使用公钥身份验证为 Windows 设置 OpenSSH [英] Setting up OpenSSH for Windows using public key authentication

问题描述

我在使用公钥身份验证为 Windows 设置 OpenSSH 时遇到问题.

I am having issues setting up OpenSSH for Windows, using public key authentication.

我在我的本地桌面上有这个工作，并且可以使用来自 Unix 机器或其他用于 Windows 机器的 OpenSSH 的密钥进行 ssh.

I have this working on my local desktop and can ssh with a key from Unix machines or other OpenSSH for Windows machines.

我已将构建复制到服务器上，我可以正常进行密码验证，但是当我使用密钥时，出现以下问题:

I have replicated the build onto a server, I can get password authentication working fine, but when I use the keys I get the following issue:

debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug3: start over, passed a different list publickey,password,keyboard-interactive
debug3: preferred publickey,keyboard-interactive,password
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /cygdrive/c/sshusers/jsadmint2232/.ssh/id_rsa
debug3: send_pubkey_test
debug2: we sent a publickey packet, wait for reply
Connection closed by 127.0.0.1

所以为了测试的目的，我只是尝试通过 SSH 连接到本地主机，但即使远程尝试我也遇到了同样的问题.

So for the purposes of testing, I have been just trying to SSH to localhost, but even when tried remotely I get the same issue.

更奇怪的是，当我在 sshd_config 中同时启用密码和公钥时，它只会尝试使用密钥，然后用上面的消息轰炸，甚至不会尝试使用密码.

Even more strange, is that when I have both password and public key enabled in sshd_config, it will only attempt to use keys and then bomb out with the above message and won't even try to use password.

以下是我采取的步骤:

1. 为 Windows 安装 OpenSSH
2. mkgroup -l >>..etcgroup(添加本地组)
3. mkgroup -d >>..etcgroup(添加域组)
4. mkpasswd -L -u openssh >>..passwd(添加了我的本地用户)
5. mkpasswd -D -u jsadmint2232 >>..passwd(添加了我的域用户)
6. 编辑文件 passwd 中的 homedir 以指向 c:sshusers%USER% - 其中 %USER% 是用户名
7. 启用密码验证，禁用密钥验证
8. 为 jsadmint2232/OpenSSH 创建了 SSH 密钥，并确保文件是在主目录中创建的
9. 将authorized_keys 文件添加到每个用户的.ssh 目录中，并为传入的连接用户添加密钥
10. net stop opensshd/net start opensshd
11. 测试密码验证是否在本地和远程都有效
12. 更新了 sshd_config，以启用密钥身份验证 - 重新启动 opensshd
13. 测试连接并得到上述错误.此外，它甚至不尝试密码身份验证.
14. 更新了 sshd_config，以完全禁用密码验证 - 重新启动 opensshd
15. 测试连接仍然出现上述错误

1. Install OpenSSH for Windows
2. mkgroup -l >>..etcgroup (added local groups)
3. mkgroup -d >>..etcgroup (added domain groups)
4. mkpasswd -L -u openssh >>..passwd (added my local user)
5. mkpasswd -D -u jsadmint2232 >>..passwd (added my domain user)
6. Edited the homedir in file passwd to point to c:sshusers%USER% - where %USER% is the user name
7. Enabled password authentication, disabled key authentication
8. Created SSH keys for both jsadmint2232 / OpenSSH and ensured that the files were created in home directories
9. Added authorized_keys files into .ssh directories for each user and added keys for incoming connecting users
10. net stop opensshd / net start opensshd
11. Test if password authentication works both locally and remotely
12. Updated sshd_config, to enabled key auth - restart opensshd
13. Test connection and get above error. Also, it doesn't even try password authentication.
14. Updated sshd_config, to disable password authentication completely - restart opensshd
15. Test connection and still get above error

服务器似乎出于某种原因正在终止连接.

It appears the server is killing the connection for some reason.

推荐答案

我已经解决了这个问题...

I have solved the issue...

它与启动服务的帐户有关 - 它使用的是本地系统帐户 - 这阻止了它访问公钥和authorized_keys文件.

It is related to the account that started the service - it was using the Local System account - this was stopping it accessing the public key and authorized_keys file.

一旦我停止服务并以我试图连接的用户身份启动，它就成功了！

Once I stopped the service and started as the user I was trying to connect into, it worked!

所以基本上，您需要从服务帐户开始，然后外部用户以该用户身份连接.

So basically, you need to start with a service account and then external users connect in as that user.

这篇关于使用公钥身份验证为 Windows 设置 OpenSSH的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！