所有文章 标签 分类 关于

目录

vscode 证书登录失败的一个 case

 收录于 Linux
   约 519 字   预计阅读 2 分钟 

前言

某次系统更新后,vscode 的 ssh server 突然需要输入登录密码了,对于系统经常需要休眠操作,每次休眠启动都要给一大堆工程都需要重新输入密码,不能忍,必修之。

定位

首先想到的是查看 vscode 的输出信息,显示了需要密码,但其他信息不足以提示原因,PASS

[16:36:47.675] Log Level: 2
[16:36:47.687] VS Code version: 1.78.1
[16:36:47.687] Remote-SSH version: remote-ssh@0.102.0
[16:36:47.687] darwin arm64
[16:36:47.688] SSH Resolver called for “ssh-remote+x.x.x.x”, attempt 1
[16:36:47.688] “remote.SSH.useLocalServer”: true
[16:36:47.689] “remote.SSH.path”: undefined
[16:36:47.689] “remote.SSH.configFile”: undefined
[16:36:47.689] “remote.SSH.useFlock”: true
[16:36:47.689] “remote.SSH.lockfilesInTmp”: false
[16:36:47.689] “remote.SSH.localServerDownload”: auto
[16:36:47.689] “remote.SSH.remoteServerListenOnSocket”: false
[16:36:47.689] “remote.SSH.showLoginTerminal”: false
[16:36:47.689] “remote.SSH.defaultExtensions”: []
[16:36:47.689] “remote.SSH.loglevel”: 2
[16:36:47.689] “remote.SSH.enableDynamicForwarding”: true
[16:36:47.689] “remote.SSH.enableRemoteCommand”: false
[16:36:47.689] “remote.SSH.serverPickPortsFromRange”: {}
[16:36:47.689] “remote.SSH.serverInstallPath”: {}
[16:36:47.693] SSH Resolver called for host: x.x.x.x
[16:36:47.693] Setting up SSH remote “x.x.x.x”
[16:36:47.695] Acquiring local install lock: /var/folders/fs/xxx/T/vscode-remote-ssh-xxx-install.lock
[16:36:49.195] Starting to look for password prompt from another window
[16:36:49.196] Found password prompt in other window: {“ipcHandlePath”:"/var/folders/fs/xxx/T/vscode-ssh-askpass-xxx.sock",“promptMsg”:{“message”:"(root@x.x.x.x) Password:"}}
[16:36:49.197] Showing password prompt

其次,既然信息不全,那就到系统终端里 ssh root@x.x.x.x -v 吧,看下 debug 信息

debug1: Will attempt key: /Users/xx/.ssh/id_rsa RSA SHA256:p+xx+xx+BaSI explicit
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,keyboard-interactive
debug1: Next authentication method: publickey
debug1: Offering public key: /Users/xxx/.ssh/id_rsa RSA SHA256:p+xx+xx+BaSI explicit
debug1: send_pubkey_test: no mutual signature algorithm
debug1: Next authentication method: keyboard-interactive
(root@x.x.x.x) Password:

可以看到已经找到了id_rsa,并且没有报权限问题(一个典型不生效场景是id_rsa文件的权限设置不对,比如设置777)

发现问题:no mutual signature algorithm,经查,openssl 认定 ssh-rsa 不安全,更新系统时更新了 openssl 版本所致

解决

三选一均可解决,视个人情况选择

  1. ssh 客户端侧编辑:

    /etc/ssh/ssh_config

    增加

    PubkeyAcceptedKeyTypes +ssh-rsa

  2. 直接在 vscode 中修改 /Users/xxx/.ssh/config,增加 PubkeyAcceptedKeyTypes 选项

    Host x.x.x.x

    HostName x.x.x.x

    User root

    Port 22

    PubkeyAcceptedKeyTypes +ssh-rsa

  3. 重新生成密钥文件,使用支持的加密算法,比如:

    ssh-keygen -t ed25519 -C “xx@xx.com

    支持的算法可以 man ssh-keygen 查看

更新于 2023-06-05
阅读原始文档
 Ssh-RsaSsh
返回 | 主页