网络错误:连接拒绝putty
我正在尝试使用ssh密钥登录我的服务器(我使用putty来做)但每次我尝试连接时都说Network error: Connection refused 。 我认为,公钥不是很确定,这是错误的。 关键看起来像这样:
rsa-key-public AAAAB3NzaC1yc2EAAAABJQAAAQEAx+KoPhVxfBrnN8cFb+hG9MveY0cfNpn9mAcN hsfkEvxeG2EqLRYtaXUBXPgl3uILvXYbqG7HSBq/kZe/AICn/aK89rCGAozEepde aYmy9EtmfPU8pFgTrgMils8X6b5kPPxCBZ2pfeL/q4SUke+/xpV1x98py6PHM8Vm JaBciqvaa89QLvWf3IUuxm7798WvGUPlSMtuE2wnYsyJ4W65nBCs4PCROpaPmcmq iP0VF+Vm5vC3W/F00PC1w3R3BMdDoS2VJj7jQTR1Ralbn9cM185/pZY8lvkX4lEQ MJvvwRM1Oy/g+J7+RbPR/XTrrRmKQq5mnWU0ICV5qvTnsc+Lyw==
但一切都在一条线上。 我使用puttygen来创建密钥,看起来像是deafult:
---- BEGIN SSH2 PUBLIC KEY ---- Comment: "rsa-key-public" AAAAB3NzaC1yc2EAAAABJQAAAQEAx+KoPhVxfBrnN8cFb+hG9MveY0cfNpn9mAcN hsfkEvxeG2EqLRYtaXUBXPgl3uILvXYbqG7HSBq/kZe/AICn/aK89rCGAozEepde aYmy9EtmfPU8pFgTrgMils8X6b5kPPxCBZ2pfeL/q4SUke+/xpV1x98py6PHM8Vm JaBciqvaa89QLvWf3IUuxm7798WvGUPlSMtuE2wnYsyJ4W65nBCs4PCROpaPmcmq iP0VF+Vm5vC3W/F00PC1w3R3BMdDoS2VJj7jQTR1Ralbn9cM185/pZY8lvkX4lEQ MJvvwRM1Oy/g+J7+RbPR/XTrrRmKQq5mnWU0ICV5qvTnsc+Lyw== ---- END SSH2 PUBLIC KEY ----
输出cat /etc/ssh/sshd_config :
# Package generated configuration file # See the sshd_config(5) manpage for details # What ports, IPs and protocols we listen for #Port 2222 # Use these options to restrict which interfaces/protocols sshd will bind to ListenAddress 192.168.1.20 Protocol 2 # HostKeys for protocol version 2 HostKey /etc/ssh/ssh_host_rsa_key HostKey /etc/ssh/ssh_host_ecdsa_key HostKey /etc/ssh/ssh_host_ed25519_key #Privilege Separation is turned on for security UsePrivilegeSeparation yes # Lifetime and size of ephemeral version 1 server key KeyRegenerationinterval 3600 ServerKeyBits 2048 # Logging SyslogFacility AUTH LogLevel INFO # Authentication: LoginGraceTime 120 PermitRootLogin prohibit-password StrictModes yes RSAAuthentication yes PubkeyAuthentication yes AuthorizedKeysFile ~/.ssh/authorized_keys # Don't read the user's ~/.rhosts and ~/.shosts files IgnoreRhosts yes # For this to work you will also need host keys in /etc/ssh_known_hosts RhostsRSAAuthentication no # similar for protocol version 2 HostbasedAuthentication no # Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication #IgnoreUserKnownHosts yes # To enable empty passwords, change to yes (NOT RECOMMENDED) PermitEmptyPasswords no # Change to yes to enable challenge-response passwords (beware issues with # some PAM modules and threads) ChallengeResponseAuthentication no # Change to no to disable tunnelled clear text passwords PasswordAuthentication yes # Kerberos options #KerberosAuthentication no #KerberosGetAFSToken no #KerberosOrLocalPasswd yes #KerberosTicketCleanup yes # GSSAPI options #GSSAPIAuthentication no #GSSAPICleanupCredentials yes Xl1Forwarding yes Xl1DisplayOffset 10 PrintMotd no PrintLastLog yes TCPKeepAlive yes #UseLogin no #MaxStartups 10:30:60 *Banner /etc/issue.net # Allow client to pass locale environment variables AcceptEnv LANG LC * Subsystem sftp /usr/lib/openssh/sftp-server # Set this to 'yes' to enable PAM authentication, account processing, # and session processing. If this is enabled, PAM authentication will # be allowed through the ChallengeResponseAuthentication and # PasswordAuthentication. Depending on your PAM configuration, # PAM authentication via ChallengeResponseAuthentication may bypass # the setting of *PermitRootLogin without-password*. # If you just want the PAM account and session checks to run without # PAM authentication, then enable this but set PasswordAuthentication # and ChallengeResponseAuthentication to 'no'. UsePAM no
输出service ssh status / systemctl status ssh.service :
