LFTP: SSH com chaves privadas e públicas

0

Estou usando o LFTP para espelhar a pasta do servidor SFTP com a pasta local.

Mas atualmente eu ficaria feliz em me conectar corretamente ao servidor SFTP e listar o conteúdo ...

Estou usando o Windows 7 e baixei o pacote LFTP do NWGAT ( link ).

É claro para mim que devo primeiro configurar a conexão do sftp usando o comando ssh :

ssh -v -a -x -vvv -o UserKnownHostsFile=/ssh/known_hosts -i /ssh/MyPrivateKey.ppk -p 22 [email protected]

No final do post está a saída deste comando.

Se eu uso o WinSCP com o arquivo ppk, posso conectar sem problemas. Mas usando ssh no prompt de comando (com ppk não aceita passphrase, com autenticações pri) estou recebendo este problema (o mesmo problema acontece quando se usa putty com o arquivo ppk - servidor recusado para iniciar um shell / comando). p>

Estou fazendo algo errado no meu código ou estou sentindo alguma falta?

Ou algo deve ser definido também no lado do servidor (ex .: permissões, algo que não corresponde)?

Aqui está o código e a saída, obrigado pela sua ajuda.

ssh -v -a -x -vvv -o UserKnownHostsFile=/ssh/known_hosts -i /ssh/MyPrivateKey.pri -p 22 [email protected]

OpenSSH_6.6.1, OpenSSL 1.0.1i 6 Aug 2014
debug2: ssh_connect: needpriv 0
debug1: Connecting to sftp.domain.com [XXX.XXX.XXX.XXX] port 22.
debug1: Connection established.
debug3: Incorrect RSA1 identifier
debug3: Could not load "/ssh/MyPrivateKey.pri" as a RSA1 public key
debug1: identity file /ssh/MyPrivateKey.pri type -1
debug1: identity file /ssh/MyPrivateKey.pri-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.6.1
debug1: Remote protocol version 2.0, remote software version SFTP_XXXXX
debug1: no match: SFTP_XXXXX
debug2: fd 3 setting O_NONBLOCK
debug3: load_hostkeys: loading entries for host "sftp.domain.com" fr
om file "/ssh/known_hosts"
debug3: load_hostkeys: found key type RSA in file /ssh/known_hosts:1
debug3: load_hostkeys: loaded 1 keys
debug3: order_hostkeyalgs: prefer hostkeyalgs: [email protected],ssh-
[email protected],ssh-rsa
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit: [email protected],ecdh-sha2-nistp256,ecdh-
sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hel
lman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: [email protected],ssh-rsa-cert-v00@openssh
.com,ssh-rsa,[email protected],ecdsa-sha2-nistp384-cert-v
[email protected],[email protected],ssh-ed25519-cert-v01@ope
nssh.com,[email protected],[email protected],ecdsa-sha2-ni
stp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519,ssh-dss
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour12
8,[email protected],[email protected],[email protected],ae
s128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndae
[email protected]
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour12
8,[email protected],[email protected],[email protected],ae
s128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndae
[email protected]
debug2: kex_parse_kexinit: [email protected],[email protected],um
[email protected],[email protected],[email protected],hma
[email protected],[email protected],hmac-sha1-96-etm@opens
sh.com,[email protected],hmac-md5,hmac-sha1,[email protected],umac-1
[email protected],hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160@openssh
.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: [email protected],[email protected],um
[email protected],[email protected],[email protected],hma
[email protected],[email protected],hmac-sha1-96-etm@opens
sh.com,[email protected],hmac-md5,hmac-sha1,[email protected],umac-1
[email protected],hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160@openssh
.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,[email protected],zlib
debug2: kex_parse_kexinit: none,[email protected],zlib
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: kex_parse_kexinit: diffie-hellman-group1-sha1,diffie-hellman-group14-sha
1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256
debug2: kex_parse_kexinit: [email protected],ssh-rsa
debug2: kex_parse_kexinit: aes256-ctr,aes256-cbc,aes128-cbc
debug2: kex_parse_kexinit: aes256-ctr,aes256-cbc,aes128-cbc
debug2: kex_parse_kexinit: hmac-sha512,hmac-sha2-512,hmac-sha256,hmac-sha2-256,h
mac-sha1
debug2: kex_parse_kexinit: hmac-sha512,hmac-sha2-512,hmac-sha256,hmac-sha2-256,h
mac-sha1
debug2: kex_parse_kexinit: zlib,none
debug2: kex_parse_kexinit: zlib,none
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: mac_setup: setup hmac-sha1
debug1: kex: server->client aes256-ctr hmac-sha1 none
debug2: mac_setup: setup hmac-sha1
debug1: kex: client->server aes256-ctr hmac-sha1 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<8192<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug2: bits set: 4119/8192
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Server host key: RSA 45:49:72:ff:5c:97:0b:ba:57:98:5a:2a:49:18:21:fa
debug3: load_hostkeys: loading entries for host "sftp.domain.com" fr
om file "/ssh/known_hosts"
debug3: load_hostkeys: found key type RSA in file /ssh/known_hosts:1
debug3: load_hostkeys: loaded 1 keys
debug3: load_hostkeys: loading entries for host "XXX.XXX.XXX.XXX" from file "/ssh
/known_hosts"
debug3: load_hostkeys: found key type RSA in file /ssh/known_hosts:1
debug3: load_hostkeys: loaded 1 keys
debug1: Host 'sftp.domain.com' is known and matches the RSA host key
.
debug1: Found key in /ssh/known_hosts:1
debug2: bits set: 4092/8192
debug1: ssh_rsa_verify: signature correct
debug2: kex_derive_keys
debug2: set_newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug2: set_newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug2: key: /ssh/MyPrivateKey.pri (0x0), explicit
debug3: input_userauth_banner
****************************************
XXXXXXXXXXXXXXXXXXXXXXXXXXXX
****************************************
This system is for the use of authorized users only
****************************************debug1: Authentications that can continu
e: publickey
debug3: start over, passed a different list publickey
debug3: preferred publickey,keyboard-interactive,password
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Trying private key: /ssh/MyPrivateKey.pri
debug1: key_parse_private2: missing begin marker
debug1: key_parse_private_pem: PEM_read_PrivateKey failed
debug1: read PEM private key done: type <unknown>
Enter passphrase for key '/ssh/MyPrivateKey.pri':
debug1: key_parse_private2: missing begin marker
debug1: read PEM private key done: type RSA
debug3: sign_and_send_pubkey: RSA XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
debug2: we sent a publickey packet, wait for reply
debug1: Authentication succeeded (publickey).
Authenticated to sftp.domain.com ([XXX.XXX.XXX.XXX]:22).
debug1: channel 0: new [client-session]
debug3: ssh_session2_open: channel_new: 0
debug2: channel 0: send open
debug1: Entering interactive session.
debug2: callback start
debug2: fd 3 setting TCP_NODELAY
debug3: packet_set_tos: set IP_TOS 0x10
debug2: client_session2_setup: id 0
debug2: channel 0: request pty-req confirm 1
debug2: channel 0: request shell confirm 1
debug2: callback done
debug2: channel 0: open confirm rwindow 16384 rmax 35000
debug2: channel_input_status_confirm: type 99 id 0
debug2: PTY allocation request accepted on channel 0
debug2: channel_input_status_confirm: type 100 id 0
shell request failed on channel 0
    
por pacojones 11.12.2014 / 19:17

1 resposta

1

O conjunto de ferramentas OpenSSH não entende o formato de arquivo de chave .ppk . Ele usa seu próprio formato. Assim como PuTTY (e WinSCP) usa seu formato (o .ppk ) e por isso não entende o formato OpenSSH.

Você pode usar o PuTTYgen (do conjunto de ferramentas PuTTY) para converter a tecla .ppk para o formato OpenSSH.
link

    
por 12.12.2014 / 08:24