现在是2025年,为了连接一台古老的debian8(jessie),我尝试了常规的方式,但始终有一些问题,ssh连接时,publickey验证总是失效,不得不输入密码才能登陆
我在.ssh目录的config文件中,配置了ssh登陆信息:
Host debian8
HostName 192.168.2.210
User root
Port 22
IdentityFile ~/.ssh/id_rsa但是登录时总是要求输入密码,加了`-v`参数后,发现错误信息如下:
➜ ~ ssh debian8 -v
debug1: OpenSSH_10.0p2, LibreSSL 3.3.6
debug1: Reading configuration data /Users/yanhang/.ssh/config
debug1: Reading configuration data /Users/yanhang/.colima/ssh_config
debug1: /Users/yanhang/.ssh/config line 11: Applying options for debian8
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Reading configuration data /etc/ssh/ssh_config.d/100-macos.conf
debug1: /etc/ssh/ssh_config.d/100-macos.conf line 1: Applying options for *
1 config + X
debug1: Reading configuration data /etc/ssh/crypto.conf
debug1: Authenticator provider $SSH_SK_PROVIDER did not resolve; disabling
debug1: Connecting to 192.168.2.210 [192.168.2.210] port 22.
debug1: Connection established.
debug1: identity file /Users/yanhang/.ssh/id_rsa type 0
debug1: identity file /Users/yanhang/.ssh/id_rsa-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_10.0
debug1: Remote protocol version 2.0, remote software version OpenSSH_6.7p1 Debian-5+deb8u10
debug1: compat_banner: match: OpenSSH_6.7p1 Debian-5+deb8u10 pat OpenSSH* compat 0x04000000
debug1: Authenticating to 192.168.2.210:22 as 'root'
debug1: load_hostkeys: fopen /Users/yanhang/.ssh/known_hosts2: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts2: No such file or directory
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: ecdh-sha2-nistp256
debug1: kex: host key algorithm: ssh-ed25519
debug1: kex: server->client cipher: aes128-gcm@openssh.com MAC: <implicit> compression: none
debug1: kex: client->server cipher: aes128-gcm@openssh.com MAC: <implicit> compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: SSH2_MSG_KEX_ECDH_REPLY received
debug1: Server host key: ssh-ed25519 SHA256:iw9w6OFC17yohOM63/5/2n1NEYAL2hSAkOY44iVRpcw
debug1: load_hostkeys: fopen /Users/yanhang/.ssh/known_hosts2: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts2: No such file or directory
debug1: Host '192.168.2.210' is known and matches the ED25519 host key.
debug1: Found key in /Users/yanhang/.ssh/known_hosts:192
debug1: rekey out after 4294967296 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey in after 4294967296 blocks
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: get_agent_identities: bound agent to hostkey
debug1: get_agent_identities: ssh_fetch_identitylist: agent contains no identities
debug1: Will attempt key: /Users/yanhang/.ssh/id_rsa RSA SHA256:lUxFX3DQOrLe+md1AmqgTPIKDtRH2P3yVwbAbsIJp2U explicit
debug1: Offering public key: /Users/yanhang/.ssh/id_rsa RSA SHA256:lUxFX3DQOrLe+md1AmqgTPIKDtRH2P3yVwbAbsIJp2U explicit
debug1: send_pubkey_test: no mutual signature algorithm
debug1: Next authentication method: password
root@192.168.2.210's password:原来是客户端的问题,加密算法被废弃了,搜了下,发现可以这样解决:
在客户端的config文件中,针对debian8的设置里,增加这样两行:
PubkeyAcceptedKeyTypes=+ssh-rsa
HostKeyAlgorithms=+ssh-rsa完整的ssh配置如下:
Host debian8
HostName 192.168.2.210
User root
Port 22
PubkeyAcceptedKeyTypes=+ssh-rsa
HostKeyAlgorithms=+ssh-rsa
IdentityFile ~/.ssh/id_rsa这样,在ssh连接时,就可以使用publickey验证,无需输入密码了,此时可以关闭密码登陆,提升安全性
