Como posso usar o ssh para o servidor com rsa-key com nome de usuário específico? [fechadas]

Navegue suas respostas
2

Eu quero ssh do meu computador de casa (usuário: antonio@antonio-home ) para serveruser@serverhost com rsa-key.

Eu gerei o rsa-key com ssh-keygen -t rsa e enviei para o servidor, mas ele ainda está me pedindo senha.

Se eu criar o usuário antonio on serverhost e copiar meu id_rsa.pub no diretório home do usuário antonio , posso fazer com sucesso ssh antonio@serverhost . Mas ssh serveruser@serverhost não está funcionando (id_rsa.pub está dentro do diretório home de serveruser também)

O que estou fazendo de errado? talvez eu deva especificar username enquanto eu gerar a chave rsa? Algo como ssh-keygen -t rsa --user serveruser ?

Eu usei ssh-copy-id para enviar a chave para o servidor e também tentei cat ~/.ssh/id_rsa_serveruser.pub |ssh -lserveruser <hostname or IP of server> "cat >> .ssh/authorized_keys"

Permissões de arquivo no servidor: drwx------ .ssh e -rw------- authorized_keys . serveruser é proprietário desses arquivos e dirs.

Arquivo authorized_keys no servidor: 

ssh-rsa AAAAB3NzaC1yc2EA....AAADAQA antonio@Antonio-Home

Posso ver que ainda há um nome de usuário incorreto no final deste arquivo: antonio@Antonio-Home . Talvez tenha o problema?

Eu tentei definir e não definir senhas para a chave - sem diferença 

Antonio-Home:.ssh antonio$ cat config 
Host serveruser
Hostname <ip>
User serveruser
Identityfile2 ~/.ssh/id_rsa

ssh -vvvv serveruser
OpenSSH_6.9p1, LibreSSL 2.1.8
debug1: Reading configuration data /Users/antonio/.ssh/config
debug1: /Users/antonio/.ssh/config line 1: Applying options for serveruser
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 20: Applying options for *
debug1: /etc/ssh/ssh_config line 102: Applying options for *
debug2: ssh_connect: needpriv 0
debug1: Connecting to <ip> [<ip>] port 22.
debug1: Connection established.
debug1: identity file /Users/antonio/.ssh/id_rsa type 1
debug1: key_load_public: No such file or directory
debug1: identity file /Users/antonio/.ssh/id_rsa-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.9
debug1: Remote protocol version 2.0, remote software version OpenSSH_6.6.1p1 Ubuntu-2ubuntu2
debug1: match: OpenSSH_6.6.1p1 Ubuntu-2ubuntu2 pat OpenSSH_6.6.1* compat 0x04000000
debug2: fd 3 setting O_NONBLOCK
debug1: Authenticating to <ip>:22 as 'serveruser'
debug3: hostkeys_foreach: reading file "/Users/antonio/.ssh/known_hosts"
debug3: record_hostkey: found key type RSA in file /Users/antonio/.ssh/known_hosts:1
debug3: load_hostkeys: loaded 1 keys from <ip>
debug3: order_hostkeyalgs: prefer hostkeyalgs: [email protected],[email protected],ssh-rsa
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit: [email protected],ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: [email protected],[email protected],ssh-rsa,[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519,ssh-dss
debug2: kex_parse_kexinit: [email protected],aes128-ctr,aes192-ctr,aes256-ctr,[email protected],[email protected],arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,[email protected]
debug2: kex_parse_kexinit: [email protected],aes128-ctr,aes192-ctr,aes256-ctr,[email protected],[email protected],arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,[email protected]
debug2: kex_parse_kexinit: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-sha1,[email protected],[email protected],[email protected],[email protected],hmac-md5,hmac-ripemd160,[email protected],hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-sha1,[email protected],[email protected],[email protected],[email protected],hmac-md5,hmac-ripemd160,[email protected],hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,[email protected],zlib
debug2: kex_parse_kexinit: none,[email protected],zlib
debug2: kex_parse_kexinit: 
debug2: kex_parse_kexinit: 
debug2: kex_parse_kexinit: first_kex_follows 0 
debug2: kex_parse_kexinit: reserved 0 
debug2: kex_parse_kexinit: [email protected],ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss,ecdsa-sha2-nistp256
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,[email protected],[email protected],[email protected],aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,[email protected]
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,[email protected],[email protected],[email protected],aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,[email protected]
debug2: kex_parse_kexinit: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-md5,hmac-sha1,[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,[email protected],hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-md5,hmac-sha1,[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,[email protected],hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,[email protected]
debug2: kex_parse_kexinit: none,[email protected]
debug2: kex_parse_kexinit: 
debug2: kex_parse_kexinit: 
debug2: kex_parse_kexinit: first_kex_follows 0 
debug2: kex_parse_kexinit: reserved 0 
debug1: kex: server->client [email protected] <implicit> none
debug1: kex: client->server [email protected] <implicit> none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ssh-rsa SHA256:ceUAVoQrX7gnlD3N4j82eaYSO15RKgNDfdL66+cdTCA
debug3: hostkeys_foreach: reading file "/Users/antonio/.ssh/known_hosts"
debug3: record_hostkey: found key type RSA in file /Users/antonio/.ssh/known_hosts:1
debug3: load_hostkeys: loaded 1 keys from <ip>
debug1: Host '<ip>' is known and matches the RSA host key.
debug1: Found key in /Users/antonio/.ssh/known_hosts:1
debug2: set_newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug2: set_newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug2: key: /Users/antonio/.ssh/id_rsa (0x7f97e1713cb0), explicit
debug1: Authentications that can continue: publickey,password
debug3: start over, passed a different list publickey,password
debug3: preferred publickey,keyboard-interactive,password
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /Users/antonio/.ssh/id_rsa
debug3: send_pubkey_test
debug2: we sent a publickey packet, wait for reply
debug1: Authentications that can continue: publickey,password
debug2: we did not send a packet, disable method
debug3: authmethod_lookup password
debug3: remaining preferred: ,password
debug3: authmethod_is_enabled password
debug1: Next authentication method: password
serveruser@<ip>'s password:
    
