启用 FIPS 后，使用公有密钥身份验证的 SSH 会意外提示输入密码

最后更新
另存为PDF

Views:: 18

Visibility:: Public

Votes:: 0

Category:: ontap-9

Specialty:: encryption

Last Updated:

适用场景

ONTAP 9.3 及更高版本
联邦信息处理标准（ FIPS ）
公共密钥身份验证

问题描述

使用公共密钥身份验证的帐户出现意外的密码提示。
最近启用了 FIPS 。

在 Linux-client 端的 ssh -vvv 输出中看到的日志：

[root@... ~]# ssh -vvv user@x.x.x.x ... debug1: Next authentication method: publickey debug1: Trying private key: /root/.ssh/user debug3: sign_and_send_pubkey: RSA SHA256:<key> debug3: send packet: type 50 debug2: we sent a publickey packet, wait for reply debug3: receive packet: type 51 ---Packet type 51 indicates SSH user authentication failure

[daemon_xinetd:info:6650] START: ssh pid=97704 from=::ffff:<client_ip> vsid=-1 role=0x20 [auth_sshd:info:97704] mm_answer_pwnamallow: Got passwd creds user (username), homedir (/var/home/username), uid (1008) from FILES [auth_sshd:error:97704] error: get_socket_address: getnameinfo 4 failed: hostname nor servname provided, or not known [auth_sshd:info:97704] userauth_pubkey: key type ssh-rsa not in PubkeyAcceptedKeyTypes [preauth] [auth_sshd:info:97704] Connection closed by <client_ip> port ##### [preauth] [daemon_xinetd:info:6650] EXIT: ssh status=255 pid=97704 duration=28(sec)