08-05 17:08:05.825 debug3: user_specific_delay: user specific delay 0.000ms [preauth]
5044 2024-08-05 17:08:05.825 debug3: ensure_minimum_time_since: elapsed 15.000ms, delaying 10.012ms (requested 6.253ms) [preauth]
5044 2024-08-05 17:08:05.841 debug3: userauth_finish: failure partial=0 next methods="publickey,keyboard-interactive" [preauth]
5044 2024-08-05 17:08:05.841 debug3: send packet: type 51 [preauth]
5044 2024-08-05 17:08:05.841 debug3: receive packet: type 50 [preauth]
5044 2024-08-05 17:08:05.841 debug1: userauth-request for user administrator service ssh-connection method keyboard-interactive [preauth]
5044 2024-08-05 17:08:05.841 debug1: attempt 2 failures 1 [preauth]
5044 2024-08-05 17:08:05.841 debug2: input_userauth_request: try method keyboard-interactive [preauth]
5044 2024-08-05 17:08:05.841 debug1: keyboard-interactive devs  [preauth]
5044 2024-08-05 17:08:05.841 debug1: auth2_challenge: user=administrator devs= [preauth]
5044 2024-08-05 17:08:05.841 debug1: kbdint_alloc: devices '' [preauth]
5044 2024-08-05 17:08:05.841 debug2: auth2_challenge_start: devices  [preauth]
5044 2024-08-05 17:08:05.841 debug3: user_specific_delay: user specific delay 0.000ms [preauth]
5044 2024-08-05 17:08:05.841 debug3: ensure_minimum_time_since: elapsed 0.000ms, delaying 6.253ms (requested 6.253ms) [preauth]
5044 2024-08-05 17:08:05.856 debug3: userauth_finish: failure partial=0 next methods="publickey,keyboard-interactive" [preauth]
5044 2024-08-05 17:08:05.857 debug3: send packet: type 51 [preauth]
5044 2024-08-05 17:08:05.857 Connection closed by authenticating user administrator 192.168.1.200 port 49076 [preauth]
5044 2024-08-05 17:08:05.857 debug1: do_cleanup [preauth]
5044 2024-08-05 17:08:05.857 debug1: monitor_read_log: child log fd closed
5044 2024-08-05 17:08:05.857 debug3: mm_request_receive: entering
5044 2024-08-05 17:08:05.857 debug1: do_cleanup
5044 2024-08-05 17:08:05.857 debug1: Killing privsep child 1552
1628 2024-08-05 17:08:05.857 debug2: pselect_notify_done: reading
ssh-keys openssh
1个回答
0
投票

验证两端密钥文件的权限,并确保它们在 Windows 端具有 admin 权限,在 Linux 端具有 0600 权限。看看这个:https://superuser.com/questions/1538449/unable-to-use-publickey-authentication-on-win32-open-ssh-server

最新问题
© www.soinside.com 2019 - 2024. All rights reserved.