WinSCP：服务器拒绝我们的密钥

Question

好的，我已经与生产计算机上的服务器建立了有效连接。我需要在我的开发计算机上复制它，以便我可以传输我自己的文件。一切都是一样的，直到操作系统。

当我尝试连接时，我得到的只是：

服务器拒绝了我们的密钥。

这是我的日志文件...

. 2013-01-28 15:26:25.738 Session name: hex166t@65.XXX.XX.XXX (Modified stored session)
. 2013-01-28 15:26:25.738 Host name: 65.XXX.XX.XXX (Port: 1XXXX)
. 2013-01-28 15:26:25.738 User name: hex166t (Password: Yes, Key file: Yes)
. 2013-01-28 15:26:25.738 Tunnel: No
. 2013-01-28 15:26:25.738 Transfer Protocol: SFTP
. 2013-01-28 15:26:25.738 Ping type: -, Ping interval: 30 sec; Timeout: 15 sec
. 2013-01-28 15:26:25.738 Proxy: none
. 2013-01-28 15:26:25.738 SSH protocol version: 2; Compression: No
. 2013-01-28 15:26:25.738 Bypass authentication: No
. 2013-01-28 15:26:25.738 Try agent: Yes; Agent forwarding: No; TIS/CryptoCard: No; KI: Yes; GSSAPI: No
. 2013-01-28 15:26:25.738 Ciphers: aes,blowfish,3des,WARN,arcfour,des; Ssh2DES: No
. 2013-01-28 15:26:25.738 SSH Bugs: A,A,A,A,A,A,A,A,A,A
. 2013-01-28 15:26:25.738 SFTP Bugs: A,A
. 2013-01-28 15:26:25.738 Return code variable: Autodetect; Lookup user groups: A
. 2013-01-28 15:26:25.738 Shell: default
. 2013-01-28 15:26:25.738 EOL: 0, UTF: 2
. 2013-01-28 15:26:25.738 Clear aliases: Yes, Unset nat.vars: Yes, Resolve symlinks: Yes
. 2013-01-28 15:26:25.738 LS: ls -la, Ign LS warn: Yes, Scp1 Comp: No
. 2013-01-28 15:26:25.738 Local directory: default, Remote directory: home, Update: Yes, Cache: Yes
. 2013-01-28 15:26:25.738 Cache directory changes: Yes, Permanent: Yes
. 2013-01-28 15:26:25.738 DST mode: 1
. 2013-01-28 15:26:25.738 --------------------------------------------------------------------------
. 2013-01-28 15:26:25.808 Looking up host "65.XXX.XX.XXX"
. 2013-01-28 15:26:25.808 Connecting to 65.XXX.XX.XXX port 1XXXX
. 2013-01-28 15:26:25.858 Waiting for the server to continue with the initialisation
. 2013-01-28 15:26:25.858 Detected network event
. 2013-01-28 15:26:25.938 Detected network event
. 2013-01-28 15:26:25.938 Server version: SSH-2.0-Connect:Enterprise_UNIX_2.4.02
. 2013-01-28 15:26:25.938 Using SSH protocol version 2
. 2013-01-28 15:26:25.938 We claim version: SSH-2.0-WinSCP_release_5.1.3
. 2013-01-28 15:26:25.938 Waiting for the server to continue with the initialisation
. 2013-01-28 15:26:25.998 Detected network event
. 2013-01-28 15:26:25.998 Doing Diffie-Hellman group exchange
. 2013-01-28 15:26:25.998 Waiting for the server to continue with the initialisation
. 2013-01-28 15:26:26.258 Detected network event
. 2013-01-28 15:26:26.258 Doing Diffie-Hellman key exchange with hash SHA-1
. 2013-01-28 15:26:26.438 Waiting for the server to continue with the initialisation
. 2013-01-28 15:26:26.678 Detected network event
