dst*_*erg 5 windows linux permissions sshd
我正在尝试设置从 Linux Mint 19.1 主机到 Windows 10 主机的无密码、无密码 ssh。Windows 10 主机上有 OpenSSH_for_Windows_7.7p1。这是微软的 OpenSSH 端口。
我可以为管理员帐户进行此设置,但非特权帐户不适用于我。管理员帐户的操作方式有所不同。
我尝试了很多不同的方法,但这是我认为应该有效的方法,以及它的问题所在:
我使用 mkdir 和 echo > 创建一个 /Users/Alden Stromberg/.ssh/authorized_keys 文件(或 mkdir 和 cygwin vi - 相同的结果)。
然后我使用 OpenSSHUtils尝试设置正确的权限:
PS C:\Users\Alden Stromberg\.ssh> Import-Module 'C:\Program Files\WindowsPowerShell\Modules\OpenSSHUtils\0.0.2.0\OpenSSHUtils.psd1'
PS C:\Users\Alden Stromberg\.ssh> Repair-AuthorizedKeyPermission .\authorized_keys
[*] .\authorized_keys
'NT AUTHORITY\SYSTEM' has the following access to '.\authorized_keys': 'Deny'-'ExecuteFile'.
Shall I make it Allow FullControl?
[Y] Yes [A] Yes to All [N] No [L] No to All [S] Suspend [?] Help (default is "Y"):
Exception calling "SetAccessRule" with "1" argument(s): "This access control list is not in canonical form and therefore cannot be
modified."
At C:\Program Files\WindowsPowerShell\Modules\OpenSSHUtils\0.0.2.0\OpenSSHUtils.psm1:399 char:17
+ $acl.SetAccessRule($ace)
+ ~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [], MethodInvocationException
+ FullyQualifiedErrorId : InvalidOperationException
'NT AUTHORITY\SYSTEM' now has FullControl access to '.\authorized_keys'.
'DESKTOP-A31M9SV\None' should not have access to '.\authorized_keys'..
Shall I remove this access?
[Y] Yes [A] Yes to All [N] No [L] No to All [S] Suspend [?] Help (default is "Y"):
Exception calling "RemoveAccessRule" with "1" argument(s): "This access control list is not in canonical form and therefore cannot
be modified."
At C:\Program Files\WindowsPowerShell\Modules\OpenSSHUtils\0.0.2.0\OpenSSHUtils.psm1:490 char:20
+ if(-not ($acl.RemoveAccessRule($ace)))
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [], MethodInvocationException
+ FullyQualifiedErrorId : InvalidOperationException
'Everyone' should not have access to '.\authorized_keys'..
Shall I remove this access?
[Y] Yes [A] Yes to All [N] No [L] No to All [S] Suspend [?] Help (default is "Y"):
Exception calling "RemoveAccessRule" with "1" argument(s): "This access control list is not in canonical form and therefore cannot
be modified."
At C:\Program Files\WindowsPowerShell\Modules\OpenSSHUtils\0.0.2.0\OpenSSHUtils.psm1:490 char:20
+ if(-not ($acl.RemoveAccessRule($ace)))
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [], MethodInvocationException
+ FullyQualifiedErrorId : InvalidOperationException
'NT SERVICE\sshd' needs Read access to '.\authorized_keys'.
Shall I make the above change?
[Y] Yes [A] Yes to All [N] No [L] No to All [S] Suspend [?] Help (default is "Y"):
Exception calling "AddAccessRule" with "1" argument(s): "This access control list is not in canonical form and therefore cannot be
modified."
At C:\Program Files\WindowsPowerShell\Modules\OpenSSHUtils\0.0.2.0\OpenSSHUtils.psm1:564 char:21
+ $acl.AddAccessRule($ace)
+ ~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [], MethodInvocationException
+ FullyQualifiedErrorId : InvalidOperationException
'NT SERVICE\sshd' now has Read access to '.\authorized_keys'.
Set-Acl : The process does not possess the 'SeSecurityPrivilege' privilege which is required for this operation.
At C:\Program Files\WindowsPowerShell\Modules\OpenSSHUtils\0.0.2.0\OpenSSHUtils.psm1:582 char:9
+ Set-Acl -Path $FilePath -AclObject $acl -Confirm:$false
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : PermissionDenied: (C:\Users\Alden ...authorized_keys:String) [Set-Acl], PrivilegeNotHeldException
+ FullyQualifiedErrorId : System.Security.AccessControl.PrivilegeNotHeldException,Microsoft.PowerShell.Commands.SetAclCommand
Repaired permissions
为了修复非规范的 ACL,我尝试了:
icacls.exe .\authorized_keys /reset /T /C /L /Q
...但随后重新运行 Repair-AuthorizedKeyPermission 并没有带来任何乐趣。
我究竟做错了什么?0.0.2.0\OpenSSHUtils.psm1 是否已过时?
为了完整起见,以下是适用于管理员帐户的内容:
get-acl c:\ProgramData\ssh\ssh_host_dsa_key | set-acl c:\ProgramData\ssh\administrators_authorized_keys
谢谢!
小智 10
对我来说解决这个问题的是comment out文件末尾的这两行C:\ProgramData\ssh\sshd_config:
Match Group administrators
AuthorizedKeysFile __PROGRAMDATA__/ssh/administrators_authorized_keys
然后重新启动sshd。之后(并将 pub 密钥添加到 ~/.ssh/authorized_keys 并确保该文件具有正确的权限)我不再提示输入密码。
对非管理员帐户进行无密码身份验证的一种方法如下所述: https: //www.techpaste.com/2015/06/windows-ssh-server-setup-and-configuration/
简而言之,将它们放入您的 中sshd_config,根据需要取消注释预先存在的条目,可以在下面找到c:\ProgramData\ssh\
PermitRootLogin yes
StrictModes no
RSAAuthentication yes
PubkeyAuthentication yes
AuthorizedKeysFile .ssh/authorized_keys
IgnoreUserKnownHosts yes
然后net stop sshd和net start sshd。
这可能意味着计算机上的每个人都可以读取您的authorized_keys,但至少它可以工作。
| 归档时间: |
|
| 查看次数: |
4264 次 |
| 最近记录: |