1
anguslg 2016-10-15 23:36:33 +08:00
公钥权限改成 500
|
2
shimanooo 2016-10-16 01:19:06 +08:00 via iPad
dsa 还是 rsa 的? sierra 好像去掉了前者的支持。
ssh -vvv 看详情。 |
3
fx 2016-10-16 01:27:27 +08:00
我也是这样
|
5
loser OP @anguslg
test:~ test$ ssh -i /Users/test/key [email protected] Enter passphrase for key '/Users/test/key': Permission denied (publickey). test:~ test$ 依然如此。 |
6
shimanooo 2016-10-16 01:41:07 +08:00
打开公钥文件,看开头 ssh-dss 还是 ssh-rsa
|
8
loser OP @shimanooo
加密是: RSA PRIVATE KEY AES-128-CBC 还有 ssh -vvv 是啥?没这个参数,有 -V ssh -V OpenSSH_7.2p2, LibreSSL 2.4.1 |
9
noli 2016-10-16 01:44:50 +08:00
先 ssh -v 看看是什么问题。
|
10
shimanooo 2016-10-16 01:46:21 +08:00 1
@loser
-v Verbose mode. Causes ssh to print debugging messages about its progress. This is helpful in debugging connection, authentica- tion, and configuration problems. Multiple -v options increase the verbosity. The maximum is 3. |
11
loser OP test:~ test$ ssh -i /Users/test/test -p 2222 -v [email protected]
OpenSSH_7.2p2, LibreSSL 2.4.1 debug1: Reading configuration data /etc/ssh/ssh_config debug1: /etc/ssh/ssh_config line 20: Applying options for * debug1: Connecting to 10.0.0.1 [10.0.0.1] port 2222. debug1: Connection established. debug1: identity file /Users/test/test type 1 debug1: key_load_public: No such file or directory debug1: identity file /Users/test/test-cert type -1 debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_7.2 debug1: Remote protocol version 2.0, remote software version OpenSSH_5.3 debug1: match: OpenSSH_5.3 pat OpenSSH_5* compat 0x0c000000 debug1: Authenticating to 10.0.0.1:2222 as 'root' debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug1: kex: algorithm: diffie-hellman-group-exchange-sha256 debug1: kex: host key algorithm: ssh-rsa debug1: kex: server->client cipher: aes128-ctr MAC: [email protected] compression: none debug1: kex: client->server cipher: aes128-ctr MAC: [email protected] compression: none debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(2048<3072<8192) sent debug1: got SSH2_MSG_KEX_DH_GEX_GROUP debug1: SSH2_MSG_KEX_DH_GEX_INIT sent debug1: got SSH2_MSG_KEX_DH_GEX_REPLY debug1: Server host key: ssh-rsa SHA256:bNuPwQRTJ6nM7QqHiU9DqrdaduA/MmgULzkjjW4UVeo debug1: checking without port identifier debug1: Host '10.0.0.1' is known and matches the RSA host key. debug1: Found key in /Users/test/.ssh/known_hosts:47 debug1: found matching key w/out port debug1: rekey after 4294967296 blocks debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug1: rekey after 4294967296 blocks debug1: SSH2_MSG_NEWKEYS received debug1: SSH2_MSG_SERVICE_ACCEPT received debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic debug1: Next authentication method: publickey debug1: Offering RSA public key: /Users/test/test debug1: Server accepts key: pkalg ssh-rsa blen 279 Enter passphrase for key '/Users/test/test': debug1: No more authentication methods to try. Permission denied (publickey,gssapi-keyex,gssapi-with-mic). 来了,各位大神 |
12
loser OP 如果真是 sierra 的问题,明天去公司用 windows 电脑拿这个 key 试试,不然就真的哭死了,一对服务器都是这个 key
|
13
noli 2016-10-16 02:33:23 +08:00
|
14
loser OP |
15
RqPS6rhmP3Nyn3Tm 2016-10-16 06:12:05 +08:00
我也出问题了,最后手动修改了 /etc/ssh/ssh_config 解决
|
16
tedd 2016-10-16 09:11:06 +08:00 via iPhone
顺便问问我如果要降级的话是不是把 ssh 文件夹拷贝出来,清盘降级后靠背回去就行呢?
|
17
laoyur 2016-10-16 09:44:18 +08:00
看上去并不是这个 key 本身出问题,而是你原先保存在 keychain 中的这个 key 的 passphrase 无法获取了,提示你输入 passphrase 时你又不记得,往这个方向搜索一下答案
|
18
laoyur 2016-10-16 09:58:14 +08:00
忘记 passphrase 没关系,你可以到 keychain.app 中手动查出来,至于为何 10.12 有这样的问题,搜索一下发现类似问题很多: https://www.google.com/search?newwindow=1&c2coff=1&biw=1600&bih=694&q=macos+sierra+keychain+key+passphrase&oq=macos+sierra+keychain+key+passphr&gs_l=serp.1.0.30i10k1.45129093.45162196.0.45167642.39.38.0.0.0.0.739.6703.2-7j3j3j3j1.17.0....0...1c.1j4.64.serp..23.10.3902.0..0j0i12k1j0i10k1j0i10i19k1.jtJ22lHafMA
|
19
shutongxinq 2016-10-16 23:38:00 +08:00
"That ’ s expected. We re-aligned our behavior with the mainstream OpenSSH in this area.
You can fix this pretty easily by running ssh-add -A in your rc script if you want your keys to always be loaded." Source: https://openradar.appspot.com/27348363 |
20
loser OP |
22
zhang330700 2019-03-10 15:33:42 +08:00
我的情况是
修改 /etc/ssh/ssh_config 和 /etc/ssh/sshd_config 的配置 ,支持 dss 格式的秘钥, PubkeyAcceptedKeyTypes=+ssh-dss ForwardAgent yes |