Comments (15)
不需要安装OpenSC和配置 PKCS#11, 这两个功能是XShell官方实现的, 使用WinCryptSSHAgent时只需要设置你的SSH会话使用公钥认证, 并启用XAgent即可. WinCryptSSHAgent会模拟成XAgent服务端和XShell通信
To configure Xshell with WinCryptSSHAgent:
- Open the Properties dialog box.
- From Category, select 'SSH', Select Use Xagent (SSH agent) for passphrase handling.
- From Category, select ‘Authentication' and select 'Public Key' as the authentication method.
from wincryptsshagent.
感谢,但是按照你的方法依旧无法使用。
我把gpg-agent.exe关闭后测试的。
from wincryptsshagent.
方便在服务端开启SSHD的调试日志并收集一下吗? 开启方法可以参考:
- https://centrify.force.com/support/Article/KB-3285-How-to-Collect-Debug-Logs-from-an-OpenSSH-Server/
- https://en.wikibooks.org/wiki/OpenSSH/Logging_and_Troubleshooting
from wincryptsshagent.
[root@localhost ~]# /usr/sbin/sshd -ddd -p 2222 >sshd.log
debug2: load_server_config: filename /etc/ssh/sshd_config
debug2: load_server_config: done config len = 599
debug2: parse_server_config: config /etc/ssh/sshd_config len 599
debug3: /etc/ssh/sshd_config:21 setting Protocol 2
debug3: /etc/ssh/sshd_config:36 setting SyslogFacility AUTHPRIV
debug3: /etc/ssh/sshd_config:44 setting MaxAuthTries 6
debug3: /etc/ssh/sshd_config:45 setting MaxSessions 10
debug3: /etc/ssh/sshd_config:48 setting PubkeyAuthentication yes
debug3: /etc/ssh/sshd_config:66 setting PasswordAuthentication yes
debug3: /etc/ssh/sshd_config:70 setting ChallengeResponseAuthentication no
debug3: /etc/ssh/sshd_config:83 setting GSSAPICleanupCredentials yes
debug3: /etc/ssh/sshd_config:96 setting UsePAM no
debug3: /etc/ssh/sshd_config:100 setting AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
debug3: /etc/ssh/sshd_config:101 setting AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
debug3: /etc/ssh/sshd_config:102 setting AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE
debug3: /etc/ssh/sshd_config:103 setting AcceptEnv XMODIFIERS
debug3: /etc/ssh/sshd_config:109 setting X11Forwarding yes
debug3: /etc/ssh/sshd_config:122 setting UseDNS no
debug3: /etc/ssh/sshd_config:132 setting Subsystem sftp /usr/libexec/openssh/sftp-server
debug1: sshd version OpenSSH_5.3p1
debug3: Not a RSA1 key file /etc/ssh/ssh_host_rsa_key.
debug1: read PEM private key done: type RSA
debug1: private host key: #0 type 1 RSA
debug3: Not a RSA1 key file /etc/ssh/ssh_host_dsa_key.
debug1: read PEM private key done: type DSA
debug1: private host key: #1 type 2 DSA
debug1: rexec_argv[0]='/usr/sbin/sshd'
debug1: rexec_argv[1]='-ddd'
debug1: rexec_argv[2]='-p'
debug1: rexec_argv[3]='2222'
debug3: oom_adjust_setup
Set /proc/self/oom_score_adj from 0 to -1000
debug2: fd 3 setting O_NONBLOCK
debug1: Bind to port 2222 on 0.0.0.0.
Server listening on 0.0.0.0 port 2222.
debug2: fd 4 setting O_NONBLOCK
debug1: Bind to port 2222 on ::.
Server listening on :: port 2222.
debug3: fd 5 is not O_NONBLOCK
debug1: Server will not fork when running in debugging mode.
debug3: send_rexec_state: entering fd = 8 config len 599
debug3: ssh_msg_send: type 0
debug3: send_rexec_state: done
debug1: rexec start in 5 out 5 newsock 5 pipe -1 sock 8
debug1: inetd sockets after dupping: 3, 3
Connection from 192.168.1.117 port 64189
debug1: Client protocol version 2.0; client software version nsssh2_7.0.0008 NetSarang Computer, Inc.
debug1: no match: nsssh2_7.0.0008 NetSarang Computer, Inc.
