bal*_*alu 7 linux security ssh openssh
我的服务器最近停止向我提供基于公钥的身份验证。我尝试使用 RSA 公钥登录,但只得到:
\n$ ssh -v <server>\nOpenSSH_8.9p1 Ubuntu-3ubuntu0.1, OpenSSL 3.0.2 15 Mar 2022\ndebug1: Reading configuration data /home/user/.ssh/config\ndebug1: /home/user/.ssh/config line 33: Applying options for <server>\ndebug1: Reading configuration data /etc/ssh/ssh_config\ndebug1: /etc/ssh/ssh_config line 19: include /etc/ssh/ssh_config.d/*.conf matched no files\ndebug1: /etc/ssh/ssh_config line 21: Applying options for *\ndebug1: Connecting to <server> [<ip>] port 22.\ndebug1: Connection established.\ndebug1: identity file /home/user/.ssh/id_rsa type 0\ndebug1: identity file /home/user/.ssh/id_rsa-cert type -1\ndebug1: Local version string SSH-2.0-OpenSSH_8.9p1 Ubuntu-3ubuntu0.1\ndebug1: Remote protocol version 2.0, remote software version OpenSSH_6.7p1 Debian-5+deb8u1\ndebug1: compat_banner: match: OpenSSH_6.7p1 Debian-5+deb8u1 pat OpenSSH* compat 0x04000000\ndebug1: Authenticating to <server>:22 as \'user\'\ndebug1: load_hostkeys: fopen /home/user/.ssh/known_hosts2: No such file or directory\ndebug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts: No such file or directory\ndebug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts2: No such file or directory\ndebug1: SSH2_MSG_KEXINIT sent\ndebug1: SSH2_MSG_KEXINIT received\ndebug1: kex: algorithm: curve25519-sha256@libssh.org\ndebug1: kex: host key algorithm: ecdsa-sha2-nistp256\ndebug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none\ndebug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none\ndebug1: expecting SSH2_MSG_KEX_ECDH_REPLY\ndebug1: SSH2_MSG_KEX_ECDH_REPLY received\ndebug1: Server host key: ecdsa-sha2-nistp256 SHA256:tKraF30I02/eujsuOeMD9Aihjxp/9CXl/lu3c3vGcGs\ndebug1: load_hostkeys: fopen /home/user/.ssh/known_hosts2: No such file or directory\ndebug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts: No such file or directory\ndebug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts2: No such file or directory\ndebug1: Host \'[<server>]:22\' is known and matches the ECDSA host key.\ndebug1: Found key in /home/user/.ssh/known_hosts:31\ndebug1: rekey out after 134217728 blocks\ndebug1: SSH2_MSG_NEWKEYS sent\ndebug1: expecting SSH2_MSG_NEWKEYS\ndebug1: SSH2_MSG_NEWKEYS received\ndebug1: rekey in after 134217728 blocks\ndebug1: get_agent_identities: bound agent to hostkey\ndebug1: get_agent_identities: agent returned 1 keys\ndebug1: Will attempt key: /home/user/.ssh/other_key RSA SHA256:<fingerprint> agent\ndebug1: Will attempt key: /home/user/.ssh/id_rsa RSA SHA256:<fingerprint> explicit\ndebug1: SSH2_MSG_SERVICE_ACCEPT received\ndebug1: Authentications that can continue: publickey,password\ndebug1: Next authentication method: publickey\ndebug1: Offering public key: /home/user/.ssh/other_key RSA SHA256:<fingerprint> agent\ndebug1: send_pubkey_test: no mutual signature algorithm\ndebug1: Offering public key: /home/user/.ssh/id_rsa RSA SHA256:<fingerprint> explicit\ndebug1: send_pubkey_test: no mutual signature algorithm\ndebug1: Next authentication method: password\nuser@<server>\'s password:\n关键部分似乎是倒数第三行:
\ndebug1: send_pubkey_test: no mutual signature algorithm\n起初我认为这一定与 ssh-rsa 已被弃用并最终默认禁用有关。然而,事实证明服务器相当旧,运行 OpenSSH 6.7p1。
\n也许正是因为这个原因,服务器不告诉我它支持哪些算法 \xe2\x80\x93 现代 OpenSSH 版本似乎发送一个SSH2_MSG_EXT_INFO带有kex_input_ext_info: server-sig-algs=\xe2\x80\xa6.
