windows 上 OpenSSH 服務 啟用祕鑰登入(微軟真心逆天)
阿新 • • 發佈:2021-06-28
windows 上 OpenSSH 服務 啟用祕鑰登入(微軟真心逆天)
windows 安裝 OpenSSH 服務
最近需要在windows 伺服器上部署自動釋出程式,那麼就需要用到 scp 和 ssh 的免密登入了
首先需要安裝 OpenSSH 服務,過程可以看我上篇
windows 建立祕鑰
定位到 C:\Program Files\OpenSSH,啟用 powershell
cd 'C:\Program Files\OpenSSH'
$ .\ssh-keygen <== 建立金鑰對 Generating public/private rsa key pair. ... 一路enter
定位到 C:\Users\Administrator.ssh 生成 authorized_keys 檔案
cd C:\Users\Administrator\.ssh
cat id_rsa.pub >> authorized_keys
到這裡你以為就可以像linux一樣使用祕鑰登入了?
不你錯了!!! 這坑了我好長時間,我以為是許可權問題,後來Google發現 微軟真心坑爹
解決辦法如下
找到 C:\ProgramData\ssh 資料夾中的 sshd_config
看看最後一行!!
# override default of no subsystems Subsystem sftp sftp-server.exe # Example of overriding settings on a per-user basis #Match User anoncvs # AllowTcpForwarding no # PermitTTY no # ForceCommand cvs server Match Group administrators AuthorizedKeysFile __PROGRAMDATA__/ssh/administrators_authorized_keys
這啥意思呢? 就是剛剛生成的authorized_keys 檔案要放在 C:\ProgramData\ssh 資料夾下,還要改名成 administrators_authorized_keys !!!
執行 cat id_rsa.pub >> administrators_authorized_keys
還有就是修改ssh 配置也是在 sshd_config 裡面!
修改 sshd_config
完整配置
# This is the sshd server system-wide configuration file. See # sshd_config(5) for more information. # The strategy used for options in the default sshd_config shipped with # OpenSSH is to specify options with their default value where # possible, but leave them commented. Uncommented options override the # default value. #Port 22 #AddressFamily any #ListenAddress 0.0.0.0 #ListenAddress :: #HostKey __PROGRAMDATA__/ssh/ssh_host_rsa_key #HostKey __PROGRAMDATA__/ssh/ssh_host_dsa_key #HostKey __PROGRAMDATA__/ssh/ssh_host_ecdsa_key #HostKey __PROGRAMDATA__/ssh/ssh_host_ed25519_key # Ciphers and keying #RekeyLimit default none # Logging #SyslogFacility AUTH #LogLevel INFO # Authentication: #LoginGraceTime 2m RSAAuthentication yes PubkeyAuthentication yes PermitRootLogin yes #PermitRootLogin prohibit-password #StrictModes yes #MaxAuthTries 6 #MaxSessions 10 #PubkeyAuthentication yes # The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2 # but this is overridden so installations will only check .ssh/authorized_keys AuthorizedKeysFile .ssh/authorized_keys #AuthorizedPrincipalsFile none # For this to work you will also need host keys in %programData%/ssh/ssh_known_hosts #HostbasedAuthentication no # Change to yes if you don't trust ~/.ssh/known_hosts for # HostbasedAuthentication #IgnoreUserKnownHosts no # Don't read the user's ~/.rhosts and ~/.shosts files #IgnoreRhosts yes # To disable tunneled clear text passwords, change to no here! #PasswordAuthentication yes #PermitEmptyPasswords no # GSSAPI options #GSSAPIAuthentication no #AllowAgentForwarding yes #AllowTcpForwarding yes #GatewayPorts no #PermitTTY yes #PrintMotd yes #PrintLastLog yes #TCPKeepAlive yes #UseLogin no #PermitUserEnvironment no #ClientAliveInterval 0 #ClientAliveCountMax 3 #UseDNS no #PidFile /var/run/sshd.pid #MaxStartups 10:30:100 #PermitTunnel no #ChrootDirectory none #VersionAddendum none # no default banner path #Banner none # override default of no subsystems Subsystem sftp sftp-server.exe # Example of overriding settings on a per-user basis #Match User anoncvs # AllowTcpForwarding no # PermitTTY no # ForceCommand cvs server Match Group administrators AuthorizedKeysFile __PROGRAMDATA__/ssh/administrators_authorized_keys
與原配置相比增加三行
RSAAuthentication yes # 允許rsa
PubkeyAuthentication yes # 允許公鑰登入
PermitRootLogin yes # 允許root登入
好吧 我照做
複製 id_rsa 到 linux 資料夾下 , chmod 600 id_rsa 設定 許可權
ssh 登入
ssh -i ~/.ssh/keys/118.190.102.245/id_rsa [email protected]
好吧 我照做,成功了 ...