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.3
debug2: fd 3 setting O_NONBLOCK
debug2: Network child is on pid 76120
debug3: preauth child monitor started
debug3: mm_request_receive entering
debug3: privsep user:group 74:74
debug1: permanently_set_uid: 74/74
debug1: list_hostkey_types: ssh-rsa,ssh-dss
debug1: SSH2_MSG_KEXINIT sent
debug3: Wrote 840 bytes for a total of 861
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,[email protected]
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,[email protected]
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,[email protected],hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,[email protected],hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,[email protected],hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,[email protected],hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,[email protected]
debug2: kex_parse_kexinit: none,[email protected]
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: kex_parse_kexinit: [email protected],ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],ssh-rsa,rsa-sha2-256,rsa-sha2-512,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519
debug2: kex_parse_kexinit: [email protected],aes128-ctr,aes192-ctr,aes256-ctr,[email protected],[email protected],aes128-cbc,aes192-cbc,aes256-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,rijndael128-cbc,rijndael192-cbc,rijndael256-cbc,[email protected],arcfour128,arcfour256
debug2: kex_parse_kexinit: [email protected],aes128-ctr,aes192-ctr,aes256-ctr,[email protected],[email protected],aes128-cbc,aes192-cbc,aes256-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,rijndael128-cbc,rijndael192-cbc,rijndael256-cbc,[email protected],arcfour128,arcfour256
debug2: kex_parse_kexinit: [email protected],[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],none
debug2: kex_parse_kexinit: [email protected],[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],none
debug2: kex_parse_kexinit: [email protected],zlib,none
debug2: kex_parse_kexinit: [email protected],zlib,none
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: mac_setup: found hmac-sha2-256
debug1: kex: client->server aes128-ctr hmac-sha2-256 [email protected]
debug3: mm_request_send entering: type 78
debug3: monitor_read: checking request 78
debug3: mm_request_send entering: type 79
debug3: mm_request_receive entering
debug3: mm_request_receive_expect entering: type 79
debug3: mm_request_receive entering
debug2: mac_setup: found hmac-sha2-256
debug1: kex: server->client aes128-ctr hmac-sha2-256 [email protected]
debug3: mm_request_send entering: type 78
debug3: monitor_read: checking request 78
debug3: mm_request_send entering: type 79
debug3: mm_request_receive entering
debug3: mm_request_receive_expect entering: type 79
debug3: mm_request_receive entering
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST received
debug3: mm_request_send entering: type 0
debug3: mm_choose_dh: waiting for MONITOR_ANS_MODULI
debug3: mm_request_receive_expect entering: type 1
debug3: mm_request_receive entering
debug3: monitor_read: checking request 0
debug3: mm_answer_moduli: got parameters: 1024 2048 8192
debug3: mm_request_send entering: type 1
debug2: monitor_read: 0 used once, disabling now
debug3: mm_request_receive entering
debug3: mm_choose_dh: remaining 0
debug1: SSH2_MSG_KEX_DH_GEX_GROUP sent
debug3: Wrote 280 bytes for a total of 1141
debug2: dh_gen_key: priv key bits set: 251/512
debug2: bits set: 1024/2048
debug1: expecting SSH2_MSG_KEX_DH_GEX_INIT
debug2: bits set: 1045/2048
debug3: mm_key_sign entering
debug3: mm_request_send entering: type 5
debug3: monitor_read: checking request 5
debug3: mm_answer_sign