所以我看了一下服务器,/etc/ssh/sshd_config但它看起来很好并且没有提到任何相关的内容PubkeyAcceptedKeyTypes(=PubkeyAcceptedAlgorithms在最新版本的 OpenSSH 中):
\xe2\x80\xa6\nKexAlgorithms curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256\nCiphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr\nMACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-ripemd160-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,hmac-ripemd160,umac-128@openssh.com\n\xe2\x80\xa6\n我还尝试使用ssh -Q (sig|PubkeyAcceptedKeyTypes) <server>查询支持的签名算法,但是与手册页建议的相反(ssh \xe2\x80\xa6 [-Q query_option] \xe2\x80\xa6 destination),这似乎查询客户端(?),而不是服务器,因为它对于我尝试过的每个服务器都是相同的。
然后我想:等等,但是如果服务器最近一段时间没有看到更新,无论如何,它一定是我的客户端!
\n确实:ssh -o "PubkeyAcceptedAlgorithms=+ssh-rsa" -v <server>有效!
$ ssh -o "PubkeyAcceptedAlgorithms=ssh-rsa" -v <server>\nOpenSSH_8.9p1 Ubuntu-3ubuntu0.1, OpenSSL 3.0.2 15 Mar 2022\ndebug1: Reading configuration data /home/user/.ssh/config\ndebug1: /home/user/.ssh/config line 33: Applying options for <server>\ndebug1: Reading configuration data /etc/ssh/ssh_config\ndebug1: /etc/ssh/ssh_config line 19: include /etc/ssh/ssh_config.d/*.conf matched no files\ndebug1: /etc/ssh/ssh_config line 21: Applying options for *\ndebug1: Connecting to <server> [<ip>] port 22.\ndebug1: Connection established.\ndebug1: identity file /home/user/.ssh/id_rsa type 0\ndebug1: identity file /home/user/.ssh/id_rsa-cert type -1\ndebug1: Local version string SSH-2.0-OpenSSH_8.9p1 Ubuntu-3ubuntu0.1\ndebug1: Remote protocol version 2.0, remote software version OpenSSH_6.7p1 Debian-5+deb8u1\ndebug1: compat_banner: match: OpenSSH_6.7p1 Debian-5+deb8u1 pat OpenSSH* compat 0x04000000\ndebug1: Authenticating to <server>:22 as \'user\'\ndebug1: load_hostkeys: fopen /home/user/.ssh/known_hosts2: No such file or directory\ndebug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts: No such file or directory\ndebug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts2: No such file or directory\ndebug1: SSH2_MSG_KEXINIT sent\ndebug1: SSH2_MSG_KEXINIT received\ndebug1: kex: algorithm: curve25519-sha256@libssh.org\ndebug1: kex: host key algorithm: ecdsa-sha2-nistp256\ndebug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none\ndebug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none\ndebug1: expecting SSH2_MSG_KEX_ECDH_REPLY\ndebug1: SSH2_MSG_KEX_ECDH_REPLY received\ndebug1: Server host key: ecdsa-sha2-nistp256 SHA256:tKraF30I02/eujsuOeMD9Aihjxp/9CXl/lu3c3vGcGs\ndebug1: load_hostkeys: fopen /home/user/.ssh/known_hosts2: No such file or directory\ndebug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts: No such file or directory\ndebug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts2: No such file or directory\ndebug1: Host \'[<server>]:22\' is known and matches the ECDSA host key.\ndebug1: Found key in /home/user/.ssh/known_hosts:31\ndebug1: rekey out after 134217728 blocks\ndebug1: SSH2_MSG_NEWKEYS sent\ndebug1: expecting SSH2_MSG_NEWKEYS\ndebug1: SSH2_MSG_NEWKEYS received\ndebug1: rekey in after 134217728 blocks\ndebug1: get_agent_identities: bound agent to hostkey\ndebug1: get_agent_identities: agent returned 1 keys\ndebug1: Will attempt key: /home/user/.ssh/other_key RSA SHA256:<fingerprint> agent\ndebug1: Will attempt key: /home/user/.ssh/id_rsa RSA SHA256:<fingerprint> explicit\ndebug1: SSH2_MSG_SERVICE_ACCEPT received\ndebug1: Authentications that can continue: publickey,password\ndebug1: Next authentication method: publickey\ndebug1: Offering public key: /home/user/.ssh/other_key RSA SHA256:<fingerprint> agent\ndebug1: Authentications that can continue: publickey,password\ndebug1: Offering public key: /home/user/.ssh/id_rsa RSA SHA256:<fingerprint> explicit\ndebug1: Server accepts key: /home/user/.ssh/id_rsa RSA SHA256:<fingerprint> explicit\nEnter passphrase for key \'/home/user/.ssh/id_rsa\':\n这怎么可能?即使我的 OpenSSH 客户端(v8.9,见上文)已弃用/禁用使用 SHA1[0] 的 ssh-rsa:正如我们所见,服务器和客户端同意使用 SHA256 \xe2\x80\x93 ,这应该是完美的美好的?!
