gpt4 book ai didi

authentication - 为什么我无法连接到 ssh 反向隧道?

转载 作者:行者123 更新时间:2023-12-04 13:02:34 24 4
gpt4 key购买 nike

我正在使用 autossh -M 20000 -fN -R 19999:localhost:22 -i mycert.pem ubuntu@myaws.hopto.org建立到我的 aws 机器的反向隧道。现在,当我尝试从 aws 访问机器时,我得到以下信息:

$ ssh ron@localhost -P 19999
Permission denied (publickey).

为什么会这样?详细选项显示:
$ ssh ron@localhost -v -P 19999
OpenSSH_7.2p2 Ubuntu-4ubuntu2.4, OpenSSL 1.0.2g 1 Mar 2016
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug1: Connecting to localhost [127.0.0.1] port 22.
debug1: Connection established.
debug1: key_load_public: No such file or directory
debug1: identity file /home/ubuntu/.ssh/id_rsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/ubuntu/.ssh/id_rsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/ubuntu/.ssh/id_dsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/ubuntu/.ssh/id_dsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/ubuntu/.ssh/id_ecdsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/ubuntu/.ssh/id_ecdsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/ubuntu/.ssh/id_ed25519 type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/ubuntu/.ssh/id_ed25519-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_7.2p2 Ubuntu-4ubuntu2.4
debug1: Remote protocol version 2.0, remote software version OpenSSH_7.2p2 Ubuntu-4ubuntu2.4
debug1: match: OpenSSH_7.2p2 Ubuntu-4ubuntu2.4 pat OpenSSH* compat 0x04000000
debug1: Authenticating to localhost:22 as 'ron'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: curve25519-sha256@libssh.org
debug1: kex: host key algorithm: ecdsa-sha2-nistp256
debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:kT8pM3YwDEYqE+CFzyWQDiSVCLhgMjPLWBJXYPl1BZs
debug1: Host 'localhost' is known and matches the ECDSA host key.
debug1: Found key in /home/ubuntu/.ssh/known_hosts:5
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<rsa-sha2-256,rsa-sha2-512>
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Trying private key: /home/ubuntu/.ssh/id_rsa
debug1: Trying private key: /home/ubuntu/.ssh/id_dsa
debug1: Trying private key: /home/ubuntu/.ssh/id_ecdsa
debug1: Trying private key: /home/ubuntu/.ssh/id_ed25519
debug1: No more authentication methods to try.
Permission denied (publickey).

这里发生了什么事?为什么它不让我连接?

编辑1

当我使用 autossh -M 20000 -R 19999:localhost:22 -i mycert.pem 时,我发现了这一点,我实际上可以很好地建立连接,但目标机器将保持登录状态,这不是我想要的!为什么会 -fN导致这不起作用?

最佳答案

我也为此苦苦挣扎了一段时间。我的回答可能是非常基本的一个典型的初学者错误,可能不是你的答案,但我会在这里发布,以防其他人遇到问题,这对他们有帮助:

您尝试将 ssh 反向的机器的公钥需要存在于您本地机器上的 authorized_keys 文件中。

反向 SSH 连接到本地端口,这实际上是您自己的本地机器,因此它将在您的本地机器上寻找不存在的authorized_keys 文件中的公钥。很容易与此混淆,因为您使用“localhost”作为地址,但想象一下,您正在某个随机端口打开一个进入远程位置的门户,然后作为该远程用户从该位置进行连接到您创建的端口。当它连接到端口时,它仍然需要通过端口请求许可才能向下发送命令。由于它是进入您家的门户,因此它会在那里寻找 key 。如果端口的另一端没有 key ,它将无法工作。

ELI5风格:

你想让另一个世界向你发送东西,但他们不能,因为你在一个 secret 地点,所以你把一个红色的端口和一个蓝色的端口送到另一个世界。

你跳过红色端口,但另一端的人不知道蓝色端口在哪里,所以你必须告诉他们蓝色端口在哪里。他们试图通过港口但无法进入,因为您尚未授权他们过来,而且今天没有安全措施。

所以你让他们在那里制作一张 key 卡,然后把它带回你自己的世界,告诉你自己的保安“这张 key 卡很好,让他们进来”。

现在你可以再回去,告诉他们敲门。这一次保安看到这些是 friend ,他们就被放了进去。

所以:

localuser@localmachine:~$ ssh -r <remote port>:localhost:localport remoteuser@remoteaddress
remoteuser@remoteaddress:~$ ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/home/$USER/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/$USER/.ssh/id_rsa.
Your public key has been saved in /home/$USER/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:sadfhjkljashdlkfjahw039ufrg094ut remoteuser@remotemachine
The key's randomart image is:
+---[RSA 2048]----+
|=+ +. ..+ o . |
|o ofake art. . |
|asdfghjk |
|+ . .o. . + . |
|.+R . fx s ++ o |
|B + .. . . |
|=+ +.. . . |
|..o .. 0. 0. |
| + o ++ ==o|
+----[SHA256]-----+
remoteuser@remoteaddress:~$ clip ./ssh/id_rsa.pub (or copy it however you can)
remoteuser@remoteaddress:~$ exit
localuser@localmachine:~$ nano/vi/whatever .ssh/authorized_keys (paste the public key there)
localuser@localmachine:~$ ssh -r <remote port>:localhost:localport remoteuser@remoteaddress
remoteuser@remoteaddress:~$ ssh localhost -p <remote port>

同样,这主要适用于那些使用反向 ssh 并且遇到“公钥”错误的新手。我希望我有所帮助!

关于authentication - 为什么我无法连接到 ssh 反向隧道?,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/52127775/

24 4 0
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com