debug3: mm_answer_sign: signature 0x7f7f82237870(271)
debug3: mm_request_send entering: type 6
debug2: monitor_read: 5 used once, disabling now
debug3: mm_request_receive entering
debug3: mm_key_sign: waiting for MONITOR_ANS_SIGN
debug3: mm_request_receive_expect entering: type 6
debug3: mm_request_receive entering
debug1: SSH2_MSG_KEX_DH_GEX_REPLY sent
debug2: kex_derive_keys
debug2: set_newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug3: Wrote 848 bytes for a total of 1989
debug2: set_newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: KEX done
debug3: Wrote 64 bytes for a total of 2053
debug1: userauth-request for user root service ssh-connection method none
debug1: attempt 0 failures 0
debug3: mm_getpwnamallow entering
debug3: mm_request_send entering: type 7
debug3: monitor_read: checking request 7
debug3: mm_answer_pwnamallow
debug2: parse_server_config: config reprocess config len 599
debug3: auth_shadow_acctexpired: today 18711 sp_expire -1 days left -18712
debug3: account expiration disabled
debug3: mm_answer_pwnamallow: sending MONITOR_ANS_PWNAM: 1
debug3: mm_request_send entering: type 8
debug2: monitor_read: 7 used once, disabling now
debug3: mm_request_receive entering
debug3: mm_getpwnamallow: waiting for MONITOR_ANS_PWNAM
debug3: mm_request_receive_expect entering: type 8
debug3: mm_request_receive entering
debug2: input_userauth_request: setting up authctxt for root
debug3: mm_inform_authserv entering
debug3: mm_request_send entering: type 3
debug3: mm_inform_authrole entering
debug3: mm_request_send entering: type 4
debug2: input_userauth_request: try method none
debug3: Wrote 80 bytes for a total of 2133
debug3: monitor_read: checking request 3
debug3: mm_answer_authserv: service=ssh-connection, style=
debug2: monitor_read: 3 used once, disabling now
debug3: mm_request_receive entering
debug3: monitor_read: checking request 4
debug3: mm_answer_authrole: role=
debug2: monitor_read: 4 used once, disabling now
debug3: mm_request_receive entering
debug1: userauth-request for user root service ssh-connection method publickey
debug1: attempt 1 failures 0
debug2: input_userauth_request: try method publickey
debug1: test whether pkalg/pkblob are acceptable
debug3: mm_key_allowed entering
debug3: mm_request_send entering: type 21
debug3: monitor_read: checking request 21
debug3: mm_answer_keyallowed entering
debug3: mm_answer_keyallowed: key_from_blob: 0x7f7f82237bb0
debug1: temporarily_use_uid: 0/0 (e=0/0)
debug1: trying public key file /root/.ssh/authorized_keys
debug1: fd 4 clearing O_NONBLOCK
debug3: secure_filename: checking '/root/.ssh'
debug3: secure_filename: checking '/root'
debug3: secure_filename: terminating check at '/root'
debug1: matching key found: file /root/.ssh/authorized_keys, line 1
Found matching RSA key: b8:84:c2:23:25:b3:8b:ea:2e:47:8f:9b:0a:95:65:4b
debug1: restore_uid: 0/0
debug3: mm_answer_keyallowed: key 0x7f7f82237bb0 is allowed
debug3: mm_request_send entering: type 22
debug3: mm_request_receive entering
debug3: mm_key_allowed: waiting for MONITOR_ANS_KEYALLOWED
debug3: mm_request_receive_expect entering: type 22
debug3: mm_request_receive entering
debug3: Wrote 336 bytes for a total of 2469
debug2: userauth_pubkey: authenticated 0 pkalg ssh-rsa
Postponed publickey for root from 192.168.1.117 port 64189 ssh2
#
# 这里弹出认证,但是没有证书可以选,就退出了
#
Received disconnect from 192.168.1.117: 0:
debug1: do_cleanup
debug3: mm_request_send entering: type 80
debug3: mm_request_receive_expect entering: type 81
debug3: mm_request_receive entering
debug3: monitor_read: checking request 80
debug3: mm_request_send entering: type 81
debug3: mm_request_receive entering
debug1: do_cleanup
from wincryptsshagent.
