ssh不会使用公钥今天登录(!)-调试产生奇怪的输出[已解决]

问题描述 投票:0回答:1

““自星期五以来什么都没变。” 但请参阅下文。今天早上(!),Bitbucket.org拒绝了我的ssh尝试:

Connection blocked because server only allows public key authentication. 
Please contact your network administrator.

我遵循了另一个建议,并尝试了ssh -Tv [email protected](这是由git remote -v显示的用户ID,在输出中看到了这种奇怪:

编辑:这是complete输出:

$ ssh-agent
SSH_AUTH_SOCK=/tmp/ssh-F8PhcLGt2yVB/agent.11836; export SSH_AUTH_SOCK;
SSH_AGENT_PID=11837; export SSH_AGENT_PID;
echo Agent pid 11837;

$ ssh -Tv [email protected]
OpenSSH_7.6p1 Ubuntu-4ubuntu0.3, OpenSSL 1.0.2n  7 Dec 2017
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug1: Connecting to bitbucket.org [18.205.93.0] port 22.
debug1: Connection established.
debug1: identity file /home/mike/.ssh/id_rsa type 0
debug1: key_load_public: No such file or directory
debug1: identity file /home/mike/.ssh/id_rsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/mike/.ssh/id_dsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/mike/.ssh/id_dsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/mike/.ssh/id_ecdsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/mike/.ssh/id_ecdsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/mike/.ssh/id_ed25519 type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/mike/.ssh/id_ed25519-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_7.6p1 Ubuntu-4ubuntu0.3
debug1: Remote protocol version 2.0, remote software version conker_31073e5a11 app-191
debug1: no match: conker_31073e5a11 app-191
debug1: Authenticating to bitbucket.org:22 as 'git'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: [email protected]
debug1: kex: host key algorithm: ssh-rsa
debug1: kex: server->client cipher: [email protected] MAC: <implicit> compression: none
debug1: kex: client->server cipher: [email protected] MAC: <implicit> compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ssh-rsa SHA256:6tASx4IX+FSngemFsQuAIyt0aQ/+fMAyzXBRWRajoBM
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the RSA key sent by the remote host is
SHA256:6tASx4IX+FSngemFsQuAIyt0aQ/+fMAyzXBRWRajoBM.
Please contact your system administrator.
Add correct host key in /home/mike/.ssh/known_hosts to get rid of this message.
Offending RSA key in /home/mike/.ssh/known_hosts:2
  remove with:
  ssh-keygen -f "/home/mike/.ssh/known_hosts" -R "bitbucket.org"
RSA host key for bitbucket.org has changed and you have requested strict checking.
Host key verification failed.

但是:.ssh目录确实存在,其权限为-r--------id_rsa(和id_rsa.pub)文件都存在,并且它们的权限同样正确。 ssh-agent已重新启动。

ls -ld /home/mike/.ssh/id_rsa
-r-------- 1 mike mike 1679 Oct 24 10:41 /home/mike/.ssh/id_rsa
(notice the date ... many months ago ... correct)

cat /home/mike/.ssh/id_rsa
(the correct private key is displayed ...) (ditto public-key)

再次:“自星期五以来没有任何变化。”我想我已经想到了一切!那么,到底该怎么办呢?以及为什么突然对我和我的同事们开始发生这种情况[[today?(/etc/ssh中的许多个月都没有变化。同样,~/.ssh中的证书也具有正确的权限,如前所述)。 )

[另一个编辑:

这是当我删除known_hosts条目时发生的事情:$ ssh-keygen -f "/home/mike/.ssh/known_hosts" -R "bitbucket.org" # Host bitbucket.org found: line 2 /home/mike/.ssh/known_hosts updated. Original contents retained as /home/mike/.ssh/known_hosts.old $ ssh -Tv [email protected] OpenSSH_7.6p1 Ubuntu-4ubuntu0.3, OpenSSL 1.0.2n 7 Dec 2017 debug1: Reading configuration data /etc/ssh/ssh_config debug1: /etc/ssh/ssh_config line 19: Applying options for * debug1: Connecting to bitbucket.org [18.205.93.1] port 22. debug1: Connection established. debug1: identity file /home/mike/.ssh/id_rsa type 0 debug1: key_load_public: No such file or directory debug1: identity file /home/mike/.ssh/id_rsa-cert type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/mike/.ssh/id_dsa type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/mike/.ssh/id_dsa-cert type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/mike/.ssh/id_ecdsa type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/mike/.ssh/id_ecdsa-cert type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/mike/.ssh/id_ed25519 type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/mike/.ssh/id_ed25519-cert type -1 debug1: Local version string SSH-2.0-OpenSSH_7.6p1 Ubuntu-4ubuntu0.3 debug1: Remote protocol version 2.0, remote software version conker_31073e5a11 app-155 debug1: no match: conker_31073e5a11 app-155 debug1: Authenticating to bitbucket.org:22 as 'git' debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug1: kex: algorithm: [email protected] debug1: kex: host key algorithm: ssh-rsa debug1: kex: server->client cipher: [email protected] MAC: <implicit> compression: none debug1: kex: client->server cipher: [email protected] MAC: <implicit> compression: none debug1: expecting SSH2_MSG_KEX_ECDH_REPLY debug1: Server host key: ssh-rsa SHA256:6tASx4IX+FSngemFsQuAIyt0aQ/+fMAyzXBRWRajoBM The authenticity of host 'bitbucket.org (18.205.93.1)' can't be established. RSA key fingerprint is SHA256:6tASx4IX+FSngemFsQuAIyt0aQ/+fMAyzXBRWRajoBM. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added 'bitbucket.org' (RSA) to the list of known hosts. Warning: the RSA host key for 'bitbucket.org' differs from the key for the IP address '18.205.93.1' Offending key for IP in /home/mike/.ssh/known_hosts:3 Are you sure you want to continue connecting (yes/no)? yes debug1: rekey after 134217728 blocks debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug1: SSH2_MSG_NEWKEYS received debug1: rekey after 134217728 blocks debug1: SSH2_MSG_SERVICE_ACCEPT received Received disconnect from 18.205.93.1 port 22:2: Connection blocked because server only allows public key authentication. Please contact your network administrator. Disconnected from 18.205.93.1 port 22
我立即归零是在使用ssh时从未遇到过的消息:

Warning: the RSA host key for 'bitbucket.org' differs from the key for the IP address '18.205.93.1'

...这个

必须

有意义...
ssh
1个回答
0
投票
我仍然没有这个问题的答案,但是我

did通过在SO上浏览此页面找到更多信息:

Connection blocked because server only allows public key authentication

...“ ALuViAn”的神秘评论将我引导至此页面:

https://superuser.com/questions/1466177/connection-blocked-because-server-only-allows-public-key-authentication-putty-f

...其“答案#1”

确实

与该问题直接相关。参考该答案中的这两页:

https://community.atlassian.com/t5/Bitbucket-questions/Cannot-use-public-key-with-bitbucket-cloud/qaq-p/934114

和:

https://www.reddit.com/r/aws/comments/a4xzrs/key_based_auth_broken_for_all_instances_even_new/

结论似乎是“中间有一个人”(在公司的网络安全基础架构内)。其他城市的[[(a)

办公室没有遇到问题,并且

(b)如果打开VPN客户端,我也没有遇到问题,这似乎也得到了证实。 ,从而通过出现在“其他地方”的VPN隧道发送所有流量。希望这可以帮助某人...

© www.soinside.com 2019 - 2024. All rights reserved.