thank you for your reply. In principle, adding the content of id_rsa.pub to .ssh/authorized_keys and logging in successfully through port 22 indicates that the configuration information is set correctly.
For the convenience of testing, this caddy server opened ports 22 and 8433 (caddy’s external port, it will go to http-6433 and ssh-2022).
After testing, it is possible to log in directly through port 22, but not through 8433.
This shows that kadeessh does not use the .ssh/authorized_keys configuration, so what does it read? Is there any way to debug and know the complete process?
But this is difficult to explain. Users using caddyssh can log in through the ordinary ssh port, but cannot pass Kadeessh. In other words, kadeessh and sshd both log in as “caddyssh” and use /home/caddyssh/.ssh/authorized_keys. Is there any debugging method to find out whether it has read this file?
I’ve just pushed a branch with extra logging for the authentication parsing and key-matching. You can use that branch --with github.com/kadeessh/kadeessh@extra-logging.
As I’m sifting through the code, I realized there might be access issue preventing Kadeessh from accessing the authorized_keys file. What’s the file mode? Can you run ls -al /home/caddyssh/.ssh/authorized_keys?
P.S.: I truly appreciate your patience and happy to receive feedback on struggles with Kadeessh It’ll help me understand users struggles
Is it possible to record the contents of the key sent by the client? So we can learn more. I found that using ssh -J with the -i parameter to log in did not pass the authentication, but using the ssh client could pass the authentication (but still unable to log in)
The key to the problem is how to log in correctly after successful authentication. Just don’t use the jump method, it can log in correctly, complete process
This is the root to your problem. Why is your SSH client using another key? Either the ssh client you’re using is misbehaving or there’s misonfiguration. I’m not familiar with Jsch, so I’m not sure what could have gone wrong.
In fact, I no longer use the ssh client during the test, but only use the ssh command of the mac, but the problem is still the same. It is strange that the -J parameter is no longer expected. The current demand is to simply achieve this effect, and also access 8433 Port, which can be used for ssh login or http access
What do you mean? If you’re establishing a jump connection, it’s always expected. If we have the full information in this thread, then this command should work correctly:
If you’re using different key for the jumpsrv01 server than the destsrv01 server, then you will have to customize your ~/.ssh/config on your client machine; see answer here: