我的同事和我一直试图让我的macbook到ssh到我们的AWS生产服务器没有运气,这确实工作了几个月前,但当我们昨天去做-我们不断得到以下错误信息。
(我已在以下所有部分中将我的用户名和主机名替换为占位符)
$ ssh titan-data
Load key "/Users/aronlilland/.ssh/id_rsa.pub": invalid format
user@my_ip_address: Permission denied (publickey).
相关配置文件数据
<!-- config file -->
Host titan-data
HostName my_ip_address
User user
IdentityFile ~/.ssh/id_rsa.pub
AddKeysToAgent yes
我已经经历了每一个可以想象的步骤,让它再次工作,这些是我按顺序做的以下步骤:
步骤1)确保.pub文件已添加到服务器上
这个步骤被重复了几次,我重新生成了我的.pub文件4次,通过这个过程的消除。2错误似乎是一些本地虽然,而不是从服务器的东西,有人将需要纠正我,如果我错了。
步骤2)已检查以下文件夹和文件是否具有正确的权限
drwx------ 6 aronlilland staff 192B Jan 18 09:41 .ssh/
drwx------ 6 aronlilland staff 192B Jan 18 09:41 ./
drwxr-xr-x+ 104 aronlilland staff 3.3K Jan 16 16:09 ../
-rw-r--r-- 1 aronlilland staff 114B Jan 18 09:37 config
-rw------- 1 aronlilland staff 1.7K Jan 18 09:41 id_rsa
-r--------@ 1 aronlilland staff 414B Jan 18 09:41 id_rsa.pub
-rw-r--r-- 1 aronlilland staff 4.6K Jan 18 09:48 known_hosts
这对修复错误消息没有任何影响。
步骤3)删除了我的id_rsa文件和id_rsa.pub文件并重新生成了一个新文件,让我的同事将新的.pub文件添加到服务器
- 第一种方法我生成我的密钥
ssh-keygen -t rsa -b 4096 -C "your_email@example.com"
如在github documentation for generating a new SSH key中建议的 - 通过我的同事将新的pub文件添加到服务器,没有工作。仍然得到相同的错误。
- 删除旧的.pub文件后生成的第二种方法是按照joyent manually generating your ssh key on OSX documentation中的建议运行
ssh-keygen -t rsa
- 仍然得到相同的错误
步骤4)使用自制程序升级ssh
这是按照here, by Tim Hilliard列出的文档完成的
第5步)从我的“已知主机”文件中删除IP地址(取吸管)
没有采取任何措施,只是再次确认IP地址。
编辑1)
我最近做了一件事,我记得在安装过程中看到了错误信息,那就是前几天晚上我安装了另一个版本的python,所以我的电脑上安装了两个版本的python,我不确定这是否会导致ssh出现任何问题。
$ python -V
Python 2.7.10
$ python3 -V
Python 3.6.4
$ brew doctor
Please note that these warnings are just used to help the Homebrew maintainers
with debugging if you file an issue. If everything you use Homebrew for is
working fine: please don't worry or file an issue; just ignore this.
Thanks!
Warning: Python is installed at /Library/Frameworks/Python.framework
Homebrew only supports building against the System-provided Python or a
brewed Python. In particular, Pythons installed to /Library can interfere
with other software installs.
编辑2)
将-v
添加到ssh命令,由Alfabravo在注解中建议
aronlilland:.ssh$ ssh titan-data -v
OpenSSH_7.6p1, OpenSSL 1.0.2n 7 Dec 2017
debug1: Reading configuration data /Users/aronlilland/.ssh/config
debug1: /Users/aronlilland/.ssh/config line 1: Applying options for titan-data
debug1: Reading configuration data /usr/local/etc/ssh/ssh_config
debug1: Connecting to my_ip_address [my_ip_address] port 22.
debug1: Connection established.
debug1: identity file /Users/aronlilland/.ssh/id_rsa.pub type 0
debug1: key_load_public: No such file or directory
debug1: identity file /Users/aronlilland/.ssh/id_rsa.pub-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_7.6
debug1: Remote protocol version 2.0, remote software version OpenSSH_7.2p2 Ubuntu-4ubuntu2.2
debug1: match: OpenSSH_7.2p2 Ubuntu-4ubuntu2.2 pat OpenSSH* compat 0x04000000
debug1: Authenticating to my_ip_address:22 as 'user'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: curve25519-sha256@libssh.org
debug1: kex: host key algorithm: ecdsa-sha2-nistp256
debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:2l8QDc7x/fyzshKaU32jj9MeFtMAccu25MZBFNQuStQ
debug1: Host 'my_ip_address' is known and matches the ECDSA host key.
debug1: Found key in /Users/aronlilland/.ssh/known_hosts:19
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<rsa-sha2-256,rsa-sha2-512>
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Offering public key: RSA SHA256:MuOjm+6gAzaxGr/n/If4LVjk/0H5/VT6zvib9/9C7c8 /Users/aronlilland/.ssh/id_rsa.pub
debug1: Server accepts key: pkalg rsa-sha2-512 blen 279
Load key "/Users/aronlilland/.ssh/id_rsa.pub": invalid format
debug1: No more authentication methods to try.
