从fedora进行ssh-ing时没有密码提示


1

我可以使用一台运行优胜美地的Mac到另一台运行Mac的密码成功地SSH,但是当我尝试使用密码认证从fedora到任一优胜美地系统的SSH时,我永远不会收到密码提示-即使我禁用了密钥交换并明确要求密码认证。全部都在同一个本地网络上。

查看Fedora和优胜美地ssh -vvv之间的差异,差异似乎是Fedora默认情况下禁用了md5身份验证(请参阅Redhat bugzilla 1373835,而优胜美地成功登录的Yosemite使用它。但是,如果我添加

-o MACs=hmac-md5-etm@openssh.com

到Fedora命令行。从优胜美地升级是不可行的(硬件限制)。你有什么建议吗?

PS可以给有足够分数的人添加Fedora / Redhat甚至linux标签,使其更容易被发现(unix,这是我可以添加的最窄的,太宽泛而无法使用)?

当我进入

ssh -vvv -o PreferredAuthentications=keyboard-interactive -o PubkeyAuthentication=no user@host

这是我从Fedora获得的输出的结尾(之前的所有内容在Fedora和Yosemite登录之间都相当准确地对应,以模数形式略有不同的可用加密和诊断格式):

debug1: kex: server->client cipher: aes256-gcm@openssh.com MAC: <implicit> compression: none
debug1: kex: client->server cipher: aes256-gcm@openssh.com MAC: <implicit> compression: none
debug1: kex: diffie-hellman-group-exchange-sha256 need=32 dh_need=32
debug1: kex: diffie-hellman-group-exchange-sha256 need=32 dh_need=32
debug3: send packet: type 34
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(2048<8192<8192) sent
Connection closed by 192.168.2.12 port 22

而这是我在相应的优胜美地输出中看到的:

debug2: mac_setup: found hmac-md5-etm@openssh.com
debug1: kex: server->client aes128-ctr hmac-md5-etm@openssh.com none
debug2: mac_setup: found hmac-md5-etm@openssh.com
debug1: kex: client->server aes128-ctr hmac-md5-etm@openssh.com none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug2: dh_gen_key: priv key bits set: 132/256
debug2: bits set: 512/1024
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Server host key: RSA 28:0d:78:e3:61:3a:72:5e:e5:17:b9:27:0b:ad:33:5f
debug3: load_hostkeys: loading entries for host "192.168.2.12" from file "/Users/rim/.ssh/known_hosts"
debug3: load_hostkeys: found key type RSA in file /Users/rim/.ssh/known_hosts:7
debug3: load_hostkeys: loaded 1 keys
debug1: Host '192.168.2.12' is known and matches the RSA host key.
debug1: Found key in /Users/rim/.ssh/known_hosts:7
debug2: bits set: 519/1024
debug1: ssh_rsa_verify: signature correct
debug2: kex_derive_keys
debug2: set_newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug2: set_newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug2: key: /Users/rim/.ssh/id_rsa (0x0),
debug2: key: /Users/rim/.ssh/id_dsa (0x0),
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug3: start over, passed a different list publickey,password,keyboard-interactive
debug3: preferred keyboard-interactive
debug3: authmethod_lookup keyboard-interactive
debug3: remaining preferred: 
debug3: authmethod_is_enabled keyboard-interactive
debug1: Next authentication method: keyboard-interactive
debug2: userauth_kbdint
debug2: we sent a keyboard-interactive packet, wait for reply
debug2: input_userauth_info_req
debug2: input_userauth_info_req: num_prompts 1
Password:

接口可能会发生一些奇怪的事情,我将执行tcpdump,看看是否带来了一些有趣的事情。
Deesbek '18 -10-10

Answers:


1

事实证明,这是由于OSX Yosemite中的openssh实现中的一个错误(消息缓冲区太小,无法容纳现代可用的密码- 有关详细信息,请参见Redhat Bugzilla错误1373835)。此处给出的解决方法是通过明确指定密码列表来限制密码列表,例如

ssh -o HostKeyAlgorithms=ssh-rsa,ssh-dss -o KexAlgorithms=diffie-hellman-group1-sha1 -o Ciphers=aes128-cbc,3des-cbc -o MACs=hmac-md5,hmac-sha1 user@host

为我工作。

By using our site, you acknowledge that you have read and understand our Cookie Policy and Privacy Policy.
Licensed under cc by-sa 3.0 with attribution required.