尝试使用RSA密钥通过SSH进入EC2，获取：不正确RSA1标识......拒绝的权限（公钥） [英] Trying to use RSA Keys to SSH into EC2, Getting: Incorrect RSA1 identifier... permission denied (public key)

问题描述

我已经建立在Amazon EC2 Ubuntu的12.04实例。

我已经下载了PEM文件，并且现在能够通过SSH进入的情况下，没有任何问题。

现在，我想对顾问等远程实例创建一些帐户 他们应该能够ssh到使用RSA密钥箱。在EC2的机器，我已经建立了在〜/家里几个帐户/，并将其分配给该组管理。我也给自己一个类似的帐户（MyTestAccount）进行测试。这是我做的：

我使用的关键根要在我的本地机器上创建.ssh目录公钥和私钥（的〜/ .ssh）：

  drwx ------ 2彼得·彼得1024年9月14日10时23分的.ssh
 

和里面的文件：

  -rw ------- 1彼得·彼得1675年09月14 10:23 id_rsa
-rw ------- 1彼得·彼得·394 9月14日10时23 id_rsa.pub
-rw ------- 1彼得·彼得·444年09月14 00:05的known_hosts
 

然后我SCP'd的id_rsa.pub文件，以我的远程EC2实例，并追加其到 的.ssh / authorized_keys文件在我的远程实例。我的遥控器的权限 .ssh目录：

  drwx ------ 2 Ubuntu的Ubuntu的4096年09月16 16:13的.ssh
 

和我的authorized_keys文件中：

  -rw ------- 1彼得Ubuntu的1179年09月14 00:05的authorized_keys
 

接下来，我登录了我的远程实例，并试图通过SSH使用新的键遥控盒。当我发出以下命令：

 彼得@ Ubuntu的：的〜/ .ssh $的ssh -vvv MyTestAccount@ec2-XX-XXX-XX-XXX.compute-1.amazonaws.com
 

我得到的下面。它看起来像有什么毛病我的私人密钥？有什么建议么？谢谢。

  OpenSSH_5.9p1 Debian的5ubuntu1，OpenSSL的1.0.1 2012 3月14日
DEBUG1：读取配置数据的/ etc / SSH / ssh_config中
DEBUG1：在/ etc / SSH / ssh_config中第19行：申请选择*
DEBUG2：ssh_connect：需要私法0
DEBUG1：连接到ec2-XX-XXX-XX-XXX.compute-1.amazonaws.com [XX.XXX.XX.XXX]端口22。
DEBUG1：连接建立。
debug3：不正确的RSA1标识
debug3：无法加载/home/peter/.ssh/id_rsa作为一个RSA1公钥
DEBUG1：标识文件/home/peter/.ssh/id_rsa类型1
DEBUG1：检查黑名单文件/usr/share/ssh/blacklist.RSA-2048
DEBUG1：检查黑名单文件/etc/ssh/blacklist.RSA-2048
DEBUG1：标识文件/home/peter/.ssh/id_rsa-cert类型-1
DEBUG1：标识文件/home/peter/.ssh/id_dsa类型-1
DEBUG1：标识文件/home/peter/.ssh/id_dsa-cert类型-1
DEBUG1：标识文件/home/peter/.ssh/id_ecdsa类型-1
DEBUG1：标识文件/home/peter/.ssh/id_ecdsa-cert类型-1
 

[SNIP ...]

  DEBUG2：我们发送的公钥包​​，等待回复
DEBUG1：身份验证，可以继续：公钥
DEBUG1：尝试私钥：/home/peter/.ssh/id_dsa
debug3：没有这样的身份：/home/peter/.ssh/id_dsa
DEBUG1：尝试私钥：/home/peter/.ssh/id_ecdsa
debug3：没有这样的身份：/home/peter/.ssh/id_ecdsa
DEBUG2：我们没有发送数据包，禁用方法
DEBUG1：没有更多的认证方法去尝试。 **权限被拒绝（公钥）。**
 

解决方案

这种情况是正常的，这并不奇怪。
该消息你有：

  

debug3：不正确的RSA1标识
  debug3：无法加载/home/user_name/.ssh/id_rsa作为一个RSA1公钥

不表示一个错误，确实如此。
RSA1公钥仅用于SSH协议1，这是已经过时了。如今，SSH协议2大多使用。

在一个正常的SSH登录过程中，您将最有可能看到的警告消息的ssh -vvv 。
你可能会觉得奇怪，但不要担心，这是正常的。

参考：
<一href="https://bbs.archlinux.org/viewtopic.php?id=122646">https://bbs.archlinux.org/viewtopic.php?id=122646, ＃9

I have created a Ubuntu 12.04 instance on Amazon EC2.

