使用公钥身份验证为 Windows 设置 OpenSSH [英] Setting up OpenSSH for Windows using public key authentication
问题描述
我在使用公钥身份验证为 Windows 设置 OpenSSH 时遇到问题.
I am having issues setting up OpenSSH for Windows, using public key authentication.
我在我的本地桌面上有这个工作,并且可以使用来自 Unix 机器或其他用于 Windows 机器的 OpenSSH 的密钥进行 ssh.
I have this working on my local desktop and can ssh with a key from Unix machines or other OpenSSH for Windows machines.
我已将构建复制到服务器上,我可以正常进行密码验证,但是当我使用密钥时,出现以下问题:
I have replicated the build onto a server, I can get password authentication working fine, but when I use the keys I get the following issue:
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug3: start over, passed a different list publickey,password,keyboard-interactive
debug3: preferred publickey,keyboard-interactive,password
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /cygdrive/c/sshusers/jsadmint2232/.ssh/id_rsa
debug3: send_pubkey_test
debug2: we sent a publickey packet, wait for reply
Connection closed by 127.0.0.1
所以为了测试的目的,我只是尝试通过 SSH 连接到本地主机,但即使远程尝试我也遇到了同样的问题.
So for the purposes of testing, I have been just trying to SSH to localhost, but even when tried remotely I get the same issue.
更奇怪的是,当我在 sshd_config
中同时启用密码和公钥时,它只会尝试使用密钥,然后用上面的消息轰炸,甚至不会尝试使用密码.
Even more strange, is that when I have both password and public key enabled in sshd_config
, it will only attempt to use keys and then bomb out with the above message and won't even try to use password.
以下是我采取的步骤:
- 为 Windows 安装 OpenSSH
mkgroup -l >>..etcgroup
(添加本地组)mkgroup -d >>..etcgroup
(添加域组)mkpasswd -L -u openssh >>..passwd
(添加了我的本地用户)mkpasswd -D -u jsadmint2232 >>..passwd
(添加了我的域用户)- 编辑文件 passwd 中的 homedir 以指向 c:sshusers%USER% - 其中 %USER% 是用户名
- 启用密码验证,禁用密钥验证
- 为 jsadmint2232/OpenSSH 创建了 SSH 密钥,并确保文件是在主目录中创建的
- 将authorized_keys 文件添加到每个用户的.ssh 目录中,并为传入的连接用户添加密钥
net stop opensshd
/net start opensshd
- 测试密码验证是否在本地和远程都有效
- 更新了 sshd_config,以启用密钥身份验证 - 重新启动 opensshd
- 测试连接并得到上述错误.此外,它甚至不尝试密码身份验证.
- 更新了 sshd_config,以完全禁用密码验证 - 重新启动 opensshd
- 测试连接仍然出现上述错误
- Install OpenSSH for Windows
mkgroup -l >>..etcgroup
(added local groups)mkgroup -d >>..etcgroup
(added domain groups)mkpasswd -L -u openssh >>..passwd
(added my local user)mkpasswd -D -u jsadmint2232 >>..passwd
(added my domain user)- Edited the homedir in file passwd to point to c:sshusers%USER% - where %USER% is the user name
- Enabled password authentication, disabled key authentication
- Created SSH keys for both jsadmint2232 / OpenSSH and ensured that the files were created in home directories
- Added authorized_keys files into .ssh directories for each user and added keys for incoming connecting users
net stop opensshd
/net start opensshd
- Test if password authentication works both locally and remotely
- Updated sshd_config, to enabled key auth - restart opensshd
- Test connection and get above error. Also, it doesn't even try password authentication.
- Updated sshd_config, to disable password authentication completely - restart opensshd
- Test connection and still get above error
服务器似乎出于某种原因正在终止连接.
It appears the server is killing the connection for some reason.
推荐答案
我已经解决了这个问题...
I have solved the issue...
它与启动服务的帐户有关 - 它使用的是本地系统帐户 - 这阻止了它访问公钥和authorized_keys文件.
It is related to the account that started the service - it was using the Local System account - this was stopping it accessing the public key and authorized_keys file.
一旦我停止服务并以我试图连接的用户身份启动,它就成功了!
Once I stopped the service and started as the user I was trying to connect into, it worked!
所以基本上,您需要从服务帐户开始,然后外部用户以该用户身份连接.
So basically, you need to start with a service account and then external users connect in as that user.
这篇关于使用公钥身份验证为 Windows 设置 OpenSSH的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!