对于非root用户,进入Debian容器的公钥ssh失败。
对于非root用户,进入Debian容器的公钥ssh失败。
提问于 2020-04-07 04:43:56
我有一个Debian 10容器(docker主机是oracle 7),它是为公钥身份验证设置的。我不明白为什么它不适用于非根用户(即abc)。我让它为根用户工作。太令人沮丧了,因为我已经尝试过很多谷歌搜索的方法了。
以下是当前设置和secureCRT跟踪日志。同样,abc用户在容器中。我还让非root用户123在docker主机上使用公钥身份验证,以及root。所以,不知道是什么引起了这个问题。不知何故,/home/abc/..ssh/authorized_key文件没有正确读取。
我还获得了chmod 700 (我也尝试了744)更正的.ssh和. .ssh/authorized_keys权限,.ssh和. .ssh/authorized_keys是由abc用户拥有的。我还非常小心地检查了authorized_key文件中的密钥,公钥(在记事本中打开,复制,然后粘贴到容器authorized_key文件中)匹配。你能帮上忙吗?我的想法用完了。
- /etc/ssh/sshd_config
PasswordAuthentication no
PubkeyAuthentication yes
ChallengeResponseAuthentication no
PermitRootLogin yes
UsePAM no
AuthorizedKeysFile .ssh/authorized_keys /home/abc/.ssh/authorized_keys用于用户abc的
- 跟踪日志(不工作)。只有日志差异(来自根的跟踪)显示为
[LOCAL] : SENT : USERAUTH_REQUEST [publickey (ssh-rsa) - unsigned,fingerprint (SHA-2 hash): ...]
[LOCAL] : SENT : USERAUTH_REQUEST [publickey (ssh-rsa) - unsigned,fingerprint (SHA-1 hash): ...]
[LOCAL] : SENT : USERAUTH_REQUEST [publickey (ssh-rsa) - unsigned,fingerprint (MD5 hash): ...]
[LOCAL] : RECV : USERAUTH_FAILURE, continuations [publickey]
[LOCAL] : SENT : USERAUTH_REQUEST [publickey (ssh-rsa) - unsigned,agent,fingerprint (SHA-2 hash): ...]
[LOCAL] : SENT : USERAUTH_REQUEST [publickey (ssh-rsa) - unsigned,agent,fingerprint (SHA-1 hash): ...]
[LOCAL] : SENT : USERAUTH_REQUEST [publickey (ssh-rsa) - unsigned,agent,fingerprint (MD5 hash): ]
[LOCAL] : RECV : USERAUTH_FAILURE, continuations [publickey]
[LOCAL] : SEND: Disconnect packet: The user canceled authentication.
[LOCAL] : Changing state from STATE_CONNECTION to STATE_SEND_DISCONNECT
[LOCAL] : Changing state from STATE_SEND_DISCONNECT to STATE_CLOSED
[LOCAL] : Connected for 3 seconds, 2698 bytes sent, 2233 bytes received用于用户根的
- 跟踪日志(工作)。只有日志差异(来自用户abc的跟踪)显示为
[LOCAL] : SENT : USERAUTH_REQUEST [publickey (ssh-rsa) - unsigned,fingerprint (SHA-2 hash): ...]
[LOCAL] : SENT : USERAUTH_REQUEST [publickey (ssh-rsa) - unsigned,fingerprint (SHA-1 hash): ...]
[LOCAL] : SENT : USERAUTH_REQUEST [publickey (ssh-rsa) - unsigned,fingerprint (MD5 hash): ...]
[LOCAL] : SENT : USERAUTH_REQUEST [publickey (ssh-rsa) - signed,May 2000 Standard]
[LOCAL] : RECV : AUTH_SUCCESS
[LOCAL] : SEND[0]: SSH_MSG_CHANNEL_OPEN('session')
[FROM REMOTE] : /root/.ssh/authorized_keys:1: key options: agent-forwarding port-forwarding pty user-rc x11-forwarding
[FROM REMOTE] : /root/.ssh/authorized_keys:1: key options: agent-forwarding port-forwarding pty user-rc x11-forwarding
[LOCAL] : SEND[0]: Pty Request (rows: 68, cols: 189)
[LOCAL] : RECV[0]: pty request succeeded
[LOCAL] : SEND[0]: shell request
[LOCAL] : RECV[0]: shell request succeeded- 跟踪日志的其余部分,这对于根用户和abc用户来说是一样的。这是跟踪日志的第一部分,后面是上面根/用户abc的跟踪。
[LOCAL] : SSH2Core version 8.1.0.1362
[LOCAL] : Connecting to xyz:220 ...