我调试了一下, 发现某些情况下xshell确实会认证失败, 原因已经找到了, 请等下一个版本修复
from wincryptsshagent.
请测试一下v1.1.8版本, https://github.com/buptczq/WinCryptSSHAgent/releases/download/v1.1.8/WinCryptSSHAgent.exe
from wincryptsshagent.
#/usr/sbin/sshd -ddd -p 2222
debug2: load_server_config: filename /etc/ssh/sshd_config
debug2: load_server_config: done config len = 285
debug2: parse_server_config: config /etc/ssh/sshd_config len 285
debug3: /etc/ssh/sshd_config:61 setting ChallengeResponseAuthentication no
debug3: /etc/ssh/sshd_config:84 setting UsePAM yes
debug3: /etc/ssh/sshd_config:89 setting X11Forwarding yes
debug3: /etc/ssh/sshd_config:93 setting PrintMotd no
debug3: /etc/ssh/sshd_config:112 setting AcceptEnv LANG LC_*
debug3: /etc/ssh/sshd_config:115 setting Subsystem sftp /usr/lib/openssh/sftp-server
debug3: /etc/ssh/sshd_config:123 setting PasswordAuthentication yes
debug1: sshd version OpenSSH_7.6, OpenSSL 1.0.2n 7 Dec 2017
debug1: private host key #0: ssh-rsa SHA256:r7XFcP4x4LjDuJnXd1FD3LzLQ6T0FUb4akrjopgpo7c
debug1: private host key #1: ecdsa-sha2-nistp256 SHA256:05uWSkkec2jr4cVzsg7ICEbMvekjiWNzX/SRMhXMsIA
debug1: private host key #2: ssh-ed25519 SHA256:s4CnwRWr80R95Xx2RQ7LsLKrww1VouiZVYt20f8FIMo
debug1: rexec_argv[0]='/usr/sbin/sshd'
debug1: rexec_argv[1]='-ddd'
debug1: rexec_argv[2]='-p'
debug1: rexec_argv[3]='2222'
debug3: oom_adjust_setup
debug1: Set /proc/self/oom_score_adj from 0 to -1000
debug2: fd 3 setting O_NONBLOCK
debug1: Bind to port 2222 on 0.0.0.0.
Server listening on 0.0.0.0 port 2222.
debug2: fd 4 setting O_NONBLOCK
debug3: sock_set_v6only: set socket 4 IPV6_V6ONLY
debug1: Bind to port 2222 on ::.
Server listening on :: port 2222.
debug3: fd 5 is not O_NONBLOCK
debug1: Server will not fork when running in debugging mode.
debug3: send_rexec_state: entering fd = 8 config len 285
debug3: ssh_msg_send: type 0
debug3: send_rexec_state: done
debug1: rexec start in 5 out 5 newsock 5 pipe -1 sock 8
debug1: inetd sockets after dupping: 3, 3
Connection from 192.168.110.170 port 63195 on 192.168.110.41 port 2222
debug1: Client protocol version 2.0; client software version nsssh2_5.0.0034 NetSarang Computer, Inc.
debug1: no match: nsssh2_5.0.0034 NetSarang Computer, Inc.
