linux - 如何绕过基于密钥的身份验证,在我通过 vagrant 创建的本地服务器中 ssh?
问题描述
我正在学习 Udacity 的配置 Linux Web 服务器课程。在课程中,讲师首先展示了如何创建服务器并使用密码登录。然后继续并展示如何设置基于密钥的身份验证。
我遵循的步骤:
确保以学生身份登录(服务器中的用户)
mkdir .ssh(在主目录中,这是必须存储所有关键相关文件的特殊目录)
然后在此目录中创建一个名为authorized_keys 的新文件 touch .ssh/authorized_keys 这是另一个特殊文件,它将存储允许该帐户用于身份验证的所有公钥,该文件中每行一个密钥。
回到本地机器读取 linuxCourse.pub (cat /home/tdk/.ssh/linuxCourse.pub) 的内容。复制它们并将其粘贴到服务器中的 .ssh/authorized_keys 文件中。保存。内容是
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCxH+bBaHUsv2ot3zgb1Ya4wJwn29HhiXNFfQP+EfEJCRNW51TDQa0YtbCZquFjF5IVT5eFY03L5UwxMViPhyzbUzLyVdylZvchTmcZi9SR/40sXzPdExwvZPsQieel5iZTOojvfj7lWAQ2gYF6GT0KD7gPv1yxaFQ8KxiHseubbiqCp6CcFc11GpocHLIQWxSnEPS+JN2uWiR/0pnySWHNITqJQNX6ko0fYdJYU8G0+QNWFZm0y59k4GFCH/s+yFP/PraqwfqP/M1goxgwTt5sW0IkiHxMcW1ALLDhjjPZrYeaU9Nn5nzZSuvBoDp6+NOu88AsKnPSDaWIJIM0FGBfp10WOVZU7IWmQRejyJOdKZ07C4mhneAb5FR89PvG4suB/DO0PBW9ZO8/Ai+4ipedZdChkDuhtVT2hYWVznEJz/AiA681kXc2ng5iEEbJSAVavPPjCnV5YqbihvK9+YDfp2BIrIhA2NbrPmD6Eue0MPTPlbMWVgXGyIqur6raMk0= usr@usr-machine-name
我们需要做的最后一件事是在 authorized_key 文件和 SSH 目录上设置一些特定的文件权限。这是 ssh 强制执行的一项安全措施,以确保其他用户无法访问您的帐户。我们通过
chmod 700 .ssh(在 ssh 目录上)和chmod 644 .ssh/authorized_keys(在文件上)这样做现在登录
ssh student@127.0.0.1 -p 2222 -i ~/.ssh/linuxCourse
设置后我仍然可以通过密码登录,所以我编辑了 sudo nano /etc/ssh/sshd_config
sudo nano /etc/ssh/sshd_config
并将密码验证从是更改为否。之后重新启动 ssh 服务
sudo service ssh restart
之后,我尝试 ssh 进入服务器,但出现错误
$ ssh vagrant@127.0.0.1 -p 2222 -i ~/.ssh/linuxCourse
vagrant@127.0.0.1: Permission denied (publickey).
我在输出之后尝试了 vagrant ssh-config git
$ vagrant ssh-config
The provider for this Vagrant-managed machine is reporting that it
is not yet ready for SSH. Depending on your provider this can carry
different meanings. Make sure your machine is created and running and
try again. Additionally, check the output of `vagrant status` to verify
that the machine is in the state that you expect. If you continue to
get this error message, please view the documentation for the provider
you're using.
流浪者状态给出以下
$ vagrant status
Current machine states:
default poweroff (virtualbox)
The VM is powered off. To restart the VM, simply run `vagrant up`
vagrant up 给出以下错误
$ vagrant up
Bringing machine 'default' up with 'virtualbox' provider...
==> default: Checking if box 'ubuntu/trusty64' version '20190514.0.0' is up to date...
==> default: Clearing any previously set forwarded ports...
==> default: Fixed port collision for 22 => 2222. Now on port 2200.