[LOCAL] : Resolved hostname to x.x.x.x:220
SecureCRT - Version 8.1.2 (x64 build 1362)
[LOCAL] : Changing state from STATE_NOT_CONNECTED to STATE_EXPECT_KEX_INIT
[LOCAL] : Using protocol SSH2
[LOCAL] : RECV : Remote Identifier = 'SSH-2.0-OpenSSH_7.9p1 Debian-10+deb10u2'
[LOCAL] : CAP : Remote can re-key
[LOCAL] : CAP : Remote sends language in password change requests
[LOCAL] : CAP : Remote sends algorithm name in PK_OK packets
[LOCAL] : CAP : Remote sends algorithm name in public key packets
[LOCAL] : CAP : Remote sends algorithm name in signatures
[LOCAL] : CAP : Remote sends error text in open failure packets
[LOCAL] : CAP : Remote sends name in service accept packets
[LOCAL] : CAP : Remote includes port number in x11 open packets
[LOCAL] : CAP : Remote uses 160 bit keys for SHA1 MAC
[LOCAL] : CAP : Remote supports new diffie-hellman group exchange messages
[LOCAL] : CAP : Remote correctly handles unknown SFTP extensions
[LOCAL] : CAP : Remote correctly encodes OID for gssapi
[LOCAL] : CAP : Remote correctly uses connected addresses in forwarded-tcpip requests
[LOCAL] : CAP : Remote can do SFTP version 4
[LOCAL] : CAP : Remote uses SHA1 hash in RSA signatures for x.509v3
[LOCAL] : CAP : Remote x.509v3 uses ASN.1 encoding for DSA signatures
[LOCAL] : CAP : Remote correctly handles zlib@openssh.com
[LOCAL] : SSPI : Requesting full delegation
[LOCAL] : SSPI : [Kerberos] SPN : host@xyz
[LOCAL] : SSPI : [Kerberos] InitializeSecurityContext() failed.
[LOCAL] : SSPI : [Kerberos] The specified target is unknown or unreachable
[LOCAL] : SSPI : [Kerberos] Disabling gss mechanism
[LOCAL] : GSS : Requesting full delegation
[LOCAL] : GSS : [Kerberos] SPN : host@xyz
[LOCAL] : GSS : [Kerberos] InitializeSecurityContext() failed.
[LOCAL] : GSS : [Kerberos] Could not load library 'gssapi64.dll': The specified module could not be found.
[LOCAL] : GSS : [Kerberos] Disabling gss mechanism
[LOCAL] : GSS : [Kerberos] Disabling gss mechanism
[LOCAL] : The following key exchange method has been filtered from the key exchange method list because it is not supported: gss-group1-sha1-toWM5Slw5Ew8Mqkay+al2g==
[LOCAL] : SSPI : Requesting full delegation
[LOCAL] : SSPI : [Kerberos (Group Exchange)] SPN : host@xyz
[LOCAL] : SSPI : [Kerberos (Group Exchange)] InitializeSecurityContext() failed.
[LOCAL] : SSPI : [Kerberos (Group Exchange)] The specified target is unknown or unreachable
[LOCAL] : SSPI : [Kerberos (Group Exchange)] Disabling gss mechanism
[LOCAL] : GSS : Requesting full delegation
[LOCAL] : GSS : [Kerberos (Group Exchange)] SPN : host@xyz
[LOCAL] : GSS : [Kerberos (Group Exchange)] InitializeSecurityContext() failed.
[LOCAL] : GSS : [Kerberos (Group Exchange)] Could not load library 'gssapi64.dll': The specified module could not be found.
[LOCAL] : GSS : [Kerberos (Group Exchange)] Disabling gss mechanism
[LOCAL] : GSS : [Kerberos (Group Exchange)] Disabling gss mechanism
[LOCAL] : The following key exchange method has been filtered from the key exchange method list because it is not supported: gss-gex-sha1-toWM5Slw5Ew8Mqkay+al2g==
[LOCAL] : SEND : KEXINIT
[LOCAL] : RECV : Read kexinit
[LOCAL] : Available Remote Kex Methods = curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1
[LOCAL] : Selected Kex Method = ecdh-sha2-nistp521
[LOCAL] : Available Remote Host Key Algos = rsa-sha2-512,rsa-sha2-256,ssh-rsa,ecdsa-sha2-nistp256,ssh-ed25519
[LOCAL] : Selected Host Key Algo = ssh-rsa
[LOCAL] : Available Remote Send Ciphers = chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
[LOCAL] : Selected Send Cipher = aes256-ctr
[LOCAL] : Available Remote Recv Ciphers = chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
[LOCAL] : Selected Recv Cipher = aes256-ctr
[LOCAL] : Available Remote Send Macs = umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
[LOCAL] : Selected Send Mac = hmac-sha2-512
[LOCAL] : Available Remote Recv Macs = umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
[LOCAL] : Selected Recv Mac = hmac-sha2-512
[LOCAL] : Available Remote Compressors = none,zlib@openssh.com
[LOCAL] : Selected Compressor = none
[LOCAL] : Available Remote Decompressors = none,zlib@openssh.com
[LOCAL] : Selected Decompressor = none
[LOCAL] : Changing state from STATE_EXPECT_KEX_INIT to STATE_KEY_EXCHANGE
[LOCAL] : SEND : SSH_MSG_KEX_ECDH_INIT
[LOCAL] : RECV : SSH_MSG_KEX_ECDH_REPLY
[LOCAL] : Changing state from STATE_KEY_EXCHANGE to STATE_READY_FOR_NEW_KEYS
[LOCAL] : RECV: Remote Hostkey (SHA-2 hash): ...