por Antonio 24.10.2016 / 18:34

3 respostas

2

Finalmente, recebi a solução! No servidor minha pasta .ssh era de propriedade do usuário serveruser e do grupo root , quando eu mudei de grupo para hosting (group onde serveruser é). Tudo começou a funcionar bem. Obrigado a todos pela vossa ajuda!

    
por 25.10.2016 / 00:22
0

Você pode configurar seu cliente ssh para se conectar ao seu servidor usando outro nome de usuário por padrão. Em seu ~ / .ssh / config: 

Host serverhost
User serveruser

Dessa forma, você se conecta diretamente sem alterações para os usuários do servidor.

Então tenha certeza sobre as permissões dos arquivos ssh, na casa do servidor:

chmod 0700 .ssh; chmod 0600 .ssh / authorized_keys

    
por 24.10.2016 / 18:38
0

Executar: 

ssh-keygen -trsa -b2048 -f ~/.ssh/id_rsa_serveruser

Então 

cat ~/.ssh/id_rsa_serveruser.pub |ssh -lserveruser <hostname or IP of server> "cat >> .ssh/authorized_keys"

digite sua senha quando solicitado.

Em seu arquivo ~/.ssh/config : 

Host <nickname for connection>
Hostname <hostname or IP address of serverhost>
User serveruser
Identityfile2 ~/.ssh/id_rsa_serveruser

e você deve poder usar 

ssh <nickname for connection>

e você não será solicitado a fornecer uma senha. se isso não funcionar, certifique-se de que o arquivo ~/.ssh/authorized_keys realmente exista com as permissões apropriadas no servidor

EDITAR

I can see that there's still wrong username at the end of this file: antonio@Antonio-Home. Maybe, there's the problem?

da página ssh-keygen man: 

For RSA1 keys, there is also a comment field in the key file that is only for convenience to the user
     to help identify the key.  The comment can tell what the key is for, or whatever is useful.  The com-
     ment is initialized to ''user@host'' when the key is created, but can be changed using the -c option.

Eu acho que o "nome de usuário" que você vê no final deste arquivo .pub é esse comentário, então provavelmente esse não é o problema.

    
por 24.10.2016 / 18:50

Tags

Nginx: Como faço para replicar o arquivo other_vhosts_access.log do Apache para obter o vhost no início da linha de log? Traduza o nome do recurso do Windows de Powershell para DISM