==> default: Clearing any previously set network interfaces...
==> default: Preparing network interfaces based on configuration...
default: Adapter 1: nat
==> default: Forwarding ports...
default: 22 (guest) => 2200 (host) (adapter 1)
==> default: Booting VM...
There was an error while executing `VBoxManage`, a CLI used by Vagrant
for controlling VirtualBox. The command and stderr is shown below.
Command: ["startvm", "5345b2d8-c7af-472c-a343-b02076f47910", "--type", "headless"]
Stderr: VBoxManage: error: Incompatible configuration requested. (VERR_INCOMPATIBLE_CONFIG)
VBoxManage: error: Details: code NS_ERROR_FAILURE (0x80004005), component ConsoleWrap, interface IConsole
尝试调试得到以下响应:
$ sudo ssh student@127.0.0.1 -p 2222 -i ~/.ssh/linuxCourse -vvv
[sudo] password for tdk:
OpenSSH_8.2p1 Ubuntu-4ubuntu0.3, OpenSSL 1.1.1f 31 Mar 2020
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: include /etc/ssh/ssh_config.d/*.conf matched no files
debug1: /etc/ssh/ssh_config line 21: Applying options for *
debug2: resolve_canonicalize: hostname 127.0.0.1 is address
debug2: ssh_connect_direct
debug1: Connecting to 127.0.0.1 [127.0.0.1] port 2222.
debug1: Connection established.
debug1: identity file /home/tdk/.ssh/linuxCourse type 0
debug1: identity file /home/tdk/.ssh/linuxCourse-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_8.2p1 Ubuntu-4ubuntu0.3
debug1: Remote protocol version 2.0, remote software version OpenSSH_6.6.1p1 Ubuntu-2ubuntu2.13
debug1: match: OpenSSH_6.6.1p1 Ubuntu-2ubuntu2.13 pat OpenSSH_6.6.1* compat 0x04000002
debug2: fd 3 setting O_NONBLOCK
debug1: Authenticating to 127.0.0.1:2222 as 'student'
debug3: put_host_port: [127.0.0.1]:2222
debug3: hostkeys_foreach: reading file "/root/.ssh/known_hosts"
debug3: record_hostkey: found key type ECDSA in file /root/.ssh/known_hosts:1
debug3: load_hostkeys: loaded 1 keys from [127.0.0.1]:2222
debug3: order_hostkeyalgs: prefer hostkeyalgs: ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521
debug3: send packet: type 20
debug1: SSH2_MSG_KEXINIT sent
debug3: receive packet: type 20
debug1: SSH2_MSG_KEXINIT received
debug2: local client KEXINIT proposal
debug2: KEX algorithms: curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,ext-info-c
debug2: host key algorithms: ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,ssh-ed25519-cert-v01@openssh.com,sk-ssh-ed25519-cert-v01@openssh.com,rsa-sha2-512-cert-v01@openssh.com,rsa-sha2-256-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,sk-ecdsa-sha2-nistp256@openssh.com,ssh-ed25519,sk-ssh-ed25519@openssh.com,rsa-sha2-512,rsa-sha2-256,ssh-rsa
debug2: ciphers ctos: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
debug2: ciphers stoc: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
debug2: MACs ctos: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: MACs stoc: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: compression ctos: none,zlib@openssh.com,zlib
debug2: compression stoc: none,zlib@openssh.com,zlib
debug2: languages ctos:
debug2: languages stoc:
debug2: first_kex_follows 0
debug2: reserved 0
debug2: peer server KEXINIT proposal
debug2: KEX algorithms: curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: host key algorithms: ssh-rsa,ssh-dss,ecdsa-sha2-nistp256,ssh-ed25519
debug2: ciphers ctos: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: ciphers stoc: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: MACs ctos: hmac-md5-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-ripemd160-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,hmac-md5,hmac-sha1,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: MACs stoc: hmac-md5-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-ripemd160-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,hmac-md5,hmac-sha1,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: compression ctos: none,zlib@openssh.com
debug2: compression stoc: none,zlib@openssh.com
debug2: languages ctos:
debug2: languages stoc:
debug2: first_kex_follows 0
debug2: reserved 0
debug1: kex: algorithm: curve25519-sha256@libssh.org
debug1: kex: host key algorithm: ecdsa-sha2-nistp256
debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug3: send packet: type 30
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug3: receive packet: type 31
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:KakFoo+OYhTntz0n1KPTlKcCsCblomPAHw/7ue1dX0U
debug3: put_host_port: [127.0.0.1]:2222
debug3: put_host_port: [127.0.0.1]:2222
debug3: hostkeys_foreach: reading file "/root/.ssh/known_hosts"
debug3: record_hostkey: found key type ECDSA in file /root/.ssh/known_hosts:1
debug3: load_hostkeys: loaded 1 keys from [127.0.0.1]:2222
debug1: Host '[127.0.0.1]:2222' is known and matches the ECDSA host key.