\n更重要的是,ssh -Q PubkeyAcceptedAlgorithms列出了 ssh-rsa:
$ ssh -Q PubkeyAcceptedAlgorithms\nssh-ed25519\nssh-ed25519-cert-v01@openssh.com\nsk-ssh-ed25519@openssh.com\nsk-ssh-ed25519-cert-v01@openssh.com\nssh-rsa\nrsa-sha2-256\nrsa-sha2-512\nssh-dss\necdsa-sha2-nistp256\necdsa-sha2-nistp384\necdsa-sha2-nistp521\nsk-ecdsa-sha2-nistp256@openssh.com\nwebauthn-sk-ecdsa-sha2-nistp256@openssh.com\nssh-rsa-cert-v01@openssh.com\nrsa-sha2-256-cert-v01@openssh.com\nrsa-sha2-512-cert-v01@openssh.com\nssh-dss-cert-v01@openssh.com\necdsa-sha2-nistp256-cert-v01@openssh.com\necdsa-sha2-nistp384-cert-v01@openssh.com\necdsa-sha2-nistp521-cert-v01@openssh.com\nsk-ecdsa-sha2-nistp256-cert-v01@openssh.com\n我也无法PubkeyAcceptedAlgorithms=-ssh-rsa在我的计算机上的任何地方找到禁用 ssh-rsa (例如 )的行,无论是在 中~/.ssh/config还是/etc/ssh其他任何地方。
结论:这对我来说真是一个谜。为什么 ssh-rsa 不再工作?(我应该提到,ssh-ed25519 公钥工作得很好。)
\n现在我只PubkeyAcceptedAlgorithms=+ssh-rsa在本地进行配置~/.ssh/config,但这对于我不理解的问题来说感觉像是一个肮脏的解决方法。
--
\n其他人有完全相同问题的相关帖子:服务器运行 OpenSSH v6.7p1,客户端是某个 OpenSSH 版本 > 8 并且 ssh-rsa 身份验证失败:
\n突然,我的ssh需要密码--debug1: send_pubkey_test: no Mutual Signature Algorithm
\nhttps://serverfault.com/questions/1064247/ssh-permission-denied-publickey
\n我开始认为原因是这样的:
OpenSSH 自 7.2 版起就支持 RFC8332 RSA/SHA-256/512 签名,现有的 ssh-rsa 密钥将在可能的情况下自动使用更强的算法。
因此,OpenSSH v6.7p1 似乎还不支持 SHA-256/512,并且在遇到 ssh-rsa 密钥时仍然希望使用 SHA1。特别是调试输出(在成功的情况下)
debug1: Offering public key: /home/user/.ssh/id_rsa RSA SHA256:<fingerprint> explicit
debug1: Server accepts key: /home/user/.ssh/id_rsa RSA SHA256:<fingerprint> explicit
具有误导性,并且没有说明客户端<>服务器通信中使用哪种哈希算法。
此外,RFC解释了为什么我的服务器没有发送server-sig-algs:
Servers that accept rsa-sha2-* signatures for client authentication
SHOULD implement the extension negotiation mechanism defined in
[RFC8308], including especially the "server-sig-algs" extension.
总而言之,在这方面成功地浪费了一整夜之后,我很惊讶 OpenSSH 开发人员怎么没有想到ssh-rsa“使用 RSA 密钥”、“使用 RSA + SHA1”或“使用 RSA + 任何” SHA 版本”(视情况而定)可能会令人困惑。RFC 至少是非常明确的。
| 归档时间: |
|
| 查看次数: |
5245 次 |
| 最近记录: |