1
adoal 2022-11-24 01:46:42 +08:00 via iPhone
看看 Mac 服务器端的日志
|
2
crab 2022-11-24 01:54:26 +08:00
试下是不是这个原因
ssh-add --apple-use-keychain ~/.ssh/[your-private-key] |
3
youthfire OP |
4
dingwen07 2022-11-24 03:22:56 +08:00 via iPhone
确认远程 Mac 的 SSH 设置是否允许该用户登录(在共享里面),默认是只允许管理员通过 SSH 登录的
|
5
yaoyao1128 2022-11-24 06:31:00 +08:00 via iPhone
看 sshd 的啰嗦模式信息
|
6
hawhaw 2022-11-24 07:31:43 +08:00 via Android
在 server 端用 -p 参数另外指定一个新端口再开一个 sshd ,注意加上调试参数(具体是啥要查下,我忘了),然后客户端再连这个新的 sshd 。
再在服务端应该能看到详细的日志,里面肯定有报错信息,见招拆招吧 |
7
churchmice 2022-11-24 08:14:24 +08:00 via Android
确认 ubuntu 和远端 mac 的.ssh 文件夹内容都是一样的?
|
8
churchmice 2022-11-24 08:21:04 +08:00
另外 debug 信息要多点,多加点-v
ssh -vvvvvvv 这种 |
9
ETiV 2022-11-24 08:29:42 +08:00 via iPhone
再仔细检查一下对端 authorized_keys 有没有漏输入什么的,我时常 vim 粘贴前忘了按下 i ,就会丢掉第一个 s ,贴进去的就是 sh-rsa xxxxx…
|
10
xinge666 2022-11-24 08:56:05 +08:00 via iPhone
22.04 的 sshd 是 8.9 版本,而 8.8 以后不再禁用 RSA 算法了,换 ed25519 试试
|
11
PbCopy111 2022-11-24 08:58:47 +08:00
第一步,生成密钥的时候使用 ssh-keygen -t ed25519 这个命令试试看,如果成功了,自己查吧。
|
12
youthfire OP |
13
ETiV 2022-11-24 10:49:59 +08:00 via iPhone
看来是真的不懂😂
你直接 cp 会把原来的 keys 覆盖掉的,不知道你备份了没有… 应该 cat key.pub >> ~/.ssh/authorized_keys |
14
npe 2022-11-24 10:51:42 +08:00
ssh-copy-id 试试
|
15
youthfire OP @ETiV 你是指 authorized_keys 可以存放多 keys 是么?学习了,好在里面就这一个,以前没配置过。
|
17
ETiV 2022-11-24 12:38:41 +08:00
是的,可以放多个。
你看下 ssh-add -L 会输出你现有的公钥不,这里边的公钥应该出现在远程电脑的 .ssh/authorized_keys 里 然后确认下使用 IP 访问行不行,而不要用 .local 的 hostname 再者,确认下用户名的大小写,Mac 的 GUI 上显示的名字是可以和 HOME 账号名不一样的,你应该用 `basename $HOME` 显示的名字去登 |
18
youthfire OP @ETiV 感谢帮助
ssh-add -L 显示 The agent has no identities. 在远程电脑里,用 vi 查看,可以看到公钥信息已经出现在 authorized_keys 中 ip 访问也是相同的结果,始终会要密码 用 basename $HOME 看了,用户名没问题 额外的调试:(不知道有没有用) 服务器端关闭 remote login(sharing),然后 terminal 运行 /usr/ssh/sshd -d 看了 verbose output 显示: hilary@hilary_s-mbp ~ % /usr/sbin/sshd -d debug1: sshd version OpenSSH_8.6, LibreSSL 3.3.6 debug1: Unable to load host key: /etc/ssh/ssh_host_rsa_key debug1: Unable to load host key: /etc/ssh/ssh_host_ecdsa_key debug1: Unable to load host key: /etc/ssh/ssh_host_ed25519_key sshd: no hostkeys available -- exiting. |
19
ETiV 2022-11-24 15:49:59 +08:00
情况比较复杂 😂
你自己客户端侧的 Mac 上执行一下:ssh-add -K $HOME/.ssh/id_XXX ,把私钥先都加进 keychain 里,再尝试 ssh 连上去。 如果还不行,你 ssh 的时候 用 -i ~/.ssh/id_XXX 指定一个私钥去连。。。 |
20
tudou1514 2022-11-24 16:57:29 +08:00
Mac 终端打开 vim .ssh/config
加上 HostkeyAlgorithms +ssh-rsa PubkeyAcceptedKeyTypes +ssh-rsa 或者 ssh-keygen -t ecdsa -b 521 生成新的密钥对,ed25519 也可 |
21
Andreas8 2022-11-24 17:05:21 +08:00 via iPhone
Mac 要 add -k 我记得
|
22
PbCopy111 2022-11-25 09:43:19 +08:00
你的 mac 电脑,没有开启 key 登录模式。。。。
|
23
youthfire OP |
24
PbCopy111 2022-11-25 12:20:10 +08:00
|
25
youthfire OP @PbCopy111 谢谢指导。我的理解是你指 remote 端 mac 这样改是吧,为防止出错,我两台 mac 都改了。已经 PubkeyAuthentication yes 。 没有添加 RSAAuthentication yes ,因为用的 ed25519 。然后 remote login off, remote login on (相当于重启了 hhd),目前还是没效果。
tim@timmac ~ % ssh -Tvv [email protected] OpenSSH_8.6p1, LibreSSL 3.3.6 debug1: Reading configuration data /etc/ssh/ssh_config debug1: /etc/ssh/ssh_config line 21: include /etc/ssh/ssh_config.d/* matched no files debug1: /etc/ssh/ssh_config line 54: Applying options for * debug1: Authenticator provider $SSH_SK_PROVIDER did not resolve; disabling debug1: Connecting to hilarymac.local port 22. debug1: Connection established. debug1: identity file /Users/tim/.ssh/id_rsa type -1 debug1: identity file /Users/tim/.ssh/id_rsa-cert type -1 debug1: identity file /Users/tim/.ssh/id_dsa type -1 debug1: identity file /Users/tim/.ssh/id_dsa-cert type -1 debug1: identity file /Users/tim/.ssh/id_ecdsa type -1 debug1: identity file /Users/tim/.ssh/id_ecdsa-cert type -1 debug1: identity file /Users/tim/.ssh/id_ecdsa_sk type -1 debug1: identity file /Users/tim/.ssh/id_ecdsa_sk-cert type -1 debug1: identity file /Users/tim/.ssh/id_ed25519 type 3 debug1: identity file /Users/tim/.ssh/id_ed25519-cert type -1 debug1: identity file /Users/tim/.ssh/id_ed25519_sk type -1 debug1: identity file /Users/tim/.ssh/id_ed25519_sk-cert type -1 debug1: identity file /Users/tim/.ssh/id_xmss type -1 debug1: identity file /Users/tim/.ssh/id_xmss-cert type -1 debug1: Local version string SSH-2.0-OpenSSH_8.6 debug1: Remote protocol version 2.0, remote software version OpenSSH_8.6 debug1: compat_banner: match: OpenSSH_8.6 pat OpenSSH* compat 0x04000000 debug1: Authenticating to hilarymac.local:22 as 'hilary' debug1: load_hostkeys: fopen /Users/tim/.ssh/known_hosts2: No such file or directory debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts: No such file or directory debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts2: No such file or directory debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug2: local client KEXINIT proposal debug2: KEX algorithms: curve25519-sha256,[email protected],ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,ext-info-c debug2: host key algorithms: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],ssh-ed25519,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,[email protected],[email protected],rsa-sha2-512,rsa-sha2-256,ssh-rsa debug2: ciphers ctos: [email protected],aes128-ctr,aes192-ctr,aes256-ctr,[email protected],[email protected] debug2: ciphers stoc: [email protected],aes128-ctr,aes192-ctr,aes256-ctr,[email protected],[email protected] debug2: MACs ctos: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-sha1 debug2: MACs stoc: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-sha1 debug2: compression ctos: none,[email protected],zlib debug2: compression stoc: none,[email protected],zlib debug2: languages ctos: debug2: languages stoc: debug2: first_kex_follows 0 debug2: reserved 0 debug2: peer server KEXINIT proposal debug2: KEX algorithms: curve25519-sha256,[email protected],ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256 debug2: host key algorithms: rsa-sha2-512,rsa-sha2-256,ssh-rsa,ecdsa-sha2-nistp256,ssh-ed25519 debug2: ciphers ctos: [email protected],aes128-ctr,aes192-ctr,aes256-ctr,[email protected],[email protected] debug2: ciphers stoc: [email protected],aes128-ctr,aes192-ctr,aes256-ctr,[email protected],[email protected] debug2: MACs ctos: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-sha1 debug2: MACs stoc: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-sha1 debug2: compression ctos: none,[email protected] debug2: compression stoc: none,[email protected] debug2: languages ctos: debug2: languages stoc: debug2: first_kex_follows 0 debug2: reserved 0 debug1: kex: algorithm: curve25519-sha256 debug1: kex: host key algorithm: ssh-ed25519 debug1: kex: server->client cipher: [email protected] MAC: <implicit> compression: none debug1: kex: client->server cipher: [email protected] MAC: <implicit> compression: none debug1: expecting SSH2_MSG_KEX_ECDH_REPLY debug1: SSH2_MSG_KEX_ECDH_REPLY received debug1: Server host key: ssh-ed25519 SHA256:xECOJFQQ3Rwk4Xg9QeD3yGZTE7ud71XhuBHGG/X0KPQ debug1: load_hostkeys: fopen /Users/tim/.ssh/known_hosts2: No such file or directory debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts: No such file or directory debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts2: No such file or directory debug1: Host 'hilarymac.local' is known and matches the ED25519 host key. debug1: Found key in /Users/tim/.ssh/known_hosts:12 debug2: set_newkeys: mode 1 debug1: rekey out after 134217728 blocks debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug1: SSH2_MSG_NEWKEYS received debug2: set_newkeys: mode 0 debug1: rekey in after 134217728 blocks debug1: Will attempt key: /Users/tim/.ssh/id_rsa debug1: Will attempt key: /Users/tim/.ssh/id_dsa debug1: Will attempt key: /Users/tim/.ssh/id_ecdsa debug1: Will attempt key: /Users/tim/.ssh/id_ecdsa_sk debug1: Will attempt key: /Users/tim/.ssh/id_ed25519 ED25519 SHA256:wJbU+P+mASkQNm/g1cd+a8vRc/81sULbFgqzk7buPj8 debug1: Will attempt key: /Users/tim/.ssh/id_ed25519_sk debug1: Will attempt key: /Users/tim/.ssh/id_xmss debug2: pubkey_prepare: done debug1: SSH2_MSG_EXT_INFO received debug1: kex_input_ext_info: server-sig-algs=<ssh-ed25519,[email protected],ssh-rsa,rsa-sha2-256,rsa-sha2-512,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,[email protected],[email protected]> debug2: service_accept: ssh-userauth debug1: SSH2_MSG_SERVICE_ACCEPT received debug1: Authentications that can continue: publickey,password,keyboard-interactive debug1: Next authentication method: publickey debug1: Trying private key: /Users/tim/.ssh/id_rsa debug1: Trying private key: /Users/tim/.ssh/id_dsa debug1: Trying private key: /Users/tim/.ssh/id_ecdsa debug1: Trying private key: /Users/tim/.ssh/id_ecdsa_sk debug1: Offering public key: /Users/tim/.ssh/id_ed25519 ED25519 SHA256:wJbU+P+mASkQNm/g1cd+a8vRc/81sULbFgqzk7buPj8 debug2: we sent a publickey packet, wait for reply debug1: Authentications that can continue: publickey,password,keyboard-interactive debug1: Trying private key: /Users/tim/.ssh/id_ed25519_sk debug1: Trying private key: /Users/tim/.ssh/id_xmss debug2: we did not send a packet, disable method debug1: Next authentication method: keyboard-interactive debug2: userauth_kbdint debug2: we sent a keyboard-interactive packet, wait for reply debug2: input_userauth_info_req: entering debug2: input_userauth_info_req: num_prompts 1 ([email protected]) Password: |
26
ETiV 2022-11-25 18:58:49 +08:00
还没解决呐 😂
|
27
emmitt 2022-11-25 22:26:20 +08:00
先看 sshd 日志,再检查 key 权限
|
28
youthfire OP @ETiV 上面大家提到的,但凡认知范围内,能操作的都操作了,剩下的就是没有看服务器端日志,主要是我不清楚怎么看是正确的,又怕大家觉得我伸手党,搜了大半天,进展慢。
google 到的资料有说看 var/log/system.log ,我看了就 2 行,如下。似乎并没有什么帮助 Nov 25 23:42:10 hilary_s-mbp sshd: hilary [priv][7893]: USER_PROCESS: 7896 ttys000 Nov 25 23:42:14 hilary_s-mbp sshd: hilary [priv][7893]: DEAD_PROCESS: 7896 ttys000 也有说去 /etc/ssh/sshd_config 打开 LogLevel VERBOSE 。 我打开 sshd_config 并没有发现 LogLevel 字眼。是直接添加“LogLevel VERBOSE” 吗?然后去哪里看,system.log 吗?毫无概念 同时也有说,用 ssh -Tvv ,确实如 25 楼结果,显示了更详细的 debug2 。特意去查了“we did not send a packet, disable method”,如 23 楼时所示,无所收获 看了 2 天,基本把可能造成的十来种可能性都看了,又感觉都是 linux 解决方案,而我的 ubuntu remote 机上本身就很顺利。感觉 mac 作为 remote 是一个另类,当然主要还是我的知识有限。 |
29
dzdh 2022-11-28 09:31:17 +08:00
服务端把 sshd 停掉
手动 /sbin/sshd -D 看日志 |
30
Mmahaha 76 天前
同样的问题,怎么改配置重启都不行,楼主最后解决了吗?
|