Skocz do zawartości

Problem Z Autoryzacją W Ssh


el_magneto

Rekomendowane odpowiedzi

Witam,

 

Mam problem z połączeniem się zdalnie z moim serwerem w sieci wewnętrznej przy pomocy ssh i kluczy: prywatnego i publicznego. Wszystko działa gdy jest autoryzacja za pomocą loginu i hasła. Gdy ją wyłączam i włączam autoryzacje kluczami to nie łączy się. Wygenerowałem za pomocą ssh-keygen klucze prywatny i publiczny. Publiczny skopiowałem na serwer do ~/.ssh/authorized_keys.

 

Tak wygląda sshd_config na serwerze:

#Port 22
#AddressFamily any
#ListenAddress 0.0.0.0
#ListenAddress ::

# Disable legacy (protocol version 1) support in the server for new
# installations. In future the default will change to require explicit
# activation of protocol 1
Protocol 2

# HostKey for protocol version 1
#HostKey /etc/ssh/ssh_host_key
# HostKeys for protocol version 2
#HostKey /etc/ssh/ssh_host_rsa_key
#HostKey /etc/ssh/ssh_host_dsa_key

# Lifetime and size of ephemeral version 1 server key
#KeyRegenerationInterval 1h
#ServerKeyBits 768

# Logging
# obsoletes QuietMode and FascistLogging
#SyslogFacility AUTH
SyslogFacility AUTHPRIV
#LogLevel INFO

# Authentication:

#LoginGraceTime 2m
#PermitRootLogin yes
#StrictModes yes
#MaxAuthTries 6

RSAAuthentication no
PubkeyAuthentication yes
AuthorizedKeysFile	  .ssh/authorized_keys

# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
RhostsRSAAuthentication no

# similar for protocol version 2
#HostbasedAuthentication no
# Change to yes if you don't trust ~/.ssh/known_hosts for
# RhostsRSAAuthentication and HostbasedAuthentication
#IgnoreUserKnownHosts no
# Don't read the user's ~/.rhosts and ~/.shosts files
IgnoreRhosts yes

# To disable tunneled clear text passwords, change to no here!
#PasswordAuthentication yes
#PermitEmptyPasswords no
PasswordAuthentication yes

# Change to no to disable s/key passwords
#ChallengeResponseAuthentication yes
ChallengeResponseAuthentication no

# Kerberos options
#KerberosAuthentication no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes
#KerberosGetAFSToken no

# GSSAPI options
#GSSAPIAuthentication no
GSSAPIAuthentication no
#GSSAPICleanupCredentials yes
GSSAPICleanupCredentials yes

# Set this to 'yes' to enable PAM authentication, account processing,
# and session processing. If this is enabled, PAM authentication will
# be allowed through the ChallengeResponseAuthentication and
# PasswordAuthentication.  Depending on your PAM configuration,
# PAM authentication via ChallengeResponseAuthentication may bypass
# the setting of "PermitRootLogin without-password".
# If you just want the PAM account and session checks to run without
# PAM authentication, then enable this but set PasswordAuthentication
# and ChallengeResponseAuthentication to 'no'.
#UsePAM no
UsePAM yes

# Accept locale-related environment variables
AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
AcceptEnv LC_IDENTIFICATION LC_ALL
#AllowTcpForwarding yes
#GatewayPorts no
#X11Forwarding no
X11Forwarding yes
#X11DisplayOffset 10
#X11UseLocalhost yes
#PrintMotd yes
#PrintLastLog yes
#TCPKeepAlive yes
#UseLogin no
#UsePrivilegeSeparation yes
#PermitUserEnvironment no
#Compression delayed
#ClientAliveInterval 0
#ClientAliveCountMax 3
#ShowPatchLevel no
#UseDNS yes
#PidFile /var/run/sshd.pid
#MaxStartups 10
#PermitTunnel no

