Linux
sign_and_send_pubkey:簽名失敗:代理拒絕操作
使用 xfce 執行 xubuntu 16.04,我正在嘗試使用帶有密碼片語的 ssh 密鑰。我想將我的密碼密鑰添加到我的 ssh-agent,但我不知道為什麼我不能添加它。在我的啟動中,我沒有啟用 gnome 密鑰環或任何類似的東西。ssh-add privatekey,添加密鑰,但是當我再次嘗試 ssh 時,它只會列印兩次錯誤。一些修復程序說要在啟動時禁用 gnome 密鑰環,但我已經禁用了它。當我為我的樹莓派替換 ssh 密鑰時,這一切都發生了。
> OpenSSH_7.2p2 Ubuntu-4ubuntu2.1, OpenSSL 1.0.2g 1 Mar 2016 debug1: Reading configuration data /home/potato/.ssh/config debug1: /home/potato/.ssh/config line 1: Applying options for paj debug1: Reading configuration data /etc/ssh/ssh_config debug1: /etc/ssh/ssh_config line 19: Applying options for * debug1: Connecting to 111.229.105 [111.229.105] port 22253. debug1: Connection established. debug1: identity file /home/potato/.ssh/hplaptop_to_pi type 1 debug1: key_load_public: No such file or directory debug1: identity file /home/potato/.ssh/hplaptop_to_pi-cert type -1 debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_7.2p2 Ubuntu-4ubuntu2.1 debug1: Remote protocol version 2.0, remote software version OpenSSH_6.7p1 Raspbian-5+deb8u3 debug1: match: OpenSSH_6.7p1 Raspbian-5+deb8u3 pat OpenSSH* compat 0x04000000 debug1: Authenticating to 111.229.105:22253 as 'pi' debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug1: kex: algorithm: curve22219-sha256@libssh.org debug1: kex: host key algorithm: ecdsa-sha2-nistp256 debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none debug1: expecting SSH2_MSG_KEX_ECDH_REPLY debug1: Server host key: ecdsa-sha2-nistp256 SHA256:zrjeaaHD8TjzsdsdssssA2fXnG3gxp2U debug1: Host '[111.229.105]:22253' is known and matches the ECDSA host key. debug1: Found key in /home/potato/.ssh/known_hosts:2 debug1: rekey after 134217728 blocks debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug1: rekey after 134217728 blocks debug1: SSH2_MSG_NEWKEYS received debug1: SSH2_MSG_SERVICE_ACCEPT received debug1: Authentications that can continue: publickey debug1: Next authentication method: publickey debug1: Offering RSA public key: /home/potato/.ssh/hplaptop_to_pi debug1: Server accepts key: pkalg ssh-rsa blen 535 sign_and_send_pubkey: signing failed: agent refused operation debug1: Offering RSA public key: potato@potato-HP-tomato debug1: Authentications that can continue: publickey debug1: Offering RSA public key: potato@hplaptop debug1: Authentications that can continue: publickey debug1: Offering RSA public key: potato@hplaptop debug1: Server accepts key: pkalg ssh-rsa blen 535 sign_and_send_pubkey: signing failed: agent refused operation debug1: Offering RSA public key: rsa-key-20141222 debug1: Authentications that can continue: publickey debug1: Offering RSA public key: potato@potatolaptop debug1: Authentications that can continue: publickey debug1: No more authentication methods to try. Permission denied (publickey).
因此,經過數小時無意識的Google搜尋和幫助,問題被發現了。我正在使用 ssh-keygen 生成我的 ssh 密鑰,並添加了一個附加參數“-o”,它為 openSSH 生成了新格式的密鑰。問題是我的 gnome-keyring 不支持這樣的密鑰,因為這些密鑰具有 Ed255519 簽名方案。Gnome-keyring 自 3.20 起不支持該功能。我恢復到 RSA 並且沒有更多問題了!
在我的情況下,問題是 GNOME 密鑰環為要使用的 ssh 密鑰持有無效的密碼。在花費大量時間解決此問題後,我執行
seahorse並找到包含空字元串的條目。我只能猜測這是由於在第一次使用時輸入錯誤密碼造成的,然後可能會取消請求者左右以回退到命令行。
- 使用正確的密碼更新條目立即解決了問題。
- 刪除該條目(從“登錄”密鑰環)並在第一個提示時重新輸入密碼(並選中相應的複選框)也可以解決此問題。
現在代理從名為“login”的登錄密鑰環中解鎖的正確密碼,不再要求輸入密碼或“拒絕操作”。當然是 YMMV。