Question

我已将新用户添加到无业游民的计算机。现在，我正尝试使用公共密钥而不使用密码与新用户一起使用这个无业游民。

流浪者文件为：

Vagrant.configure("2") do |config|
  config.vm.box = "ubuntu/bionic64"
  config.vm.network "private_network", ip: "192.168.33.30"
end

然后我通过执行vagrant ssh登录到无业游民的计算机。然后，这就是我将新用户添加到无业游民的计算机的方式：

sudo adduser new_user --disabled-password
sudo su - new_user
mkdir .ssh
chmod 700 .ssh
touch .ssh/authorized_keys
chmod 600 .ssh/authorized_keys

然后我通过这样做生成了一对新的公共私钥

ssh-keygen -t rsa -b 2048 -C "email@example.com"

然后我将公钥复制到.ssh/authorized_keys文件中。

我还通过更改以下几行来修改/etc/ssh/sshd_config

PubkeyAuthentication yes
PasswordAuthentication no
ChallengeResponseAuthentication no

然后我尝试通过这样做将ssh从我的机器中潜入

ssh new_user@192.168.33.30 -i ../ssh_keys/vagrant

但是它仍然要求输入密码。如何禁用密码？

更新因此，这些是日志：

ssh vagrant@192.168.33.30 -v

日志：

OpenSSH_8.3p1, OpenSSL 1.1.1g  21 Apr 2020
debug1: Reading configuration data /c/Users/payam/.ssh/config
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Connecting to 192.168.33.30 [192.168.33.30] port 22.
debug1: Connection established.
debug1: identity file /c/Users/payam/.ssh/id_rsa type -1
debug1: identity file /c/Users/payam/.ssh/id_rsa-cert type -1
debug1: identity file /c/Users/payam/.ssh/id_dsa type -1
debug1: identity file /c/Users/payam/.ssh/id_dsa-cert type -1
debug1: identity file /c/Users/payam/.ssh/id_ecdsa type -1
debug1: identity file /c/Users/payam/.ssh/id_ecdsa-cert type -1
debug1: identity file /c/Users/payam/.ssh/id_ecdsa_sk type -1
debug1: identity file /c/Users/payam/.ssh/id_ecdsa_sk-cert type -1
debug1: identity file /c/Users/payam/.ssh/id_ed25519 type -1
debug1: identity file /c/Users/payam/.ssh/id_ed25519-cert type -1
debug1: identity file /c/Users/payam/.ssh/id_ed25519_sk type -1
debug1: identity file /c/Users/payam/.ssh/id_ed25519_sk-cert type -1
debug1: identity file /c/Users/payam/.ssh/id_xmss type -1
debug1: identity file /c/Users/payam/.ssh/id_xmss-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_8.3
debug1: Remote protocol version 2.0, remote software version OpenSSH_7.6p1 Ubuntu-4ubuntu0.3
debug1: match: OpenSSH_7.6p1 Ubuntu-4ubuntu0.3 pat OpenSSH_7.0*,OpenSSH_7.1*,OpenSSH_7.2*,OpenSSH_7.3*,OpenSSH_7.4*,OpenSSH_7.5*,OpenSSH_7.6*,OpenSSH_7.7* compat 0x04000002
debug1: Authenticating to 192.168.33.30:22 as 'vagrant'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: curve25519-sha256
debug1: kex: host key algorithm: ecdsa-sha2-nistp256
debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:3jRn/OmhK6LmNBtpZbgjM64I1+lougeAppjUcJDtQXA
debug1: Host '192.168.33.30' is known and matches the ECDSA host key.
debug1: Found key in /c/Users/payam/.ssh/known_hosts:2
debug1: rekey out after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey in after 134217728 blocks
debug1: Will attempt key: /c/Users/payam/.ssh/id_rsa
debug1: Will attempt key: /c/Users/payam/.ssh/id_dsa
debug1: Will attempt key: /c/Users/payam/.ssh/id_ecdsa
debug1: Will attempt key: /c/Users/payam/.ssh/id_ecdsa_sk
debug1: Will attempt key: /c/Users/payam/.ssh/id_ed25519
debug1: Will attempt key: /c/Users/payam/.ssh/id_ed25519_sk
debug1: Will attempt key: /c/Users/payam/.ssh/id_xmss
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<ssh-ed25519,ssh-rsa,rsa-sha2-256,rsa-sha2-512,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521>
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: Trying private key: /c/Users/payam/.ssh/id_rsa
debug1: Trying private key: /c/Users/payam/.ssh/id_dsa
debug1: Trying private key: /c/Users/payam/.ssh/id_ecdsa
debug1: Trying private key: /c/Users/payam/.ssh/id_ecdsa_sk
debug1: Trying private key: /c/Users/payam/.ssh/id_ed25519
debug1: Trying private key: /c/Users/payam/.ssh/id_ed25519_sk
debug1: Trying private key: /c/Users/payam/.ssh/id_xmss
debug1: Next authentication method: password
vagrant@192.168.33.30's password:

ssh vagrant@192.168.33.30 -i .vagrant/machines/automation_node/virtualbox/private_key -v