debug1: Local version string SSH-2.0-OpenSSH_7.6p1 Ubuntu-4ubuntu0.3
debug2: fd 3 setting O_NONBLOCK
debug3: ssh_sandbox_init: preparing seccomp filter sandbox
debug2: Network child is on pid 68327
debug3: preauth child monitor started
debug3: privsep user:group 110:65534 [preauth]
debug1: permanently_set_uid: 110/65534 [preauth]
debug3: ssh_sandbox_child: setting PR_SET_NO_NEW_PRIVS [preauth]
debug3: ssh_sandbox_child: attaching seccomp filter program [preauth]
debug1: list_hostkey_types: ssh-rsa,rsa-sha2-512,rsa-sha2-256,ecdsa-sha2-nistp256,ssh-ed25519 [preauth]
debug3: send packet: type 20 [preauth]
debug1: SSH2_MSG_KEXINIT sent [preauth]
debug3: receive packet: type 20 [preauth]
debug1: SSH2_MSG_KEXINIT received [preauth]
debug2: local server KEXINIT proposal [preauth]
debug2: KEX algorithms: curve25519-sha256,[email protected],ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1 [preauth]
debug2: host key algorithms: ssh-rsa,rsa-sha2-512,rsa-sha2-256,ecdsa-sha2-nistp256,ssh-ed25519 [preauth]
debug2: ciphers ctos: [email protected],aes128-ctr,aes192-ctr,aes256-ctr,[email protected],[email protected] [preauth]
debug2: ciphers stoc: [email protected],aes128-ctr,aes192-ctr,aes256-ctr,[email protected],[email protected] [preauth]
debug2: MACs ctos: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-sha1 [preauth]
debug2: MACs stoc: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-sha1 [preauth]
debug2: compression ctos: none,[email protected] [preauth]
debug2: compression stoc: none,[email protected] [preauth]
debug2: languages ctos: [preauth]
debug2: languages stoc: [preauth]
debug2: first_kex_follows 0 [preauth]
debug2: reserved 0 [preauth]
debug2: peer client KEXINIT proposal [preauth]
debug2: KEX algorithms: ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1 [preauth]
debug2: host key algorithms: ssh-rsa,ssh-dss,ecdsa-sha2-nistp256 [preauth]
debug2: ciphers ctos: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,[email protected],[email protected],aes256-cbc,rijndael128-cbc,rijndael192-cbc,rijndael256-cbc,aes256-ctr,aes192-ctr,aes128-ctr,[email protected],arcfour128,arcfour256 [preauth]
debug2: ciphers stoc: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,[email protected],[email protected],aes256-cbc,rijndael128-cbc,rijndael192-cbc,rijndael256-cbc,aes256-ctr,aes192-ctr,aes128-ctr,[email protected],arcfour128,arcfour256 [preauth]
debug2: MACs ctos: [email protected],[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,[email protected],[email protected],[email protected],[email protected],none [preauth]
debug2: MACs stoc: [email protected],[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,[email protected],[email protected],[email protected],[email protected],none [preauth]
debug2: compression ctos: none [preauth]
debug2: compression stoc: none [preauth]
debug2: languages ctos: [preauth]
debug2: languages stoc: [preauth]
debug2: first_kex_follows 0 [preauth]
debug2: reserved 0 [preauth]
debug1: kex: algorithm: ecdh-sha2-nistp256 [preauth]
debug1: kex: host key algorithm: ssh-rsa [preauth]
debug1: kex: client->server cipher: [email protected] MAC: <implicit> compression: none [preauth]
debug1: kex: server->client cipher: [email protected] MAC: <implicit> compression: none [preauth]
debug1: expecting SSH2_MSG_KEX_ECDH_INIT [preauth]
debug3: receive packet: type 30 [preauth]
debug3: mm_key_sign entering [preauth]
debug3: mm_request_send entering: type 6 [preauth]
debug3: mm_request_receive entering
debug3: monitor_read: checking request 6
debug3: mm_answer_sign
debug3: mm_answer_sign: hostkey proof signature 0x55f5b13a1d60(271)
debug3: mm_request_send entering: type 7
debug2: monitor_read: 6 used once, disabling now
debug3: mm_key_sign: waiting for MONITOR_ANS_SIGN [preauth]
debug3: mm_request_receive_expect entering: type 7 [preauth]
debug3: mm_request_receive entering [preauth]
debug3: send packet: type 31 [preauth]
debug3: send packet: type 21 [preauth]
debug2: set_newkeys: mode 1 [preauth]
