pubkey를 사용하여 Windows에서 CentOS8로의 SSH가 실패했지만 Ubuntu 상자를 통한 AgentForwarding을 통해 성공했습니다.

Windows 10 2004에서는 SSH 키 쌍이 SSH 에이전트 서비스에 설정 및 로드되었습니다.

PS C:\Users\ferdi> ls .ssh
    Directory: C:\Users\ferdi\.ssh
Mode                 LastWriteTime         Length Name
----                 -------------         ------ ----
-a----         8/14/2020  10:14 AM            179 config
-a----         7/23/2020  10:11 AM           1679 id_rsa
-a----         7/23/2020  10:11 AM            404 id_rsa.pub
-a----         8/13/2020   9:23 PM           3896 known_hosts
PS C:\Users\ferdi> cat .\.ssh\id_rsa.pub
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDndAlQRJcPYSHKkyW2njnWvwLpTe62MHneGRQLvqRtF7A5Yy4LlQKsZLDIivtzrA2GXaMme2lkJvCKlKFe4RQCEeUcdDr2bC1GbdTSAMQ0aaOyO1afIgOKp9zVg3NDIwZ28APpZd+f8sPtAlkfLaeJQ8moEiZz3FhcCRwbnnnVpcLT+S3rJU2mV2GTBktE3mLZoSWHkxsGT3jNdRIORqQxdCvBR2dtiNbPF83W9A7fhCL0tQQtoLu8c3Tp0AGUeYkcfUZ6VLFr+3TjCVskucg2pnnvxAG5DV/DiqGThKqDPWcMd5r2NwqsvaGplgvIdTIwveQOacSMGWQ4UCCIpwyJ ferdi@DESKTOP-4V6O744
PS C:\Users\ferdi> ssh-add
Identity added: C:\Users\ferdi/.ssh/id_rsa (C:\Users\ferdi/.ssh/id_rsa)
PS C:\Users\ferdi> ssh-add -l
2048 SHA256:O5V+dxb9IB8ft2SaxbDtFkK8lBoGVd20K+ugnBp7hSQ C:\Users\ferdi/.ssh/id_rsa (RSA)

내 .ssh/config 파일은 각 원격 호스트에 대해 "ForwardAgent"를 활성화합니다.

PS C:\Users\ferdi> cat .ssh/config
Host *
    StrictHostKeyChecking no
    ForwardAgent yes

Host mgr
    HostName 192.168.101.110
    User ubuntu

Host sad
    HostName 192.168.101.225
    User admbvtech

CentOS8 상자(SSH 구성 파일에 "sad"라는 이름)를 만들고 공개 키를 .ssh/authorized_keys에 넣었습니다.

[admbvtech@localhost ~]$ ls -la .ssh
total 4
drwx------ 2 admbvtech sudo  29 Aug 13 18:54 .
drwx------ 6 admbvtech sudo 139 Aug 13 20:53 ..
-rw------- 1 admbvtech sudo 403 Aug 13 18:54 authorized_keys
[admbvtech@localhost ~]$ cat .ssh/authorized_keys
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDndAlQRJcPYSHKkyW2njnWvwLpTe62MHneGRQLvqRtF7A5Yy4LlQKsZLDIivtzrA2GXaMme2lkJvCKlKFe4RQCEeUcdDr2bC1GbdTSAMQ0aaOyO1afIgOKp9zVg3NDIwZ28APpZd+f8sPtAlkfLaeJQ8moEiZz3FhcCRwbnnnVpcLT+S3rJU2mV2GTBktE3mLZoSWHkxsGT3jNdRIORqQxdCvBR2dtiNbPF83W9A7fhCL0tQQtoLu8c3Tp0AGUeYkcfUZ6VLFr+3TjCVskucg2pnnvxAG5DV/DiqGThKqDPWcMd5r2NwqsvaGplgvIdTIwveQOacSMGWQ4UCCIpwyJ ferdi@DESKTOP-4V6O744

.ssh/authorized_keys에 동일한 공개 키가 있는 Ubuntu 18.04 상자("mgr"이라는 이름)를 만들었습니다.

ubuntu@mgr:~$ ls -la .ssh
total 20
drwx------  2 ubuntu ubuntu 4096 Aug 13 21:24 .
drwxr-xr-x 13 ubuntu ubuntu 4096 Aug 13 15:01 ..
-rw-------  1 ubuntu ubuntu  403 Aug  3 20:57 authorized_keys
-rw-r--r--  1 ubuntu ubuntu 6636 Aug 13 21:24 known_hosts
ubuntu@mgr:~$ cat .ssh/authorized_keys
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDndAlQRJcPYSHKkyW2njnWvwLpTe62MHneGRQLvqRtF7A5Yy4LlQKsZLDIivtzrA2GXaMme2lkJvCKlKFe4RQCEeUcdDr2bC1GbdTSAMQ0aaOyO1afIgOKp9zVg3NDIwZ28APpZd+f8sPtAlkfLaeJQ8moEiZz3FhcCRwbnnnVpcLT+S3rJU2mV2GTBktE3mLZoSWHkxsGT3jNdRIORqQxdCvBR2dtiNbPF83W9A7fhCL0tQQtoLu8c3Tp0AGUeYkcfUZ6VLFr+3TjCVskucg2pnnvxAG5DV/DiqGThKqDPWcMd5r2NwqsvaGplgvIdTIwveQOacSMGWQ4UCCIpwyJ ferdi@DESKTOP-4V6O744

비밀번호 없는 SSH는 Windows에서 Ubuntu까지 잘 작동합니다.