# no default banner path
#Banner /some/path

# override default of no subsystems
Subsystem	   sftp	/usr/libexec/openssh/sftp-server

# Example of overriding settings on a per-user basis
#Match User anoncvs
#	   X11Forwarding no
#	   AllowTcpForwarding no
#	   ForceCommand cvs server

 

To są wiadomości debugera klienta ssh podczas próby łączenia:

 

[michals@localhost ~]$ ssh [email protected] -vvv
OpenSSH_4.7p1, OpenSSL 0.9.8b 04 May 2006
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug2: ssh_connect: needpriv 0
debug1: Connecting to 192.168.10.3 [192.168.10.3] port 22.
debug1: Connection established.
debug1: identity file /home/michals/.ssh/identity type -1
debug3: Not a RSA1 key file /home/michals/.ssh/id_rsa.
debug2: key_type_from_name: unknown key type '-----BEGIN'
debug3: key_read: missing keytype
debug2: key_type_from_name: unknown key type 'Proc-Type:'
debug3: key_read: missing keytype
debug2: key_type_from_name: unknown key type 'DEK-Info:'
debug3: key_read: missing keytype
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug2: key_type_from_name: unknown key type '-----END'
debug3: key_read: missing keytype
debug1: identity file /home/michals/.ssh/id_rsa type 1
debug3: Not a RSA1 key file /home/michals/.ssh/id_dsa.
debug2: key_type_from_name: unknown key type '-----BEGIN'
debug3: key_read: missing keytype
debug2: key_type_from_name: unknown key type 'Proc-Type:'
debug3: key_read: missing keytype
debug2: key_type_from_name: unknown key type 'DEK-Info:'
debug3: key_read: missing keytype
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug2: key_type_from_name: unknown key type '-----END'
debug3: key_read: missing keytype
debug1: identity file /home/michals/.ssh/id_dsa type 2
debug1: Remote protocol version 2.0, remote software version OpenSSH_4.7
debug1: match: OpenSSH_4.7 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_4.7
debug2: fd 3 setting O_NONBLOCK
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,[email protected],aes128-ctr,aes192-ctr,aes256-ctr
debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,[email protected],aes128-ctr,aes192-ctr,aes256-ctr
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,[email protected],hmac-ripemd160,[email protected],hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,[email protected],hmac-ripemd160,[email protected],hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,[email protected],zlib
debug2: kex_parse_kexinit: none,[email protected],zlib
debug2: kex_parse_kexinit: 
debug2: kex_parse_kexinit: 
debug2: kex_parse_kexinit: first_kex_follows 0 
debug2: kex_parse_kexinit: reserved 0 
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,[email protected],aes128-ctr,aes192-ctr,aes256-ctr
debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,[email protected],aes128-ctr,aes192-ctr,aes256-ctr
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,[email protected],hmac-ripemd160,[email protected],hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,[email protected],hmac-ripemd160,[email protected],hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,[email protected]
debug2: kex_parse_kexinit: none,[email protected]
debug2: kex_parse_kexinit: 
debug2: kex_parse_kexinit: 
debug2: kex_parse_kexinit: first_kex_follows 0 
debug2: kex_parse_kexinit: reserved 0 
debug2: mac_setup: found hmac-md5
debug1: kex: server->client aes128-cbc hmac-md5 none
debug2: mac_setup: found hmac-md5
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug2: dh_gen_key: priv key bits set: 122/256
debug2: bits set: 510/1024
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug3: check_host_in_hostfile: filename /home/michals/.ssh/known_hosts
debug3: check_host_in_hostfile: match line 1
debug1: Host '192.168.10.3' is known and matches the RSA host key.
debug1: Found key in /home/michals/.ssh/known_hosts:1
debug2: bits set: 524/1024
debug1: ssh_rsa_verify: signature correct
debug2: kex_derive_keys
debug2: set_newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug2: set_newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug2: key: /home/michals/.ssh/identity ((nil))
debug2: key: /home/michals/.ssh/id_rsa (0xb96107a8)
debug2: key: /home/michals/.ssh/id_dsa (0xb96107c0)
debug1: Authentications that can continue: publickey
debug3: start over, passed a different list publickey
debug3: preferred gssapi-with-mic,publickey,keyboard-interactive,password
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Trying private key: /home/michals/.ssh/identity
debug3: no such identity: /home/michals/.ssh/identity
debug1: Offering public key: /home/michals/.ssh/id_rsa
debug3: send_pubkey_test
debug2: we sent a publickey packet, wait for reply
debug1: Authentications that can continue: publickey
debug1: Offering public key: /home/michals/.ssh/id_dsa
debug3: send_pubkey_test
debug2: we sent a publickey packet, wait for reply
debug1: Authentications that can continue: publickey
debug2: we did not send a packet, disable method
debug1: No more authentication methods to try.
Permission denied (publickey).

