无法使用OpenSSH 7.7登录主机，但可以使用7.2

我正在尝试使用PEM文件连接到EC2实例。

这个连接在我同事的电脑上工作得很好，但是我无法从我的工作中得到它。

编辑：添加ssh连接输出

矿：

$ ssh -i <path-to-pem-file> -v <user>@54.XXX.XXX.XXX
> OpenSSH_7.7p1, OpenSSL 1.1.0h  27 Mar 2018
> debug1: Reading configuration data [omitted]
> debug1: [omitted] line 6: Applying options for bastion-br
> debug1: Reading configuration data /etc/ssh/ssh_config
> debug1: Connecting to 54.XXX.XXX.XXX [54.XXX.XXX.XXX] port XXXX.
> debug1: Connection established.
> debug1: key_load_public: No such file or directory
> debug1: identity file [omitted] type -1
> debug1: key_load_public: No such file or directory
> debug1: identity file [omitted] type -1
> debug1: Local version string SSH-2.0-OpenSSH_7.7
> debug1: Remote protocol version 2.0, remote software version OpenSSH_6.2
> debug1: match: OpenSSH_6.2 pat OpenSSH* compat 0x04000000
> debug1: Authenticating to 54.94.244.114:22 as 'ec2-user'
> debug1: SSH2_MSG_KEXINIT sent
> debug1: SSH2_MSG_KEXINIT received
> debug1: kex: algorithm: ecdh-sha2-nistp256
> debug1: kex: host key algorithm: ecdsa-sha2-nistp256
> debug1: kex: server->client cipher: aes128-ctr MAC: umac-64-etm@openssh.com compression: none
> debug1: kex: client->server cipher: aes128-ctr MAC: umac-64-etm@openssh.com compression: none
> debug1: sending SSH2_MSG_KEX_ECDH_INIT
> debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
> debug1: Server host key: ecdsa-sha2-nistp256 SHA256:pX0Of93seImy5DAEsQRPyLlFnehoHio53U8YuYmWexA
> debug1: Host '54.XXX.XXX.XXX' is known and matches the ECDSA host key.
> debug1: Found key in .........../known_hosts:3
> debug1: rekey after 4294967296 blocks
> debug1: SSH2_MSG_NEWKEYS sent
> debug1: expecting SSH2_MSG_NEWKEYS
> debug1: SSH2_MSG_NEWKEYS received
> debug1: rekey after 4294967296 blocks
> debug1: SSH2_MSG_SERVICE_ACCEPT received
> debug1: Authentications that can continue: publickey
> debug1: Next authentication method: publickey
> debug1: Trying private key: [omitted]
> debug1: Authentications that can continue: publickey
> debug1: No more authentication methods to try.
> ec2-user@54.94.244.114: Permission denied (publickey).

他：

OpenSSH_7.2p2 Ubuntu-4ubuntu2.4, OpenSSL 1.0.2g  1 Mar 2016
debug1: Reading configuration data [omitted]
debug1: [omitted] line 1: Applying options for old_bastion_br
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug1: Connecting to 54.XXX.XXX.XXX [54.XXX.XXX.XXX] port YYYY.
debug1: Connection established.
debug1: key_load_public: No such file or directory
debug1: identity file [omitted] type -1
debug1: key_load_public: No such file or directory
debug1: identity file [omitted] type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_7.2p2 Ubuntu-4ubuntu2.4
debug1: Remote protocol version 2.0, remote software version OpenSSH_6.2
debug1: match: OpenSSH_6.2 pat OpenSSH* compat 0x04000000
debug1: Authenticating to 54.XXX.XXX.XXX:YYYY as '[omitted]'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: ecdh-sha2-nistp256
debug1: kex: host key algorithm: ecdsa-sha2-nistp256
debug1: kex: server->client cipher: aes128-ctr MAC: umac-64-etm@openssh.com compression: none
debug1: kex: client->server cipher: aes128-ctr MAC: umac-64-etm@openssh.com compression: none
debug1: sending SSH2_MSG_KEX_ECDH_INIT
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:pX0Of93se...
debug1: Host '54.XXX.XXX.XXX' is known and matches the ECDSA host key.
debug1: Found key in [omitted]
debug1: rekey after 4294967296 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: rekey after 4294967296 blocks
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Offering RSA public key: bruno@bruno-easycarros-dell
debug1: Server accepts key: pkalg ssh-rsa blen 279
debug1: Authentication succeeded (publickey).
Authenticated to 54.XXX.XXX.XXX ([54.XXX.XXX.XXX]:YYYY).
debug1: channel 0: new [client-session]
debug1: Requesting no-more-sessions@openssh.com
debug1: Entering interactive session.
debug1: pledge: network
debug1: Requesting authentication agent forwarding.
debug1: Sending environment.
debug1: Sending env LC_PAPER = pt_BR.UTF-8
debug1: Sending env LC_ADDRESS = pt_BR.UTF-8
debug1: Sending env LC_MONETARY = pt_BR.UTF-8
debug1: Sending env LC_NUMERIC = pt_BR.UTF-8
debug1: Sending env LC_TELEPHONE = pt_BR.UTF-8
debug1: Sending env LC_IDENTIFICATION = pt_BR.UTF-8
debug1: Sending env LANG = en_US.UTF-8
debug1: Sending env LC_MEASUREMENT = pt_BR.UTF-8
debug1: Sending env LC_CTYPE = pt_BR.UTF-8
debug1: Sending env LC_TIME = pt_BR.UTF-8
debug1: Sending env LC_NAME = pt_BR.UTF-8
Last login: Fri Apr 20 16:55:34 2018 from 179.XXX.XXX.XXX

两个PEM文件都是完全相同的文件，从同一个地方下载，在换行符，字符集或其他任何内容中没有区别。

以下是我注意到的一些差异：

字幕：

• --- 他的配置
• +++ 我的配置

OS

$ uname -a
--- Linux <user> 4.4.0-119-generic #143-Ubuntu SMP Mon Apr 2 16:08:24 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux
+++ Linux <user> 4.16.2-1-MANJARO #1 SMP PREEMPT Thu Apr 12 17:46:07 UTC 2018 x86_64 GNU/Linux

OpenSSH版本

$ ssh -V
--- OpenSSH_7.2p2 Ubuntu-4ubuntu2.4, OpenSSL 1.0.2g  1 Mar 2016
+++ OpenSSH_7.7p1, OpenSSL 1.1.0h  27 Mar 2018

创建条目 known_hosts

$ tail -n1 ~/.ssh/known_hosts
--- |1|mcQzUN92PAX...|GzyZZUknDcr... ecdsa-sha2-nistp256 AAAAE2VjZHNhL...
+++ 54.XXX.XXX.XXX ecdsa-sha2-nistp256 AAAAE2VjZHNhL...

该AAAAE2VjZHNhL...部分是一样的，我一直在使用它检查diff。

我不知道为什么在我的电脑中它使用来自主机的普通IP，并且在它使用某种base64编码的字符串，但也许这就是问题所在。

有关EC2主机的其他信息

我无法连接的主机安装了以下OpenSSH版本：

OpenSSH_6.2p2, OpenSSL 1.0.1k-fips 8 Jan 2015

我的同事可以连接到上面的主机。我不能。

但是，还有另一个（更新的）主机，我可以成功连接到具有以下OpenSSH版本：

OpenSSH_7.2p2 Ubuntu-4ubuntu2.4, OpenSSL 1.0.2g  1 Mar 2016

我和我的同事都可以连接到这个主机。

我不知道是怎么回事。