我有一个Debian linux 10容器(docker主机是oracle linux 7),该容器用于公共密钥身份验证。我不知道为什么它不适用于非root用户(即abc)。我为root用户工作。太令人沮丧了,因为我已经尝试了多种谷歌搜索方式。
这里是当前设置,以及secureCRT跟踪日志。同样,abc用户在容器内。我还获得了公共密钥身份验证以及非root用户在docker主机本身上对非root用户123的作用。因此,不确定是什么引起了问题。不知何故,/home/abc/.ssh/authorized_keys文件未正确读取。
我还使用chmod 700正确设置了.ssh和.ssh / authorized_keys权限(我也尝试过744),. ssh和.ssh / authorized_keys也由abc用户拥有。我还非常仔细地检查了authorized_key文件中的密钥,该公共密钥(在记事本中打开,复制,然后粘贴到容器的authorized_key文件中)与之匹配。你能帮我吗?我没办法了。
PasswordAuthentication no
PubkeyAuthentication yes
ChallengeResponseAuthentication no
PermitRootLogin yes
UsePAM no
AuthorizedKeysFile .ssh/authorized_keys /home/abc/.ssh/authorized_keys
[LOCAL] : SENT : USERAUTH_REQUEST [publickey (ssh-rsa) - unsigned,fingerprint (SHA-2 hash): ...]
[LOCAL] : SENT : USERAUTH_REQUEST [publickey (ssh-rsa) - unsigned,fingerprint (SHA-1 hash): ...]
[LOCAL] : SENT : USERAUTH_REQUEST [publickey (ssh-rsa) - unsigned,fingerprint (MD5 hash): ...]
[LOCAL] : RECV : USERAUTH_FAILURE, continuations [publickey]
[LOCAL] : SENT : USERAUTH_REQUEST [publickey (ssh-rsa) - unsigned,agent,fingerprint (SHA-2 hash): ...]
[LOCAL] : SENT : USERAUTH_REQUEST [publickey (ssh-rsa) - unsigned,agent,fingerprint (SHA-1 hash): ...]
[LOCAL] : SENT : USERAUTH_REQUEST [publickey (ssh-rsa) - unsigned,agent,fingerprint (MD5 hash): ]
[LOCAL] : RECV : USERAUTH_FAILURE, continuations [publickey]
[LOCAL] : SEND: Disconnect packet: The user canceled authentication.
[LOCAL] : Changing state from STATE_CONNECTION to STATE_SEND_DISCONNECT
[LOCAL] : Changing state from STATE_SEND_DISCONNECT to STATE_CLOSED
[LOCAL] : Connected for 3 seconds, 2698 bytes sent, 2233 bytes received
[LOCAL] : SENT : USERAUTH_REQUEST [publickey (ssh-rsa) - unsigned,fingerprint (SHA-2 hash): ...]
[LOCAL] : SENT : USERAUTH_REQUEST [publickey (ssh-rsa) - unsigned,fingerprint (SHA-1 hash): ...]
[LOCAL] : SENT : USERAUTH_REQUEST [publickey (ssh-rsa) - unsigned,fingerprint (MD5 hash): ...]
[LOCAL] : SENT : USERAUTH_REQUEST [publickey (ssh-rsa) - signed,May 2000 Standard]
[LOCAL] : RECV : AUTH_SUCCESS
[LOCAL] : SEND[0]: SSH_MSG_CHANNEL_OPEN('session')
[FROM REMOTE] : /root/.ssh/authorized_keys:1: key options: agent-forwarding port-forwarding pty user-rc x11-forwarding
[FROM REMOTE] : /root/.ssh/authorized_keys:1: key options: agent-forwarding port-forwarding pty user-rc x11-forwarding
[LOCAL] : SEND[0]: Pty Request (rows: 68, cols: 189)
[LOCAL] : RECV[0]: pty request succeeded
[LOCAL] : SEND[0]: shell request
[LOCAL] : RECV[0]: shell request succeeded
[LOCAL] : SSH2Core version 8.1.0.1362
[LOCAL] : Connecting to xyz:220 ...