debug1: rekey after 4294967296 blocks [preauth]
debug1: SSH2_MSG_NEWKEYS sent [preauth]
debug1: expecting SSH2_MSG_NEWKEYS [preauth]
debug3: receive packet: type 21 [preauth]
debug1: SSH2_MSG_NEWKEYS received [preauth]
debug2: set_newkeys: mode 0 [preauth]
debug1: rekey after 4294967296 blocks [preauth]
debug1: KEX done [preauth]
debug3: receive packet: type 5 [preauth]
debug3: send packet: type 6 [preauth]
debug3: receive packet: type 50 [preauth]
debug1: userauth-request for user root service ssh-connection method none [preauth]
debug1: attempt 0 failures 0 [preauth]
debug3: mm_getpwnamallow entering [preauth]
debug3: mm_request_send entering: type 8 [preauth]
debug3: mm_getpwnamallow: waiting for MONITOR_ANS_PWNAM [preauth]
debug3: mm_request_receive_expect entering: type 9 [preauth]
debug3: mm_request_receive entering [preauth]
debug3: mm_request_receive entering
debug3: monitor_read: checking request 8
debug3: mm_answer_pwnamallow
debug2: parse_server_config: config reprocess config len 285
debug3: mm_answer_pwnamallow: sending MONITOR_ANS_PWNAM: 1
debug3: mm_request_send entering: type 9
debug2: monitor_read: 8 used once, disabling now
debug2: input_userauth_request: setting up authctxt for root [preauth]
debug3: mm_start_pam entering [preauth]
debug3: mm_request_send entering: type 100 [preauth]
debug3: mm_inform_authserv entering [preauth]
debug3: mm_request_send entering: type 4 [preauth]
debug2: input_userauth_request: try method none [preauth]
debug3: userauth_finish: failure partial=0 next methods="publickey,password" [preauth]
debug3: send packet: type 51 [preauth]
debug3: mm_request_receive entering
debug3: monitor_read: checking request 100
debug1: PAM: initializing for "root"
debug1: PAM: setting PAM_RHOST to "192.168.110.170"
debug1: PAM: setting PAM_TTY to "ssh"
debug2: monitor_read: 100 used once, disabling now
debug3: mm_request_receive entering
debug3: monitor_read: checking request 4
debug3: mm_answer_authserv: service=ssh-connection, style=, role=
debug2: monitor_read: 4 used once, disabling now
debug3: receive packet: type 50 [preauth]
debug1: userauth-request for user root service ssh-connection method publickey [preauth]
debug1: attempt 1 failures 0 [preauth]
debug2: input_userauth_request: try method publickey [preauth]
debug1: userauth_pubkey: test whether pkalg/pkblob are acceptable for RSA SHA256:g49fiAcEwLMPay5CXF1BYaj2tAtj87wLI7LGisFZ7H8 [preauth]
debug3: mm_key_allowed entering [preauth]
debug3: mm_request_send entering: type 22 [preauth]
debug3: mm_key_allowed: waiting for MONITOR_ANS_KEYALLOWED [preauth]
debug3: mm_request_receive_expect entering: type 23 [preauth]
debug3: mm_request_receive entering [preauth]
debug3: mm_request_receive entering
debug3: monitor_read: checking request 22
debug3: mm_answer_keyallowed entering
debug3: mm_answer_keyallowed: key_from_blob: 0x55f5b13a23c0
debug1: temporarily_use_uid: 0/0 (e=0/0)
debug1: trying public key file /root/.ssh/authorized_keys
debug1: fd 4 clearing O_NONBLOCK
debug1: matching key found: file /root/.ssh/authorized_keys, line 2 RSA SHA256:g49fiAcEwLMPay5CXF1BYaj2tAtj87wLI7LGisFZ7H8
debug1: restore_uid: 0/0
debug3: mm_answer_keyallowed: key is allowed
debug3: mm_request_send entering: type 23
debug3: send packet: type 60 [preauth]
debug2: userauth_pubkey: authenticated 0 pkalg ssh-rsa [preauth]
Postponed publickey for root from 192.168.110.170 port 63195 ssh2 [preauth]
debug3: receive packet: type 1 [preauth]
Received disconnect from 192.168.110.170 port 63195:0: [preauth]
Disconnected from authenticating user root 192.168.110.170 port 63195 [preauth]
debug1: do_cleanup [preauth]
debug3: PAM: sshpam_thread_cleanup entering [preauth]
debug1: monitor_read_log: child log fd closed
debug3: mm_request_receive entering
debug1: do_cleanup
debug1: PAM: cleanup
debug3: PAM: sshpam_thread_cleanup entering
debug1: Killing privsep child 68327
debug1: audit_event: unhandled event 12
还是一样,输入PIN后被拒绝了
from wincryptsshagent.
