尝试使用RSA密钥连接到EC2,获取:RSA1标识符不正确...权限被拒绝(公钥)

Question

尝试使用RSA密钥连接到EC2,获取:RSA1标识符不正确...权限被拒绝(公钥)

Pet*_*ter 25 ssh ubuntu amazon-ec2 amazon-web-services

我在Amazon EC2上创建了一个Ubuntu 12.04实例.

我已经下载了PEM文件,并且能够SSH进入实例,没问题.

现在,我想在远程实例上为顾问等创建一些帐户.他们应该能够使用RSA密钥进入框中.在EC2机器上,我在〜/ home /中设置了几个帐户,并将它们分配给组管理员.我也给自己一个类似的帐户(MyTestAccount)进行测试.这就是我做的:

我使用key-gen在我的本地机器上的.ssh目录中创建公钥和私钥(〜/ .ssh):

drwx------  2 peter peter 1024 Sep 14 10:23 .ssh

Run Code Online (Sandbox Code Playgroud)

里面的文件:

-rw-------  1 peter peter 1675 Sep 14 10:23 id_rsa
-rw-------  1 peter peter  394 Sep 14 10:23 id_rsa.pub
-rw-------  1 peter peter  444 Sep 14 00:05 known_hosts

Run Code Online (Sandbox Code Playgroud)

然后,我将id_rsa.pub文件发送到远程EC2实例,并将其附加到远程实例中的.ssh/authorized_keys文件中.我的远程.ssh目录的权限:

drwx------ 2 ubuntu ubuntu 4096 Sep 16 16:13 .ssh

Run Code Online (Sandbox Code Playgroud)

和我的authorized_keys文件:

-rw-------  1 peter ubuntu  1179 Sep 14 00:05 authorized_keys

Run Code Online (Sandbox Code Playgroud)

接下来,我注销了我的远程实例,并尝试使用新密钥SSH到远程控制台.当我发出以下命令时:

peter@ubuntu:~/.ssh$ ssh -vvv MyTestAccount@ec2-XX-XXX-XX-XXX.compute-1.amazonaws.com

Run Code Online (Sandbox Code Playgroud)

我得到以下内容.看起来我的私钥有问题吗？有什么建议？谢谢.

OpenSSH_5.9p1 Debian-5ubuntu1, OpenSSL 1.0.1 14 Mar 2012
debug1: Reading configuration data /etc/ssh/ssh_config  
debug1: /etc/ssh/ssh_config line 19: Applying options for *  
debug2: ssh_connect: need priv 0
debug1: Connecting to ec2-XX-XXX-XX-XXX.compute-1.amazonaws.com [XX.XXX.XX.XXX] port 22.  
debug1: Connection established.  
debug3: Incorrect RSA1 identifier  
debug3: Could not load "/home/peter/.ssh/id_rsa" as a RSA1 public key 
debug1: identity file /home/peter/.ssh/id_rsa type 1
debug1: Checking blacklist file /usr/share/ssh/blacklist.RSA-2048 
debug1: Checking blacklist file /etc/ssh/blacklist.RSA-2048
debug1: identity file /home/peter/.ssh/id_rsa-cert type -1  
debug1: identity file /home/peter/.ssh/id_dsa type -1  
debug1: identity file /home/peter/.ssh/id_dsa-cert type -1  
debug1: identity file /home/peter/.ssh/id_ecdsa type -1 
debug1: identity file /home/peter/.ssh/id_ecdsa-cert type -1

Run Code Online (Sandbox Code Playgroud)

[SNIP ...]

debug2: we sent a publickey packet, wait for reply  
debug1: Authentications that can continue: publickey  
debug1: Trying private key: /home/peter/.ssh/id_dsa  
debug3: no such identity: /home/peter/.ssh/id_dsa
debug1: Trying private key: /home/peter/.ssh/id_ecdsa  
debug3: no such identity: /home/peter/.ssh/id_ecdsa 
debug2: we did not send a packet, disable method
debug1: No more authentication methods to try. **Permission denied (publickey).**

Run Code Online (Sandbox Code Playgroud)

Answer 1

zee*_*vfu 78

这种情况很正常,并不奇怪.
你收到的消息:

debug3:RSA1标识符不正确
debug3:无法加载"/home/user_name/.ssh/id_rsa"作为RSA1公钥

确实没有表明错误.
RSA1公钥仅用于SSH协议1,该协议已经过时.如今,主要使用SSH协议2.

在正常的SSH登录过程中,您很可能会看到该警告消息ssh -vvv.
你可能会感到惊讶,但不要担心,这是正常的.

参考:
https://bbs.archlinux.org/viewtopic.php？id = 122646,#9

下一行(`debug1:identity file /home/peter/.ssh/id_rsa type 1`)表示同一文件的成功解析.`1`可能令人困惑,因为它表示成功,*不是*SSH协议版本! (8认同)
来自论坛:"所有这意味着你的id_rsa文件不是RSA1公钥,这是一件好事,因为RSA1公钥只用于SSH的协议版本1" (7认同)

归档时间：	13 年，7 月前
查看次数：	37858 次
最近记录：	12 年，11 月前