Comments (55)
lonnywong
commented on July 23, 2024
1
Host Jumpserver
#!! Password A # 这里随便配置个错误的密码
#!! TotpSecret1 xxxxx # 这里配置 totp 的密钥
这样应该就能自动登录了。上面的 xxxxx 和 oathtool --totp -b xxxxx 最后的 xxxxx 应该是一样的就行。
from trzsz-ssh.
fengmikaelson
commented on July 23, 2024
1
#!! TotpSecret1 LxxxYIT这个不是真的密钥吧?
不是,哈哈,随便xxx了几个
from trzsz-ssh.
lonnywong
commented on July 23, 2024
#!!IdentityFile 这个配置错了,openssh 认为是注释,所以没问题,tssh 认为不是注释,所以有问题。
IdentityFile 应该配置的是私钥,你配置了个公钥,是不对的。
from trzsz-ssh.
fengmikaelson
commented on July 23, 2024
#!!IdentityFile这个配置错了,openssh认为是注释,所以没问题,tssh认为不是注释,所以有问题。
IdentityFile应该配置的是私钥,你配置了个公钥,是不对的。
谢谢抽空回复。
那个刚才我乱改的,贴错了,之前的是这样的。
不管我贴私钥还是公钥,都不行。。。但是用ssh都可以正常连接,就很奇怪。。。
➜ ~ cat ~/.ssh/config
Include ~/.orbstack/ssh/config
Host Jumpserver
HostName xxx.com
Port 2222
User xxx
IdentityFile /Users/xxx/.ssh/id_rsa
➜ ~ tssh -p2222 -i ~/.ssh/id_rsa xxx@xxx
[email protected]'s password:
from trzsz-ssh.
lonnywong
commented on July 23, 2024
tssh -v 看看是不是最新的版本?你这种是优先走到了密码认证,很旧的版本是存在这个问题的,我已经修了应该有几个版本了。
from trzsz-ssh.
fengmikaelson
commented on July 23, 2024
tssh -v看看是不是最新的版本?你这种是优先走到了密码认证,很旧的版本是存在这个问题的,我已经修了应该有几个版本了。
➜ ~ tssh -V
trzsz ssh 0.1.19
我是mac,通过brew安装的。
from trzsz-ssh.
lonnywong
commented on July 23, 2024
奇怪了,你加多一行配置试试:
PasswordAuthentication no
from trzsz-ssh.
fengmikaelson
commented on July 23, 2024
PasswordAuthentication no
一样的情况。。。
➜ ~ cat ~/.ssh/config
Host Jumpserver
HostName xxx.com
Port 2222
User xxx
IdentityFile /Users/xxx/.ssh/id_rsa
PasswordAuthentication no
➜ ~ tssh -p2222 -i /Users/xxx/ZX/Jumpserver/id_rsa [email protected]
[email protected]'s password:
from trzsz-ssh.
lonnywong
commented on July 23, 2024
tssh -p2222 -i /Users/xxx/ZX/Jumpserver/id_rsa -o PasswordAuthentication=no [email protected]
这样登录试试。
from trzsz-ssh.
lonnywong
commented on July 23, 2024
另外,你在命令行中用的是 [email protected],那在配置中的 Host 就应该是 Host [email protected]。
你现在的配置是 Host Jumpserver,那在命令行中就应该用 tssh Jumpserver,而不是 tssh [email protected]。
from trzsz-ssh.
fengmikaelson
commented on July 23, 2024
PasswordAuthentication=no
tssh -p2222 -i /Users/xxx/.ssh/id_rsa -o PasswordAuthentication=no [email protected]
new conn [xxx.com:2222] failed: ssh: handshake failed: ssh: unable to authenticate, attempted methods [none publickey], no supported methods remain
是不是ssh-rsa不支持?
