Portanto, tenho a seguinte configuração:
Vamos dar as seguintes notações:
Onde:
Se eu ssh de M2 para M3 e depois tentar ssh para M1 de lá e dar a senha correta, então isso me dá:
pi@R1 ~ $ sudo ssh -v
[email protected] OpenSSH_6.0p1 Debian-4, OpenSSL 1.0.1e 11 Feb 2013
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug1: Connecting to 192.168.2.1 [192.168.2.1] port 22.
debug1: Connection established.
debug1: permanently_set_uid: 0/0
debug1: identity file /root/.ssh/id_rsa type -1
debug1: identity file /root/.ssh/id_rsa-cert type -1
debug1: identity file /root/.ssh/id_dsa type -1
debug1: identity file /root/.ssh/id_dsa-cert type -1
debug1: identity file /root/.ssh/id_ecdsa type -1
debug1: identity file /root/.ssh/id_ecdsa-cert type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.3
debug1: match: OpenSSH_5.3 pat OpenSSH_5*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.0p1 Debian-4
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Server host key: RSA 62:4d:da:1c:e8:86:f0:de:f9:1c:4c:ca:90:51:d9:7b
debug1: Host '192.168.2.1' is known and matches the RSA host key.
debug1: Found key in /root/.ssh/known_hosts:1
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: Next authentication method: publickey
debug1: Trying private key: /root/.ssh/id_rsa
debug1: Trying private key: /root/.ssh/id_dsa
debug1: Trying private key: /root/.ssh/id_ecdsa
debug1: Next authentication method: keyboard-interactive
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: Next authentication method: password
[email protected]'s password:
debug1: Authentications that can continue: publickey,password,keyboard-interactive
Permission denied, please try again.
[email protected]'s password:
Mas se eu tentar ssh de M1 para M3 e depois tentar ssh de volta para M1 então eu obtenho:
nemexis@ServerVM:~$ sudo ssh -v [email protected]
pi@R1 ~ $ ssh -v [email protected]
OpenSSH_6.0p1 Debian-4, OpenSSL 1.0.1e 11 Feb 2013
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug1: Connecting to 192.168.2.1 [192.168.2.1] port 22.
debug1: connect to address 192.168.2.1 port 22: Connection refused
ssh: connect to host 192.168.2.1 port 22: Connection refused
O arquivo de configuração /etc/pam.d/sshd é:
# PAM configuration for the Secure Shell service
# Read environment variables from /etc/environment and
# /etc/security/pam_env.conf.
auth required pam_env.so # [1]
# In Debian 4.0 (etch), locale-related environment variables were moved to
# /etc/default/locale, so read that as well.
auth required pam_env.so envfile=/etc/default/locale
# Standard Un*x authentication.
@include common-auth
# Disallow non-root logins when /etc/nologin exists.
#account required pam_nologin.so
# Uncomment and edit /etc/security/access.conf if you need to set complex
# access limits that are hard to express in sshd_config.
# account required pam_access.so
# Standard Un*x authorization.
@include common-account
#Standard Un*x session setup and teardown.
@include common-session
# Print the message of the day upon successful login.
# This includes a dynamically generated part from /run/motd.dynamic
# and a static (admin-editable) part from /etc/motd.
session optional pam_motd.so motd=/run/motd.dynamic noupdate
session optional pam_motd.so # [1]
# Print the status of the user's mailbox upon successful login.
session optional pam_mail.so standard noenv # [1]
# Set up user limits from /etc/security/limits.conf.
session required pam_limits.so
# Set up SELinux capabilities (need modified pam)
# session required pam_selinux.so multiple
# Standard Un*x password updating.
@include common-password
auth sufficient pam_permit.so
e o /var/log/auth.log declara:
Nov 23 10:32:25 ServerVM gdm3][3937]: pam_unix(gdm3:session): session opened for user nemexis by (uid=0)
Nov 23 10:32:25 ServerVM gdm3][3937]: pam_ck_connector(gdm3:session): nox11 mode, ignoring PAM_TTY :0
Nov 23 10:32:25 ServerVM gdm-welcome][2916]: pam_unix(gdm-welcome:session): session closed for user Debian-gdm
Nov 23 10:32:25 ServerVM polkitd(authority=local): Unregistered Authentication Agent for unix-session:/org/freedesktop/ConsoleKit/Session1 (system bus name :1.29, object path /org/gnome/PolicyKit1/AuthenticationAgent, locale en_US.UTF-8) (disconnected from bus)
Nov 23 10:32:37 ServerVM sshd[4537]: Server listening on 0.0.0.0 port 22.
Nov 23 10:32:37 ServerVM sshd[4537]: Server listening on :: port 22.
Nov 23 10:32:49 ServerVM polkitd(authority=local): Registered Authentication Agent for unix-session:/org/freedesktop/ConsoleKit/Session2 (system bus name :1.50 [/usr/lib/policykit-1-gnome/polkit-gnome-authentication-agent-1], object path /org/gnome/PolicyKit1/AuthenticationAgent, locale en_US.UTF-8)
Nov 23 10:33:02 ServerVM CRON[4800]: pam_unix(cron:session): session opened for user Debian-exim by (uid=0)
Nov 23 10:33:04 ServerVM CRON[4800]: pam_unix(cron:session): session closed for user Debian-exim
Nov 23 10:33:50 ServerVM sudo: nemexis : TTY=pts/0 ; PWD=/home/nemexis ; USER=root ; COMMAND=/usr/bin/ssh -v [email protected]
Nov 23 10:33:50 ServerVM sudo: pam_unix(sudo:session): session opened for user root by nemexis(uid=0)
Nov 23 10:35:01 ServerVM CRON[4918]: pam_unix(cron:session): session opened for user root by (uid=0)
Nov 23 10:35:01 ServerVM CRON[4918]: pam_unix(cron:session): session closed for user root
Nov 23 10:36:37 ServerVM sudo: nemexis : TTY=pts/1 ; PWD=/var/log ; USER=root ; COMMAND=/usr/bin/gedit auth.log
Nov 23 10:36:37 ServerVM sudo: pam_unix(sudo:session): session opened for user root by nemexis(uid=0)
Sempre que eu tento, parece que não posso ssh para M1 a partir do M3. Eu tenho um palpite de que o M3 deve ser culpado por isso, mas não tenho certeza.