user@my_ip_address: Permission denied (publickey).
aronlilland:.ssh$
编辑3)
已检查.pub文件是否为有效格式
aronlilland:.ssh$ ssh-keygen -l -f id_rsa.pub
2048 SHA256:MuOjm+6gAzaxGr/n/If4LVjk/0H5/VT6zvib9/9C7c8 aronlilland@arons-mbp.cacc.local (RSA)
aronlilland:.ssh$ touch foo.txt
aronlilland:.ssh$ ls
config foo.txt id_rsa id_rsa.pub known_hosts
aronlilland:.ssh$ ssh-keygen -l -f foo.txt
foo.txt is not a public key file.
编辑4)
确认我的id_rsa密钥和id_rsa.pub有效(我砍掉了我的ssh-rsa密钥的结尾,没有理由在网络上包含它)
aronlilland:.ssh$ ssh-keygen -y -f id_rsa
Enter passphrase:
ssh-rsa AAAAB3NzaC1yc2EAAAADAQA .......
确认更新文件权限不会更改访问权限(我尝试了0444、444、0644、644以确保)
aronlilland:.ssh$ chmod 0444 id_rsa.pub
aronlilland:.ssh$ ssh titan-data
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: UNPROTECTED PRIVATE KEY FILE! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Permissions 0444 for '/Users/aronlilland/.ssh/id_rsa.pub' are too open.
It is required that your private key files are NOT accessible by others.
This private key will be ignored.
Load key "/Users/aronlilland/.ssh/id_rsa.pub": bad permissions
user@my_ip_address: Permission denied (publickey).
另一个
aronlilland:.ssh$ chmod 0644 id_rsa.pub
aronlilland:.ssh$ ssh titan-data
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: UNPROTECTED PRIVATE KEY FILE! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Permissions 0644 for '/Users/aronlilland/.ssh/id_rsa.pub' are too open.
It is required that your private key files are NOT accessible by others.
This private key will be ignored.
Load key "/Users/aronlilland/.ssh/id_rsa.pub": bad permissions
user@my_ip_address: Permission denied (publickey).
将其设置回chmod 400 id_rsa.pub
编辑5)
运行-vv
aronlilland:.ssh$ chmod 400 id_rsa.pub
aronlilland:.ssh$ ssh titan-data -vv
OpenSSH_7.6p1, OpenSSL 1.0.2n 7 Dec 2017
debug1: Reading configuration data /Users/aronlilland/.ssh/config
debug1: /Users/aronlilland/.ssh/config line 1: Applying options for titan-data
debug1: Reading configuration data /usr/local/etc/ssh/ssh_config
debug2: resolving "my_ip_address" port 22
debug2: ssh_connect_direct: needpriv 0
debug1: Connecting to my_ip_address [my_ip_address] port 22.
debug1: Connection established.
debug1: identity file /Users/aronlilland/.ssh/id_rsa.pub type 0
debug1: key_load_public: No such file or directory
debug1: identity file /Users/aronlilland/.ssh/id_rsa.pub-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_7.6
debug1: Remote protocol version 2.0, remote software version OpenSSH_7.2p2 Ubuntu-4ubuntu2.2
debug1: match: OpenSSH_7.2p2 Ubuntu-4ubuntu2.2 pat OpenSSH* compat 0x04000000
debug2: fd 3 setting O_NONBLOCK
debug1: Authenticating to my_ip_address:22 as 'user'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: local client KEXINIT proposal
debug2: KEX algorithms: curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c
debug2: host key algorithms: ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa
debug2: ciphers ctos: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
debug2: ciphers stoc: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
debug2: MACs ctos: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: MACs stoc: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: compression ctos: none,zlib@openssh.com,zlib
debug2: compression stoc: none,zlib@openssh.com,zlib
debug2: languages ctos:
debug2: languages stoc:
debug2: first_kex_follows 0
debug2: reserved 0
debug2: peer server KEXINIT proposal
debug2: KEX algorithms: curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1
debug2: host key algorithms: ssh-rsa,rsa-sha2-512,rsa-sha2-256,ecdsa-sha2-nistp256,ssh-ed25519
debug2: ciphers ctos: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
debug2: ciphers stoc: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
debug2: MACs ctos: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: MACs stoc: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: compression ctos: none,zlib@openssh.com
debug2: compression stoc: none,zlib@openssh.com
debug2: languages ctos:
debug2: languages stoc:
debug2: first_kex_follows 0
debug2: reserved 0
debug1: kex: algorithm: curve25519-sha256@libssh.org
debug1: kex: host key algorithm: ecdsa-sha2-nistp256
debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:2l8QDc7x/fyzshKaU32jj9MeFtMAccu25MZBFNQuStQ
debug1: Host 'my_ip_address' is known and matches the ECDSA host key.
debug1: Found key in /Users/aronlilland/.ssh/known_hosts:19
debug2: set_newkeys: mode 1
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug2: set_newkeys: mode 0
debug1: rekey after 134217728 blocks
debug2: key: /Users/aronlilland/.ssh/id_rsa.pub (0x7fe9ff41c510), explicit
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<rsa-sha2-256,rsa-sha2-512>
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Offering public key: RSA SHA256:MuOjm+6gAzaxGr/n/If4LVjk/0H5/VT6zvib9/9C7c8 /Users/aronlilland/.ssh/id_rsa.pub
debug2: we sent a publickey packet, wait for reply
debug1: Server accepts key: pkalg rsa-sha2-512 blen 279
debug2: input_userauth_pk_ok: fp SHA256:MuOjm+6gAzaxGr/n/If4LVjk/0H5/VT6zvib9/9C7c8
Load key "/Users/aronlilland/.ssh/id_rsa.pub": invalid format
debug2: we did not send a packet, disable method
debug1: No more authentication methods to try.
user@my_ip_address: Permission denied (publickey).
7条答案
按热度按时间t40tm48m1#
IdentityFile
配置参数应该指向SSH客户端用来向远程服务器证明其身份的私钥(远程服务器应该将id_rsa.pub
的内容安装在其authorized_keys
文件中,或等效的位置)。您应该将
id_rsa
的路径(而不是id_rsa.pub
)作为~/.ssh/config
中IdentityFile
的参数。eblbsuwk2#
应设置以下权限:
所有者的私钥应为rw,组的私钥应为none,其他私钥应为none:
所有者的公钥应获得rw,组的公钥应获得r,其他公钥应获得r:
ie3xauqp3#
你的错误是在使用
-f
选项和公共密钥名时...你必须生成一个新的密钥,因为你已经发送(和泄露)了你的私有密钥,通过存储在-f .ssh/id_rsa.pub
中默认情况下私钥存储在
.ssh/id_rsa
中,公钥存储在.ssh/id_rsa.pub
中。通过指定.ssh/id_rsa.pub
作为私钥的位置,可能您将在.ssh/id_rsa.pub.pub
中拥有公钥(检查此),但无论如何,您已通过网络发送了私钥,因此它已被泄露,您最好生成一个新的密钥对。下一次,您可以信任为密钥文件名建议的默认设置,或者为密钥文件使用正确的(不带
.pub
扩展名)。bhmjp9jg4#
以下是对我有效的方法。
尝试连接到AWS服务器,我得到这个错误:加载密钥“yourKey.pem”:无效格式,密钥文件内容没有任何错误。
但生成指纹会产生:无法加载密钥<...>:预期:任何私钥...
对我有效的方法是使用带有nano的终端,手动创建一个同名的全新文件
$ sudo nano您的密钥.pem
从原始密钥文件粘贴文本内容并保存。
然后,新密钥的指纹匹配,ssh访问被恢复。
希望这能有所帮助。
evrscar25#
invalid format
错误的人来说,这可能也有帮助,因为它只处理私钥:*当我尝试时,出现了类似的错误
Load key "/root/.ssh/id_rsa": invalid format
这导致了类似
identity file /root/.ssh/id_rsa type -1 invalid format
和read_passphrase: can't open /dev/tty
的错误。正确的方法是使用
该解决方案解释道:我的私钥格式不正确--它不是很多行,而是作为一行程序传递的,并且您可能有任何其他格式问题,例如忘记在开始或结束处使用“-”,或者在行结束处出现错误,例如缺少新行格式或在行结束处使用额外字母。
更多细节请参见Dockerfile: clone repo with passwordless private key. Errors: “authentication agent” or “read_passphrase: can't open /dev/tty”,其主要思想来自Add private key to ssh-agent in docker file,它的思想同样来自Gitlab CI/Docker:ssh-add一直要求输入密码。
w9apscun6#
这可能是这个问题的答案,但通常情况下,IdentityFile必须指定一个私钥而不能处理公钥是不正确的。如果您的私钥加载在SSH代理中,那么使用IdentityFile(或-i)选项的公钥是完全正确的。
一旦您的代理加载了5个以上的密钥,您将无法连接到某些服务器,因为可用标识将超过服务器的MaxAuthTries(“太多验证失败”)。然后,您必须从代理中删除密钥,或使用-i指定代理应使用哪个私钥进行签名。
如果您正在使用代理并向-i提供了有效的公钥(file!),但仍然收到“invalid format”错误,请再次检查您的SSH客户机是否能够与SSH代理通信。根据我的经验,WSL(2)特别容易丢失套接字(SSH_AUTH_SOCK环境变量)。
qoefvg9y7#
在我的例子中,我尝试使用
-i
标志来指向默认键:ssh -i ~/.ssh/id_rsa.pub user@0.0.0.0
删除
-i
键并简单地调用ssh user@0.0.0.0
解决了该错误