I have downloaded the PEM file and am able to SSH into the instance, no problem.

Now, I want to create some accounts on the remote instance for consultants, etc. They should be able to ssh into the box using RSA keys. On the EC2 machine, I have set up a few accounts in ~/home/ and assigned them to the group admin. I have also given myself a similar account (MyTestAccount) for testing. This is what I did:

I used key-gen to create public and private keys in the .ssh directory on my local machine (~/.ssh):

drwx------  2 peter peter 1024 Sep 14 10:23 .ssh

And the files inside:

-rw-------  1 peter peter 1675 Sep 14 10:23 id_rsa
-rw-------  1 peter peter  394 Sep 14 10:23 id_rsa.pub
-rw-------  1 peter peter  444 Sep 14 00:05 known_hosts

I then SCP'd the id_rsa.pub file to my remote EC2 instance and appended it to the .ssh/authorized_keys file in my remote instance. The permissions of my remote .ssh directory:

drwx------ 2 ubuntu ubuntu 4096 Sep 16 16:13 .ssh

And of my authorized_keys file:

-rw-------  1 peter ubuntu  1179 Sep 14 00:05 authorized_keys

Next, I logged off my remote instance and attempted to SSH to the remote box using the new keys. When I issue the following command:

peter@ubuntu:~/.ssh$ ssh -vvv MyTestAccount@ec2-XX-XXX-XX-XXX.compute-1.amazonaws.com 

I get the below. It looks like there is something wrong with my private key? Any suggestions? Thanks.

OpenSSH_5.9p1 Debian-5ubuntu1, OpenSSL 1.0.1 14 Mar 2012
debug1: Reading configuration data /etc/ssh/ssh_config  
debug1: /etc/ssh/ssh_config line 19: Applying options for *  
debug2: ssh_connect: need priv 0
debug1: Connecting to ec2-XX-XXX-XX-XXX.compute-1.amazonaws.com [XX.XXX.XX.XXX] port 22.  
debug1: Connection established.  
debug3: Incorrect RSA1 identifier  
debug3: Could not load "/home/peter/.ssh/id_rsa" as a RSA1 public key 
debug1: identity file /home/peter/.ssh/id_rsa type 1
debug1: Checking blacklist file /usr/share/ssh/blacklist.RSA-2048 
debug1: Checking blacklist file /etc/ssh/blacklist.RSA-2048
debug1: identity file /home/peter/.ssh/id_rsa-cert type -1  
debug1: identity file /home/peter/.ssh/id_dsa type -1  
debug1: identity file /home/peter/.ssh/id_dsa-cert type -1  
debug1: identity file /home/peter/.ssh/id_ecdsa type -1 
debug1: identity file /home/peter/.ssh/id_ecdsa-cert type -1  

[SNIP...]

debug2: we sent a publickey packet, wait for reply  
debug1: Authentications that can continue: publickey  
debug1: Trying private key: /home/peter/.ssh/id_dsa  
debug3: no such identity: /home/peter/.ssh/id_dsa
debug1: Trying private key: /home/peter/.ssh/id_ecdsa  
debug3: no such identity: /home/peter/.ssh/id_ecdsa 
debug2: we did not send a packet, disable method
debug1: No more authentication methods to try. **Permission denied (publickey).**

解决方案

This kind of situation is normal, it's not weird.
The message you got:

debug3: Incorrect RSA1 identifier
debug3: Could not load "/home/user_name/.ssh/id_rsa" as a RSA1 public key

does not indicate an error, indeed.
RSA1 public key is only used in SSH protocol 1, which is already out of date. Nowadays, SSH protocol 2 is mostly used.

During a normal SSH login process, you will most probably see that warning message with ssh -vvv.
You will probably feel surprised, but don't worry, it's normal.

reference:
https://bbs.archlinux.org/viewtopic.php?id=122646, #9

这篇关于尝试使用RSA密钥通过SSH进入EC2，获取：不正确RSA1标识......拒绝的权限（公钥）的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！