[LOCAL] : Resolved hostname to x.x.x.x:220
SecureCRT - Version 8.1.2 (x64 build 1362)
[LOCAL] : Changing state from STATE_NOT_CONNECTED to STATE_EXPECT_KEX_INIT
[LOCAL] : Using protocol SSH2
[LOCAL] : RECV : Remote Identifier = 'SSH-2.0-OpenSSH_7.9p1 Debian-10+deb10u2'
[LOCAL] : CAP : Remote can re-key
[LOCAL] : CAP : Remote sends language in password change requests
[LOCAL] : CAP : Remote sends algorithm name in PK_OK packets
[LOCAL] : CAP : Remote sends algorithm name in public key packets
[LOCAL] : CAP : Remote sends algorithm name in signatures
[LOCAL] : CAP : Remote sends error text in open failure packets
[LOCAL] : CAP : Remote sends name in service accept packets
[LOCAL] : CAP : Remote includes port number in x11 open packets
[LOCAL] : CAP : Remote uses 160 bit keys for SHA1 MAC
[LOCAL] : CAP : Remote supports new diffie-hellman group exchange messages
[LOCAL] : CAP : Remote correctly handles unknown SFTP extensions
[LOCAL] : CAP : Remote correctly encodes OID for gssapi
[LOCAL] : CAP : Remote correctly uses connected addresses in forwarded-tcpip requests
[LOCAL] : CAP : Remote can do SFTP version 4
[LOCAL] : CAP : Remote uses SHA1 hash in RSA signatures for x.509v3
[LOCAL] : CAP : Remote x.509v3 uses ASN.1 encoding for DSA signatures
[LOCAL] : CAP : Remote correctly handles [email protected]
[LOCAL] : SSPI : Requesting full delegation
[LOCAL] : SSPI : [Kerberos] SPN : host@xyz
[LOCAL] : SSPI : [Kerberos] InitializeSecurityContext() failed.
[LOCAL] : SSPI : [Kerberos] The specified target is unknown or unreachable
[LOCAL] : SSPI : [Kerberos] Disabling gss mechanism
[LOCAL] : GSS : Requesting full delegation
[LOCAL] : GSS : [Kerberos] SPN : host@xyz
[LOCAL] : GSS : [Kerberos] InitializeSecurityContext() failed.
[LOCAL] : GSS : [Kerberos] Could not load library 'gssapi64.dll': The specified module could not be found.
[LOCAL] : GSS : [Kerberos] Disabling gss mechanism
[LOCAL] : GSS : [Kerberos] Disabling gss mechanism
[LOCAL] : The following key exchange method has been filtered from the key exchange method list because it is not supported: gss-group1-sha1-toWM5Slw5Ew8Mqkay+al2g==
[LOCAL] : SSPI : Requesting full delegation
[LOCAL] : SSPI : [Kerberos (Group Exchange)] SPN : host@xyz
[LOCAL] : SSPI : [Kerberos (Group Exchange)] InitializeSecurityContext() failed.
[LOCAL] : SSPI : [Kerberos (Group Exchange)] The specified target is unknown or unreachable
[LOCAL] : SSPI : [Kerberos (Group Exchange)] Disabling gss mechanism
[LOCAL] : GSS : Requesting full delegation
[LOCAL] : GSS : [Kerberos (Group Exchange)] SPN : host@xyz
[LOCAL] : GSS : [Kerberos (Group Exchange)] InitializeSecurityContext() failed.
[LOCAL] : GSS : [Kerberos (Group Exchange)] Could not load library 'gssapi64.dll': The specified module could not be found.
