Como configurar um servidor ssh funcional no Windows 7 que aceita chaves públicas

0

O que eu realmente quero é tornar possível usar o rsync de um servidor Unix para fazer backup de arquivos em um computador com Windows 7 Ultimate. Ele precisa usar as chaves públicas sem supervisão e eu quero a estrutura de diretório no estilo Unix. Então eu tenho um script de shell no meu servidor Unix que puxa arquivos da máquina Windows.

Minha solução é instalar o Cygwin no computador Windows, com componentes cygrunsrv, opens e rsync. Então configurei o sshd com o ssh-host-config (rodando como admin), basicamente respondendo "yes" para todas as questões e então iniciei o servidor sshd com o cygrunsrv. Eu também criei um usuário especial, adicionei-o ao passwd e ao grupo e abri o firewall.

Agora funciona bem para se conectar a partir do servidor Unix com uma senha. Mas quando tento a chave pública, obtenho:

% ssh -vvv [email protected]
OpenSSH_6.2p2, OSSLShim 0.9.8r 8 Dec 2011
debug1: Reading configuration data /etc/ssh_config
debug1: /etc/ssh_config line 20: Applying options for *
debug1: /etc/ssh_config line 102: Applying options for *
debug2: ssh_connect: needpriv 0
debug1: Connecting to 192.168.0.6 [192.168.0.6] port 22.
debug1: Connection established.
debug3: Incorrect RSA1 identifier
debug3: Could not load "/Users/ola/.ssh/id_rsa" as a RSA1 public key
debug1: identity file /Users/ola/.ssh/id_rsa type 1
debug1: identity file /Users/ola/.ssh/id_rsa-cert type -1
debug1: identity file /Users/ola/.ssh/id_dsa type -1
debug1: identity file /Users/ola/.ssh/id_dsa-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.2
debug1: Remote protocol version 2.0, remote software version OpenSSH_6.7
debug1: match: OpenSSH_6.7 pat OpenSSH*
debug2: fd 3 setting O_NONBLOCK
debug3: load_hostkeys: loading entries for host "192.168.0.6" from file "/Users/ola/.ssh/known_hosts"
debug3: load_hostkeys: found key type RSA in file /Users/ola/.ssh/known_hosts:4
debug3: load_hostkeys: loaded 1 keys
debug3: order_hostkeyalgs: prefer hostkeyalgs: [email protected],[email protected],ssh-rsa
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: [email protected],[email protected],ssh-rsa,[email protected],[email protected],ssh-dss
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,[email protected],[email protected],aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,[email protected]
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,[email protected],[email protected],aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,[email protected]
debug2: kex_parse_kexinit: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-md5,hmac-sha1,[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,[email protected],hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-md5,hmac-sha1,[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,[email protected],hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,[email protected],zlib
debug2: kex_parse_kexinit: none,[email protected],zlib
debug2: kex_parse_kexinit: 
debug2: kex_parse_kexinit: 
debug2: kex_parse_kexinit: first_kex_follows 0 
debug2: kex_parse_kexinit: reserved 0 
debug2: kex_parse_kexinit: [email protected],ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss,ecdsa-sha2-nistp256,ssh-ed25519
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,[email protected],[email protected],[email protected]
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,[email protected],[email protected],[email protected]
debug2: kex_parse_kexinit: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: kex_parse_kexinit: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: kex_parse_kexinit: none,[email protected]
debug2: kex_parse_kexinit: none,[email protected]
debug2: kex_parse_kexinit: 
debug2: kex_parse_kexinit: 
debug2: kex_parse_kexinit: first_kex_follows 0 
debug2: kex_parse_kexinit: reserved 0 
debug2: mac_setup: found [email protected]
debug1: kex: server->client aes128-ctr [email protected] none
debug2: mac_setup: found [email protected]
debug1: kex: client->server aes128-ctr [email protected] none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<2048<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug2: dh_gen_key: priv key bits set: 159/320
debug2: bits set: 1048/2048
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Server host key: RSA b9:67:b9:af:34:25:59:7e:16:49:a6:88:09:bf:dc:be
debug3: load_hostkeys: loading entries for host "192.168.0.6" from file "/Users/ola/.ssh/known_hosts"
debug3: load_hostkeys: found key type RSA in file /Users/ola/.ssh/known_hosts:4
debug3: load_hostkeys: loaded 1 keys
debug1: Host '192.168.0.6' is known and matches the RSA host key.
debug1: Found key in /Users/ola/.ssh/known_hosts:4
debug2: bits set: 1007/2048
debug1: ssh_rsa_verify: signature correct
debug2: kex_derive_keys
debug2: set_newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug2: set_newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug2: key: /Users/ola/.ssh/id_rsa (0x7fe9b8e004c0),
debug2: key: /Users/ola/.ssh/id_dsa (0x0),
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug3: start over, passed a different list publickey,password,keyboard-interactive
debug3: preferred publickey,keyboard-interactive,password
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /Users/ola/.ssh/id_rsa
debug3: send_pubkey_test
debug2: we sent a publickey packet, wait for reply
Connection closed by 192.168.0.6
[olasw:~] ola% ssh -vvv [email protected]
OpenSSH_6.2p2, OSSLShim 0.9.8r 8 Dec 2011
debug1: Reading configuration data /etc/ssh_config
debug1: /etc/ssh_config line 20: Applying options for *
debug1: /etc/ssh_config line 102: Applying options for *
debug2: ssh_connect: needpriv 0
debug1: Connecting to 192.168.0.6 [192.168.0.6] port 22.
debug1: Connection established.
debug3: Incorrect RSA1 identifier
debug3: Could not load "/Users/ola/.ssh/id_rsa" as a RSA1 public key
debug1: identity file /Users/ola/.ssh/id_rsa type 1
debug1: identity file /Users/ola/.ssh/id_rsa-cert type -1
debug1: identity file /Users/ola/.ssh/id_dsa type -1
debug1: identity file /Users/ola/.ssh/id_dsa-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.2
debug1: Remote protocol version 2.0, remote software version OpenSSH_6.7
debug1: match: OpenSSH_6.7 pat OpenSSH*
debug2: fd 3 setting O_NONBLOCK
debug3: load_hostkeys: loading entries for host "192.168.0.6" from file "/Users/ola/.ssh/known_hosts"
debug3: load_hostkeys: found key type RSA in file /Users/ola/.ssh/known_hosts:4
debug3: load_hostkeys: loaded 1 keys
debug3: order_hostkeyalgs: prefer hostkeyalgs: [email protected],[email protected],ssh-rsa
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: [email protected],[email protected],ssh-rsa,[email protected],[email protected],ssh-dss
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,[email protected],[email protected],aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,[email protected]
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,[email protected],[email protected],aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,[email protected]
debug2: kex_parse_kexinit: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-md5,hmac-sha1,[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,[email protected],hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-md5,hmac-sha1,[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,[email protected],hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,[email protected],zlib
debug2: kex_parse_kexinit: none,[email protected],zlib
debug2: kex_parse_kexinit: 
debug2: kex_parse_kexinit: 
debug2: kex_parse_kexinit: first_kex_follows 0 
debug2: kex_parse_kexinit: reserved 0 
debug2: kex_parse_kexinit: [email protected],ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss,ecdsa-sha2-nistp256,ssh-ed25519
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,[email protected],[email protected],[email protected]
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,[email protected],[email protected],[email protected]
debug2: kex_parse_kexinit: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: kex_parse_kexinit: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: kex_parse_kexinit: none,[email protected]
debug2: kex_parse_kexinit: none,[email protected]
debug2: kex_parse_kexinit: 
debug2: kex_parse_kexinit: 
debug2: kex_parse_kexinit: first_kex_follows 0 
debug2: kex_parse_kexinit: reserved 0 
debug2: mac_setup: found [email protected]
debug1: kex: server->client aes128-ctr [email protected] none
debug2: mac_setup: found [email protected]
debug1: kex: client->server aes128-ctr [email protected] none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<2048<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug2: dh_gen_key: priv key bits set: 156/320
debug2: bits set: 1003/2048
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Server host key: RSA b9:67:b9:af:34:25:59:7e:16:49:a6:88:09:bf:dc:be
debug3: load_hostkeys: loading entries for host "192.168.0.6" from file "/Users/ola/.ssh/known_hosts"
debug3: load_hostkeys: found key type RSA in file /Users/ola/.ssh/known_hosts:4
debug3: load_hostkeys: loaded 1 keys
debug1: Host '192.168.0.6' is known and matches the RSA host key.
debug1: Found key in /Users/ola/.ssh/known_hosts:4
debug2: bits set: 994/2048
debug1: ssh_rsa_verify: signature correct
debug2: kex_derive_keys
debug2: set_newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug2: set_newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug2: key: /Users/ola/.ssh/id_rsa (0x7fe013d00dc0),
debug2: key: /Users/ola/.ssh/id_dsa (0x0),
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug3: start over, passed a different list publickey,password,keyboard-interactive
debug3: preferred publickey,keyboard-interactive,password
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /Users/ola/.ssh/id_rsa
debug3: send_pubkey_test
debug2: we sent a publickey packet, wait for reply
Connection closed by 192.168.0.6

