当连接到一个新的/未知的服务器(使用最近的 OpenSSH)时,例如:
ssh example.com
您将获得如下指纹:
The authenticity of host 'example.org (192.0.2.42)' can't be established.
RSA key fingerprint is SHA256:7KMZvJiITZ+HbOyqjNPV5AeC5As2GSZES5baxy1NIe4.
Are you sure you want to continue connecting (yes/no)?
但是,通常以这种形式为服务器提供指纹:
f6:fc:1c:03:17:5f:67:4f:1f:0b:50:5a:9f:f9:30:e5
如何检查真实性(不打扰服务器管理员提供 SHA256 指纹)?
我的服务器最近停止向我提供基于公钥的身份验证。我尝试使用 RSA 公钥登录,但只得到:
\n$ ssh -v <server>\nOpenSSH_8.9p1 Ubuntu-3ubuntu0.1, OpenSSL 3.0.2 15 Mar 2022\ndebug1: Reading configuration data /home/user/.ssh/config\ndebug1: /home/user/.ssh/config line 33: Applying options for <server>\ndebug1: Reading configuration data /etc/ssh/ssh_config\ndebug1: /etc/ssh/ssh_config line 19: include /etc/ssh/ssh_config.d/*.conf matched no files\ndebug1: /etc/ssh/ssh_config line 21: Applying options for *\ndebug1: Connecting to <server> [<ip>] port 22.\ndebug1: Connection established.\ndebug1: identity file /home/user/.ssh/id_rsa type 0\ndebug1: identity file /home/user/.ssh/id_rsa-cert type -1\ndebug1: Local version string SSH-2.0-OpenSSH_8.9p1 Ubuntu-3ubuntu0.1\ndebug1: Remote protocol version 2.0, remote software version OpenSSH_6.7p1 Debian-5+deb8u1\ndebug1: compat_banner: match: OpenSSH_6.7p1 Debian-5+deb8u1 …我有很多服务器,我已经为其正确生成了密钥、设置了权限并且能够在没有密码的情况下进行 ssh/scp。然而,有一台机器有点不同,我认为我已经找到了不同之处。
不同之处在于,在没有密码的情况下我无法连接的机器上,ssh 正在接受密钥:
debug1: Server accepts key: pkalg ssh-rsa blen 279
和我的所有其他机器都接受:
debug1: Server accepts key: pkalg rsa-sha2-512 blen 279
在创建 ssh 密钥时,我总是设置参数“-t rsa”,但我不确定生成哪种密钥。你能帮我创建 rsa-sha2-512 的 ssh-rsa 密钥吗?最后一件事 - 我无法修改 /etc/ssh/sshd_config 来更改某些内容。
ssh 日志的完整转储如下: 我可以连接到的一个:
OpenSSH_7.4p1, OpenSSL 1.0.2k-fips 26 Jan 2017
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 58: Applying options for *
debug1: Connecting to HOSTNAME [IP] port 22.
debug1: Connection established.
debug1: identity file /SOMEPATH/SOMEDIR/SOMEFOLDER/.ssh/id_rsa type 1
debug1: key_load_public: No such file or directory
debug1: identity …