정보:
[foo@mysql01 .ssh]$ cat /etc/centos-release ;pwd ;ls -al
CentOS release 6.9 (Final)
/home/foo/.ssh
total 20
drwx------ 2 foo foo 4096 Oct 3 11:00 .
drwx------ 3 foo foo 4096 Oct 3 11:09 ..
-rw------- 1 foo foo 3311 Oct 3 10:54 id_rsa-foo
-rw------- 1 foo foo 742 Oct 3 10:54 id_rsa-foo.pub
-rw-r--r-- 1 foo foo 403 Oct 3 10:55 known_hosts
키를 사용하는 일반 SSH는 정상적으로 작동합니다.
[foo@mysql01 .ssh]$ ssh -v bar@sftp01 -i ./id_rsa-foo
OpenSSH_5.3p1, OpenSSL 1.0.1e-fips 11 Feb 2013
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Connecting to sftp01 [192.168.10.104] port 22.
debug1: Connection established.
debug1: identity file ./id_rsa-foo type 1
debug1: identity file ./id_rsa-foo-cert type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.3
debug1: match: OpenSSH_5.3 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.3
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-sha1 none
debug1: kex: client->server aes128-ctr hmac-sha1 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<2048<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host 'sftp01' is known and matches the RSA host key.
debug1: Found key in /home/foo/.ssh/known_hosts:1
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
debug1: Next authentication method: gssapi-keyex
debug1: No valid Key exchange context
debug1: Next authentication method: gssapi-with-mic
debug1: Unspecified GSS failure. Minor code may provide more information
Credentials cache file '/tmp/krb5cc_500' not found
debug1: Unspecified GSS failure. Minor code may provide more information
Credentials cache file '/tmp/krb5cc_500' not found
debug1: Next authentication method: publickey
debug1: Offering public key: ./id_rsa-foo
debug1: Server accepts key: pkalg ssh-rsa blen 533
debug1: PEM_read_PrivateKey failed
debug1: read PEM private key done: type <unknown>
Enter passphrase for key './id_rsa-foo':
debug1: read PEM private key done: type RSA
debug1: Authentication succeeded (publickey).
debug1: channel 0: new [client-session]
debug1: Requesting [email protected]
debug1: Entering interactive session.
debug1: Sending environment.
Last login: Tue Oct 3 10:58:21 2017 from 192.168.10.109
[bar@sftp01 ~]$
SFTP는 내가 지정한 키 파일을 사용하지 않는 것 같습니다. 대신 모든 기본값을 시도합니다(Mac OSX에서도 비슷한 동작).
[foo@mysql01 .ssh]$ sftp -v bar@sftp01 -oIdentityFile=./id_rsa-foo
Connecting to sftp01...
OpenSSH_5.3p1, OpenSSL 1.0.1e-fips 11 Feb 2013
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Connecting to sftp01 [192.168.10.104] port 22.
debug1: Connection established.
debug1: identity file /home/foo/.ssh/id_rsa type -1
debug1: identity file /home/foo/.ssh/id_rsa-cert type -1
debug1: identity file /home/foo/.ssh/id_dsa type -1
debug1: identity file /home/foo/.ssh/id_dsa-cert type -1
debug1: identity file /home/foo/.ssh/id_ecdsa type -1
debug1: identity file /home/foo/.ssh/id_ecdsa-cert type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.3
debug1: match: OpenSSH_5.3 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.3
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-sha1 none
debug1: kex: client->server aes128-ctr hmac-sha1 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<2048<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host 'sftp01' is known and matches the RSA host key.
debug1: Found key in /home/foo/.ssh/known_hosts:1
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
debug1: Next authentication method: gssapi-keyex
debug1: No valid Key exchange context
debug1: Next authentication method: gssapi-with-mic
debug1: Unspecified GSS failure. Minor code may provide more information
Credentials cache file '/tmp/krb5cc_500' not found
debug1: Unspecified GSS failure. Minor code may provide more information
Credentials cache file '/tmp/krb5cc_500' not found
debug1: Next authentication method: publickey
debug1: Trying private key: /home/foo/.ssh/id_rsa
debug1: Trying private key: /home/foo/.ssh/id_dsa
debug1: Trying private key: /home/foo/.ssh/id_ecdsa
debug1: Next authentication method: password
bar@sftp01's password:
참고: 키 이름을 기본값(예: "id_rsa" 및 "id_rsa.pub")으로 변경하면 sftp가 제대로 작동하지만 이를 방지하려고 합니다.
답변1
@sato_katsura 당신 말이 맞아요! 나는 논쟁을 바꿔야 했다(이상하다):
[foo@mysql01 .ssh]$ sftp -v -oIdentityFile=./id_rsa-foo bar@sftp01
Connecting to sftp01...
OpenSSH_5.3p1, OpenSSL 1.0.1e-fips 11 Feb 2013
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Connecting to sftp01 [192.168.10.104] port 22.
debug1: Connection established.
debug1: identity file ./id_rsa-foo type 1
debug1: identity file ./id_rsa-foo-cert type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.3
debug1: match: OpenSSH_5.3 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.3
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-sha1 none
debug1: kex: client->server aes128-ctr hmac-sha1 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<2048<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host 'sftp01' is known and matches the RSA host key.
debug1: Found key in /home/foo/.ssh/known_hosts:1
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
debug1: Next authentication method: gssapi-keyex
debug1: No valid Key exchange context
debug1: Next authentication method: gssapi-with-mic
debug1: Unspecified GSS failure. Minor code may provide more information
Credentials cache file '/tmp/krb5cc_500' not found
debug1: Unspecified GSS failure. Minor code may provide more information
Credentials cache file '/tmp/krb5cc_500' not found
debug1: Next authentication method: publickey
debug1: Offering public key: ./id_rsa-foo
debug1: Server accepts key: pkalg ssh-rsa blen 533
debug1: PEM_read_PrivateKey failed
debug1: read PEM private key done: type <unknown>
Enter passphrase for key './id_rsa-foo':
debug1: read PEM private key done: type RSA
debug1: Authentication succeeded (publickey).
debug1: channel 0: new [client-session]
debug1: Requesting [email protected]
debug1: Entering interactive session.
debug1: Sending environment.
debug1: Sending subsystem: sftp
sftp>