. 2013-01-28 15:26:26.898 Verifying host key rsa2 0x23,0xdf2a07bac36 with fingerprint ssh-rsa 2048 fe:03:bc:ad:66 
. 2013-01-28 15:26:26.908 Host key matches cached key
. 2013-01-28 15:26:26.908 Host key fingerprint is:
. 2013-01-28 15:26:26.908 ssh-rsa 2048 fe:03:bc:ad:66 
. 2013-01-28 15:26:26.908 Initialised AES-256 CBC client-    >server encryption
. 2013-01-28 15:26:26.908 Initialised HMAC-SHA1 client-    >server MAC algorithm
. 2013-01-28 15:26:26.908 Initialised AES-256 CBC server-    >client encryption
. 2013-01-28 15:26:26.908 Initialised HMAC-SHA1 server-    >client MAC algorithm
. 2013-01-28 15:26:26.908 Waiting for the server to continue with the initialisation
. 2013-01-28 15:26:27.048 Detected network event
. 2013-01-28 15:26:27.048 Reading private key file "Z:\prd\PS_DATA\HSBCfingateway\hsbccerts\hsbc-ensco.ppk"
. 2013-01-28 15:26:27.058 Using username "hex166t".
. 2013-01-28 15:26:27.108 Waiting for the server to continue with the initialisation
. 2013-01-28 15:26:27.158 Detected network event
. 2013-01-28 15:26:27.168 Offered public key
. 2013-01-28 15:26:27.168 Waiting for the server to continue with the initialisation
. 2013-01-28 15:26:27.228 Detected network event
. 2013-01-28 15:26:27.228 Server refused our key
. 2013-01-28 15:26:27.258 Server refused our key
. 2013-01-28 15:26:27.258 Attempting keyboard-interactive authentication
. 2013-01-28 15:26:27.258 Waiting for the server to continue with the initialisation
. 2013-01-28 15:26:27.298 Detected network event
. 2013-01-28 15:26:27.298 Server refused keyboard-interactive authentication
. 2013-01-28 15:26:27.298 Prompt (7, SSH password, , &Password: )
. 2013-01-28 15:26:27.298 Using stored password.
. 2013-01-28 15:26:27.308 Sent password
. 2013-01-28 15:26:27.308 Waiting for the server to continue with the initialisation
. 2013-01-28 15:26:27.418 Detected network event
. 2013-01-28 15:26:27.418 Password authentication failed
. 2013-01-28 15:26:27.418 Access denied
. 2013-01-28 15:26:27.458 Prompt (7, SSH password, , &Password: )
. 2013-01-28 15:26:45.497 Attempt to close connection due to fatal exception:
. 2013-01-28 15:26:45.497 Closing connection.
. 2013-01-28 15:26:45.497 Sending special code: 12
. 2013-01-28 15:26:45.559 (ESshFatal) 

Answer 1

您没有正确设置私钥身份验证。

确保将公钥添加到~/.ssh/authorized_keys服务器上。

当您加载私钥时，您将在 PuTTYgen 中的“用于粘贴到 OpenSSHauthorized_keys 文件”框中的“公钥”中获得正确格式的公钥指纹。

有关更多详细信息，请参阅文章设置 SSH 公钥身份验证。

虽然 OP 的情况并非如此，但当使用旧版本的 WinSCP 连接到需要 rsa-sha2 的服务器时，您可能会收到相同的错误消息（服务器拒绝了我们的密钥） 。WinSCP仅从 5.20 开始支持 rsa-sha2。从 8.8 开始，OpenSSH 服务器默认需要 rsa-sha2。旧版本也可以配置为需要它。另一方面，甚至 8.8 及更新版本也可以配置为不需要 rsa-sha2 ( PubkeyAcceptedAlgorithms +ssh-rsa)。

是的，另一种选择是您尝试使用由 OpenSSH 分离证书签名的密钥进行连接（PuTTY 自 0.78 起支持）。当前版本的 WinSCP 尚不支持 OpenSSH 证书。下一个版本将.