std*_*err 5 authentication amazon-ec2 ssh-tunnel key-pair
我正在用来autossh -M 20000 -fN -R 19999:localhost:22 -i mycert.pem ubuntu@myaws.hopto.org建立到我的 aws 机器的反向隧道。现在,当我尝试从 访问机器时aws,我得到以下信息:
$ ssh ron@localhost -P 19999
Permission denied (publickey).
为什么会这样呢?详细选项显示:
$ ssh ron@localhost -v -P 19999
OpenSSH_7.2p2 Ubuntu-4ubuntu2.4, OpenSSL 1.0.2g 1 Mar 2016
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug1: Connecting to localhost [127.0.0.1] port 22.
debug1: Connection established.
debug1: key_load_public: No such file or directory
debug1: identity file /home/ubuntu/.ssh/id_rsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/ubuntu/.ssh/id_rsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/ubuntu/.ssh/id_dsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/ubuntu/.ssh/id_dsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/ubuntu/.ssh/id_ecdsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/ubuntu/.ssh/id_ecdsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/ubuntu/.ssh/id_ed25519 type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/ubuntu/.ssh/id_ed25519-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_7.2p2 Ubuntu-4ubuntu2.4
debug1: Remote protocol version 2.0, remote software version OpenSSH_7.2p2 Ubuntu-4ubuntu2.4
debug1: match: OpenSSH_7.2p2 Ubuntu-4ubuntu2.4 pat OpenSSH* compat 0x04000000
debug1: Authenticating to localhost:22 as 'ron'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: curve25519-sha256@libssh.org
debug1: kex: host key algorithm: ecdsa-sha2-nistp256
debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:kT8pM3YwDEYqE+CFzyWQDiSVCLhgMjPLWBJXYPl1BZs
debug1: Host 'localhost' is known and matches the ECDSA host key.
debug1: Found key in /home/ubuntu/.ssh/known_hosts:5
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<rsa-sha2-256,rsa-sha2-512>
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Trying private key: /home/ubuntu/.ssh/id_rsa
debug1: Trying private key: /home/ubuntu/.ssh/id_dsa
debug1: Trying private key: /home/ubuntu/.ssh/id_ecdsa
debug1: Trying private key: /home/ubuntu/.ssh/id_ed25519
debug1: No more authentication methods to try.
Permission denied (publickey).
这里发生了什么事?为什么它不让我连接?
编辑1
我发现当我使用时autossh -M 20000 -R 19999:localhost:22 -i mycert.pem,我实际上可以很好地建立连接,但目标计算机将保持登录状态,这并不是我想要的!为什么会-fN导致这个不起作用?
我也为此苦苦挣扎了一段时间。我的答案可能非常基本,是一个典型的初学者错误,可能不是您的答案,但我会将其发布在这里,以防其他人遇到麻烦,这对他们有帮助:
您尝试反向 ssh 的计算机的公钥需要存在于本地计算机上的authorized_keys 文件中。
反向 SSH 连接到本地端口,该端口实际上是您自己的本地计算机,因此它将在您的本地计算机上寻找不存在的authorized_keys 文件中的公钥。很容易对此感到困惑,因为您使用“localhost”作为地址,但想象一下您正在某个随机端口打开一个通往远程位置的门户,然后充当该远程用户从该位置进行连接到你创建的端口。当它连接到端口时,它仍然需要通过端口请求许可才能向下发送命令。由于它是进入您家的门户,因此它会在那里寻找钥匙。如果端口的另一端没有钥匙,则无法工作。
ELI5风格:
你想要另一个世界给你寄东西,但他们不能,因为你位于一个秘密地点,所以你在另一个世界建立了一个红色端口和一个蓝色端口。
你跳过红色端口,但另一端的人不知道蓝色端口在哪里,所以你必须告诉他们蓝色端口在哪里。他们试图通过该端口,但无法进入,因为您尚未授权他们过来,而且今天的安全措施也没有。
所以你让他们在那里制作一张钥匙卡,然后你把它带回你自己的世界,并告诉你自己的保安“这张钥匙卡很好,让他们进来”。
现在你可以再回去并告诉他们敲门。这次保安发现他们是朋友,就让他们进去了。
所以:
localuser@localmachine:~$ ssh -r <remote port>:localhost:localport remoteuser@remoteaddress
remoteuser@remoteaddress:~$ ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/home/$USER/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/$USER/.ssh/id_rsa.
Your public key has been saved in /home/$USER/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:sadfhjkljashdlkfjahw039ufrg094ut remoteuser@remotemachine
The key's randomart image is:
+---[RSA 2048]----+
|=+ +. ..+ o . |
|o ofake art. . |
|asdfghjk |
|+ . .o. . + . |
|.+R . fx s ++ o |
|B + .. . . |
|=+ +.. . . |
|..o .. 0. 0. |
| + o ++ ==o|
+----[SHA256]-----+
remoteuser@remoteaddress:~$ clip ./ssh/id_rsa.pub (or copy it however you can)
remoteuser@remoteaddress:~$ exit
localuser@localmachine:~$ nano/vi/whatever .ssh/authorized_keys (paste the public key there)
localuser@localmachine:~$ ssh -r <remote port>:localhost:localport remoteuser@remoteaddress
remoteuser@remoteaddress:~$ ssh localhost -p <remote port>
同样,这主要适用于那些刚接触反向 ssh 并遇到“公钥”错误的人。我希望我有所帮助!
| 归档时间: |
|
| 查看次数: |
4147 次 |
| 最近记录: |