[LOCAL] : GSS : [Kerberos (Group Exchange)] Disabling gss mechanism
[LOCAL] : GSS : [Kerberos (Group Exchange)] Disabling gss mechanism
[LOCAL] : The following key exchange method has been filtered from the key exchange method list because it is not supported: gss-gex-sha1-toWM5Slw5Ew8Mqkay+al2g==
[LOCAL] : SEND : KEXINIT
[LOCAL] : RECV : Read kexinit
[LOCAL] : Available Remote Kex Methods = curve25519-sha256,[email protected],ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1
[LOCAL] : Selected Kex Method = ecdh-sha2-nistp521
[LOCAL] : Available Remote Host Key Algos = rsa-sha2-512,rsa-sha2-256,ssh-rsa,ecdsa-sha2-nistp256,ssh-ed25519
[LOCAL] : Selected Host Key Algo = ssh-rsa
[LOCAL] : Available Remote Send Ciphers = [email protected],aes128-ctr,aes192-ctr,aes256-ctr,[email protected],[email protected]
[LOCAL] : Selected Send Cipher = aes256-ctr
[LOCAL] : Available Remote Recv Ciphers = [email protected],aes128-ctr,aes192-ctr,aes256-ctr,[email protected],[email protected]
[LOCAL] : Selected Recv Cipher = aes256-ctr
[LOCAL] : Available Remote Send Macs = [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-sha1
[LOCAL] : Selected Send Mac = hmac-sha2-512
[LOCAL] : Available Remote Recv Macs = [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-sha1
[LOCAL] : Selected Recv Mac = hmac-sha2-512
[LOCAL] : Available Remote Compressors = none,[email protected]
[LOCAL] : Selected Compressor = none
[LOCAL] : Available Remote Decompressors = none,[email protected]
[LOCAL] : Selected Decompressor = none
[LOCAL] : Changing state from STATE_EXPECT_KEX_INIT to STATE_KEY_EXCHANGE
[LOCAL] : SEND : SSH_MSG_KEX_ECDH_INIT
[LOCAL] : RECV : SSH_MSG_KEX_ECDH_REPLY
[LOCAL] : Changing state from STATE_KEY_EXCHANGE to STATE_READY_FOR_NEW_KEYS
[LOCAL] : RECV: Remote Hostkey (SHA-2 hash): ...
[LOCAL] : RECV: Remote Hostkey (SHA-1 hash): ...
[LOCAL] : RECV: Remote Hostkey (MD5 hash): ...
[LOCAL] : SEND : NEWKEYS
[LOCAL] : Changing state from STATE_READY_FOR_NEW_KEYS to STATE_EXPECT_NEWKEYS
[LOCAL] : RECV : NEWKEYS
[LOCAL] : Changing state from STATE_EXPECT_NEWKEYS to STATE_CONNECTION
[LOCAL] : SEND: SERVICE_REQUEST[ssh-userauth]
[LOCAL] : RECV: SERVICE_ACCEPT[ssh-userauth] -- OK
[LOCAL] : SENT : USERAUTH_REQUEST [none]
[LOCAL] : RECV : USERAUTH_FAILURE, continuations [publickey]
[LOCAL] : SENT : USERAUTH_REQUEST [publickey (ssh-rsa) - unsigned,fingerprint (SHA-2 hash): ...]
[LOCAL] : SENT : USERAUTH_REQUEST [publickey (ssh-rsa) - unsigned,fingerprint (SHA-1 hash): ...]
[LOCAL] : SENT : USERAUTH_REQUEST [publickey (ssh-rsa) - unsigned,fingerprint (MD5 hash): ...]
[LOCAL] : RECV : USERAUTH_FAILURE, continuations [publickey]
[LOCAL] : SENT : USERAUTH_REQUEST [publickey (ssh-rsa) - unsigned,agent,fingerprint (SHA-2 hash): ...]
[LOCAL] : SENT : USERAUTH_REQUEST [publickey (ssh-rsa) - unsigned,agent,fingerprint (SHA-1 hash): ...]
[LOCAL] : SENT : USERAUTH_REQUEST [publickey (ssh-rsa) - unsigned,agent,fingerprint (MD5 hash): ...]
[LOCAL] : RECV : USERAUTH_FAILURE, continuations [publickey]
[LOCAL] : SEND: Disconnect packet: The user canceled authentication.
[LOCAL] : Changing state from STATE_CONNECTION to STATE_SEND_DISCONNECT
[LOCAL] : Changing state from STATE_SEND_DISCONNECT to STATE_CLOSED
[LOCAL] : Connected for 3 seconds, 2698 bytes sent, 2233 bytes received
[LOCAL] : Stream has closed [CLOSE_TYPE_NO_AUTO_RECONNECT] : The user canceled authentication.
猜怎么着,我是无意中修复了它!
所以我很绝望,尝试了所有选择都非常筋疲力尽,但仍然没有开始工作。因此,我昨晚放弃了,并使用sshd_config中的以下设置恢复了abc用户的密码身份验证。
匹配用户abc
PasswordAuthentication是
PubkeyAuthentication no
然后一个声音告诉我尝试禁用(取消注释)那些设置,它才起作用!我遇到过的最奇怪,最痛苦的问题,但现在很高兴!
您认为这是Debian 10的错误,还是secureCRT 8.1.2的错误?