logo标签列表

SSH连接Docker:权限被拒绝(公钥)

dockerssh
4
我正在运行一个Docker容器,并希望使用Emacs的tramp包对其进行SSH连接。我可以成功地使用docker exec -it containername bash命令,但我只想使用我的Emacs来进行配置工作。我已经将容器的22端口映射到本地主机的22端口。
顺便说一下,我在.ssh文件夹中有id_rsa密钥文件。
然而,即使我使用ssh -p 22 dwolf@localhost命令,它仍然无法正常工作。日志如下:
OpenSSH_7.4p1, LibreSSL 2.5.0
debug1: Reading configuration data /Users/spacegoing/.ssh/config
debug1: /Users/spacegoing/.ssh/config line 26: Applying options for *
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Connecting to localhost [::1] port 22.
debug1: connect to address ::1 port 22: Connection refused
debug1: Connecting to localhost [127.0.0.1] port 22.
debug1: Connection established.
debug1: identity file /Users/spacegoing/.ssh/id_rsa type 1
debug1: key_load_public: No such file or directory
debug1: identity file /Users/spacegoing/.ssh/id_rsa-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_7.4
debug1: Remote protocol version 2.0, remote software version OpenSSH_6.0p1 Debian-4+deb7u3
debug1: match: OpenSSH_6.0p1 Debian-4+deb7u3 pat OpenSSH* compat 0x04000000
debug1: Authenticating to localhost:22 as 'dwolf'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: ecdh-sha2-nistp256
debug1: kex: host key algorithm: ecdsa-sha2-nistp256
debug1: kex: server->client cipher: aes128-ctr MAC: umac-64@openssh.com compression: none
debug1: kex: client->server cipher: aes128-ctr MAC: umac-64@openssh.com compression: none
debug1: sending SSH2_MSG_KEX_ECDH_INIT
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:w7Y3BsQ1xof3U5cohsL5y9ctWvgNaTuXdbDFwQtE+Gc
debug1: Host 'localhost' is known and matches the ECDSA host key.
debug1: Found key in /Users/spacegoing/.ssh/known_hosts:26
debug1: rekey after 4294967296 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey after 4294967296 blocks
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /Users/spacegoing/.ssh/id_rsa
debug1: Authentications that can continue: publickey
debug1: No more authentication methods to try.
Permission denied (publickey).
将您的公钥添加到Docker容器的authorized_keys文件中。dd if =〜/ .ssh / id_rsa.pub | docker exec -it containername dd of =〜/ .ssh / authorized_keys(此命令可能无法正常工作,尝试从Docker主机一行化,但重点在于) - Matt Clark
如果你在Docker容器中运行SSHD,那么你做错了! - tgogos
@MattClark 非常感谢您的帮助!这种方法是可行的! - spacegoing
1
@tgogos 谢谢您的回复。我正在学习这篇文章,它非常有帮助! - spacegoing
2个回答
3
这三行代码:
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /Users/spacegoing/.ssh/id_rsa
debug1: Authentications that can continue: publickey

如果您发现您提供了公钥,但被拒绝了,则说明您没有在目标主机的authorized_keys文件中。

要将您的公钥复制到docker镜像中,您可以使用以下一行命令,当然,还有许多其他将您的密钥复制到计算机中的方法。

dd if=~/.ssh/id_rsa.pub | docker exec -it containername dd of=~/.ssh/authorized_keys

如前所述,您的容器应尽可能小,并且最好不需要自己的SSH服务器;但是,每个人的用例都不同。
此命令将覆盖目标上的任何现有授权密钥。
1

看看这一行:

debug1: identity file /Users/spacegoing/.ssh/id_rsa type 1
debug1: key_load_public: No such file or directory

看起来您的设备上没有id_rsa密钥,当...

debug1: Next authentication method: publickey

无法找到它并退出,请尝试使用以下命令添加此密钥:

cd ~/.ssh/
ssh-keygen id_rsa

然后按回车键回答所有问题并重复连接。

谢谢您的回答!但是我已经在.ssh文件夹中有那个文件了。我还在想这个警告是什么意思:P - spacegoing
消息“key_load_public: No such file or directory”并不是说它找不到私钥,而是它没有加载公钥。这只是一个警告,而不是错误。可以忽略它,它不会阻止连接。 - Matt Clark
网页内容由stack overflow 提供, 点击上面的
可以查看英文原文,
原文链接