我一直在尝试关于这个Stackoverlow问题的许多答案,就像我现在问的一样,但仍然无法解决我的问题,我正在尝试通过ssh克隆,但总是得到Permission denied (publickey)
当我跑步 GIT_SSH_COMMAND="ssh -vvv" git clone [email protected]:myusername/my-api.git
debug1: kex: algorithm: [email protected]
debug1: kex: host key algorithm: ssh-rsa
debug1: kex: server->client cipher: [email protected] MAC: <implicit> compression: none
debug1: kex: client->server cipher: [email protected] MAC: <implicit> compression: none
debug1: kex: [email protected] need=64 dh_need=64
debug1: kex: [email protected] need=64 dh_need=64
debug3: send packet: type 30
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug3: receive packet: type 31
debug1: Server host key: ssh-rsa SHA256:kkXQOXSRBEiUtuE8AikLLLwbHaxvSc0ojez9YXaGp2A
debug3: hostkeys_foreach: reading file "/home/alienwarepocket/.ssh/known_hosts"
debug3: record_hostkey: found key type RSA in file /home/alienwarepocket/.ssh/known_hosts:1
debug3: load_hostkeys: loaded 1 keys from bitbucket.org
debug3: hostkeys_foreach: reading file "/home/alienwarepocket/.ssh/known_hosts"
debug3: record_hostkey: found key type RSA in file /home/alienwarepocket/.ssh/known_hosts:3
debug3: load_hostkeys: loaded 1 keys from 18.205.93.2
debug1: Host 'bitbucket.org' is known and matches the RSA host key.
debug1: Found key in /home/alienwarepocket/.ssh/known_hosts:1
debug3: send packet: type 21
debug2: set_newkeys: mode 1
debug1: rekey out after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug3: receive packet: type 21
debug1: SSH2_MSG_NEWKEYS received
debug2: set_newkeys: mode 0
debug1: rekey in after 134217728 blocks
debug1: Will attempt key: /home/alienwarepocket/.ssh/id_rsa RSA SHA256:ktMzaalYyvU9Ev1bgELXatabkUkdcT828O0PppnNiV4M explicit agent
debug2: pubkey_prepare: done
debug3: send packet: type 5
debug3: receive packet: type 6
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug3: send packet: type 50
debug3: receive packet: type 51
debug1: Authentications that can continue: publickey
debug3: start over, passed a different list publickey
debug3: preferred gssapi-with-mic,publickey,keyboard-interactive,password
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Offering public key: /home/alienwarepocket/.ssh/id_rsa RSA SHA256:ktMzaalYyvU9Ev1bgELXatabkUkdcT828O0PppnNiV4M explicit agent
debug1: send_pubkey_test: no mutual signature algorithm
debug2: we did not send a packet, disable method
debug1: No more authentication methods to try.
[email protected]: Permission denied (publickey).
fatal: Could not read from remote repository.
升级Fedora 33后,出现此问题,在Fedora 32上没有问题
这可能与“ Fedora33中的Changes / StrongCryptoSettings2 ”有关
默认策略的更改为:
- 仅将TLS 1.2(和TLS 1.3(如果可用))保留为已启用的协议,并将TLS 1.x,x <= 1移至旧版。
- 在默认设置中,需要2048以上的有限字段参数(RSA,Diffie-Hellman)
- 禁用SHA1支持在签名中使用(X.509证书,TLS,IPSEC握手)
上述链接的“升级/兼容性影响”部分明确提到:
新设置可能会破坏连接到使用弱算法的服务器的软件。
可以通过将系统切换到Fedora 32策略级别来获得兼容性:update-crypto-policies --set DEFAULT:FEDORA32
不过不建议:如果可以使用ed25519,则更好。
如Peque的回答中所述,您可以添加~/.ssh/config最初找到的选项in sshd_config
PubkeyAcceptedKeyTypes
Specifies the key types that will be accepted for public key
authentication as a list of comma-separated patterns.
因此,如果您不能使用ed25519,则可以针对一个特定主机,允许通过以下方式使用id_rsa密钥:
Host aHost
Hostname a.hostname.com
PubkeyAcceptedKeyTypes +ssh-rsa
最后:升级后,请仔细检查您的权限:
~/.ssh是775 drwxrwxr-x。~/.ssh/id_rsa是600 -rw-------。~/.ssh/id_rsa.pub是644 -rw-r--r--。~/.ssh/authorized_keys 在远程服务器上是 600 -rw-------但是ssh-keygen -t ed25519现在似乎建议使用密钥。
本文收集自互联网,转载请注明来源。
如有侵权,请联系 [email protected] 删除。
我来说两句