 

A to informacje debugera sshd przy próbie łączenia:

debug2: load_server_config: filename /etc/ssh/sshd_config
debug2: load_server_config: done config len = 649
debug2: parse_server_config: config /etc/ssh/sshd_config len 649
debug3: /etc/ssh/sshd_config:21 setting Protocol 2
debug3: /etc/ssh/sshd_config:36 setting SyslogFacility AUTHPRIV
debug3: /etc/ssh/sshd_config:46 setting RSAAuthentication no
debug3: /etc/ssh/sshd_config:47 setting PubkeyAuthentication yes
debug3: /etc/ssh/sshd_config:48 setting AuthorizedKeysFile .ssh/authorized_keys
debug3: /etc/ssh/sshd_config:51 setting RhostsRSAAuthentication no
debug3: /etc/ssh/sshd_config:58 setting IgnoreRhosts yes
debug3: /etc/ssh/sshd_config:63 setting PasswordAuthentication no
debug3: /etc/ssh/sshd_config:67 setting ChallengeResponseAuthentication no
debug3: /etc/ssh/sshd_config:77 setting GSSAPIAuthentication no
debug3: /etc/ssh/sshd_config:79 setting GSSAPICleanupCredentials yes
debug3: /etc/ssh/sshd_config:91 setting UsePAM yes
debug3: /etc/ssh/sshd_config:94 setting AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
debug3: /etc/ssh/sshd_config:95 setting AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
debug3: /etc/ssh/sshd_config:96 setting AcceptEnv LC_IDENTIFICATION LC_ALL
debug3: /etc/ssh/sshd_config:100 setting X11Forwarding yes
debug3: /etc/ssh/sshd_config:122 setting Subsystem sftp /usr/libexec/openssh/sftp-server
debug1: sshd version OpenSSH_4.7p1
debug3: Not a RSA1 key file /etc/ssh/ssh_host_rsa_key.
debug1: read PEM private key done: type RSA
debug1: private host key: #0 type 1 RSA
debug3: Not a RSA1 key file /etc/ssh/ssh_host_dsa_key.
debug1: read PEM private key done: type DSA
debug1: private host key: #1 type 2 DSA
debug1: rexec_argv[0]='/usr/sbin/sshd'
debug1: rexec_argv[1]='-ddd'
debug2: fd 3 setting O_NONBLOCK
debug1: Bind to port 22 on ::.
Server listening on :: port 22.
debug2: fd 4 setting O_NONBLOCK
debug1: Bind to port 22 on 0.0.0.0.
Bind to port 22 on 0.0.0.0 failed: Address already in use.
debug3: fd 4 is not O_NONBLOCK
debug1: Server will not fork when running in debugging mode.
debug3: send_rexec_state: entering fd = 7 config len 649
debug3: ssh_msg_send: type 0
debug3: send_rexec_state: done
debug1: rexec start in 4 out 4 newsock 4 pipe -1 sock 7
debug1: inetd sockets after dupping: 3, 3
debug3: Normalising mapped IPv4 in IPv6 address
debug3: Normalising mapped IPv4 in IPv6 address
Connection from 192.168.10.4 port 54428
debug1: Client protocol version 2.0; client software version OpenSSH_4.7
debug1: match: OpenSSH_4.7 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_4.7
debug2: fd 3 setting O_NONBLOCK
debug3: privsep user:group 74:74
debug1: permanently_set_uid: 74/74
debug1: list_hostkey_types: ssh-rsa,ssh-dss
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,[email protected],aes128-ctr,aes192-ctr,aes256-ctr
debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,[email protected],aes128-ctr,aes192-ctr,aes256-ctr
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,[email protected],hmac-ripemd160,[email protected],hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,[email protected],hmac-ripemd160,[email protected],hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,[email protected]
debug2: kex_parse_kexinit: none,[email protected]
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,[email protected],aes128-ctr,aes192-ctr,aes256-ctr
debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,[email protected],aes128-ctr,aes192-ctr,aes256-ctr
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,[email protected],hmac-ripemd160,[email protected],hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,[email protected],hmac-ripemd160,[email protected],hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,[email protected],zlib
debug2: kex_parse_kexinit: none,[email protected],zlib
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: mac_setup: found hmac-md5
debug1: kex: client->server aes128-cbc hmac-md5 none
debug2: mac_setup: found hmac-md5
debug1: kex: server->client aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST received
debug3: mm_request_send entering: type 0
debug3: mm_choose_dh: waiting for MONITOR_ANS_MODULI
debug3: mm_request_receive_expect entering: type 1
debug3: mm_request_receive entering
debug2: Network child is on pid 4579
debug3: preauth child monitor started
debug3: mm_request_receive entering
debug3: monitor_read: checking request 0
debug3: mm_answer_moduli: got parameters: 1024 1024 8192
debug3: mm_request_send entering: type 1
debug3: mm_choose_dh: remaining 0
debug1: SSH2_MSG_KEX_DH_GEX_GROUP sent
debug2: dh_gen_key: priv key bits set: 112/256
debug2: bits set: 507/1024
debug1: expecting SSH2_MSG_KEX_DH_GEX_INIT
debug2: bits set: 530/1024
debug3: mm_key_sign entering
debug3: mm_request_send entering: type 5
debug3: mm_key_sign: waiting for MONITOR_ANS_SIGN
debug3: mm_request_receive_expect entering: type 6
debug3: mm_request_receive entering
debug2: monitor_read: 0 used once, disabling now
debug3: mm_request_receive entering
debug3: monitor_read: checking request 5
debug3: mm_answer_sign
debug3: mm_answer_sign: signature 0xb9b12588(271)
debug3: mm_request_send entering: type 6
debug1: SSH2_MSG_KEX_DH_GEX_REPLY sent
debug2: kex_derive_keys
debug2: set_newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug2: monitor_read: 5 used once, disabling now
debug3: mm_request_receive entering
debug2: set_newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: KEX done
debug1: userauth-request for user michals service ssh-connection method none
debug1: attempt 0 failures 0
debug3: mm_getpwnamallow entering
debug3: mm_request_send entering: type 7
debug3: mm_getpwnamallow: waiting for MONITOR_ANS_PWNAM
debug3: mm_request_receive_expect entering: type 8
debug3: mm_request_receive entering
debug3: monitor_read: checking request 7
debug3: mm_answer_pwnamallow
debug3: Normalising mapped IPv4 in IPv6 address
debug3: Trying to reverse map address 192.168.10.4.
debug2: parse_server_config: config reprocess config len 649
debug3: mm_answer_pwnamallow: sending MONITOR_ANS_PWNAM: 1
debug3: mm_request_send entering: type 8
debug2: input_userauth_request: setting up authctxt for michals
debug3: mm_start_pam entering
debug3: mm_request_send entering: type 46
debug3: mm_inform_authserv entering
debug3: mm_request_send entering: type 3
debug3: mm_inform_authrole entering
debug3: mm_request_send entering: type 4
debug2: input_userauth_request: try method none
debug2: monitor_read: 7 used once, disabling now
debug3: mm_request_receive entering
debug3: monitor_read: checking request 46
debug1: PAM: initializing for "michals"
debug1: userauth-request for user michals service ssh-connection method publickey