peter@PM-server:-$ service ssh status ● ssh.service - OpenBSD Secure Shell server Loaded: loaded (/lib/systemd/systemissh.service; enabled; vendor preset: enabled) Active: active (running) since Mon 2017-04-03 16:02:13 CEST; 3h 37min ago Main PID: 1577 (sshd) Tasks: 7 (limit: 4915) Memory: 23.1M CPU: 3.774s CGroup: /system.slice/ssh.service ├─1577 /usr/sbin/sshd -D ├─2351 sshd: peter [priv] ├─2359 sshd: peter@pts/0 ├─2360 -bash ├─2395 systemctl status ssh.service └─2400 pager Apr 03 16:25:11 PM-server sudo[2030] :pam_unix(sudo:session): session opened for user root by peter(uid=0) Apr 03 16:32:45 PM-server sudo[2030] :pam_unix(sudo:session): session closed for user root Apr 03 16:50:45 PM-server sshd[2068] : Accepted password for peter from 192.168.1.19 port 57813 ssh2 Apr 03 17:19:14 PM-server sudo[2135] peter : TTY=pts/0 ; PWD/home ; USER=root ; COMMAND/bin/chown peter:peter peter Apr 03 17:19:14 PM-server sudo[2135] :pam_unix(sudo:session): session opened for user root by peter(uid=0) Apr 03 17:19:14 PM-server sudo[2135] :pam_unix(sudo:session): session closed for user root Apr 03 19:25:09 PM-server sshd[2351] : Accepted password for peter from 192.168.1.19 port 56635 ssh2 Apr 03 19:26:05 PM-server sudo[2372] peter : TTY=pts/0 ; PWD/home/peter ; USER=root ; COMMAND/bin/systemctl Apr 03 19:26:05 PM-server sudo[2372] :pam_unix(sudo:session): session opened for user root by peter(uid=0) Apr 03 19:28:14 PM-server sudo[2372] :pam unix(sudo:session): session closed for user root
这是sudo systemctl 。
输出sudo sshd -T
port 22 protocol 2 addressfamily any listenaddress [::]:22 listenaddress 0.0.0.0:22 usepam yes serverkeybits 1024 logingracetime 120 keyregenerationinterval 3600 x11displayoffset 10 maxauthtries 6 maxsessions 10 clientaliveinterval 0 clientalivecountmax 3 streamlocalbindmask 0177 permitrootlogin without-password ignorerhosts yes ignoreuserknownhosts no rhostsrsaauthentication no hostbasedauthentication no hostbasedusesnamefrompacketonly no rsaauthentication yes pubkeyauthentication yes kerberosauthentication no kerberosorlocalpasswd yes kerberosticketcleanup yes gssapiauthentication no gssapikeyexchange no gssapicleanupcredentials yes gssapistrictacceptorcheck yes gssapistorecredentialsonrekey no passwordauthentication yes kbdinteractiveauthentication no challengeresponseauthentication no printmotd no printlastlog yes x11forwarding yes x11uselocalhost yes permittty yes permituserrc yes strictmodes yes tcpkeepalive yes permitemptypasswords no permituserenvironment no uselogin no compression delayed gatewayports no usedns no allowtcpforwarding yes allowagentforwarding yes allowstreamlocalforwarding yes streamlocalbindunlink no useprivilegeseparation yes fingerprinthash SHA256 pidfile /var/run/sshd.pid xauthlocation /usr/bin/xauth ciphers chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256- ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com macs umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256- etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac- 