WinSCP：服务器拒绝了我们的密钥

Question

好的，我已经与生产机器上的服务器建立了有效连接。我需要在我的开发机器上复制它，以便我可以传输我自己的文件。一切都是一样的，直到操作系统。

当我尝试连接时，我得到的只是：

服务器拒绝了我们的密钥。

这是我的日志文件...

. 2013-01-28 15:26:25.738 Session name: hex166t@65.XXX.XX.XXX (Modified stored session)
. 2013-01-28 15:26:25.738 Host name: 65.XXX.XX.XXX (Port: 1XXXX)
. 2013-01-28 15:26:25.738 User name: hex166t (Password: Yes, Key file: Yes)
. 2013-01-28 15:26:25.738 Tunnel: No
. 2013-01-28 15:26:25.738 Transfer Protocol: SFTP
. 2013-01-28 15:26:25.738 Ping type: -, Ping interval: 30 sec; Timeout: 15 sec
. 2013-01-28 15:26:25.738 Proxy: none
. 2013-01-28 15:26:25.738 SSH protocol version: 2; Compression: No
. 2013-01-28 15:26:25.738 Bypass authentication: No
. 2013-01-28 15:26:25.738 Try agent: Yes; Agent forwarding: No; TIS/CryptoCard: No; KI: Yes; GSSAPI: No
. 2013-01-28 15:26:25.738 Ciphers: aes,blowfish,3des,WARN,arcfour,des; Ssh2DES: No
. 2013-01-28 15:26:25.738 SSH Bugs: A,A,A,A,A,A,A,A,A,A
. 2013-01-28 15:26:25.738 SFTP Bugs: A,A
. 2013-01-28 15:26:25.738 Return code variable: Autodetect; Lookup user groups: A
. 2013-01-28 15:26:25.738 Shell: default
. 2013-01-28 15:26:25.738 EOL: 0, UTF: 2
. 2013-01-28 15:26:25.738 Clear aliases: Yes, Unset nat.vars: Yes, Resolve symlinks: Yes
. 2013-01-28 15:26:25.738 LS: ls -la, Ign LS warn: Yes, Scp1 Comp: No
. 2013-01-28 15:26:25.738 Local directory: default, Remote directory: home, Update: Yes, Cache: Yes
. 2013-01-28 15:26:25.738 Cache directory changes: Yes, Permanent: Yes
. 2013-01-28 15:26:25.738 DST mode: 1
. 2013-01-28 15:26:25.738 --------------------------------------------------------------------------
. 2013-01-28 15:26:25.808 Looking up host "65.XXX.XX.XXX"
. 2013-01-28 15:26:25.808 Connecting to 65.XXX.XX.XXX port 1XXXX
. 2013-01-28 15:26:25.858 Waiting for the server to continue with the initialisation
. 2013-01-28 15:26:25.858 Detected network event
. 2013-01-28 15:26:25.938 Detected network event
. 2013-01-28 15:26:25.938 Server version: SSH-2.0-Connect:Enterprise_UNIX_2.4.02
. 2013-01-28 15:26:25.938 Using SSH protocol version 2
. 2013-01-28 15:26:25.938 We claim version: SSH-2.0-WinSCP_release_5.1.3
. 2013-01-28 15:26:25.938 Waiting for the server to continue with the initialisation
. 2013-01-28 15:26:25.998 Detected network event
. 2013-01-28 15:26:25.998 Doing Diffie-Hellman group exchange
. 2013-01-28 15:26:25.998 Waiting for the server to continue with the initialisation
. 2013-01-28 15:26:26.258 Detected network event
. 2013-01-28 15:26:26.258 Doing Diffie-Hellman key exchange with hash SHA-1
. 2013-01-28 15:26:26.438 Waiting for the server to continue with the initialisation
. 2013-01-28 15:26:26.678 Detected network event
. 2013-01-28 15:26:26.898 Verifying host key rsa2 0x23,0xdf2a07bac36 with fingerprint ssh-rsa 2048 fe:03:bc:ad:66 
. 2013-01-28 15:26:26.908 Host key matches cached key
. 2013-01-28 15:26:26.908 Host key fingerprint is:
. 2013-01-28 15:26:26.908 ssh-rsa 2048 fe:03:bc:ad:66 
. 2013-01-28 15:26:26.908 Initialised AES-256 CBC client-    >server encryption
. 2013-01-28 15:26:26.908 Initialised HMAC-SHA1 client-    >server MAC algorithm
. 2013-01-28 15:26:26.908 Initialised AES-256 CBC server-    >client encryption
. 2013-01-28 15:26:26.908 Initialised HMAC-SHA1 server-    >client MAC algorithm
. 2013-01-28 15:26:26.908 Waiting for the server to continue with the initialisation
. 2013-01-28 15:26:27.048 Detected network event
. 2013-01-28 15:26:27.048 Reading private key file "Z:\prd\PS_DATA\HSBCfingateway\hsbccerts\hsbc-ensco.ppk"
. 2013-01-28 15:26:27.058 Using username "hex166t".
. 2013-01-28 15:26:27.108 Waiting for the server to continue with the initialisation
. 2013-01-28 15:26:27.158 Detected network event
. 2013-01-28 15:26:27.168 Offered public key
. 2013-01-28 15:26:27.168 Waiting for the server to continue with the initialisation
. 2013-01-28 15:26:27.228 Detected network event
. 2013-01-28 15:26:27.228 Server refused our key
. 2013-01-28 15:26:27.258 Server refused our key
. 2013-01-28 15:26:27.258 Attempting keyboard-interactive authentication
. 2013-01-28 15:26:27.258 Waiting for the server to continue with the initialisation
. 2013-01-28 15:26:27.298 Detected network event
. 2013-01-28 15:26:27.298 Server refused keyboard-interactive authentication
. 2013-01-28 15:26:27.298 Prompt (7, SSH password, , &Password: )
. 2013-01-28 15:26:27.298 Using stored password.
. 2013-01-28 15:26:27.308 Sent password
. 2013-01-28 15:26:27.308 Waiting for the server to continue with the initialisation
. 2013-01-28 15:26:27.418 Detected network event
. 2013-01-28 15:26:27.418 Password authentication failed
. 2013-01-28 15:26:27.418 Access denied
. 2013-01-28 15:26:27.458 Prompt (7, SSH password, , &Password: )
. 2013-01-28 15:26:45.497 Attempt to close connection due to fatal exception:
. 2013-01-28 15:26:45.497 Closing connection.
. 2013-01-28 15:26:45.497 Sending special code: 12
. 2013-01-28 15:26:45.559 (ESshFatal) 