PS C:\Users\ferdi> ssh mgr
warning: agent returned different signature type ssh-rsa (expected rsa-sha2-512)
Welcome to Ubuntu 18.04.4 LTS (GNU/Linux 4.15.0-112-generic x86_64)
....
Last login: Fri Aug 14 09:43:40 2020 from 192.168.101.1

실패하다윈도우에서 CentOS로

PS C:\Users\ferdi> ssh -v sad
OpenSSH_for_Windows_7.7p1, LibreSSL 2.6.5
debug1: Reading configuration data C:\\Users\\ferdi/.ssh/config
debug1: C:\\Users\\ferdi/.ssh/config line 1: Applying options for *
debug1: C:\\Users\\ferdi/.ssh/config line 9: Applying options for sad
debug1: Connecting to 192.168.101.225 [192.168.101.225] port 22.
debug1: Connection established.
debug1: identity file C:\\Users\\ferdi/.ssh/id_rsa type 0
debug1: key_load_public: No such file or directory
debug1: identity file C:\\Users\\ferdi/.ssh/id_rsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file C:\\Users\\ferdi/.ssh/id_dsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file C:\\Users\\ferdi/.ssh/id_dsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file C:\\Users\\ferdi/.ssh/id_ecdsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file C:\\Users\\ferdi/.ssh/id_ecdsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file C:\\Users\\ferdi/.ssh/id_ed25519 type -1
debug1: key_load_public: No such file or directory
debug1: identity file C:\\Users\\ferdi/.ssh/id_ed25519-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file C:\\Users\\ferdi/.ssh/id_xmss type -1
debug1: key_load_public: No such file or directory
debug1: identity file C:\\Users\\ferdi/.ssh/id_xmss-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_for_Windows_7.7
debug1: Remote protocol version 2.0, remote software version OpenSSH_8.0
debug1: match: OpenSSH_8.0 pat OpenSSH* compat 0x04000000
debug1: Authenticating to 192.168.101.225:22 as 'admbvtech'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: curve25519-sha256
debug1: kex: host key algorithm: ecdsa-sha2-nistp256
debug1: kex: server->client cipher: [email protected] MAC: <implicit> compression: none
debug1: kex: client->server cipher: [email protected] MAC: <implicit> compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:qsdGbspZWINmoYKa62+Y6qFpQhH5ruIyo6IKCrapi3c
debug1: Host '192.168.101.225' is known and matches the ECDSA host key.
debug1: Found key in C:\\Users\\ferdi/.ssh/known_hosts:15
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<ssh-ed25519,ssh-rsa,rsa-sha2-256,rsa-sha2-512,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521>
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic
debug1: Next authentication method: publickey
debug1: Offering public key: RSA SHA256:O5V+dxb9IB8ft2SaxbDtFkK8lBoGVd20K+ugnBp7hSQ C:\\Users\\ferdi/.ssh/id_rsa
debug1: Server accepts key: pkalg rsa-sha2-512 blen 279
warning: agent returned different signature type ssh-rsa (expected rsa-sha2-512)
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic
debug1: Trying private key: C:\\Users\\ferdi/.ssh/id_dsa
debug1: Trying private key: C:\\Users\\ferdi/.ssh/id_ecdsa
debug1: Trying private key: C:\\Users\\ferdi/.ssh/id_ed25519
debug1: Trying private key: C:\\Users\\ferdi/.ssh/id_xmss
debug1: No more authentication methods to try.
[email protected]: Permission denied (publickey,gssapi-keyex,gssapi-with-mic).

성공우분투에서 CentOS로전달된 ID 사용.

PS C:\Users\ferdi> ssh mgr
...
Last login: Fri Aug 14 10:19:53 2020 from 192.168.101.1
ubuntu@mgr:~$ ssh -v [email protected]
...
debug1: Next authentication method: publickey
debug1: Offering public key: RSA SHA256:O5V+dxb9IB8ft2SaxbDtFkK8lBoGVd20K+ugnBp7hSQ C:\\Users\\ferdi/.ssh/id_rsa
debug1: Server accepts key: pkalg rsa-sha2-512 blen 279
debug1: Authentication succeeded (publickey).
Authenticated to 192.168.101.225 ([192.168.101.225]:22).
...
Last login: Fri Aug 14 07:43:44 2020 from 192.168.101.110
[admbvtech@localhost ~]$

어떤 아이디어가 있나요? Hetzner Cloud에 구축된 Ubuntu 20.04 상자에서 동일한 문제가 발생한 것을 기억합니다(이를 파괴하고 18.04로 되돌려야 했습니다).

미리 감사드립니다.