Ubuntu与Ubuntu服务器的连接以“拒绝权限,请重试”拒绝。
我有一个连接到本地网络的个人服务器,最近我想在它上设置一个SFTP-服务器,以便进行一些媒体传输。但是,当我试图连接到它时,它会询问我的密码,但即使是正确的密码也会出现错误,说明“拒绝权限,请再试一次”。
我有一个用于服务器管理的主SSH帐户,它可以使用公钥身份验证很好地工作。
另一个名为sftp-default的用户在sftp组中。我使用sftp-default设置了# passwd sftp-default密码
下面是我的/etc/ssh/sshd_config (没有注释的部分):
Include /etc/ssh/sshd_config.d/*.conf
Port 468
HostKey /etc/ssh/ssh_host_ecdsa_key
PubkeyAuthentication yes
PasswordAuthentication yes
ChallengeResponseAuthentication yes
UsePAM yes
AuthenticationMethods publickey,password publickey,keyboard-interactive
X11Forwarding yes
PrintMotd no
AcceptEnv LANG LC_*
Subsystem sftp /usr/lib/openssh/sftp-server
Match User sftp-default
PasswordAuthentication yes
AuthenticationMethods password,publickey
ChrootDirectory /mnt/raid/mediaServers/sftp
X11Forwarding no
AllowTcpForwarding no
ForceCommand internal-sftp/mnt/raid/mediaServers/sftp具有以下使用stat的权限:
File: /mnt/raid/mediaServers/sftp
Size: 4096 Blocks: 8 IO Block: 4096 directory
Device: 821h/2081d Inode: 3014657 Links: 4
Access: (0755/drwxr-xr-x) Uid: ( 1004/sftp-default) Gid: ( 1004/ sftp)
Access: 2023-01-02 15:41:30.271437209 +0100
Modify: 2022-09-04 17:14:16.724283747 +0200
Change: 2023-01-02 15:41:30.287436770 +0100
Birth: 2022-09-04 16:12:38.458449835 +0200现在,当我尝试执行sftp -P 468 sftp-default@<local_ip>时,当我尝试输入密码3次时,它给出了下面的输出。
sftp-default@<local_ip>'s password:
Permission denied, please try again.
sftp-default@<local_ip>'s password:
Permission denied, please try again.
sftp-default@<local_ip>'s password:
sftp-default@<local_ip>: Permission denied (password).
Connection closed.
Connection closed注意:<local_ip>是本地IP地址。
通过SSH的连接以同样的方式拒绝。运行ssh sftp-default@<local_ip> -p 468 -v,它输出:
OpenSSH_8.9p1 Ubuntu-3, OpenSSL 3.0.2 15 Mar 2022
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: include /etc/ssh/ssh_config.d/*.conf matched no files
debug1: /etc/ssh/ssh_config line 21: Applying options for *
debug1: Connecting to <local_ip> [<local_ip>] port 468.
debug1: Connection established.
debug1: Local version string SSH-2.0-OpenSSH_8.9p1 Ubuntu-3
debug1: Remote protocol version 2.0, remote software version OpenSSH_8.9p1 Ubuntu-3
debug1: compat_banner: match: OpenSSH_8.9p1 Ubuntu-3 pat OpenSSH* compat 0x04000000
debug1: Authenticating to <local_ip>:468 as 'sftp-default'
debug1: load_hostkeys: fopen /home/%user%/.ssh/known_hosts2: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts2: No such file or directory
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: curve25519-sha256
debug1: kex: host key algorithm: ecdsa-sha2-nistp256
debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: SSH2_MSG_KEX_ECDH_REPLY received
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:WK/sXtplQBRUA/guEF9HF6XiMZORiXdPVwweF5m467Q
debug1: load_hostkeys: fopen /home/%user%/.ssh/known_hosts2: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts2: No such file or directory
debug1: Host '[<local_ip>]:468' is known and matches the ECDSA host key.
debug1: Found key in /home/theophil/.ssh/known_hosts:5
debug1: rekey out after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey in after 134217728 blocks
debug1: get_agent_identities: bound agent to hostkey
debug1: get_agent_identities: ssh_fetch_identitylist: agent contains no identities
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<ssh-ed25519,sk-ssh-ed25519@openssh.com,ssh-rsa,rsa-sha2-256,rsa-sha2-512,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,sk-ecdsa-sha2-nistp256@openssh.com,webauthn-sk-ecdsa-sha2-nistp256@openssh.com>
debug1: kex_input_ext_info: publickey-hostbound@openssh.com=<0>
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: password
debug1: Next authentication method: password
sftp-default@<local_ip>'s password:
[2 more authentication tries]
debug1: Authentications that can continue: password
debug1: No more authentication methods to try.
sftp-default@<local_ip>: Permission denied (password).注意:为了垃圾邮件过滤器,我不得不拿出一些部件。本地IP地址被<local_ip>替换,试图连接到服务器的用户名被%user%替换,一些SHA校验和被[Checksum hidden]替换。
有什么明显的,我失踪了吗?我在网上找不到什么解决这个问题的办法。
我也不知道这个Subsystem sftp /usr/lib/openssh/sftp-server意味着什么,但是注释掉它并重新启动SSH守护进程也没有解决问题。
我已经在UFW上打开了468端口。SFTP是否使用另一个端口进行数据传输?还在/mnt/raid/mediaServers/sftp上尝试了777 (drwxrwxrwx)权限,root和sftp-default用户都使用# chown sftp-default:sftp -R /mnt/raid/mediaServers/sftp和# chmod 777 -R /mnt/raid/mediaServers/sftp。
回答 1
Unix & Linux用户
发布于 2023-01-03 16:50:29
我找到了一个关于Google身份验证PAM模块的答案,我在我的主要SSH帐户上为2FA设置了这个模块。不知怎么的,它阻止了对所有帐户的访问,没有设置它,这意味着我的sftp-default帐户也被屏蔽了。对我来说,修复方法是禁用组sftp的模块,我在/etc/pam.d/sshd中使用了下面的行:
#Disable SSH PAM authentication for SFTP-Users
auth [success=done default=ignore] pam_succeed_if.so user ingroup sftp现在一切正常,我可以用我的sftp-default帐户登录:
sftp-default@<local_ip>'s password:
Connected to <local_ip>.
sftp> pwd
Remote working directory: /mnt/raid/mediaServers/sftp
sftp> byehttps://unix.stackexchange.com/questions/730323
复制相似问题
腾讯云开发者
Copyright © 2013 - 2026 Tencent Cloud. All Rights Reserved. 腾讯云 版权所有
深圳市腾讯计算机系统有限公司 ICP备案/许可证号:粤B2-20090059 
粤公网安备44030502008569号
腾讯云计算(北京)有限责任公司 京ICP证150476号 | 京ICP备11018762号