另外,是否可以在托盘菜单上增加个版本提示?不然通过文件属性才能看到版本,怕搞乱了
from wincryptsshagent.
from wincryptsshagent.
Connecting to 192.168.110.41:22...
Connection established.
To escape to local shell, press Ctrl+Alt+].
[20:59:19] Version exchange initiated...
[20:59:19] server: SSH-2.0-OpenSSH_7.6p1 Ubuntu-4ubuntu0.3
[20:59:19] client: SSH-2.0-nsssh2_5.0.0034 NetSarang Computer, Inc.
[20:59:19] SSH2 is selected.
[20:59:19] Algorithm negotiation initiated... (mode 0)
[20:59:19] key exchange: ecdh-sha2-nistp256
[20:59:19] host key: ssh-rsa
[20:59:19] outgoing encryption: [email protected]
[20:59:19] incoming encryption: [email protected]
[20:59:19] outgoing mac: [email protected]
[20:59:19] incoming mac: [email protected]
[20:59:19] outgoing compression: none
[20:59:19] incoming compression: none
[20:59:19] Host authentication initiated...
[20:59:19] Hostkey fingerprint:
[20:59:19] ssh-rsa 2048 80:88:3c:5d:25:7d:f2:d2:b8:2b:e2:77:78:1f:de:a4
[20:59:19] Accepted. Verifying host key...
[20:59:19] Verified.
[20:59:19] User authentication initiated...
[20:59:19] Sent user name 'root'.
[20:59:19] Server support public key authentication method.
[20:59:19] Trying to find ssh-agent...
[20:59:19] Xagent is running. Connecting to ssh-agent...
[20:59:19] Received 1 identity-blob(s) from ssh-agent.
[20:59:19] Trying next identity blob...
[20:59:19] Received PK_OK packet.
[20:59:19] Sent sign request to ssh-agent.
[20:59:28] Received an empty signature from ssh-agent.
[20:59:28] No more keys to try.
[20:59:28] Fall back to normal user authentication steps.
[20:59:37] Canceled.
Connection closed by foreign host.
from wincryptsshagent.
你的私钥是什么类型的是RSA还是ECC,位数是多少?XShell的具体版本号是多少?
from wincryptsshagent.
Xshell v5.0.0041 & Xshell v7.0.0.4 测试不通过
C:\Program Files (x86)\GnuPG\bin>gpg --card-status
Reader ...........: Yubico YubiKey OTP FIDO CCID 0
Application ID ...: ********
Application type .: OpenPGP
Version ..........: 3.4
Manufacturer .....: Yubico
Serial number ....: 1******10
Name of cardholder:
Language prefs ...: [not set]
Salutation .......:
URL of public key : [not set]
Login data .......: [not set]
Signature PIN ....: not forced
Key attributes ...: rsa2048 rsa2048 rsa2048
Max. PIN lengths .: 127 127 127
PIN retry counter : 3 0 3
Signature counter : 1
KDF setting ......: off
Signature key ....: 59E9 138A 9F33 660E 0C65 BE2E 1453 B900 51F7 ****
created ....: 2021-03-22 08:12:48
Encryption key....: 0229 46DA 7C0D 34FE F946 3102 7955 0FD3 1118 ****
created ....: 2021-03-22 07:46:25
Authentication key: 8EFA E2BE 9600 B926 F7E8 9881 FD11 86DA 4BA4 ****
created ....: 2021-03-24 03:14:25
General key info..: [none]
from wincryptsshagent.
