反向 SSH 可以工作,但不能無密碼。獲取密碼提示
我有兩個系統
- 個人 MacOS 筆記型電腦被稱為
system-Laptop擁有使用者laptopuser。它沒有“NAT”- 伺服器 Linux 被稱為具有任何人都可以連接的靜態 IP
system-Server的使用者。serveruser
system-Server需要發送ssh命令以system-Laptop使用 areverse SSH tunnel作為system-Laptop獲取動態 IP 並且沒有“NAT”下面是我如何設置
ssh-keys和reverse SSH
laptopuser第 1 步:為on生成密鑰對system-Laptop並將公鑰 id_rsa.pub 複製到 self~/.ssh/authorized_keys以及system-Serveron<serveruserhomedir>/.ssh/authorized_keys第2步:
serveruser為on生成密鑰對system-Server並將公鑰 id_rsa.pub 複製到 self~/.ssh/authorized_keys以及system-Laptopon<laptopuserhomedir>/.ssh/authorized_keys注意:能夠在
system-Laptop->上成功測試此命令ssh serveruser@system-Server第 3 步:
system-Laptop為保留 ssh 隧道執行以下命令:
ssh -N -R 3322:localhost:22 serveruser@system-Server第4步:
執行以下命令從 Linux 伺服器連接到我的筆記型電腦:
ssh -p 3322 laptopuser@localhost問題是上述命令提示輸入密碼,一旦我提供
laptopuser密碼,它就可以工作。如何使用 ssh 密鑰使上述內容無密碼地工作?我錯過了什麼?這樣做
$$ reverse-ssh $$第一次如此不知所措。 下面是第 4 步 ssh 命令的調試輸出:
ssh -p 3322 laptopuser@localhost ....... ....... debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug3: receive packet: type 21 debug1: SSH2_MSG_NEWKEYS received debug2: set_newkeys: mode 0 debug1: rekey after 134217728 blocks debug2: key: /home/serveruser/.ssh/id_rsa (0x56539b783370) debug2: key: /home/serveruser/.ssh/id_dsa ((nil)) debug2: key: /home/serveruser/.ssh/id_ecdsa ((nil)) debug2: key: /home/serveruser/.ssh/id_ed25519 ((nil)) debug3: send packet: type 5 debug3: receive packet: type 7 debug1: SSH2_MSG_EXT_INFO received debug1: kex_input_ext_info: server-sig-algs=<ssh-ed25519,ssh-rsa,rsa-sha2-256,rsa-sha2-512,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521> debug3: receive packet: type 6 debug2: service_accept: ssh-userauth debug1: SSH2_MSG_SERVICE_ACCEPT received debug3: send packet: type 50 debug3: receive packet: type 51 debug1: Authentications that can continue: publickey,password,keyboard-interactive debug3: start over, passed a different list publickey,password,keyboard-interactive debug3: preferred gssapi-keyex,gssapi-with-mic,publickey,keyboard-interactive,password debug3: authmethod_lookup publickey debug3: remaining preferred: keyboard-interactive,password debug3: authmethod_is_enabled publickey debug1: Next authentication method: publickey debug1: Offering RSA public key: /home/serveruser/.ssh/id_rsa debug3: send_pubkey_test debug3: send packet: type 50 debug2: we sent a publickey packet, wait for reply debug3: receive packet: type 51 debug1: Authentications that can continue: publickey,password,keyboard-interactive debug1: Trying private key: /home/serveruser/.ssh/id_dsa debug3: no such identity: /home/serveruser/.ssh/id_dsa: No such file or directory debug1: Trying private key: /home/serveruser/.ssh/id_ecdsa debug3: no such identity: /home/serveruser/.ssh/id_ecdsa: No such file or directory debug1: Trying private key: /home/serveruser/.ssh/id_ed25519 debug3: no such identity: /home/serveruser/.ssh/id_ed25519: No such file or directory debug2: we did not send a packet, disable method debug3: authmethod_lookup keyboard-interactive debug3: remaining preferred: password debug3: authmethod_is_enabled keyboard-interactive debug1: Next authentication method: keyboard-interactive debug2: userauth_kbdint debug3: send packet: type 50 debug2: we sent a keyboard-interactive packet, wait for reply debug3: receive packet: type 60 debug2: input_userauth_info_req debug2: input_userauth_info_req: num_prompts 1 Password: [serveruser@system-Server ~]$ ls -ltr /home/serveruser/.ssh/id_rsa -rw------- 1 serveruser serveruser 3243 Jan 15 21:01 /home/serveruser/.ssh/id_rsa
首先,複製 SSH 密鑰的最簡單方法是使用ssh-copy-id命令。為兩個使用者執行此操作。
其次,要創建反向隧道,請使用以下命令(在筆記型電腦上執行):
ssh -fnN -R 3322:localhost:22 serveruser@system-server最後,連接到隧道服務。如果 ssh-copy-id 較早完成,則不會詢問密碼。在您的系統伺服器上執行以下命令,以啟動從遠端 linux 伺服器到筆記型電腦的新 SSH 會話。
ssh -p 3322 laptopuser@localhost