由于SSH配置文件的不匹配,导致的Permission denied (publickey)及其解决方法

读者如要转载,请标明出处和作者名,谢谢。 
地址01:http://space.itpub.net/25851087 
地址02:http://www.cnblogs.com/zjrodger/ 
作者名:zjrodger 

【问题发生环境和相关参数】

(1)OS:Win7 32Bit.

(2)Git:GitHub for Windows 2.0.

    下载地址:https://windows.github.com/

(3)Command Shell:Git Shell.

【问题重现描述】
 
    在Win7本地平台上安装完Github for Windows 2.0后,要在本地生成密匙,向Github上上传密匙并且进行网络连通性测试。
    ①利用命令“ssh-keygen -t rsa -C "zjrodger@163.com" 生成SSH密匙(id_rsaid_rsa.pub)后,将本地的“id_rsa.pub”文件中的内容上传到Github上的个人“SSH Keys”管理项中,从而生成一个新的SSH Keys。
    ②之后,进行本地与Remote Server(Github网站)的连接测试,命令和结果如下所示:
F:\Workspaces\Github_Workspace> ssh -T git@github.com 
Warning: Permanently added 'github.com,192.30.252.131' (RSA) to the list of know 
n hosts. 
Permission denied (publickey).
    在Windows的PowerShell中输入“ssh -T git@github.com”,结果出现“Permission Denied(publickey)


【问题原因】
    在Github for Windows 2.0默认的安装配置中, 
SSH的配置文件ssh_config中的IdentityFile“ 
与实际情况不相符。
 
(1)原来默认情况下的IdentifyFile的值
    在Github for Windows 2.0上(默认安装情况下),SSH的配置文件ssh_config中的IdentityFile(其值为密匙的全路径名)这项信息的内容是“~/.ssh/github_rsa”,如下命令所示:
Host github.com
 StrictHostKeyChecking no
 UserKnownHostsFile=/dev/null
 IdentityFile=~/.ssh/github_rsa
 
(2)实际的情形
实际上,通过命令“ssh-keygen -t rsa -C "zjrodger@163.com”生成的新的SSH密匙全路径名为:~/.ssh/id_rsa~/.ssh/id_rsa.pub”。
 
注意~/.ssh/github_rsa  不等于 ~/.ssh/id_rsa
 
(3)结论
①Git默认安装情况下,ssh_config配置文件中的“IdentityFile”项的值:IdentityFile=~/.ssh/github_rsa
②实际的IdentityFile的值:IdentityFile=~/.ssh/id_rsa
    如上所述,Github for Windows 2.0在默认安装情况下,SSH的的配置文件ssh_config中的IdentityFile项的值与实际新创建的密匙全路径名不相符,结果导致本地的SSH工具无法找到到正确的密匙,进而无法同已经上传到Github密匙相匹配,结果就出现了“Permission denied (publickey)”这样的错误。

(4)补充
SSH配置文件ssh_config在自己本地的路径:
    C:\Users\Administrator\AppData\Local\GitHub\PortableGit_6d98349f44ba975cf6c762a720f8259a267ea445\etc\ssh
密匙文件的存放路径:
    C:\Users\Administrator\.ssh
ssh_config的原文件(有误的版本):
Host *
StrictHostKeyChecking no
UserKnownHostsFile=/dev/null


Host github.com
StrictHostKeyChecking no
UserKnownHostsFile=/dev/null
IdentityFile=~/.ssh/github_rsa
重装Github for windows 2.0后的新发现(重要)
    为了确保正确性,自己将本机的Github for Window 2.0卸载并且重装了一遍,发现SSH的配置文件ssh_config中的IdentityFile依然是“~/.ssh/github_rsa”。
而重装后的密匙文件的存放路径(C:\Users\Administrator\.ssh)下,有四个密匙文件,分别是github_rsagithub_rsa.pubid_rsaid_rsa.pub
这样,用户就不用自己新建密匙文件了,只用将“github_rsa.pub”中的内容上传到Github网站的个人SSH管理中即可。
之后,在本地与Remote端进行网络连通性测试,发现可以联通。
这样,考虑到修改软件原有配置信息所带来的隐患,笔者就不推荐自己手动修改SSH的配置文件ssh_config中的IdentityFile字段这个方法了。


【解决方法】
方法一:
 
   在生成新的密匙文件后,若新生成的密匙文件名字为“id_rsa”,则将ssh_config配置文件中的“IdentityFile”项的值改为“~/.ssh/id_rsa
方法二:
 
    将新生成的密匙文件名字改为“github_rsa”,从而与ssh_config配置文件中的“IdentityFile”项的值相同。
方法三:
    重装Github for Window 2.0,不用新建密匙文件,而是用Github自带的“github_rsa.pub”文件。
总之,不论方法一,放法二还是方法三,一定要保持新生成的密匙文件的名字同“ssh_config”中“IdentityFile”字段的值一致即可。

【参考文档】

If it says "Permission denied (publickey)" you will have to put in a passphrase for your key. Do not be tempted to just press enter...this was what worked for me...it took me five hours to realize that pressing enter made OpenSSH feel that your key was too public so that is why it is denying you from going to the next step.

So as mentioned in prior answers, the Permission denied error in Windows is because you are trying to use a key other than id_rsa.
Windows lacks the bells and whistles that Linux and Mac have to try out all your public keys when trying to connect to a server via SSH. If you're using the ssh command, you can tell it which key to use by passing the -i flag followed by the path to the key to use:
F:\Workspaces\Github_Workspace> ssh -T git@github.com 
Warning: Permanently added 'github.com,192.30.252.129' (RSA) to the list of know 
n hosts. 
Permission denied (publickey). 
F:\Workspaces\Github_Workspace> ssh -i ~/.ssh/id_rsa git@github.com 
Warning: Permanently added 'github.com,192.30.252.129' (RSA) to the list of know 
n hosts. 
Enter passphrase for key '/c/Users/Administrator/.ssh/id_rsa': 
Hi zjrodger! You've successfully authenticated, but GitHub does not provide shel 
l access. 
Connection to github.com closed.
 
posted @ 2017-05-06 12:41  lpd741  阅读(22224)  评论(0编辑  收藏  举报