发布于 

git-with-openssh log

今天是立冬,闲暇之余来更新一下。不过,不知不觉已经是深秋的深秋了。

alt

ssh环境

目前装的是Windows11系统,在控制面板、程序和功能中并没有openssh相关的功能可以安装,但是在windows\system32\openssh自带。

在windows terminal中 ssh -V 查看版本为

OpenSSH_for_Windows_8.1p1, LibreSSL 3.0.2

在Gitbash中查看的版本号是

OpenSSH_8.8p1, OpenSSL 1.1.1l 24 Aug 2021

目前在用scoop作为windows下包管理器。(之后会为scoop写一篇使用心得以及注意事项)
用scoop包管理器下载了git-with-ssh,并重新安装了Gitbash
安装过程中;其中一项是使用bundled openssh还是自己选择已有openssh组件。这里为了区别scoop安装的git-with-ssh选择windows自带的openssh。

错误输出

现在问题是,在windows terminal中可以正常的ssh到gitee仓库

C:\Users\tokiame>ssh -vT git@gitee.com
OpenSSH_for_Windows_8.1p1, LibreSSL 3.0.2
debug1: Reading configuration data C:\\Users\\tokiame/.ssh/config
debug1: C:\\Users\\tokiame/.ssh/config line 8: Applying options for gitee.com
debug1: C:\\Users\\tokiame/.ssh/config line 14: Applying options for gitee.com
debug1: Reading configuration data __PROGRAMDATA__\\ssh/ssh_config
debug1: Connecting to gitee.com [180.97.125.228] port 22.
debug1: Connection established.
debug1: identity file C:\\Users\\tokiame/.ssh/gitee2 type 0
debug1: identity file C:\\Users\\tokiame/.ssh/gitee2-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_for_Windows_8.1
debug1: Remote protocol version 2.0, remote software version ssh-pilot-1.1.1
debug1: no match: ssh-pilot-1.1.1
debug1: Authenticating to gitee.com:22 as 'git'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: curve25519-sha256@libssh.org
debug1: kex: host key algorithm: ecdsa-sha2-nistp256
debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:FQGC9Kn/eye1W8icdBgrQp+KkGYoFgbVr17bmjey0Wc
debug1: Host 'gitee.com' is known and matches the ECDSA host key.
debug1: Found key in C:\\Users\\tokiame/.ssh/known_hosts:7
debug1: rekey out after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey in after 134217728 blocks
debug1: pubkey_prepare: ssh_get_authentication_socket: No such file or directory
debug1: Will attempt key: C:\\Users\\tokiame/.ssh/gitee2 RSA SHA256:rIZHg29jb9LsC0yONv5Yexclgto8mwvc0dTX1S+WABY explicit
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Offering public key: C:\\Users\\tokiame/.ssh/gitee2 RSA SHA256:rIZHg29jb9LsC0yONv5Yexclgto8mwvc0dTX1S+WABY explicit
debug1: Server accepts key: C:\\Users\\tokiame/.ssh/gitee2 RSA SHA256:rIZHg29jb9LsC0yONv5Yexclgto8mwvc0dTX1S+WABY explicit
debug1: Authentication succeeded (publickey).
Authenticated to gitee.com ([180.97.125.228]:22).
debug1: channel 0: new [client-session]
debug1: Entering interactive session.
debug1: pledge: network
debug1: client_input_channel_req: channel 0 rtype exit-status reply 0
Hi RaymonWang! You've successfully authenticated, but GITEE.COM does not provide shell access.
debug1: channel 0: free: client-session, nchannels 1
Transferred: sent 3392, received 1708 bytes, in 0.1 seconds

