使用公共密钥身份验证为Windows设置OpenSSH [英] Setting up OpenSSH for Windows using public key authentication

问题描述

我在使用公用密钥身份验证为Windows设置OpenSSH时遇到问题.

I am having issues setting up OpenSSH for Windows, using public key authentication.

我可以在本地桌面上使用它，并且可以使用Unix计算机或Windows计算机上的其他OpenSSH的密钥进行ssh.

I have this working on my local desktop and can ssh with a key from Unix machines or other OpenSSH for Windows machines.

我已将构建复制到服务器上，可以正常进行密码身份验证，但是当我使用密钥时，出现以下问题:

I have replicated the build onto a server, I can get password authentication working fine, but when I use the keys I get the following issue:

debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug3: start over, passed a different list publickey,password,keyboard-interactive
debug3: preferred publickey,keyboard-interactive,password
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /cygdrive/c/sshusers/jsadmint2232/.ssh/id_rsa
debug3: send_pubkey_test
debug2: we sent a publickey packet, wait for reply
Connection closed by 127.0.0.1

因此，出于测试目的，我一直在尝试通过SSH到本地主机，但是即使在远程尝试时，我也遇到相同的问题.

So for the purposes of testing, I have been just trying to SSH to localhost, but even when tried remotely I get the same issue.

更奇怪的是，当我同时拥有密码&在sshd_config中启用了公共密钥，它将仅尝试使用密钥，然后用上述消息轰炸出去，甚至不尝试使用密码.

Even more strange, is that when I have both password & public key enabled in sshd_config, it will only attempt to use keys and then bomb out with the above message and won't even try to use password.

这是我已采取的步骤:

1. 为Windows安装OpenSSH
2. mkgroup -l >> .. \ etc \ group(添加了本地组)
3. mkgroup -d >> .. \ etc \ group(添加的域组)
4. mkpasswd -L -u openssh >> .. \ passwd(添加了我的本地用户)
5. mkpasswd -D -u jsadmint2232 >> .. \ passwd(添加了我的域用户)
6. 在passwd中编辑homedir以指向c:\ sshusers \％USER％-其中％USER％是用户名
7. 已启用密码身份验证，已禁用密钥身份验证
8. 为jsadmint2232/openssh创建了ssh密钥，并确保文件是在homedirs中创建的
9. 为每个用户在.ssh目录中添加了authorized_keys文件，并为传入的连接用户添加了密钥
10. net stop opensshd/net start opensshd
11. 测试密码身份验证在本地和远程均可工作
12. 已更新sshd_config，以启用密钥身份验证-重新启动opensshd
13. 测试连接并获得以上错误，甚至还不尝试密码身份验证?
14. 更新了sshd_config，以完全禁用密码身份验证-重新启动opensshd
15. 测试连接，仍然会遇到错误

1. Install OpenSSH for Windows
2. mkgroup -l >>..\etc\group (added local groups)
3. mkgroup -d >>..\etc\group (added domain groups)
4. mkpasswd -L -u openssh >>..\passwd (added my local user)
5. mkpasswd -D -u jsadmint2232 >>..\passwd (added my domain user)
6. Edited the homedir in passwd to point to c:\sshusers\%USER% - where %USER% is the user name
7. Enabled password auth, disabled key auth
8. Created ssh keys for both jsadmint2232 / openssh and ensured that the files were created in homedirs
9. Added authorized_keys files into .ssh dirs for each user and added keys for incoming connecting users
10. net stop opensshd / net start opensshd
11. Test Password auth works both locally and remotely
12. Updated sshd_config, to enabled key auth - restart opensshd
13. Test connection and get above error, also doesn't even try password auth?
14. Updated sshd_config, to disable password auth completely - restart opensshd
15. Test connection and still get above error

服务器似乎出于某种原因终止了连接?

It appears the server is killing the connection for some reason?

推荐答案

我已经解决了这个问题...

I have solved the issue...

它与启动该服务的帐户有关-该帐户正在使用本地系统帐户-这已阻止该帐户访问发布密钥和authorized_keys文件.

It is related to the account that started the service - its was using the Local System account - this was stopping it accessing the pub key and authorized_keys file.

一旦我停止了该服务并以我尝试连接的用户身份启动它，它就开始工作了！

Once I stopped the service and started as the user I was trying to connect into, it worked!

因此，基本上，您需要从一个服务帐户开始，然后外部用户以该用户身份进入.

So basically, you need to start with a service account and then external users connect in as that user.

这篇关于使用公共密钥身份验证为Windows设置OpenSSH的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！