Portanto, apenas por ter uma chave pública no meu diretório local .ssh faz com que o serviço sshd do Windows feche a conexão. A reação é a mesma se eu tenho um diretório .ssh no computador Windows ou não, e mesmo se os privilégios nesse diretório e o arquivo authorized_keys estiverem corretos.

Eu tentei muitas abordagens diferentes, mas todas elas dão o mesmo problema.

O que estou perdendo aqui?

    
por Ola 02.01.2015 / 14:43

1 resposta

0

Eu tive o mesmo problema no W2003 e notei que ao executar 'ssh-host-config' e escolher 'privilégios separados' ele cria o usuário local "cyg_server", mas não o encontra e como resultado instala o serviço sshd como o usuário "SISTEMA" !!!
Não o encontra porque não atualiza / etc / passwd ;).

Então, o que funcionou para mim foi, depois de correr 'ssh-host-config', então eu não iniciei o serviço (então se ele começou para você, você tem que 'net stop sshd' primeiro), então fez:

-ran 'cygrunsrv --remove sshd' (para cancelar o registro do serviço)
-ran 'mkpasswd -l > / etc / passwd' (que atualiza o / etc / passwd com os usuários recém-criados "sshd" e "cyg_server")
-re-corre 'ssh-host-config', respondendo sim a tudo, exceto "ntsec" para a variável CYGWIN e "não" para "você deseja usar um nome de usuário diferente" pergunta sobre o usuário cyg_server, digitou a senha anteriormente definido na primeira iteração e, em seguida, fez com que ele disse que o serviço sshd é instalado sob o usuário "cyg_server" !

Somente então a chave de autenticação ssh funcionou perfeitamente. Espero que ajude alguém.

    
por 25.01.2015 / 12:50