使用proftpd提供sftp服务时,若选择publickey认证方式,当公钥文件中的Comment所在行内容超过74字节时,会使登录时证书认证方式失败。
登录失败时的proftpd日志示例如下:
2017-12-06 20:30:58,324 mod_sftp/0.9.9[1591]: line too long (74) on line 1 of '/usr/proftpd-1.3.5/etc/authorized_keys/app' 2017-12-06 20:30:58,324 mod_sftp/0.9.9[1591]: Make sure that '/usr/proftpd-1.3.5/etc/authorized_keys/app' is a RFC4716 formatted key 2017-12-06 20:30:58,324 mod_sftp/0.9.9[1591]: error base64-decoding key data in '/usr/proftpd-1.3.5/etc/authorized_keys/app' 2017-12-06 20:30:58,324 mod_sftp/0.9.9[1591]: error comparing keys from '/usr/proftpd-1.3.5/etc/authorized_keys/app': Invalid argument 2017-12-06 20:30:58,325 mod_sftp/0.9.9[1591]: sending userauth failure; remaining userauth methods: password |
proftpd文档中关于以上问题的说明如下:
Question: I followed the instructions to convert my authorized keys from OpenSSH to RFC4716 format, yet I see the following error in my SFTPLog: |
http://www.proftpd.org/docs/contrib/mod_sftp.html |
解决办法:
若Comment所在行内容超过74个字节,则需要将该行内容删除,或删除“Comment: "..."”中的描述内容,使该行内容减少至小于等于74个字节。
示例:“Comment: "1024-bit RSA, converted from OpenSSH by app@localhost.localdomain"”内容超为76个字节,则将该行内容删除,或使该行内容小于等于74个字节,如修改为“Comment: "1024-bit RSA, converted from OpenSSH by app@localhost.localdoma"”。