另外,你在命令行中用的是
[email protected],那在配置中的Host就应该是Host [email protected]。你现在的配置是
Host Jumpserver,那在命令行中就应该用tssh Jumpserver,而不是tssh [email protected]。
我用过tssh Jumpserver也不行呢,所以我才换tssh -p [email protected]这些来测试,想看看输出内容
from trzsz-ssh.
lonnywong
commented on July 23, 2024
tssh -p2222 -i /Users/xxx/ZX/Jumpserver/id_rsa -o KbdInteractiveAuthentication=yes [email protected]
试试这样
from trzsz-ssh.
fengmikaelson
commented on July 23, 2024
KbdInteractiveAuthentication=yes
➜ ~ tssh -p2222 -i ~/.ssh/id_rsa -o KbdInteractiveAuthentication=yes [email protected]
[email protected]'s password:
还是提示我输密码。。。
from trzsz-ssh.
lonnywong
commented on July 23, 2024
ssh -vvv 登录,发一下详细的 openssh 日志到我的邮箱 [email protected] ?
from trzsz-ssh.
fengmikaelson
commented on July 23, 2024
ssh -vvv登录,发一下详细的openssh日志到我的邮箱 [email protected] ?
已发送~麻烦你了。
from trzsz-ssh.
lonnywong
commented on July 23, 2024
你试试 ssh -o PubkeyAuthentication=no xxx 能不能登录的?
你发送的日志,我选出重要的一些:
Authenticated using "publickey" with partial success.
debug1: Authentications that can continue: keyboard-interactive
debug3: start over, passed a different list keyboard-interactive
debug3: preferred publickey,keyboard-interactive,password
debug3: authmethod_lookup keyboard-interactive
debug3: remaining preferred: password
debug3: authmethod_is_enabled keyboard-interactive
debug1: Next authentication method: keyboard-interactive
看来是先 PubkeyAuthentication,部分成功后,再走到 KbdInteractiveAuthentication 的。
现在 tssh 的实现,是 PubkeyAuthentication、PasswordAuthentication 和 KbdInteractiveAuthentication 三者之一,暂不支持 PubkeyAuthentication + KbdInteractiveAuthentication 这种方式,等有空了我研究一下怎么实现。
from trzsz-ssh.
fengmikaelson
commented on July 23, 2024
ssh -o PubkeyAuthentication=no
➜ ~ ssh -o PubkeyAuthentication=no -p2222
加上以后让我输密码了
from trzsz-ssh.
lonnywong
commented on July 23, 2024
ssh -o PubkeyAuthentication=no
➜ ~ ssh -o PubkeyAuthentication=no -p2222
加上以后让我输密码了
你的服务器果然是 PubkeyAuthentication + KbdInteractiveAuthentication 这种认证方式,tssh 暂时是不支持的。
from trzsz-ssh.
fengmikaelson
commented on July 23, 2024
ssh -o PubkeyAuthentication=no
➜ ~ ssh -o PubkeyAuthentication=no -p2222
加上以后让我输密码了你的服务器果然是 PubkeyAuthentication + KbdInteractiveAuthentication 这种认证方式,tssh 暂时是不支持的。
估计服务端ubuntu的ssh开启了这两种认证。。。好的吧,期待支持。。。感谢解答
from trzsz-ssh.
lonnywong
commented on July 23, 2024
在支持之前,你可以这样配置,tssh 就会调起 openssh 来登录,然后借用其通道,你就可以手工输入 otp 登录了。
Host xxx
ControlMaster auto
ControlPath ~/.ssh/%n_%h
如果你能通过命令获取到 otp code,或者知道 totp 的密钥,还可以配置自动交互。
如( 这个是知道 totp 的密钥 ):
Host xxx
ControlMaster auto
ControlPath ~/.ssh/%n_%h
#!! CtrlExpectCount 1
#!! CtrlExpectPattern1 [OTP Code]:
#!! CtrlExpectSendTotp1 xxxxx
又如( 这个是通过命令 oathtool --totp -b xxxxx 获取 otp code ):
Host xxx
ControlMaster auto
ControlPath ~/.ssh/%n_%h
#!! CtrlExpectCount 1
#!! CtrlExpectPattern1 [OTP Code]:
#!! CtrlExpectSendOtp1 oathtool --totp -b xxxxx
from trzsz-ssh.
fengmikaelson
commented on July 23, 2024
#!! CtrlExpectCount 1
#!! CtrlExpectPattern1 [OTP Code]:
#!! CtrlExpectSendOtp1 oathtool --totp -b xxxxx
感谢热情回复。
Host xxx
ControlMaster auto
ControlPath ~/.ssh/%n_%h
这样倒是成了,可以跳到otp这里了
Host xxx
ControlMaster auto
ControlPath ~/.ssh/%n_%h
#!! CtrlExpectCount 1
#!! CtrlExpectPattern1 [OTP Code]:
#!! CtrlExpectSendOtp1 oathtool --totp -b xxxxx
我加上了这种模式后,输出报错如下:
➜ ~ tssh
🍺 Jumpserver
Warning: start control master failed: control master stdout invalid: [78 111 32 80 84 89 32 114 101 113 117 101 115 116 101 100 46 10]
Warning: Control socket connect(/Users/xxx/.ssh/id_rsa): Socket operation on non-socket
Warning: xxx(这里显示config里配置的user名字)
Warning: Please Enter MFA Code.
Warning: ControlSocket /Users/xxx/.ssh/id_rsa already exists, disabling multiplexing
Warning: dial control socket [/Users/xxx/.ssh/id_rsa] failed: dial unix /Users/xxx/.ssh/id_rsa: connect: socket operation on non-socket
[email protected]'s password:(这里会弹出输密码,但是可以回车直接跳过)
([email protected]) [OTP Code]:(到这里就让我输入otp里,好像没有自动带入成功。。。)
btw:
oathtool --totp -b xxxxx 可以正常生成otp code,我测试了,是正确的。
from trzsz-ssh.
lonnywong
commented on July 23, 2024
ControlPath 是不是配错了?不应该是 /Users/xxx/.ssh/id_rsa 。你再加一次前缀或后缀吧,不要与其他文件的路径重复了。
from trzsz-ssh.
fengmikaelson
commented on July 23, 2024
ControlPath 是不是配错了?不应该是 /Users/xxx/.ssh/id_rsa 。你再加一次前缀或后缀吧,不要与其他文件的路径重复了。
没用过controlpath,我以为要改成真实路径,我现在照抄你的替换回来了~
Host Jumpserver
HostName xxx.com
ControlMaster auto
ControlPath ~/.ssh/%n_%h
Port 2222
User xxx
#!! CtrlExpectCount 1
#!! CtrlExpectPattern1 [OTP Code]:
#!! CtrlExpectSendOtp1 oathtool --totp -b xxxxxx
输出如下:
➜ ~ tssh
🍺 Jumpserver
Warning: start control master failed: control master stdout invalid: [78 111 32 80 84 89 32 114 101 113 117 101 115 116 101 100 46 10]
Warning: xiaodong_feng
Warning: Please Enter MFA Code.
Warning: dial control socket [/Users/xxx/.ssh/Jumpserver_xxx.com] failed: dial unix /Users/mikaelson/.ssh/Jumpserver_xxx: connect: no such file or directory
[email protected]'s password:
➜ ~
还是不太行,T-T
from trzsz-ssh.
lonnywong
commented on July 23, 2024
你执行 ssh -T Jumpserver echo ok 看看输出什么?
from trzsz-ssh.
fengmikaelson
commented on July 23, 2024
ssh -T Jumpserver echo ok
输出如下
➜ ~ ssh -T Jumpserver echo ok
xxx
Please Enter MFA Code.