Answer 1

您的私钥身份验证设置不正确。

确保将公钥添加到服务器上的~/.ssh/authorized_keys。

当您加载您的私钥时，您将在PuTTYgen 中的用于粘贴到OpenSSH 授权密钥文件的公钥 框中获取格式正确的公钥指纹。

更多详情请参考文章Set up SSH public key authentication。

---

虽然 OP 不是这种情况，但在使用旧版本的 WinSCP 连接到需要 rsa-sha2 的服务器时，您可能会收到相同的错误消息（服务器拒绝我们的密钥）。 WinSCPsupports rsa-sha2 since 5.20 only。从 8.8 开始，OpenSSH 服务器默认需要 rsa-sha2。旧版本也可以配置为需要它。另一方面，即使是 8.8 和更高版本也可以配置为不需要 rsa-sha2 (PubkeyAcceptedAlgorithms +ssh-rsa)。

Answer 2

另请参阅https://winscp.net/forum/viewtopic.php?t=31767：版本低于 5.20 的 Winscp 无法再使用 openssh-8.8 进行身份验证。

Answer 3

我遇到了同样的问题，四处寻找并通过在目标服务器上运行这些命令解决了：

chmod 700 .ssh
chmod 600 .ssh/authorized_keys
chown $USER:$USER .ssh -R

Answer 4

对于我的情况，我尝试了

$chmod 0600 authorized_keys

然后它就可以正常工作了。