debug1: attempt 1 failures 1
debug2: input_userauth_request: try method publickey
debug1: test whether pkalg/pkblob are acceptable
debug3: mm_key_allowed entering
debug3: mm_request_send entering: type 21
debug3: mm_key_allowed: waiting for MONITOR_ANS_KEYALLOWED
debug3: mm_request_receive_expect entering: type 22
debug3: mm_request_receive entering
debug1: PAM: setting PAM_RHOST to "192.168.10.4"
debug1: PAM: setting PAM_TTY to "ssh"
debug2: monitor_read: 46 used once, disabling now
debug3: mm_request_receive entering
debug3: monitor_read: checking request 3
debug3: mm_answer_authserv: service=ssh-connection, style=
debug2: monitor_read: 3 used once, disabling now
debug3: mm_request_receive entering
debug3: monitor_read: checking request 4
debug3: mm_answer_authrole: role=
debug2: monitor_read: 4 used once, disabling now
debug3: mm_request_receive entering
debug3: monitor_read: checking request 21
debug3: mm_answer_keyallowed entering
debug3: mm_answer_keyallowed: key_from_blob: 0xb9b122a8
debug1: temporarily_use_uid: 500/500 (e=0/0)
debug1: trying public key file /home/michals/.ssh/authorized_keys
debug3: secure_filename: checking '/home/michals/.ssh'
Authentication refused: bad ownership or modes for directory /home/michals/.ssh
debug1: restore_uid: 0/0
debug1: temporarily_use_uid: 500/500 (e=0/0)
debug1: trying public key file /home/michals/.ssh/authorized_keys
debug3: secure_filename: checking '/home/michals/.ssh'
Authentication refused: bad ownership or modes for directory /home/michals/.ssh
debug1: restore_uid: 0/0
Failed publickey for michals from 192.168.10.4 port 54428 ssh2
debug3: mm_answer_keyallowed: key 0xb9b122a8 is disallowed
debug3: mm_request_send entering: type 22
debug2: userauth_pubkey: authenticated 0 pkalg ssh-rsa
debug3: mm_request_receive entering
debug1: userauth-request for user michals service ssh-connection method publickey
debug1: attempt 2 failures 2
debug2: input_userauth_request: try method publickey
debug1: test whether pkalg/pkblob are acceptable
debug3: mm_key_allowed entering
debug3: mm_request_send entering: type 21
debug3: mm_key_allowed: waiting for MONITOR_ANS_KEYALLOWED
debug3: mm_request_receive_expect entering: type 22
debug3: mm_request_receive entering
debug3: monitor_read: checking request 21
debug3: mm_answer_keyallowed entering
debug3: mm_answer_keyallowed: key_from_blob: 0xb9b122b8
debug1: temporarily_use_uid: 500/500 (e=0/0)
debug1: trying public key file /home/michals/.ssh/authorized_keys
debug3: secure_filename: checking '/home/michals/.ssh'
Authentication refused: bad ownership or modes for directory /home/michals/.ssh
debug1: restore_uid: 0/0
debug1: temporarily_use_uid: 500/500 (e=0/0)
debug1: trying public key file /home/michals/.ssh/authorized_keys
debug3: secure_filename: checking '/home/michals/.ssh'
Authentication refused: bad ownership or modes for directory /home/michals/.ssh
debug1: restore_uid: 0/0
Failed publickey for michals from 192.168.10.4 port 54428 ssh2
debug3: mm_answer_keyallowed: key 0xb9b122b8 is disallowed
debug3: mm_request_send entering: type 22
debug2: userauth_pubkey: authenticated 0 pkalg ssh-dss
debug3: mm_request_receive entering
Connection closed by 192.168.10.4
debug1: do_cleanup
debug3: PAM: sshpam_thread_cleanup entering
debug1: do_cleanup
debug1: PAM: cleanup
debug3: PAM: sshpam_thread_cleanup entering

 

Ja dopiero zaczynam się bawić linuxem. Proszę o pomoc. Mam nadzieję że któś potrafi odczytać z tych kominikatów w czym rzecz?!

Pozdrawiam :rolleyes:

 

------------------

Listingi do 12-15 linijek umieszczaj między znacznikami [code] i [/code], dłuższe niż 15 linii pomiędzy [codebox] i [/codebox] - tak jest czytelniej. Przeczytaj "BB Code Help". WalDo

Odnośnik do komentarza
Udostępnij na innych stronach

Wygenerowałem za pomocą ssh-keygen klucze prywatny i publiczny.

Trochę mało precyzyjnie.

debug3: Not a RSA1 key file /home/michals/.ssh/id_rsa.

debug2: key_type_from_name: unknown key type '-----BEGIN'

Authentication refused: bad ownership or modes for directory /home/michals/.ssh

Twoim problemem są klucze, więc pocztaj jakie i jak je generować.

Odnośnik do komentarza
Udostępnij na innych stronach

Dzięki za odpowiedź!

 

Czytałem cos niecoś a tym generowaniu kluczy i wydaje mi się że wszystko robię jak należy.

Ale proszę mnie poprawić jeśli robię coś źle:

 

Na hoscie lokalnym generuje klucze podając do klucza prywatnego hasło:

[michals@localhost ~]$ ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/michals/.ssh/id_rsa): 
/home/michals/.ssh/id_rsa already exists.
Overwrite (y/n)? y
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /home/michals/.ssh/id_rsa.
Your public key has been saved in /home/michals/.ssh/id_rsa.pub.
The key fingerprint is:
b3:c6:ad:8b:be:18:6b:a1:d6:91:81:c9:12:60:2f:88 [email protected]

 

Następnie kopiuję klucz publiczny na zdalny serwer:

[michals@localhost ~]$ scp ~/.ssh/id_rsa.pub [email protected]:~/
[email protected]'s password: 
id_rsa.pub

 

zapisuję klucz do pliku authorized_keys i zmieniam prawa:

[michals@localhost ~]$ cat id_rsa.pub > ./.ssh/authorized_keys 
[michals@localhost ~]$ cd .ssh
[michals@localhost .ssh]$ ls
authorized_keys  known_hosts
[michals@localhost .ssh]$ chmod 400 authorized_keys

 

Restartuje sshd na serwerze. No i próba połączenia z kompa lokalneg:

[michals@localhost .ssh]$ ssh -i .ssh/id_rsa [email protected]
Warning: Identity file .ssh/id_rsa not accessible: No such file or directory.
Permission denied (publickey).

 

No i tyle.Nie wiem w czym problem. Czy to problem tego że podaje hasło do tego klucza? Czy może jakiś uprawnień klucza?

Jeśli chodzi o uprawnienia klucza:

[michals@localhost .ssh]$ ll
total 40
-rw------- 1 michals michals  736 2008-08-23 13:23 id_dsa
-rw-r--r-- 1 michals michals  619 2008-08-23 13:23 id_dsa.pub
-rw------- 1 michals michals 1743 2008-08-24 19:49 id_rsa
-rw-r--r-- 1 michals michals  411 2008-08-24 19:49 id_rsa.pub
-rw-r--r-- 1 michals michals 1200 2008-08-24 19:28 known_hosts

Proszę o pomoc!!!

 

i tak też nie działa:

[michals@localhost ssh]$ ssh -i ~/.ssh/id_rsa [email protected]
Permission denied (publickey).