debug1: Found key in /root/.ssh/known_hosts:1
debug3: send packet: type 21
debug2: set_newkeys: mode 1
debug1: rekey out after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug3: receive packet: type 21
debug1: SSH2_MSG_NEWKEYS received
debug2: set_newkeys: mode 0
debug1: rekey in after 134217728 blocks
debug1: Will attempt key: /home/tdk/.ssh/linuxCourse RSA SHA256:fae0R+3lMwmQFidjwzP//1Zc0CNaaMwJxy+EG+wBOtE explicit
debug2: pubkey_prepare: done
debug3: send packet: type 5
debug3: receive packet: type 6
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug3: send packet: type 50
debug3: receive packet: type 51
debug1: Authentications that can continue: publickey
debug3: start over, passed a different list publickey
debug3: preferred gssapi-with-mic,publickey,keyboard-interactive,password
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Offering public key: /home/tdk/.ssh/linuxCourse RSA SHA256:fae0R+3lMwmQFidjwzP//1Zc0CNaaMwJxy+EG+wBOtE explicit
debug3: send packet: type 50
debug2: we sent a publickey packet, wait for reply
debug3: receive packet: type 51
debug1: Authentications that can continue: publickey
debug2: we did not send a packet, disable method
debug1: No more authentication methods to try.
student@127.0.0.1: Permission denied (publickey).
检查身份验证日志给出以下结果:
tail -f /var/log/auth.log
Sep 14 13:39:11 replacedwithfake sudo: fakeusername : TTY=pts/0 ; PWD=/home/fakeusername/codes/courses/configuring_linux_webservers ; USER=root ; COMMAND=/usr/bin/ssh student@127.0.0.1 -p 2222 -i /home/fakeusername/.ssh/linuxCourse
Sep 14 13:39:11 replacedwithfake sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Sep 14 13:39:11 replacedwithfake sudo: pam_unix(sudo:session): session closed for user root
我尝试使用 root 和创建服务器的用户进行 ssh。没有任何效果。我已经检查了解决此问题的所有方法,所有方法都涉及登录服务器然后修复它。bt 我无法登录。
我相信唯一的解决方案是在没有密钥的情况下 ssh 到本地服务器。我怎样才能做到这一点?或者我还有什么可以做的吗?
解决方案
推荐阅读
- swift - Swift 5.5 从 Data 转换为 Int16 (或任何 Int 类型)
- flutter - 将小部件内的图标名称传递给变量
- powerbi - DAX 如何获得百分比
- php - 尝试使用 fsockopen() 在 linux 中打开与 USB 设备的套接字连接
- xamarin.android - ASP.Net 核心 API 不适用于 xamarin android
- ruby-on-rails - 尝试在 Rails 上启动 ruby 时出错
- r - 从已知矩阵构建块对角矩阵
- python - 在Python中读写文件时如何在不同的操作系统上获得相同的路径?
- github - 每个拉取请求是否创建一个单独的远程分支?
- java - 如何避免推土机在 Spring Boot Java 应用程序中映射空白字符串?