[LOCAL] : RECV: Remote Hostkey (SHA-1 hash): ...
[LOCAL] : RECV: Remote Hostkey (MD5 hash): ...
[LOCAL] : SEND : NEWKEYS
[LOCAL] : Changing state from STATE_READY_FOR_NEW_KEYS to STATE_EXPECT_NEWKEYS
[LOCAL] : RECV : NEWKEYS
[LOCAL] : Changing state from STATE_EXPECT_NEWKEYS to STATE_CONNECTION
[LOCAL] : SEND: SERVICE_REQUEST[ssh-userauth]
[LOCAL] : RECV: SERVICE_ACCEPT[ssh-userauth] -- OK
[LOCAL] : SENT : USERAUTH_REQUEST [none]
[LOCAL] : RECV : USERAUTH_FAILURE, continuations [publickey]
[LOCAL] : SENT : USERAUTH_REQUEST [publickey (ssh-rsa) - unsigned,fingerprint (SHA-2 hash): ...]
[LOCAL] : SENT : USERAUTH_REQUEST [publickey (ssh-rsa) - unsigned,fingerprint (SHA-1 hash): ...]
[LOCAL] : SENT : USERAUTH_REQUEST [publickey (ssh-rsa) - unsigned,fingerprint (MD5 hash): ...]
[LOCAL] : RECV : USERAUTH_FAILURE, continuations [publickey]
[LOCAL] : SENT : USERAUTH_REQUEST [publickey (ssh-rsa) - unsigned,agent,fingerprint (SHA-2 hash): ...]
[LOCAL] : SENT : USERAUTH_REQUEST [publickey (ssh-rsa) - unsigned,agent,fingerprint (SHA-1 hash): ...]
[LOCAL] : SENT : USERAUTH_REQUEST [publickey (ssh-rsa) - unsigned,agent,fingerprint (MD5 hash): ...]
[LOCAL] : RECV : USERAUTH_FAILURE, continuations [publickey]
[LOCAL] : SEND: Disconnect packet: The user canceled authentication.
[LOCAL] : Changing state from STATE_CONNECTION to STATE_SEND_DISCONNECT
[LOCAL] : Changing state from STATE_SEND_DISCONNECT to STATE_CLOSED
[LOCAL] : Connected for 3 seconds, 2698 bytes sent, 2233 bytes received
[LOCAL] : Stream has closed [CLOSE_TYPE_NO_AUTO_RECONNECT] : The user canceled authentication. 回答 1
Stack Overflow用户
发布于 2020-04-07 21:37:34
你猜怎么着,我是偶然修好的!
所以我很绝望,几乎用尽了所有的选择,但还是没有开始工作。因此,我昨晚放弃了,使用sshd_config中的以下设置为abc用户恢复密码身份验证。
匹配用户abc
PasswordAuthentication是
PubkeyAuthentication号
然后,一个声音告诉我,尝试禁用(取消评论)这些设置,它只是工作!我经历过最奇怪也最痛苦的事情,但现在却如此快乐!
你认为是Debian10bug,还是secureCRT 8.1.2的bug?
页面原文内容由Stack Overflow提供。腾讯云小微IT领域专用引擎提供翻译支持
原文链接:
https://stackoverflow.com/questions/61072981
复制相关文章
相似问题
腾讯云开发者
Copyright © 2013 - 2026 Tencent Cloud. All Rights Reserved. 腾讯云 版权所有
深圳市腾讯计算机系统有限公司 ICP备案/许可证号:粤B2-20090059 
粤公网安备44030502008569号
腾讯云计算(北京)有限责任公司 京ICP证150476号 | 京ICP备11018762号