Odnośnik do komentarza
Udostępnij na innych stronach

Czy chodziło Ci o zmianę uprawnień dla .ssh/authorized_keys oraz o przekopiowanie id_rsa.pub z lokalnego na serwer do .ssh/ ??

Jeśli tak to żadna z nich nie dała pozytywnego rezultatu. Pozatym dlaczego miałby być jakić plik o nazwie id_rsa.pub na serwerze skoro wszędzie w necie jest napisane, że jego zawartość trzeba dodać do .ssh/autorized_keys?

 

Odnośnik do komentarza
Udostępnij na innych stronach

[michals@localhost ~]$ ls -la | grep .ssh
drwxrwxr-x  2 michals michals 4096 2008-08-25 14:29 .ssh

 

Wygląda, że wszystko jet dobrze (takmi się wydaje). Spróbowałem wszystkiego jeszcze raz począwszy od generacji kluczy rsa.

Znowu pokazuje te same błędy :(

Masakra. Nie wiem co jeszcze mogę sprawdzić !! :?:

 

A w odwrotną stronę wszystko działa. Przed chwilą sprawdziłem. Wygenerowałem klucze na serwerze przesłałem bupliczny na hosta no i mogę logować się bez hasła :)

Tylko czemu nie działa z hosta na serwer???

Odnośnik do komentarza
Udostępnij na innych stronach

Adi: sam katalog może mieć takie uprawnienia i tak ważne potem są uprawnienia na pliki.

Karlik: niezupełnie. Mając dostęp do katalogu, możesz skopiować klucz. A w zasadzie nie skopiować, bo przy cp ci wywali brak dostępu, ale przenieść go (mv) np na pendrive'a, czy przez sieć do siebie na kompa. Teraz wystarczy u siebie na kompie z roota zmienić prawa dostępu do pliku i masz klucz gościa. Dając odpowiednie uprawnienia do katalogu to nie przejdzie. Oczywiście w normalnych warunkach na domowym kompie to czyta teoria bo zazwyczaj są uprawnienia do $HOME ustawione na 700, ale na serwerach gdzie konta ma ileś tam osób dość często ustawienia są złe (lub zbyt mało restrykcyjne - a to z powodu polityki 'firmy', a to z powodu złego admina itp) i się niestety ustawia na $HOME 755, dzięki czemu każdy może w takim wypadku zdobyć twój klucz z serwera, dzięki któremu będzie mógł się spokojnie połączyć z tego serwera z Twoim kompem i Ci nieco namieszać. Dlatego na katalog również powinno się dawać 600, a nie ufać na ślepo tylko uprawnieniom do plików :)

 

el_magneto: Spróbuj jeszcze ustawić 600 dla plików w .ssh

chmod 600 ~/.ssh/*

Odnośnik do komentarza
Udostępnij na innych stronach

  • 1 month later...

miałem podobne błędy, nie pamiętam dokładnie ale też chodziło o klucze, u mnie wyszło jednak na prawa do plików, gdzieś na necie znalazłem że powinno być tak:

-rw-rw-r-- 1 maiK maiK  604 cze 26 02:32 authorized_keys2
-rw------- 1 maiK maiK  668 cze  3 20:44 id_dsa
-rw-r-xr-x 1 maiK maiK  597 cze  3 20:44 id_dsa.pub
-rw-rw-r-- 1 maiK maiK 1615 paź 20 18:50 known_hosts

no i zadziałało :) (aha i w razie czego -> drwxr--r-- 2 maiK maiK 4096 cze 26 02:39 .ssh)

Odnośnik do komentarza
Udostępnij na innych stronach

Jeśli chcesz dodać odpowiedź, zaloguj się lub zarejestruj nowe konto

Jedynie zarejestrowani użytkownicy mogą komentować zawartość tej strony.

Zarejestruj nowe konto

Załóż nowe konto. To bardzo proste!

Zarejestruj się

Zaloguj się

Posiadasz już konto? Zaloguj się poniżej.

Zaloguj się
×
×
  • Dodaj nową pozycję...