““自星期五以来什么都没变。” 但请参阅下文。今天早上(!),Bitbucket.org拒绝了我的ssh
尝试:
Connection blocked because server only allows public key authentication.
Please contact your network administrator.
我遵循了另一个建议,并尝试了ssh -Tv [email protected]
(这是由git remote -v
显示的用户ID,在输出中看到了这种奇怪:
编辑:这是complete输出:
$ ssh-agent
SSH_AUTH_SOCK=/tmp/ssh-F8PhcLGt2yVB/agent.11836; export SSH_AUTH_SOCK;
SSH_AGENT_PID=11837; export SSH_AGENT_PID;
echo Agent pid 11837;
$ ssh -Tv [email protected]
OpenSSH_7.6p1 Ubuntu-4ubuntu0.3, OpenSSL 1.0.2n 7 Dec 2017
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug1: Connecting to bitbucket.org [18.205.93.0] port 22.
debug1: Connection established.
debug1: identity file /home/mike/.ssh/id_rsa type 0
debug1: key_load_public: No such file or directory
debug1: identity file /home/mike/.ssh/id_rsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/mike/.ssh/id_dsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/mike/.ssh/id_dsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/mike/.ssh/id_ecdsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/mike/.ssh/id_ecdsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/mike/.ssh/id_ed25519 type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/mike/.ssh/id_ed25519-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_7.6p1 Ubuntu-4ubuntu0.3
debug1: Remote protocol version 2.0, remote software version conker_31073e5a11 app-191
debug1: no match: conker_31073e5a11 app-191
debug1: Authenticating to bitbucket.org:22 as 'git'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: [email protected]
debug1: kex: host key algorithm: ssh-rsa
debug1: kex: server->client cipher: [email protected] MAC: <implicit> compression: none
debug1: kex: client->server cipher: [email protected] MAC: <implicit> compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ssh-rsa SHA256:6tASx4IX+FSngemFsQuAIyt0aQ/+fMAyzXBRWRajoBM
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the RSA key sent by the remote host is
SHA256:6tASx4IX+FSngemFsQuAIyt0aQ/+fMAyzXBRWRajoBM.
Please contact your system administrator.
Add correct host key in /home/mike/.ssh/known_hosts to get rid of this message.
Offending RSA key in /home/mike/.ssh/known_hosts:2
remove with:
ssh-keygen -f "/home/mike/.ssh/known_hosts" -R "bitbucket.org"
RSA host key for bitbucket.org has changed and you have requested strict checking.
Host key verification failed.
但是:.ssh
目录确实存在,其权限为-r--------
,id_rsa
(和id_rsa.pub
)文件都存在,并且它们的权限同样正确。 ssh-agent
已重新启动。
ls -ld /home/mike/.ssh/id_rsa
-r-------- 1 mike mike 1679 Oct 24 10:41 /home/mike/.ssh/id_rsa
(notice the date ... many months ago ... correct)
cat /home/mike/.ssh/id_rsa
(the correct private key is displayed ...) (ditto public-key)
再次:“自星期五以来没有任何变化。”我想我已经想到了一切!那么,到底该怎么办呢?以及为什么突然对我和我的同事们开始发生这种情况[[today?(/etc/ssh
中的许多个月都没有变化。同样,~/.ssh
中的证书也具有正确的权限,如前所述)。 )
[另一个编辑:
这是当我删除known_hosts
条目时发生的事情:$ ssh-keygen -f "/home/mike/.ssh/known_hosts" -R "bitbucket.org"
# Host bitbucket.org found: line 2
/home/mike/.ssh/known_hosts updated.
Original contents retained as /home/mike/.ssh/known_hosts.old
$ ssh -Tv [email protected]
OpenSSH_7.6p1 Ubuntu-4ubuntu0.3, OpenSSL 1.0.2n 7 Dec 2017
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug1: Connecting to bitbucket.org [18.205.93.1] port 22.
debug1: Connection established.
debug1: identity file /home/mike/.ssh/id_rsa type 0
debug1: key_load_public: No such file or directory
debug1: identity file /home/mike/.ssh/id_rsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/mike/.ssh/id_dsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/mike/.ssh/id_dsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/mike/.ssh/id_ecdsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/mike/.ssh/id_ecdsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/mike/.ssh/id_ed25519 type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/mike/.ssh/id_ed25519-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_7.6p1 Ubuntu-4ubuntu0.3
debug1: Remote protocol version 2.0, remote software version conker_31073e5a11 app-155
debug1: no match: conker_31073e5a11 app-155
debug1: Authenticating to bitbucket.org:22 as 'git'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: [email protected]
debug1: kex: host key algorithm: ssh-rsa
debug1: kex: server->client cipher: [email protected] MAC: <implicit> compression: none
debug1: kex: client->server cipher: [email protected] MAC: <implicit> compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ssh-rsa SHA256:6tASx4IX+FSngemFsQuAIyt0aQ/+fMAyzXBRWRajoBM
The authenticity of host 'bitbucket.org (18.205.93.1)' can't be established.
RSA key fingerprint is SHA256:6tASx4IX+FSngemFsQuAIyt0aQ/+fMAyzXBRWRajoBM.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'bitbucket.org' (RSA) to the list of known hosts.
Warning: the RSA host key for 'bitbucket.org' differs from the key for the IP address '18.205.93.1'
Offending key for IP in /home/mike/.ssh/known_hosts:3
Are you sure you want to continue connecting (yes/no)? yes
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_SERVICE_ACCEPT received
Received disconnect from 18.205.93.1 port 22:2: Connection blocked because server only allows public key authentication. Please contact your network administrator.
Disconnected from 18.205.93.1 port 22
我立即归零是在使用ssh
时从未遇到过的消息:
Warning: the RSA host key for 'bitbucket.org' differs from the key for the IP address '18.205.93.1'
...这个有意义...必须
did通过在SO上浏览此页面找到更多信息:
Connection blocked because server only allows public key authentication...“ ALuViAn”的神秘评论将我引导至此页面:
...其“答案#1”
确实
与该问题直接相关。参考该答案中的这两页:和:
https://www.reddit.com/r/aws/comments/a4xzrs/key_based_auth_broken_for_all_instances_even_new/
结论似乎是“中间有一个人”(在公司的网络安全基础架构内)。其他城市的[[(a)
办公室没有遇到问题,并且(b)如果打开VPN客户端,我也没有遇到问题,这似乎也得到了证实。 ,从而通过出现在“其他地方”的VPN隧道发送所有流量。希望这可以帮助某人...