Autenticação por chave pública SSH

3

Eu tenho tido problemas para tentar autenticar meu cliente macbook air usando ssh para conectar ao meu servidor Raspberry Pi. Há alguma sugestão de por que isso não está funcionando?

Coisas que eu tentei:

  • Criei uma chave ssh e copiei a chave pública para a pasta ~/.ssh/authorized_keys do servidor
  • Encaminhamento de porta ativado para a porta 777 (usando essa porta para o SSH)
  • Configurar permissões no meu servidor para as pastas ~/.ssh e ~/.ssh/*
  • Ativou RSAAuthentication e PubkeyAuthentication no arquivo /etc/ssh/sshd_config do meu servidor

Faz o login no lado do cliente:

>>> ssh -vvv -i ~/.ssh/id_rsa [email protected]
OpenSSH_6.2p2, OSSLShim 0.9.8r 8 Dec 2011
debug1: Reading configuration data /etc/ssh_config
debug1: /etc/ssh_config line 20: Applying options for *
debug1: /etc/ssh_config line 102: Applying options for *
debug2: ssh_connect: needpriv 0
debug1: Connecting to raspberrypi.local [192.168.0.13] port 777.
debug1: Connection established.
debug3: Incorrect RSA1 identifier
debug3: Could not load "/Users/addie/.ssh/id_rsa" as a RSA1 public key
debug1: identity file /Users/addie/.ssh/id_rsa type 1
debug1: identity file /Users/addie/.ssh/id_rsa-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.2
debug1: Remote protocol version 2.0, remote software version OpenSSH_6.0p1 Debian-4+deb7u2
debug1: match: OpenSSH_6.0p1 Debian-4+deb7u2 pat OpenSSH*
debug2: fd 3 setting O_NONBLOCK
debug3: put_host_port: [raspberrypi.local]:777
debug3: load_hostkeys: loading entries for host "[raspberrypi.local]:777" from file "/Users/addie/.ssh/known_hosts"
debug3: load_hostkeys: loaded 0 keys
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: [email protected],[email protected],[email protected],[email protected],ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,[email protected],[email protected],aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,[email protected]
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,[email protected],[email protected],aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,[email protected]
debug2: kex_parse_kexinit: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-md5,hmac-sha1,[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,[email protected],hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-md5,hmac-sha1,[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,[email protected],hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,[email protected],zlib
debug2: kex_parse_kexinit: none,[email protected],zlib
debug2: kex_parse_kexinit: 
debug2: kex_parse_kexinit: 
debug2: kex_parse_kexinit: first_kex_follows 0 
debug2: kex_parse_kexinit: reserved 0 
debug2: kex_parse_kexinit: ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss,ecdsa-sha2-nistp256
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,[email protected]
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,[email protected]
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,[email protected],hmac-sha2-256,hmac-sha2-256-96,hmac-sha2-512,hmac-sha2-512-96,hmac-ripemd160,[email protected],hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,[email protected],hmac-sha2-256,hmac-sha2-256-96,hmac-sha2-512,hmac-sha2-512-96,hmac-ripemd160,[email protected],hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,[email protected]
debug2: kex_parse_kexinit: none,[email protected]
debug2: kex_parse_kexinit: 
debug2: kex_parse_kexinit: 
debug2: kex_parse_kexinit: first_kex_follows 0 
debug2: kex_parse_kexinit: reserved 0 
debug2: mac_setup: found hmac-md5
debug1: kex: server->client aes128-ctr hmac-md5 none
debug2: mac_setup: found hmac-md5
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug2: dh_gen_key: priv key bits set: 125/256
debug2: bits set: 503/1024
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Server host key: RSA 32:b0:3a:60:39:3c:38:9b:35:33:b7:80:d6:06:37:a9
debug3: put_host_port: [192.168.0.13]:777
debug3: put_host_port: [raspberrypi.local]:777
debug3: load_hostkeys: loading entries for host "[raspberrypi.local]:777" from file "/Users/addie/.ssh/known_hosts"
debug3: load_hostkeys: loaded 0 keys
debug3: load_hostkeys: loading entries for host "[192.168.0.13]:777" from file "/Users/addie/.ssh/known_hosts"
debug3: load_hostkeys: loaded 0 keys
debug1: checking without port identifier
debug3: load_hostkeys: loading entries for host "raspberrypi.local" from file "/Users/addie/.ssh/known_hosts"
debug3: load_hostkeys: found key type RSA in file /Users/addie/.ssh/known_hosts:4
debug3: load_hostkeys: loaded 1 keys
debug3: load_hostkeys: loading entries for host "192.168.0.13" from file "/Users/addie/.ssh/known_hosts"
debug3: load_hostkeys: found key type RSA in file /Users/addie/.ssh/known_hosts:7
debug3: load_hostkeys: loaded 1 keys
debug1: Host 'raspberrypi.local' is known and matches the RSA host key.
debug1: Found key in /Users/addie/.ssh/known_hosts:4
debug1: found matching key w/out port
debug2: bits set: 505/1024
debug1: ssh_rsa_verify: signature correct
debug2: kex_derive_keys
debug2: set_newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug2: set_newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug2: key: /Users/addie/.ssh/id_rsa (0x7fe36a415cd0), explicit
debug1: Authentications that can continue: publickey
debug3: start over, passed a different list publickey
debug3: preferred publickey,keyboard-interactive,password
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /Users/addie/.ssh/id_rsa
debug3: send_pubkey_test
debug2: we sent a publickey packet, wait for reply
debug1: Authentications that can continue: publickey
debug2: we did not send a packet, disable method
debug1: No more authentication methods to try.
Permission denied (publickey).

Faz o login no lado do servidor:

>>> cat /var/log/auth.log
sshd[4115]: User pi authorized keys /home/pi/.ssh/authorized_keys is not a regular file
sshd[4115]: Connection closed by 192.168.0.5
    
por Addie 11.10.2015 / 09:26

1 resposta

7

Eu acho que você entendeu mal o uso de authorized_keys .

authorized_keys is não é um diretório no qual você coloca seus arquivos pubkey.

authorized_keys é um arquivo normal que inclui todos os seus pubkeys.

Se você tiver apenas uma chave, basta renomear o arquivo

mv id_rsa.pub authorized_keys

Se você tiver mais de uma chave, poderá usar o cat para concatenar essas chaves no arquivo.

cat id_rsa.pub ios_id_rsa.pub >> authorized_keys
    
por 11.10.2015 / 09:55