Xshell v5.0.0041 & Xshell v7.0.0.4 测试不通过
C:\Program Files (x86)\GnuPG\bin>gpg --card-status Reader ...........: Yubico YubiKey OTP FIDO CCID 0 Application ID ...: ******** Application type .: OpenPGP Version ..........: 3.4 Manufacturer .....: Yubico Serial number ....: 1******10 Name of cardholder: Language prefs ...: [not set] Salutation .......: URL of public key : [not set] Login data .......: [not set] Signature PIN ....: not forced Key attributes ...: rsa2048 rsa2048 rsa2048 Max. PIN lengths .: 127 127 127 PIN retry counter : 3 0 3 Signature counter : 1 KDF setting ......: off Signature key ....: 59E9 138A 9F33 660E 0C65 BE2E 1453 B900 51F7 **** created ....: 2021-03-22 08:12:48 Encryption key....: 0229 46DA 7C0D 34FE F946 3102 7955 0FD3 1118 **** created ....: 2021-03-22 07:46:25 Authentication key: 8EFA E2BE 9600 B926 F7E8 9881 FD11 86DA 4BA4 **** created ....: 2021-03-24 03:14:25 General key info..: [none]
WinCryptSSHAgent使用的是PIV模式的证书,不是GPG的
from wincryptsshagent.
C:\Users\Bill\Desktop>gpgsm --gen-key >client.crt
gpgsm (GnuPG) 2.2.27; Copyright (C) 2021 g10 Code GmbH
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Please select what kind of key you want:
(1) RSA
(2) Existing key
(3) Existing key from card
Your selection? 3
Serial number of the card: D276000124010304****************
Available keys:
(1) ******FD9AC53B16E8DFDF9E**************** OPENPGP.1 rsa2048 (cert,sign)
(2) ******BC64E376FFEA2831D2**************** OPENPGP.2 rsa2048 (encr)
(3) ******E4E052176A3B450BF3**************** OPENPGP.3 rsa2048 (sign,auth)
Your selection? 3
Possible actions for a RSA key:
(1) sign, encrypt
(2) sign
(3) encrypt
Your selection? 2
Enter the X.509 subject name: CN="Alex",OU="DevOps",O="Google"
Enter email addresses (end with an empty line):
> [email protected]
>
Enter DNS names (optional; end with an empty line):
>
Enter URIs (optional; end with an empty line):
>
Create self-signed certificate? (y/N) y
These parameters are used:
Key-Type: card:OPENPGP.3
Key-Length: 1024
Key-Usage: sign
Serial: random
Name-DN: CN="Alex",OU="DevOps",O="Google"
Name-Email: [email protected]
Proceed with creation? (y/N) y
Now creating self-signed certificate. This may take a while ...
gpgsm: about to sign the certificate for key: &616804E4E******************************
gpgsm: certificate created
Ready.
from wincryptsshagent.
这是我的生成自签名证书记录,然后写入PIV的Auth槽里,其他3个槽都是空的。
from wincryptsshagent.
Related Issues (20)
- Feature Request: Pop up when SSH-Agent is waiting for a touch YubiKey
- SecureCRT SSH agent forwarding not working HOT 1
- Unload or remove Key if the according Yubikey is not inserted
- WSL2 hangs on first boot
- Error: "sign_and_send_pubkey: signing failed: agent refused operation" but "ssh-add -T" works for key
- Can this be done with pgp?
- Error Alert on startup HOT 1
- rve
- How to use with Pageant? HOT 2
- WSL2 socket file is world readable and in predictable location
- Use case from Android mobile device?
- The key in yubikey has been changed, but the key in WinCryptSSHAgent is still old, how to update it? HOT 2
- Unrecognizable ECC public key
- Enabling hyper-v plugin install service error
- Termius
- open \\.\pipe.openssh-ssh-agant:Access is denied HOT 7
- The already running agent refused to add the key HOT 1
- Multiple references to same privkey = key multiply loaded by agent HOT 1
- Windows ARM64 Support
- nfn
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from wincryptsshagent.