64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1 versionaddendum none kexalgorithms curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2- nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman- group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14- sha256,diffie-hellman-group14-sha1 hostbasedacceptedkeytypes ecdsa-sha2-nistp256-cert- v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521- cert-v01@openssh.com,ssh-ed25519-cert-v01@openssh.com,ssh-rsa-cert- v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh- ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa hostkeyalgorithms ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2- nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh- ed25519-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,ecdsa-sha2- nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519,rsa-sha2-512,rsa- sha2-256,ssh-rsa pubkeyacceptedkeytypes ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa- sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh- ed25519-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,ecdsa-sha2- nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519,rsa-sha2-512,rsa- sha2-256,ssh-rsa loglevel INFO syslogfacility AUTH authorizedkeysfile .ssh/authorized_keys .ssh/authorized_keys2 hostkey /etc/ssh/ssh_host_rsa_key hostkey /etc/ssh/ssh_host_ecdsa_key hostkey /etc/ssh/ssh_host_ed25519_key acceptenv LANG acceptenv LC_* authenticationmethods any subsystem sftp /usr/lib/openssh/sftp-server maxstartups 10:30:100 permittunnel no ipqos lowdelay throughput rekeylimit 0 0 permitopen any
在这里,您将简要介绍整个过程:
如何使用密钥从Windows通过PuTTY SSH Ubuntu
I.在Ubuntu中生成SSH“密钥对”并创建authorized_keys文件
$ ssh-keygen -t rsa -b 4096 输入 生成公钥/私钥rsa密钥对。 输入要保存密钥的文件( /home/$USER/.ssh/id_rsa ): 输入 创建目录' /home/$USER/.ssh '。 输入密码(无密码短语为空): 输入密码 输入 再次输入相同的密码: 重新输入密码 输入 $ cat~ / .ssh / id_rsa.pub >>〜/ .ssh / authorized_keys 输入 $ chmod go-w~ / Enter $ chmod 700~ / .ssh 输入 $ chmod 600~ / .ssh / authorized_keys 输入 $ ls -la~ / .ssh 输入 drwx ------ 2位用户4096апр217:21。 drwxr-xr-x 3用户user4096апр217:40 .. -rw ------- 1位用户738апр217:21 authorized_keys -rw ------- 1位用户3243апр217:15 id_rsa -rw-r - r-- 1位用户738апр217:15 id_rsa.pub
请注意,我们不需要使用sudo 。 如果authorized_keys已经存在,则输出重定向>> just将附加一个新条目。
进行测试 – 使用当前用户的用户名连接到localhost :
$ chmod 600 ~/.ssh/id_rsa.pub $ ssh $USER@localhost -i ~/.ssh/id_rsa -p 22 -v
其中:(1)你可以省略选项-i ~/.ssh/id_rsa -p 22 ,因为这些是默认值,而(2) -v将打开详细模式。 更多信息可以在man ssh找到。
请注意,此测试将使用/etc/ssh/sshd_config的默认配置“仅”传递。 这是Ubuntu 16.04的默认sshd_config 。
II。 将id_rsa私钥转换为.ppk格式并使用它
其中.ppk表示PuTTY私钥 。
方法1:使用puttygen for Linux:
这个额外编辑的想法来自这个主题 ,讨论了从.ppk到OpenSSH兼容格式的转换。
-
在Ubuntu中安装
putty-tools。 打开终端并输入:sudo apt install putty-tools -
转换私钥:
puttygen ~/.ssh/id_rsa -O private -o ~/.ssh/converted_id_rsa.ppk -
将转换后的私钥(
converted_id_rsa.ppk)复制到Windows中。 -
将此
.ppk密钥与PuTTY一起使用以连接到Ubuntu。 截图 。
方法2:使用puttygen for Windows
-
将私钥(
id_rsa)复制到Windows。 -
运行“PuTTY Key Generator”(
puttygen.exe)并单击“Load按钮。 截图 。 -
切换到
All Files (*.*)并在Ubuntu(id_rsa)私钥文件中Open您生成的。 截图 。 -
输入密码(如果有),然后单击“
OK。 将出现通知 – 再次单击“OK。 截图 。 -
如果需要,请编辑
Key comment和Key passphrase,然后单击Save private key。 截图 。 -
将新的
.ppk密钥保存在方便的位置。 截图 。 -
将此
.ppk密钥与PuTTY一起使用以连接到Ubuntu。 截图 。
参考文献:
-
关于“公/私钥对”概念的简单解释
-
SSH和加密的主目录
-
Ubuntu文档:SSH / OpenSSH / Keys
-
如何在Linux下将.ppk密钥转换为OpenSSH密钥?
