我在使用公钥认证使用OpenSSH for Windows时遇到问题。我已经生成了密钥对并将密钥正确地传输到远程服务器,但是当我在Windows上使用ssh时,它会一直提示输入密码。我将相同的私钥转移到我的Mac上,并且出现了一个错误,即权限太开放(644),除非设置为600,否则将被忽略。“chmod 600 id_rsa”并且繁荣,它有效。我似乎无法找到一种方法来通过脚本在Windows上更改它,但我无法使用gui这样做。
必须有一个简单的方法来做到这一点吗?是否有内置的Windows命令?我目前正在使用XP,但需要这个也适用于vista和7。
编辑3:我取消了FAT32支持并下载了完整的cygwin安装,仅用于帮助诊断问题,并使用chmod 600设置权限(幸运地设置窗口等效)。还是失败了。所以我猜这个问题不是权限,而是导致密钥失败的其他因素。
EDIT2: 我设法找到一个可能做我需要的cacls命令,但它只能在NTFS文件系统上工作,我需要支持FAT32。
Edit1 :当我以3x详细模式运行openSSH时,这就是我得到的:
OpenSSH_3.8.1p1, OpenSSL 0.9.7d 17 Mar 2004
debug2: ssh_connect: needpriv 0
debug1: Connecting to SERVER.NAME.HERE.CA [134.153.48.1] port 22.
debug1: Connection established.
debug1: identity file /home/jtg733/.ssh/identity type -1
debug3: Not a RSA1 key file /home/jtg733/.ssh/id_rsa.
debug2: key_type_from_name: unknown key type '-----BEGIN'
debug3: key_read: missing keytype
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug2: key_type_from_name: unknown key type '-----END'
debug3: key_read: missing keytype
debug1: identity file /home/jtg733/.ssh/id_rsa type 1
debug1: identity file /home/jtg733/.ssh/id_dsa type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.9p1-hpn13v11lpk
debug1: match: OpenSSH_5.9p1-hpn13v11lpk pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_3.8.1p1
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha1,diffie-hellman- group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr
debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib
debug2: kex_parse_kexinit: none,zlib
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: kex_parse_kexinit: ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa
debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour,aes192-cbc,aes256-cbc,aes128-ctr
debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour,aes192-cbc,aes256-cbc,aes128-ctr
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-sha2-256,hmac-sha2-256-96,hmac-sha2-512,hmac-sha2-512-96,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-sha2-256,hmac-sha2-256-96,hmac-sha2-512,hmac-sha2-512-96,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib@openssh.com
debug2: kex_parse_kexinit: none,zlib@openssh.com
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: mac_init: found hmac-md5
debug1: kex: server->client aes128-cbc hmac-md5 none
debug2: mac_init: found hmac-md5
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug2: dh_gen_key: priv key bits set: 127/256
debug2: bits set: 534/1024
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug3: check_host_in_hostfile: filename /home/jtg733/.ssh/known_hosts
debug3: check_host_in_hostfile: match line 2
debug3: check_host_in_hostfile: filename /home/jtg733/.ssh/known_hosts
debug3: check_host_in_hostfile: match line 3
debug1: Host 'SERVER.NAME.HERE.CA' is known and matches the RSA host key.
debug1: Found key in /home/jtg733/.ssh/known_hosts:2
debug2: bits set: 522/1024
debug1: ssh_rsa_verify: signature correct
debug2: kex_derive_keys
debug2: set_newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug2: set_newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug2: key: /home/jtg733/.ssh/identity (0x0)
debug2: key: /home/jtg733/.ssh/id_rsa (0x100e9cb8)
debug2: key: /home/jtg733/.ssh/id_dsa (0x0)
debug1: Authentications that can continue: publickey,password,hostbased
debug3: start over, passed a different list publickey,password,hostbased
debug3: preferred publickey,keyboard-interactive,password
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Trying private key: /home/jtg733/.ssh/identity
debug3: no such identity: /home/jtg733/.ssh/identity
debug1: Offering public key: /home/jtg733/.ssh/id_rsa
debug3: send_pubkey_test
debug2: we sent a publickey packet, wait for reply
debug1: Authentications that can continue: publickey,password,hostbased
debug1: Trying private key: /home/jtg733/.ssh/id_dsa
debug3: no such identity: /home/jtg733/.ssh/id_dsa
debug2: we did not send a packet, disable method
debug3: authmethod_lookup password
debug3: remaining preferred: ,password
debug3: authmethod_is_enabled password
debug1: Next authentication method: password
因此它似乎获得了密钥,发送测试数据包然后直接进入下一轮认证。
答案 0 :(得分:2)
由于某种原因生成密钥服务器端,然后使用scp将服务器生成的私人密钥从服务器复制到Windows框中,然后使用cygwin chmod 600就像魅力一样。
我仍然不知道服务器为什么不接受Windows公钥,但是Windows会接受服务器的私钥。好像电脑巫毒对我来说。
答案 1 :(得分:0)
您应该可以使用win32security API以编程方式执行此操作,但我对ACL和Windows不够了解,无法为您提供更完整的答案。
您还应该能够右键单击该文件,转到安全性并在那里进行设置。
但是你可能在Windows上有其他问题 - 我还没有充分利用OpenSSH知道。