而在Gitbash中却总是抛出permission denied (publickey)

ssh -vT git@gitee.com
OpenSSH_8.8p1, OpenSSL 1.1.1l  24 Aug 2021
debug1: Reading configuration data /c/Users/tokiame/.ssh/config
debug1: /c/Users/tokiame/.ssh/config line 8: Applying options for gitee.com
debug1: /c/Users/tokiame/.ssh/config line 14: Applying options for gitee.com
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Connecting to gitee.com [180.97.125.228] port 22.
debug1: Connection established.
debug1: identity file /c/Users/tokiame/.ssh/gitee2 type 0
debug1: identity file /c/Users/tokiame/.ssh/gitee2-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_8.8
debug1: Remote protocol version 2.0, remote software version ssh-pilot-1.1.1
debug1: compat_banner: no match: ssh-pilot-1.1.1
debug1: Authenticating to gitee.com:22 as 'git'
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts2: No such file or directory
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: curve25519-sha256@libssh.org
debug1: kex: host key algorithm: ecdsa-sha2-nistp256
debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: SSH2_MSG_KEX_ECDH_REPLY received
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:FQGC9Kn/eye1W8icdBgrQp+KkGYoFgbVr17bmjey0Wc
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts2: No such file or directory
debug1: Host 'gitee.com' is known and matches the ECDSA host key.
debug1: Found key in /c/Users/tokiame/.ssh/known_hosts:7
debug1: rekey out after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey in after 134217728 blocks
debug1: Will attempt key: /c/Users/tokiame/.ssh/gitee2 RSA SHA256:rIZHg29jb9LsC0yONv5Yexclgto8mwvc0dTX1S+WABY explicit
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Offering public key: /c/Users/tokiame/.ssh/gitee2 RSA SHA256:rIZHg29jb9LsC0yONv5Yexclgto8mwvc0dTX1S+WABY explicit
debug1: send_pubkey_test: no mutual signature algorithm
debug1: No more authentication methods to try.
git@gitee.com: Permission denied (publickey).

过程

猜想是,从下面几个方面着手:

  • ssh配置问题
  • windows自带openssh和git-with-openssh冲突?

ssh配置问题上折腾了很久,值得注意的是ssh配置路径~/.ssh/config以及/etc/ssh/ssh_config|sshd_config

下面是我的~/.ssh/config配置:

Host gitee.com
HostName gitee.com
IdentityFile ~/.ssh/gitee
PreferredAuthentications publickey
User git

Host gitee.com
HostName gitee.com
IdentityFile ~/.ssh/gitee2
PreferredAuthentications publickey
User git

# this is tested three times for git-with-openssh

Host github.com
HostName github.com
IdentityFile  ~/.ssh/id_rsa
PreferredAuthentications publickey
User wmxzrs@outlook.com

Host wmcrimson
HostName github.com
IdentityFile ~/.ssh/id_desk
PreferredAuthentications publickey
User git

Host myphone
HostName  10.19.137.171
IdentityFile ~/.ssh/20211107
PreferredAuthentications publickey
User root

折腾配置无果,在网上谷歌相关的帖子和教程

找到了一篇让我醍醐灌顶 帖子中,已经明确了解决方法。

原因就是openssh版本问题😥。(这真是太让人头秃了,哭笑不得)

于是我就去看了openssh官方release

Future deprecation notice
=========================

It is now possible[1] to perform chosen-prefix attacks against the
SHA-1 hash algorithm for less than USD$50K. For this reason, we will
be disabling the "ssh-rsa" public key signature algorithm that depends
on SHA-1 by default in a near-future release.

This algorithm is unfortunately still used widely despite the
existence of better alternatives, being the only remaining public key
signature algorithm specified by the original SSH RFCs.

The better alternatives include:

 * The RFC8332 RSA SHA-2 signature algorithms rsa-sha2-256/512. These
   algorithms have the advantage of using the same key type as
   "ssh-rsa" but use the safe SHA-2 hash algorithms. These have been
   supported since OpenSSH 7.2 and are already used by default if the
   client and server support them.

 * The ssh-ed25519 signature algorithm. It has been supported in
   OpenSSH since release 6.5.

 * The RFC5656 ECDSA algorithms: ecdsa-sha2-nistp256/384/521. These
   have been supported by OpenSSH since release 5.7.

alt

(so?问题呢就这?官方都弃用了还能说啥……)

许可协议

本文采用 署名-非商业性使用-相同方式共享 4.0 国际 许可协议,转载请注明出处。

本博客所有文章除特别声明外,均采用 CC BY-NC-SA 4.0 许可协议,转载请注明出处。

本站由 @Rae 创建,使用 Stellar 作为主题。