Recentemente, criei um vps para fins de hospedagem na web. Tudo estava indo bem até que decidi que é hora de adicionar outra conta e desativar a autenticação raiz. Adicionei um novo usuário ao grupo de sudoers, adicionei a chave pública ao /home/user/.ssh/authorized_keys file , verifiquei todas as permissões de arquivo e o resultado é que só posso fazer login por meio da autenticação de senha. Ao usar a chave ssh, esta é a saída super super detalhada:
chev@linuxbox:~/.ssh$ ssh -vvv [email protected] -p 25000
OpenSSH_5.9p1 Debian-5ubuntu1.2, OpenSSL 1.0.1 14 Mar 2012 debug1:
Reading configuration data /etc/ssh/ssh_config debug1:
/etc/ssh/ssh_config line 19: Applying options for * debug2:
ssh_connect: needpriv 0 debug1: Connecting to xxx.xxx.218.10
[xxx.xxx.218.10] port 25000. debug1: Connection established. debug3:
Incorrect RSA1 identifier debug3: Could not load
"/home/chev/.ssh/id_rsa" as a RSA1 public key debug1: identity file
/home/chev/.ssh/id_rsa type 1 debug1: Checking blacklist file
/usr/share/ssh/blacklist.RSA-2048 debug1: Checking blacklist file
/etc/ssh/blacklist.RSA-2048 debug1: identity file
/home/chev/.ssh/id_rsa-cert type -1 debug1: identity file
/home/chev/.ssh/id_dsa type -1 debug1: identity file
/home/chev/.ssh/id_dsa-cert type -1 debug1: identity file
/home/chev/.ssh/id_ecdsa type -1 debug1: identity file
/home/chev/.ssh/id_ecdsa-cert type -1 debug1: Remote protocol version
2.0, remote software version OpenSSH_5.9p1 Debian-5ubuntu1.2 debug1: match: OpenSSH_5.9p1 Debian-5ubuntu1.2 pat OpenSSH* debug1:
Enabling compatibility mode for protocol 2.0 debug1: Local version
string SSH-2.0-OpenSSH_5.9p1 Debian-5ubuntu1.2 debug2: fd 3 setting
O_NONBLOCK debug3: put_host_port: [xxx.xxx.218.10]:25000 debug3:
load_hostkeys: loading entries for host "[xxx.xxx.218.10]:25000" from
file "/home/chev/.ssh/known_hosts" debug3: load_hostkeys: found key
type ECDSA in file /home/chev/.ssh/known_hosts:19 debug3:
load_hostkeys: loaded 1 keys debug3: order_hostkeyalgs: prefer
hostkeyalgs:
[email protected],[email protected],[email protected],ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521
debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit:
ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit:
[email protected],[email protected],[email protected],ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,[email protected],[email protected],[email protected],[email protected],ssh-rsa,ssh-dss debug2: kex_parse_kexinit:
aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,[email protected]
debug2: kex_parse_kexinit:
aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,[email protected]
debug2: kex_parse_kexinit:
hmac-md5,hmac-sha1,[email protected],hmac-sha2-256,hmac-sha2-256-96,hmac-sha2-512,hmac-sha2-512-96,hmac-ripemd160,[email protected],hmac-sha1-96,hmac-md5-96 debug2: kex_parse_kexinit:
hmac-md5,hmac-sha1,[email protected],hmac-sha2-256,hmac-sha2-256-96,hmac-sha2-512,hmac-sha2-512-96,hmac-ripemd160,[email protected],hmac-sha1-96,hmac-md5-96 debug2: kex_parse_kexinit: none,[email protected],zlib debug2:
kex_parse_kexinit: none,[email protected],zlib debug2:
kex_parse_kexinit: debug2: kex_parse_kexinit: debug2:
kex_parse_kexinit: first_kex_follows 0 debug2: kex_parse_kexinit:
reserved 0 debug2: kex_parse_kexinit:
ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss,ecdsa-sha2-nistp256
debug2: kex_parse_kexinit:
aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,[email protected]
debug2: kex_parse_kexinit:
aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,[email protected]
debug2: kex_parse_kexinit:
hmac-md5,hmac-sha1,[email protected],hmac-sha2-256,hmac-sha2-256-96,hmac-sha2-512,hmac-sha2-512-96,hmac-ripemd160,[email protected],hmac-sha1-96,hmac-md5-96 debug2: kex_parse_kexinit:
hmac-md5,hmac-sha1,[email protected],hmac-sha2-256,hmac-sha2-256-96,hmac-sha2-512,hmac-sha2-512-96,hmac-ripemd160,[email protected],hmac-sha1-96,hmac-md5-96 debug2: kex_parse_kexinit: none,[email protected] debug2:
kex_parse_kexinit: none,[email protected] debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: debug2: kex_parse_kexinit:
first_kex_follows 0 debug2: kex_parse_kexinit: reserved 0 debug2:
mac_setup: found hmac-md5 debug1: kex: server->client aes128-ctr
hmac-md5 none debug2: mac_setup: found hmac-md5 debug1: kex:
client->server aes128-ctr hmac-md5 none debug1: sending
SSH2_MSG_KEX_ECDH_INIT debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ECDSA
xx:xx:xx:xx:65:ef:d9:33:0c:55:58:e3:9f:32:36:07 debug3:
put_host_port: [xxx.xxx.218.10]:25000 debug3: put_host_port:
[xxx.xxx.218.10]:25000 debug3: load_hostkeys: loading entries for
host "[xxx.xxx.218.10]:25000" from file "/home/chev/.ssh/known_hosts"
debug3: load_hostkeys: found key type ECDSA in file
/home/chev/.ssh/known_hosts:19 debug3: load_hostkeys: loaded 1 keys
debug3: load_hostkeys: loading entries for host
"[xxx.xxx.218.10]:25000" from file "/home/chev/.ssh/known_hosts"
debug3: load_hostkeys: found key type ECDSA in file
/home/chev/.ssh/known_hosts:19 debug3: load_hostkeys: loaded 1 keys
debug1: Host '[xxx.xxx.218.10]:25000' is known and matches the ECDSA
host key. debug1: Found key in /home/chev/.ssh/known_hosts:19 debug1:
ssh_ecdsa_verify: signature correct debug2: kex_derive_keys debug2:
set_newkeys: mode 1 debug1: SSH2_MSG_NEWKEYS sent debug1: expecting
SSH2_MSG_NEWKEYS debug2: set_newkeys: mode 0 debug1: SSH2_MSG_NEWKEYS
received debug1: Roaming not allowed by server debug1:
SSH2_MSG_SERVICE_REQUEST sent debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received debug2: key:
/home/chev/.ssh/id_rsa (0xb8a7f868) debug2: key: [email protected]
(0xb8a87c40) debug2: key: /home/chev/.ssh/id_dsa ((nil)) debug2: key:
/home/chev/.ssh/id_ecdsa ((nil)) debug1: Authentications that can
continue: publickey debug3: start over, passed a different list
publickey debug3: preferred
gssapi-keyex,gssapi-with-mic,publickey,keyboard-interactive,password
debug3: authmethod_lookup publickey debug3: remaining preferred:
keyboard-interactive,password debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey debug1: Offering RSA
public key: /home/chev/.ssh/id_rsa debug3: send_pubkey_test debug2:
we sent a publickey packet, wait for reply debug1: Authentications
that can continue: publickey debug1: Offering RSA public key:
[email protected] debug3: send_pubkey_test debug2: we sent a
publickey packet, wait for reply debug1: Authentications that can
continue: publickey debug1: Trying private key:
/home/chev/.ssh/id_dsa debug3: no such identity:
/home/chev/.ssh/id_dsa debug1: Trying private key:
/home/chev/.ssh/id_ecdsa debug3: no such identity:
/home/chev/.ssh/id_ecdsa debug2: we did not send a packet, disable
method debug1: No more authentication methods to try. Permission
denied (publickey).
Isso acontece com a conta raiz e não-raiz. Após o login com a senha, também notei que, em vez de user@host:$ prompt i, recebi um prompt "$" . Eu criei uma pasta home e .ssh, então não tenho certeza sobre isso, mas mais irritada por não conseguir me logar. Além disso, isso também acontece na porta 22. Eu passei as últimas 12 horas tentando fazer isso funcionar. A única coisa que posso fazer é re-flash meu vps e manter o login root com a chave ssh, que não é o que eu quero. Toda vez que tento mudar essa configuração, me deparo com uma infinidade de problemas. Alguém pode oferecer algum conselho?
No caso de alguém se deparar com este post com um problema simular, isso foi resolvido quando eu regenerei e copiei novamente as chaves ssh para o vps. Agora tudo funciona muito bem. Portanto, se você for uma mensagem de erro simulada, tente girar suas chaves. Funcionou para mim!