WSL2远程SSH至服务器后执行Git拉取出现Permission Denied (publickey)错误求助
2026-4-22
WSL2远程SSH至服务器后执行Git拉取出现Permission Denied (publickey)错误求助
嘿,我来帮你捋捋这个问题!从你描述的情况和ssh -Tv git@github.com的输出来看,核心问题是SSH代理转发没有真正生效——远程服务器根本没尝试使用你WSL2本地的密钥,而是在自己的/home/theuser/.ssh目录下找密钥文件,自然找不到,就报错了。咱们一步步解决:
第一步:确保WSL2本地的SSH Agent在运行且密钥已加载
先回到你的WSL2终端,执行以下命令:
# 启动SSH Agent eval "$(ssh-agent -s)" # 添加你的私钥到Agent里 ssh-add ~/.ssh/id_rsa # 检查密钥是否成功加载 ssh-add -l
如果ssh-add -l能显示你的密钥指纹,说明本地Agent没问题。
第二步:修正SSH配置的细节
你提到的~./ssh/config应该是笔误,正确路径是~/.ssh/config,先检查这个文件的权限(必须是600),然后确认配置内容:
Host * AddKeysToAgent yes IdentityFile ~/.ssh/id_rsa Host abc.theserver.com User theuser ForwardAgent yes
关键是连接远程服务器时要使用配置里的Host别名,也就是执行ssh abc.theserver.com,而不是直接ssh theuser@abc.theserver.com——否则你的ForwardAgent yes配置不会被应用!
第三步:检查远程服务器的SSH代理转发权限
登录到远程服务器后,检查/etc/ssh/sshd_config文件,确认有这一行:
AllowAgentForwarding yes
如果之前被改成了no,修改后需要重启SSH服务:
sudo systemctl restart sshd
第四步:验证远程服务器的代理是否生效
在远程服务器终端执行:
# 查看代理套接字是否存在 echo $SSH_AUTH_SOCK # 查看是否能获取到本地Agent里的密钥 ssh-add -l
如果echo $SSH_AUTH_SOCK有输出,且ssh-add -l能看到你WSL2本地的密钥,说明代理转发成功了。这时候再试ssh -Tv git@github.com,应该就能正常认证,git pull也不会报错了。
额外检查:WSL2本地密钥的权限
最后确认WSL2里的密钥文件权限是否正确,否则Agent可能拒绝加载:
chmod 700 ~/.ssh chmod 600 ~/.ssh/id_rsa
附上你提供的ssh -Tv git@github.com输出供参考:
OpenSSH_7.2p2 Ubuntu-4ubuntu2.10, OpenSSL 1.0.2g 1 Mar 2016 debug1: Reading configuration data /etc/ssh/ssh_config debug1: /etc/ssh/ssh_config line 19: Applying options for * debug1: Connecting to github.com [140.82.112.3] port 22. debug1: Connection established. debug1: key_load_public: No such file or directory debug1: identity file /home/theuser/.ssh/id_rsa type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/theuser/.ssh/id_rsa-cert type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/theuser/.ssh/id_dsa type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/theuser/.ssh/id_dsa-cert type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/theuser/.ssh/id_ecdsa type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/theuser/.ssh/id_ecdsa-cert type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/theuser/.ssh/id_ed25519 type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/theuser/.ssh/id_ed25519-cert type -1 debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_7.2p2 Ubuntu-4ubuntu2.10 debug1: Remote protocol version 2.0, remote software version babeld-f06bbde2 debug1: no match: babeld-f06bbde2 debug1: Authenticating to github.com:22 as 'git' debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug1: kex: algorithm: curve25519-sha256@libssh.org debug1: kex: host key algorithm: ecdsa-sha2-nistp256 debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none debug1: expecting SSH2_MSG_KEX_ECDH_REPLY debug1: Server host key: ecdsa-sha2-nistp256 SHA256:p2QAMXNIC1TJYWeIOttrVc98/R1BUFWu3/LiyKgUfQM debug1: Host 'github.com' is known and matches the ECDSA host key. debug1: Found key in /home/theuser/.ssh/known_hosts:1 debug1: rekey after 134217728 blocks debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug1: SSH2_MSG_NEWKEYS received debug1: rekey after 134217728 blocks debug1: SSH2_MSG_EXT_INFO received debug1: kex_input_ext_info: server-sig-algs=<ssh-ed25519-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp256-cert-v01@openssh.com,sk-ssh-ed25519-cert-v01@openssh.com,sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,rsa-sha2-512-cert-v01@openssh.com,rsa-sha2-256-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,sk-ssh-ed25519@openssh.com,sk-ecdsa-sha2-nistp256@openssh.com,ssh-ed25519,ecdsa-sha2-nistp521,ecdsa-sha2-nistp384,ecdsa-sha2-nistp256,rsa-sha2-512,rsa-sha2-256,ssh-rsa> debug1: SSH2_MSG_SERVICE_ACCEPT received debug1: Authentications that can continue: publickey debug1: Next authentication method: publickey debug1: Trying private key: /home/theuser/.ssh/id_rsa debug1: Authentications that can continue: publickey debug1: Trying private key: /home/theuser/.ssh/id_dsa debug1: Trying private key: /home/theuser/.ssh/id_ecdsa debug1: Trying private key: /home/theuser/.ssh/id_ed25519 debug1: No more authentication methods to try. Permission denied (publickey).
备注:内容来源于stack exchange,提问作者Cat Named Dog
