Conexão SSH ao Ubuntu funciona na rede interna, mas não de fora

0

As outras perguntas semelhantes sobre o Ubuntu não me ajudaram a resolver este problema.

Eu tenho um servidor Ubuntu que eu não posso ter problemas quando estou em um computador na rede local, mas quando eu tento de fora eu recebo

Permission denied (publickey)

Eu criei um novo par de chaves e adicionei a chave pública a authorized_keys.

Certifiquei-me de que as chaves autorizadas têm as permissões corretas definidas (0600)

O encaminhamento de porta no roteador parece estar configurado corretamente, pois vejo minhas tentativas de conexão em /var/log/auth.log

Oct 26 16:37:59 ubuntu sshd[1804]: Connection closed by xx.xx.xx.xx [preauth]

Isto é o que eu recebo com a opção -vvv

OpenSSH_6.6.1, OpenSSL 1.0.1f 6 Jan 2014
debug1: Reading configuration data /home/mike/.ssh/config
debug1: /home/mike/.ssh/config line 19: Applying options for *
debug1: /home/mike/.ssh/config line 145: Applying options for beansprout.1
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug1: Hostname has changed; re-reading configuration
debug1: Reading configuration data /home/mike/.ssh/config
debug1: /home/mike/.ssh/config line 19: Applying options for *
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug2: ssh_connect: needpriv 0
debug1: Connecting to xx.xx.xx.xx [xx.xx.xx.xx] port 22.
debug1: Connection established.
debug3: Incorrect RSA1 identifier
debug3: Could not load "/home/mike/.ssh/beansprout_live" as a RSA1 public key
debug1: identity file /home/mike/.ssh/beansprout_live type 1
debug1: identity file /home/mike/.ssh/beansprout_live-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.6.1p1 Ubuntu-2ubuntu2.8
debug1: Remote protocol version 2.0, remote software version OpenSSH_6.6.1p1 Ubuntu-2ubuntu2.8
debug1: match: OpenSSH_6.6.1p1 Ubuntu-2ubuntu2.8 pat OpenSSH_6.6.1* compat 0x04000000
debug2: fd 3 setting O_NONBLOCK
debug3: load_hostkeys: loading entries for host "xx.xx.xx.xx" from file "/home/mike/.ssh/known_hosts"
debug3: load_hostkeys: found key type ECDSA in file /home/mike/.ssh/known_hosts:24
debug3: load_hostkeys: loaded 1 keys
debug3: order_hostkeyalgs: prefer hostkeyalgs: [email protected],[email protected],[email protected],ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit: [email protected],ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: [email protected],[email protected],[email protected],ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,[email protected],[email protected],[email protected],[email protected],[email protected],ssh-ed25519,ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,[email protected],[email protected],[email protected],aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,[email protected]
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,[email protected],[email protected],[email protected],aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,[email protected]
debug2: kex_parse_kexinit: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-md5,hmac-sha1,[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,[email protected],hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-md5,hmac-sha1,[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,[email protected],hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,[email protected],zlib
debug2: kex_parse_kexinit: none,[email protected],zlib
debug2: kex_parse_kexinit: 
debug2: kex_parse_kexinit: 
debug2: kex_parse_kexinit: first_kex_follows 0 
debug2: kex_parse_kexinit: reserved 0 
debug2: kex_parse_kexinit: [email protected],ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss,ecdsa-sha2-nistp256,ssh-ed25519
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,[email protected],[email protected],[email protected],aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,[email protected]
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,[email protected],[email protected],[email protected],aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,[email protected]
debug2: kex_parse_kexinit: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-md5,hmac-sha1,[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,[email protected],hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-md5,hmac-sha1,[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,[email protected],hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,[email protected]
debug2: kex_parse_kexinit: none,[email protected]
debug2: kex_parse_kexinit: 
debug2: kex_parse_kexinit: 
debug2: kex_parse_kexinit: first_kex_follows 0 
debug2: kex_parse_kexinit: reserved 0 
debug2: mac_setup: setup [email protected]
debug1: kex: server->client aes128-ctr [email protected] none
debug2: mac_setup: setup [email protected]
debug1: kex: client->server aes128-ctr [email protected] none
debug1: sending SSH2_MSG_KEX_ECDH_INIT
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ECDSA XXXXXXXXXXXXXXXXXXXXXXXXX
debug3: load_hostkeys: loading entries for host "xx.xx.xx.xx" from file "/home/mike/.ssh/known_hosts"
debug3: load_hostkeys: found key type ECDSA in file /home/mike/.ssh/known_hosts:24
debug3: load_hostkeys: loaded 1 keys
debug1: Host 'xx.xx.xx.xx' is known and matches the ECDSA host key.
debug1: Found key in /home/mike/.ssh/known_hosts:24
debug1: ssh_ecdsa_verify: signature correct
debug2: kex_derive_keys
debug2: set_newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug2: set_newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug2: key: /home/mike/.ssh/beansprout_live (0x555f8eacc7c0), explicit
debug1: Authentications that can continue: publickey
debug3: start over, passed a different list publickey
debug3: preferred publickey
debug3: authmethod_lookup publickey
debug3: remaining preferred: 
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /home/mike/.ssh/beansprout_live
debug3: send_pubkey_test
debug2: we sent a publickey packet, wait for reply
debug1: Authentications that can continue: publickey
debug2: we did not send a packet, disable method
debug1: No more authentication methods to try.
Permission denied (publickey)

Eu também rodei o tcpdump, isto é o que eu obtive quando tentei ssh em

frank@ubuntu:~/.ssh$ sudo tcpdump -i any src host xx.xx.xx.xx -vvv
tcpdump: listening on any, link-type LINUX_SLL (Linux cooked), capture size 65535 bytes
16:45:31.390406 IP (tos 0x4, ttl 58, id 5782, offset 0, flags [DF], proto TCP (6), length 60)
    S0106bc4dfb2cb3c3.vc.shawcable.net.33168 > 192.168.1.100.ssh: Flags [S], cksum 0x2529 (correct), seq 1124079693, win 29200, options [mss 1460,sackOK,TS val 5246683 ecr 0,nop,wscale 7], length 0
16:45:31.438365 IP (tos 0x4, ttl 58, id 5783, offset 0, flags [DF], proto TCP (6), length 52)
    S0106bc4dfb2cb3c3.vc.shawcable.net.33168 > 192.168.1.100.ssh: Flags [.], cksum 0xef7b (correct), seq 1124079694, ack 2925922470, win 229, options [nop,nop,TS val 5246693 ecr 138876], length 0
16:45:31.438403 IP (tos 0x4, ttl 58, id 5784, offset 0, flags [DF], proto TCP (6), length 95)
    S0106bc4dfb2cb3c3.vc.shawcable.net.33168 > 192.168.1.100.ssh: Flags [P.], cksum 0x91f4 (correct), seq 0:43, ack 1, win 229, options [nop,nop,TS val 5246693 ecr 138876], length 43
16:45:31.500729 IP (tos 0x4, ttl 58, id 5785, offset 0, flags [DF], proto TCP (6), length 52)
    S0106bc4dfb2cb3c3.vc.shawcable.net.33168 > 192.168.1.100.ssh: Flags [.], cksum 0xef08 (correct), seq 43, ack 44, win 229, options [nop,nop,TS val 5246708 ecr 138890], length 0
16:45:31.501685 IP (tos 0x4, ttl 58, id 5786, offset 0, flags [DF], proto TCP (6), length 1500)
    S0106bc4dfb2cb3c3.vc.shawcable.net.33168 > 192.168.1.100.ssh: Flags [.], cksum 0xcc1c (correct), seq 43:1491, ack 44, win 229, options [nop,nop,TS val 5246708 ecr 138890], length 1448
16:45:31.502110 IP (tos 0x4, ttl 58, id 5787, offset 0, flags [DF], proto TCP (6), length 572)
    S0106bc4dfb2cb3c3.vc.shawcable.net.33168 > 192.168.1.100.ssh: Flags [P.], cksum 0x6aec (correct), seq 1491:2011, ack 44, win 229, options [nop,nop,TS val 5246708 ecr 138890], length 520
16:45:31.530287 IP (tos 0x4, ttl 58, id 5788, offset 0, flags [DF], proto TCP (6), length 52)
    S0106bc4dfb2cb3c3.vc.shawcable.net.33168 > 192.168.1.100.ssh: Flags [.], cksum 0xe18e (correct), seq 2011, ack 1492, win 251, options [nop,nop,TS val 5246719 ecr 138891], length 0
16:45:31.530301 IP (tos 0x4, ttl 58, id 5789, offset 0, flags [DF], proto TCP (6), length 52)
    S0106bc4dfb2cb3c3.vc.shawcable.net.33168 > 192.168.1.100.ssh: Flags [.], cksum 0xe0a3 (correct), seq 2011, ack 1692, win 274, options [nop,nop,TS val 5246719 ecr 138903], length 0
16:45:31.540611 IP (tos 0x4, ttl 58, id 5790, offset 0, flags [DF], proto TCP (6), length 100)
    S0106bc4dfb2cb3c3.vc.shawcable.net.33168 > 192.168.1.100.ssh: Flags [P.], cksum 0xb828 (correct), seq 2011:2059, ack 1692, win 274, options [nop,nop,TS val 5246721 ecr 138904], length 48
16:45:31.581987 IP (tos 0x4, ttl 58, id 5791, offset 0, flags [DF], proto TCP (6), length 68)
    S0106bc4dfb2cb3c3.vc.shawcable.net.33168 > 192.168.1.100.ssh: Flags [P.], cksum 0xd4f3 (correct), seq 2059:2075, ack 1972, win 296, options [nop,nop,TS val 5246732 ecr 138915], length 16
16:45:31.656372 IP (tos 0x4, ttl 58, id 5792, offset 0, flags [DF], proto TCP (6), length 104)
    S0106bc4dfb2cb3c3.vc.shawcable.net.33168 > 192.168.1.100.ssh: Flags [P.], cksum 0x0736 (correct), seq 2075:2127, ack 1972, win 296, options [nop,nop,TS val 5246750 ecr 138936], length 52
16:45:31.688538 IP (tos 0x4, ttl 58, id 5793, offset 0, flags [DF], proto TCP (6), length 120)
    S0106bc4dfb2cb3c3.vc.shawcable.net.33168 > 192.168.1.100.ssh: Flags [P.], cksum 0xb402 (correct), seq 2127:2195, ack 2024, win 296, options [nop,nop,TS val 5246758 ecr 138942], length 68
16:45:31.764659 IP (tos 0x4, ttl 58, id 5794, offset 0, flags [DF], proto TCP (6), length 424)
    S0106bc4dfb2cb3c3.vc.shawcable.net.33168 > 192.168.1.100.ssh: Flags [P.], cksum 0x5f1e (correct), seq 2195:2567, ack 2076, win 296, options [nop,nop,TS val 5246777 ecr 138962], length 372
16:45:31.800705 IP (tos 0x4, ttl 58, id 5795, offset 0, flags [DF], proto TCP (6), length 52)
    S0106bc4dfb2cb3c3.vc.shawcable.net.33168 > 192.168.1.100.ssh: Flags [F.], cksum 0xdc27 (correct), seq 2567, ack 2128, win 296, options [nop,nop,TS val 5246785 ecr 138970], length 0
16:45:31.858424 IP (tos 0x4, ttl 58, id 5796, offset 0, flags [DF], proto TCP (6), length 52)
    S0106bc4dfb2cb3c3.vc.shawcable.net.33168 > 192.168.1.100.ssh: Flags [.], cksum 0xdc09 (correct), seq 2568, ack 2129, win 296, options [nop,nop,TS val 5246800 ecr 138984], length 0

Onde mais posso procurar para tentar descobrir o que está errado?

Obrigado

editar:

configurações de configuração do ssh

Host *
    IdentitiesOnly yes
    SendEnv LANG LC_*
    HashKnownHosts yes
    GSSAPIAuthentication yes
    GSSAPIDelegateCredentials no

Host beansprout.1
    HostName xx.xx.xx.xx
    User frank
    IdentityFile ~/.ssh/beansprout_live
    
por mike 27.10.2016 / 01:55

0 respostas