OpenSSH_8.3p1, OpenSSL 1.1.1g  21 Apr 2020
debug1: Reading configuration data /c/Users/payam/.ssh/config
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Connecting to 192.168.33.30 [192.168.33.30] port 22.
debug1: Connection established.
load pubkey ".vagrant/machines/automation_node/virtualbox/private_key": invalid format
debug1: identity file .vagrant/machines/automation_node/virtualbox/private_key type -1
debug1: identity file .vagrant/machines/automation_node/virtualbox/private_key-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_8.3
debug1: Remote protocol version 2.0, remote software version OpenSSH_7.6p1 Ubuntu-4ubuntu0.3
debug1: match: OpenSSH_7.6p1 Ubuntu-4ubuntu0.3 pat OpenSSH_7.0*,OpenSSH_7.1*,OpenSSH_7.2*,OpenSSH_7.3*,OpenSSH_7.4*,OpenSSH_7.5*,OpenSSH_7.6*,OpenSSH_7.7* compat 0x04000002
debug1: Authenticating to 192.168.33.30:22 as 'vagrant'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: curve25519-sha256
debug1: kex: host key algorithm: ecdsa-sha2-nistp256
debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:3jRn/OmhK6LmNBtpZbgjM64I1+lougeAppjUcJDtQXA
debug1: Host '192.168.33.30' is known and matches the ECDSA host key.
debug1: Found key in /c/Users/payam/.ssh/known_hosts:2
debug1: rekey out after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey in after 134217728 blocks
debug1: Will attempt key: .vagrant/machines/automation_node/virtualbox/private_key  explicit
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<ssh-ed25519,ssh-rsa,rsa-sha2-256,rsa-sha2-512,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521>
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: Trying private key: .vagrant/machines/automation_node/virtualbox/private_key
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: password
vagrant@192.168.33.30's password:

这是使用我自己生成的一对新的私钥/公钥。公用密钥已添加到/home/vagrant/.ssh/authorized_keys。在这里，我提供了ssh ssh vagrant@192.168.33.30 -i ../ssh_keys/vagrant_automation_node -v

的私钥

OpenSSH_8.3p1, OpenSSL 1.1.1g  21 Apr 2020
debug1: Reading configuration data /c/Users/payam/.ssh/config
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Connecting to 192.168.33.30 [192.168.33.30] port 22.
debug1: Connection established.
debug1: identity file ../ssh_keys/vagrant_automation_node type 0
debug1: identity file ../ssh_keys/vagrant_automation_node-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_8.3
debug1: Remote protocol version 2.0, remote software version OpenSSH_7.6p1 Ubuntu-4ubuntu0.3
debug1: match: OpenSSH_7.6p1 Ubuntu-4ubuntu0.3 pat OpenSSH_7.0*,OpenSSH_7.1*,OpenSSH_7.2*,OpenSSH_7.3*,OpenSSH_7.4*,OpenSSH_7.5*,OpenSSH_7.6*,OpenSSH_7.7* compat 0x04000002
debug1: Authenticating to 192.168.33.30:22 as 'vagrant'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: curve25519-sha256
debug1: kex: host key algorithm: ecdsa-sha2-nistp256
debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:3jRn/OmhK6LmNBtpZbgjM64I1+lougeAppjUcJDtQXA
debug1: Host '192.168.33.30' is known and matches the ECDSA host key.
debug1: Found key in /c/Users/payam/.ssh/known_hosts:2
debug1: rekey out after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey in after 134217728 blocks
debug1: Will attempt key: ../ssh_keys/vagrant_automation_node RSA SHA256:jPKUlxB/TMj0TVOug3DVZZdwhC7eUz6/Zl3WGOCgQwY explicit
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<ssh-ed25519,ssh-rsa,rsa-sha2-256,rsa-sha2-512,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521>
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: Offering public key: ../ssh_keys/vagrant_automation_node RSA SHA256:jPKUlxB/TMj0TVOug3DVZZdwhC7eUz6/Zl3WGOCgQwY explicit
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: password
vagrant@192.168.33.30's password:

在所有情况下，身份验证均会使用密码。

Answer 1

除了添加-v外，要检查ssh是否确实使用了正确的密钥，请查看以下内容是否可以帮助您

：

使用ssh -i ../ssh_keys/vagrant new_user@192.168.33.30，确保将-i选项考虑在内
确保在无业游民的远程计算机~new_user/.ssh/authorized_keys

one

确保私钥不受 passphrase 保护（我通常使用ssh-keygen -t rsa -b 2048 -C "email@example.com" -P ""来设置私钥）

由于ssh vagrant@192.168.33.30 -i ../ssh_keys/vagrant_automation_node -v不起作用，并且如果restarting the VM还不够，请激活the debug option on the sshd process

/usr/sbin/sshd -D -dd
# or
/usr/sbin/sshd -D -E /home/<user>/sshd.debug.log
# or
/usr/sbin/sshd -D -dd -f /home/<user>/sshd.debug.log

目标是在服务器端检查为什么拒绝您的公钥。

在the discussion中，OP Payam Mesgari确认：

我找到了...

以某种方式，我的PC上已经存在一个网络适配器，其IP地址为192.168.33.1，子网为/ 24。

每当我尝试将ssh放到流浪者的机器上时，它的静态IP为192.168.33.10，那实际上是在打另一个网络适配器。
这也解释了为什么在sshd中没有任何信息登录到无业游民的计算机上。

基本上，每次我用192.168.33.10/24子网中的IP地址执行任何操作时，它都会在Windows上击中我自己的适配器，因此甚至无法访问虚拟机。
我更改了虚拟机的IP地址，现在一切正常

无业游民禁用密码身份验证不起作用

1 个答案: