paramiko 对于 cenos7的认证失败问题追加
来源:4-12 paramiko模块ssh用户密钥登录
慕移动0419469
2018-02-04
我这次又采用了大众化的密钥算法 RSA 还是认证失败,并且我发下,在 centos7.3或者7.4
之后,即使在 bash shell 用 Linux 命令执行
ssh 192.168.1.107 的时候,默认反回的服务器端 1.07 的的公钥,但是这个公钥
的加密算法不是 RSA, 是 ECDSA
当我用 paramiko 采用任何算法都是认证失败
In [1]: import paramiko
In [2]: ssh = paramiko.SSHClient()
In [3]: ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy())
In [4]: kf = paramiko.RSAKey.from_private_key_file('/root/.ssh/id_rsa')
In [5]: ssh.connect('192.168.1.107',22,'root',pkey=kf)
---------------------------------------------------------------------------
AuthenticationException Traceback (most recent call last)
<ipython-input-5-2e01dff70681> in <module>()
----> 1 ssh.connect('192.168.1.107',22,'root',pkey=kf)
~/virtualenv/skops/lib/python3.6/site-packages/paramiko/client.py in connect(self, hostname, port, username, password, pkey, key_filename, timeout, allow_agent, look_for_keys, compress, sock, gss_auth, gss_kex, gss_deleg_creds, gss_host, banner_timeout, auth_timeout, gss_trust_dns, passphrase)
422 username, password, pkey, key_filenames, allow_agent,
423 look_for_keys, gss_auth, gss_kex, gss_deleg_creds, t.gss_host,
--> 424 passphrase,
425 )
426
~/virtualenv/skops/lib/python3.6/site-packages/paramiko/client.py in _auth(self, username, password, pkey, key_filenames, allow_agent, look_for_keys, gss_auth, gss_kex, gss_deleg_creds, gss_host, passphrase)
712 # if we got an auth-failed exception earlier, re-raise it
713 if saved_exception is not None:
--> 714 raise saved_exception
715 raise SSHException('No authentication methods available')
716
~/virtualenv/skops/lib/python3.6/site-packages/paramiko/client.py in _auth(self, username, password, pkey, key_filenames, allow_agent, look_for_keys, gss_auth, gss_kex, gss_deleg_creds, gss_host, passphrase)
689 # in ['password']
690 allowed_types = set(
--> 691 self._transport.auth_publickey(username, key))
692 two_factor = (allowed_types & two_factor_types)
693 if not two_factor:
~/virtualenv/skops/lib/python3.6/site-packages/paramiko/transport.py in auth_publickey(self, username, key, event)
1448 # caller wants to wait for event themselves
1449 return []
-> 1450 return self.auth_handler.wait_for_response(my_event)
1451
1452 def auth_interactive(self, username, handler, submethods=''):
~/virtualenv/skops/lib/python3.6/site-packages/paramiko/auth_handler.py in wait_for_response(self, event)
224 if issubclass(e.__class__, PartialAuthentication):
225 return e.allowed_types
--> 226 raise e
227 return []
228
AuthenticationException: Authentication failed.
————————————————————————————————
————————————————————————————————
服务端的 .ssh 相关信息如下:
[root@docker1 ~]# ls -ld .ssh/
drwx------. 2 root root 104 2月 4 10:02 .ssh/
[root@docker1 ~]# ls -ld .ssh/*
-rw------- 1 root root 395 2月 4 08:47 .ssh/authorized_keys
-rw------- 1 root root 1675 2月 4 08:17 .ssh/id_rsa
-rw-r--r-- 1 root root 394 2月 4 08:17 .ssh/id_rsa.pub
-rw-r--r-- 1 root root 1144 2月 4 08:17 .ssh/known_hosts
=-------------------
---------------------
客户端的配置文件 sshd_config 内容如下
========================================
Protocol 2
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_ecdsa_key
HostKey /etc/ssh/ssh_host_ed25519_key
SyslogFacility AUTHPRIV
RSAAuthentication yes
PubkeyAuthentication yes
AuthorizedKeysFile .ssh/authorized_keys
PasswordAuthentication yes
ChallengeResponseAuthentication no
GSSAPIAuthentication no
GSSAPICleanupCredentials no
UsePAM yes
X11Forwarding yes
UsePrivilegeSeparation sandbox # Default for new installations.
UseDNS no
AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE
AcceptEnv XMODIFIERS
Subsystem sftp /usr/libexec/openssh/sftp-server
2回答
-
请执行如下两条命令,发我下执行结果:
在你的sshd服务端机器,执行
(1) cat /root/.ssh/id_rsa
(2) ssh -vvv -i /root/.ssh/id_rsa 127.0.0.1(这条命令,发出最后部分的日志即可)
另外,放在客户端的私钥和服务端的公钥是一对的吧
022018-02-04 -
慕移动0419469
提问者
2018-02-04
关于此问题的补充,我用 linux 的 ssh-copy-id 192.168.1.107 进行公钥密码认证是成功的。只有用 paramiko 时是失败的,RSA、DSA ECDSA 都是失败
00
相似问题