尽管设置了 publickey 登录,但是还是优先尝试 keyboard interactive
-
已自查并确认正常的部分 :
- 服务端 OpenSSH 配置正常
- PubkeyAuthentication yes
- AuthorizedKeysFile 路径正确
- authorized_keys 文件存在,权限正确
- 服务端返回的可用认证方式包含 publickey
- 如果使用 OpenSSH 客户端手动登录,可正常公钥登录,这证明服务器行为/配置都没有问题
- 即,如果执行以下代码,是能正常登录的
ssh \ -o PreferredAuthentications=publickey \ -o PubkeyAuthentication=yes \ root@服务器IP- 服务端未拒绝公钥,日志中服务端多次返回:
USERAUTH_FAILURE (publickey,password,keyboard-interactive)
完整的连接日志如下:
Local ident: 'SSH-2.0-ssh2js1.16.0' Client: Trying <服务器IP地址> on port 22 ... Socket connected Remote ident: 'SSH-2.0-OpenSSH_9.9' Outbound: Sending KEXINIT Inbound: Handshake in progress Handshake: (local) KEX method: curve25519-sha256@libssh.org,curve25519-sha256,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,ext-info-c,kex-strict-c-v00@openssh.com Handshake: (remote) KEX method: sntrup761x25519-sha512,sntrup761x25519-sha512@openssh.com,mlkem768x25519-sha256,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,ext-info-s,kex-strict-s-v00@openssh.com Handshake: strict KEX mode enabled Handshake: KEX algorithm: curve25519-sha256@libssh.org Handshake: (local) Host key format: ssh-ed25519,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,rsa-sha2-512,rsa-sha2-256,ssh-rsa Handshake: (remote) Host key format: rsa-sha2-512,rsa-sha2-256,ecdsa-sha2-nistp256,ssh-ed25519 Handshake: Host key format: ssh-ed25519 Handshake: (local) C->S cipher: aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr Handshake: (remote) C->S cipher: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com Handshake: C->S Cipher: aes128-gcm@openssh.com Handshake: (local) S->C cipher: aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr Handshake: (remote) S->C cipher: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com Handshake: S->C cipher: aes128-gcm@openssh.com Handshake: (local) C->S MAC: hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1 Handshake: (remote) C->S MAC: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1 Handshake: C->S MAC: <implicit> Handshake: (local) S->C MAC: hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1 Handshake: (remote) S->C MAC: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1 Handshake: S->C MAC: <implicit> Handshake: (local) C->S compression: none,zlib@openssh.com,zlib Handshake: (remote) C->S compression: none,zlib@openssh.com Handshake: C->S compression: none Handshake: (local) S->C compression: none,zlib@openssh.com,zlib Handshake: (remote) S->C compression: none,zlib@openssh.com Handshake: S->C compression: none Outbound: Sending KEXECDH_INIT Received DH Reply Host accepted by default (no verification) Host accepted (verified) Outbound: Sending NEWKEYS Inbound: NEWKEYS Verifying signature ... Verified signature Handshake completed Outbound: Sending SERVICE_REQUEST (ssh-userauth) Inbound: Received EXT_INFO Inbound: Received SERVICE_ACCEPT (ssh-userauth) Outbound: Sending USERAUTH_REQUEST (none) Inbound: Received USERAUTH_FAILURE (publickey,password,keyboard-interactive) Client: none auth failed Outbound: Sending USERAUTH_REQUEST (keyboard-interactive) Inbound: Received USERAUTH_INFO_REQUEST # 此时弹出了密码输入对话框,如果关闭,就是继续以下 Outbound: Sending USERAUTH_INFO_RESPONSE Outbound: Sending DISCONNECT (11) Inbound: Received USERAUTH_FAILURE (publickey,password,keyboard-interactive) Client: keyboard-interactive auth failed Outbound: Sending USERAUTH_REQUEST (publickey -- check) Socket ended Socket closed No response from server - 服务端 OpenSSH 配置正常