通常, Network error: Connection refused意味着服务器完全拒绝您的SSH连接 。 与它一起使用的关键PuTTY没有问题,因为它在连接过程中没有达到那么远,甚至打扰键。 相反,它立即拒绝了连接。 这通常是由于服务器未运行SSH服务器(或SSH服务器损坏),端口错误或服务器地址错误。
但是,您说在使用公钥进行连接时只收到该错误消息,而使用密码进行连接时工作正常。 要为传入连接添加公钥,请将以下行添加到服务器上的~/.ssh/authorized_keys (如果文件不存在,则创建该文件):
ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEAx+KoPhVxfBrnN8cFb+hG9MveY0cfNpn9mAcNhsfkEvxeG2EqLRYtaXUBXPgl3uILvXYbqG7HSBq/kZe/AICn/aK89rCGAozEepdeaYmy9EtmfPU8pFgTrgMils8X6b5kPPxCBZ2pfeL/q4SUke+/xpV1x98py6PHM8VmJaBciqvaa89QLvWf3IUuxm7798WvGUPlSMtuE2wnYsyJ4W65nBCs4PCROpaPmcmqiP0VF+Vm5vC3W/F00PC1w3R3BMdDoS2VJj7jQTR1Ralbn9cM185/pZY8lvkX4lEQMJvvwRM1Oy/g+J7+RbPR/XTrrRmKQq5mnWU0ICV5qvTnsc+Lyw==
请注意:
- 从
ssh-rsa开始 - 在它的中间没有换行符(如果存在则删除它们)
- 应该是您当前正在使用的公钥(应该以
AAAAB3)(如果您生成了新密钥,AAAAB3其替换为新密钥)
这是一种不同的密钥格式。 将一个转换为另一个的正确方法是使用ssh-keygen :
ssh-keygen -i -f /path/to/public.key
您的密钥的结果如下所示:
ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEAx+KoPhVxfBrnN8cFb+hG9MveY0cfNpn9mAcNhsfkEvxeG2EqLRYtaXUBXPgl3uILvXYbqG7HSBq/kZe/AICn/aK89rCGAozEepdeaYmy9EtmfPU8pFgTrgMils8X6b5kPPxCBZ2pfeL/q4SUke+/xpV1x98py6PHM8VmJaBciqvaa89QLvWf3IUuxm7798WvGUPlSMtuE2wnYsyJ4W65nBCs4PCROpaPmcmqiP0VF+Vm5vC3W/F00PC1w3R3BMdDoS2VJj7jQTR1Ralbn9cM185/pZY8lvkX4lEQMJvvwRM1Oy/g+J7+RbPR/XTrrRmKQq5mnWU0ICV5qvTnsc+Lyw==
因此,在带有密钥标识符ssh-rsa的单行上,而不是您使用的那个。 换行也很重要(可能没有)。