([email protected]) [OTP Code]:
from trzsz-ssh.
lonnywong
commented on July 23, 2024
执行 /usr/bin/ssh -T -oRemoteCommand=none -oConnectTimeout=10 Jumpserver 'echo ok; sleep 10',然后提示你输入 OTP Code 时,你输入正确的,然后看看输出什么?
from trzsz-ssh.
fengmikaelson
commented on July 23, 2024
/usr/bin/ssh -T -oRemoteCommand=none -oConnectTimeout=10 Jumpserver 'echo ok; sleep 10'
No PTY requested.
from trzsz-ssh.
lonnywong
commented on July 23, 2024
如果把 -T 去掉,输入正确的 otp code 后,会有什么表现?
from trzsz-ssh.
fengmikaelson
commented on July 23, 2024
如果把
-T去掉,输入正确的 otp code 后,会有什么表现?
一样,是No PTY requested.
from trzsz-ssh.
lonnywong
commented on July 23, 2024
你这服务器有些特殊,不支持没有 pty 的用法。
你可以再加一个 ControlPersist yes,,把 CtrlExpect 前缀那些删了,先用 ssh 登录一次服务器,然后在断网之前,tssh 都能直接登录,无须再次输入 otp code。如果要输入,那就是网络断过了,要用 ssh 再重新登录一次。
from trzsz-ssh.
fengmikaelson
commented on July 23, 2024
你这服务器有些特殊,不支持没有 pty 的用法。
你可以再加一个
ControlPersist yes,,把CtrlExpect前缀那些删了,先用ssh登录一次服务器,然后在断网之前,tssh 都能直接登录,无须再次输入 otp code。如果要输入,那就是网络断过了,要用ssh再重新登录一次。
我明天到公司了再测试一下,我也忘了什么版本的系统了,可能是ubuntu,也可能是阿里基于centos修改的ali os。。。
我明天看看什么鬼系统
拿来装jumpserver的(一款开源跳板机)
from trzsz-ssh.
fengmikaelson
commented on July 23, 2024
你这服务器有些特殊,不支持没有 pty 的用法。
你可以再加一个
ControlPersist yes,,把CtrlExpect前缀那些删了,先用ssh登录一次服务器,然后在断网之前,tssh 都能直接登录,无须再次输入 otp code。如果要输入,那就是网络断过了,要用ssh再重新登录一次。
查了下,是阿里自己改的系统,Alibaba Cloud Linux release 3 (Soaring Falcon) 估计瞎定制了一堆东西
ControlPersist yes 验证可行~但是得自己输入otp了,期待更新~暂时先这样吧。。。
from trzsz-ssh.
lonnywong
commented on July 23, 2024
拿来装jumpserver的(一款开源跳板机)
应该跟操作系统无关,与 2222 端口对应的进程有关。这个端口应该是对应你说的开源跳板机吧?可能它的默认配置就是这样的,同时要求 PubkeyAuthentication + KbdInteractiveAuthentication 两种认证,并且禁止了无 pty 的模式(一般的 ssh 服务器都是默认允许无 pty 的)。
from trzsz-ssh.
fengmikaelson
commented on July 23, 2024
拿来装jumpserver的(一款开源跳板机)
应该跟操作系统无关,与 2222 端口对应的进程有关。这个端口应该是对应你说的开源跳板机吧?可能它的默认配置就是这样的,同时要求 PubkeyAuthentication + KbdInteractiveAuthentication 两种认证,并且禁止了无 pty 的模式(一般的 ssh 服务器都是默认允许无 pty 的)。
就国产开源的那款jumpserver呗~去年还在他们那看到你提的feature问他们是否考虑接入trzsz呢,我就是那边看到你的
(https://github.com/jumpserver/jumpserver/issues/10679)
估计是这里的问题吧
from trzsz-ssh.
lonnywong
commented on July 23, 2024
我安装来玩过,后面有空了再研究一下你遇到的这两个问题。应该不是你上面这个图这里,估计是你配置 otp 那里。
from trzsz-ssh.
fengmikaelson
commented on July 23, 2024
我安装来玩过,后面有空了再研究一下你遇到的这两个问题。应该不是你上面这个图这里,估计是你配置 otp 那里。
好的,就是厌烦了每次输入otp,想一劳永逸,还是没解决= =
from trzsz-ssh.
lonnywong
commented on July 23, 2024
@fengmikaelson 那个跳板机的 otp 是在哪里配置的?或者发一下配置的文档。
from trzsz-ssh.
fengmikaelson
commented on July 23, 2024
@fengmikaelson 那个跳板机的 otp 是在哪里配置的?或者发一下配置的文档。
好像就一个开关,没有设置的地方,打开了就默认开启otp了。
文档好像就这一些内容
https://docs.jumpserver.org/zh/v2/admin-guide/authentication/mfa/?h=mfa
from trzsz-ssh.
lonnywong
commented on July 23, 2024
你自己编译一个来试试( 更新 golang.org/x/crypto 到 v0.22.0 )?步骤:
git clone https://github.com/trzsz/trzsz-ssh.git
cd trzsz-ssh
go get -u ./...
go mod tidy
go build -o bin/ ./cmd/tssh/
./bin/tssh
from trzsz-ssh.
fengmikaelson
commented on July 23, 2024
我不确定是不是可以了,我尝试断网了,它也正常跳过otp让我进入了。
Host Jumpserver
HostName xxx.xxx.com
ControlMaster auto
ControlPath ~/.ssh/%n_%h
Port 2222
User xxxx
#!! CtrlExpectCount 1
#!! CtrlExpectPattern1 [OTP Code]:
#!! CtrlExpectSendOtp1 oathtool --totp -b xxx
我删了#!!这些也跳过otp 了= =
from trzsz-ssh.
lonnywong
commented on July 23, 2024
Host xxx
ControlMaster auto
ControlPath ~/.ssh/%n_%h
#!! CtrlExpectCount 1
#!! CtrlExpectPattern1 [OTP Code]:
#!! CtrlExpectSendOtp1 oathtool --totp -b xxxxx
这些配置应该全都不需要。
from trzsz-ssh.
fengmikaelson
commented on July 23, 2024
IdentityFile /Users/xxx/.ssh/id_rsa
Host Jumpserver
HostName xxx.com
Port 2222
User xxx
IdentityFile ~/.ssh/id_rsa
不行~喊我输密码了,但是可以直接为空跳过,到otp阶段
from trzsz-ssh.
lonnywong
commented on July 23, 2024
不行~喊我输密码了,但是可以直接为空跳过,到otp阶段
你再加 PasswordAuthentication no 这行配置
from trzsz-ssh.
fengmikaelson
commented on July 23, 2024
PasswordAuthentication no
new conn [xxx.com:2222] failed: ssh: handshake failed: ssh: unable to authenticate, attempted methods [none publickey], no supported methods remain
from trzsz-ssh.
lonnywong
commented on July 23, 2024
是用这个重新编译的?要执行 ./bin/tssh Jumpserver 这样登录。
git clone https://github.com/trzsz/trzsz-ssh.git
cd trzsz-ssh
go get -u ./...
go mod tidy
go build -o bin/ ./cmd/tssh/
./bin/tssh
from trzsz-ssh.
fengmikaelson
commented on July 23, 2024
是用这个重新编译的?要执行
./bin/tssh Jumpserver这样登录。git clone https://github.com/trzsz/trzsz-ssh.git cd trzsz-ssh go get -u ./... go mod tidy go build -o bin/ ./cmd/tssh/ ./bin/tssh
事的
➜ trzsz-ssh git:(main) ✗ ./bin/tssh Jumpserver
new conn [xxx.com:2222] failed: ssh: handshake failed: ssh: unable to authenticate, attempted methods [none publickey], no supported methods remain
from trzsz-ssh.
lonnywong
commented on July 23, 2024
go.mod 文件中 golang.org/x/crypto 这一行是改了,变成 v0.22.0 了吧?
from trzsz-ssh.
fengmikaelson
commented on July 23, 2024
golang.org/x/crypto这
是的
➜ trzsz-ssh git:(main) ✗ cat go.mod|grep crypto
golang.org/x/crypto v0.22.0
from trzsz-ssh.
lonnywong
commented on July 23, 2024
我看 golang/go#17889 这个 issue 前几天 close 了,可能只是支持 server side:golang/go#61447
from trzsz-ssh.
lonnywong
commented on July 23, 2024
不行~喊我输密码了,但是可以直接为空跳过,到otp阶段
非自己编译那个 v0.1.19 是不能到 otp 阶段的?
from trzsz-ssh.
fengmikaelson
commented on July 23, 2024
不行~喊我输密码了,但是可以直接为空跳过,到otp阶段
非自己编译那个 v0.1.19 是不能到 otp 阶段的?
是的,0.1.19也是这个错误
new conn [xxx.com:2222] failed: ssh: handshake failed: ssh: unable to authenticate, attempted methods [none publickey], no supported methods remain
换./bin/tssh也是
from trzsz-ssh.
lonnywong
commented on July 23, 2024
能到 otp 阶段,应该就好办了。你去掉 PasswordAuthentication no 这行配置,通过 ./bin/tssh --debug Jumpserver 登录看看,随便输入个密码回车,看看前后的 debug 输出些什么。
from trzsz-ssh.
fengmikaelson
commented on July 23, 2024
能到 otp 阶段,应该就好办了。你去掉
PasswordAuthentication no这行配置,通过./bin/tssh --debug Jumpserver登录看看,随便输入个密码回车,看看前后的 debug 输出些什么。
我发你邮箱了,不然要剔除好多私密信息= =
from trzsz-ssh.
fengmikaelson
commented on July 23, 2024
Host Jumpserver #!! Password A # 这里随便配置个错误的密码 #!! TotpSecret1 xxxxx # 这里配置 totp 的密钥这样应该就能自动登录了。上面的
xxxxx和oathtool --totp -b xxxxx最后的xxxxx应该是一样的就行。
Host Jumpserver
HostName xxx.com
Port 2222
User xxxx
IdentityFile ~/.ssh/id_rsa
#!! Password A
#!! TotpSecret1 LxxxYIT
目前用这个配置,可以了。
tssh和./bin/tssh都可以。
感谢!
from trzsz-ssh.
lonnywong
commented on July 23, 2024
#!! TotpSecret1 LxxxYIT 这个不是真的密钥吧?
from trzsz-ssh.
Related Issues (20)
- ~/.ssh/config 中配置的 SetEnv TERM 无效 HOT 2
- 能否支持登录之后切换用户呢? HOT 1
- 能否做一个忽略的功能呢?ssh中存在很多其实并不需要真的连接的配置。 HOT 6
- [功能请求] 通过命令行参数传递密码 HOT 2
- 无法解析 ssh/confg 中多项 Include HOT 6
- 可以美化文件传输的进度条吗? HOT 6
- 引入兼容 Warp 的软链接后,影响了 rsync 的运行 HOT 3
- 按照免密登录配置后,ssh 登录可以免密,但是 tssh 提示请出入密码。 HOT 1
- [selfupdate] could u kindly consider add selfupdate
- mintty Ctrl-C退出整个tssh HOT 12
- ssh自动补全 HOT 4
- hash in ssh_config value cause truncate HOT 20
- new conn [] failed: ssh: handshake failed HOT 11
- [suggestion] is it possible to add feature of provider api HOT 4
- 使用 lrzsz 报错 run rz client failed: exec: "rz": executable file not found in %PATH% HOT 2
- 增加LoongArch架构支持 HOT 4
- X11 Forwarding on Windows OS HOT 3
- 拖曳上传现在只支持trzsz, 能否支持lrzsz的拖曳上传? HOT 1
- 在 warp 中 block 功能不生效 HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from trzsz-ssh.