como eu uso o ssh com acesso à chave em 11.10

2

Eu usei o ssh before e o acesso por senha do meu novo laptop asus k53by com uma nova instalação 11.10 para o servidor dev funcionar bem.

Eu queria configurar o acesso principal para maior segurança e facilidade de script, e fiz o seguinte:

paul@paul-K53BY:~/.ssh$ ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/home/paul/.ssh/id_rsa): 
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /home/paul/.ssh/id_rsa.
Your public key has been saved in /home/paul/.ssh/id_rsa.pub.
The key fingerprint is:
7e:91:b2:2b:a9:bc:f8:11:d1:aa:ea:41:c5:1a:39:ff paul@paul-K53BY
paul@paul-K53BY:~/.ssh$ ssh-copy-id -i id_rsa.pub 10.1.1.28
[email protected]'s password: 

Agora tente fazer login na máquina, com "ssh '10 .1.1.28 '", e faça o check-in:

~/.ssh/authorized_keys

para garantir que não adicionamos chaves extras que você não esperava.

paul@paul-K53BY:~/.ssh$ ssh 10.1.1.28
[email protected]'s password: 
  • Tudo parecia funcionar, mas eu ainda precisava usar a senha. Eu também queria um identificador conveniente para o servidor (sem o incômodo do DNS), então eu configurei o ~ / .ssh / config da seguinte forma:

    Host dev
    
    HostName 10.1.1.28
    PasswordAuthentication no
    PubkeyAuthentication yes
    
  • ssh dev então falhou:

    paul@paul-K53BY:~/.ssh$ ssh dev
    Permission denied (publickey,password).
    
  • A troca de senha novamente mostrou que o ssh dev funciona bem com a senha.

    paul@paul-K53BY:~/.ssh$ ssh -vvv dev
    OpenSSH_5.8p1 Debian-7ubuntu1, OpenSSL 1.0.0e 6 Sep 2011
    debug1: Reading configuration data /home/paul/.ssh/config
    debug1: Applying options for dev
    debug1: Reading configuration data /etc/ssh/ssh_config
    debug1: Applying options for *
    debug2: ssh_connect: needpriv 0
    debug1: Connecting to 10.1.1.28 [10.1.1.28] port 22.
    debug1: Connection established.
    debug3: Incorrect RSA1 identifier
    debug3: Could not load "/home/paul/.ssh/id_rsa" as a RSA1 public key
    debug2: key_type_from_name: unknown key type '-----BEGIN'
    debug3: key_read: missing keytype
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug2: key_type_from_name: unknown key type '-----END'
    debug3: key_read: missing keytype
    debug1: identity file /home/paul/.ssh/id_rsa type 1
    debug1: Checking blacklist file /usr/share/ssh/blacklist.RSA-2048
    debug1: Checking blacklist file /etc/ssh/blacklist.RSA-2048
    debug1: identity file /home/paul/.ssh/id_rsa-cert type -1
    debug1: identity file /home/paul/.ssh/id_dsa type -1
    debug1: identity file /home/paul/.ssh/id_dsa-cert type -1
    debug1: identity file /home/paul/.ssh/id_ecdsa type -1
    debug1: identity file /home/paul/.ssh/id_ecdsa-cert type -1
    debug1: Remote protocol version 2.0, remote software version OpenSSH_5.3p1 Debian-3ubuntu7
    debug1: match: OpenSSH_5.3p1 Debian-3ubuntu7 pat OpenSSH*
    debug1: Enabling compatibility mode for protocol 2.0
    debug1: Local version string SSH-2.0-OpenSSH_5.8p1 Debian-7ubuntu1
    debug2: fd 3 setting O_NONBLOCK
    debug3: load_hostkeys: loading entries for host "10.1.1.28" from file "/home/paul/.ssh/known_hosts"
    debug3: load_hostkeys: found key type RSA in file /home/paul/.ssh/known_hosts:1
    debug3: load_hostkeys: loaded 1 keys
    debug3: order_hostkeyalgs: prefer hostkeyalgs: [email protected],[email protected],ssh-rsa
    debug1: SSH2_MSG_KEXINIT sent
    debug1: SSH2_MSG_KEXINIT received
    debug2: kex_parse_kexinit: ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
    debug2: kex_parse_kexinit: [email protected],[email protected],ssh-rsa,[email protected],[email protected],[email protected],[email protected],[email protected],ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-dss
    debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,[email protected]
    debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,[email protected]
    debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,[email protected],hmac-ripemd160,[email protected],hmac-sha1-96,hmac-md5-96
    debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,[email protected],hmac-ripemd160,[email protected],hmac-sha1-96,hmac-md5-96
    debug2: kex_parse_kexinit: none,[email protected],zlib
    debug2: kex_parse_kexinit: none,[email protected],zlib
    debug2: kex_parse_kexinit: 
    debug2: kex_parse_kexinit: 
    debug2: kex_parse_kexinit: first_kex_follows 0 
    debug2: kex_parse_kexinit: reserved 0 
    debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
    debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
    debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,[email protected]
    debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,[email protected]
    debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,[email protected],hmac-ripemd160,[email protected],hmac-sha1-96,hmac-md5-96
    debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,[email protected],hmac-ripemd160,[email protected],hmac-sha1-96,hmac-md5-96
    debug2: kex_parse_kexinit: none,[email protected]
    debug2: kex_parse_kexinit: none,[email protected]
    debug2: kex_parse_kexinit: 
    debug2: kex_parse_kexinit: 
    debug2: kex_parse_kexinit: first_kex_follows 0 
    debug2: kex_parse_kexinit: reserved 0 
    debug2: mac_setup: found hmac-md5
    debug1: kex: server->client aes128-ctr hmac-md5 none
    debug2: mac_setup: found hmac-md5
    debug1: kex: client->server aes128-ctr hmac-md5 none
    debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
    debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
    debug2: dh_gen_key: priv key bits set: 123/256
    debug2: bits set: 500/1024
    debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
    debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
    debug1: Server host key: RSA eb:f9:56:b8:ae:b0:de:27:92:06:8f:ac:c1:43:e4:64
    debug3: load_hostkeys: loading entries for host "10.1.1.28" from file "/home/paul/.ssh/known_hosts"
    debug3: load_hostkeys: found key type RSA in file /home/paul/.ssh/known_hosts:1
    debug3: load_hostkeys: loaded 1 keys
    debug1: Host '10.1.1.28' is known and matches the RSA host key.
    debug1: Found key in /home/paul/.ssh/known_hosts:1
    debug2: bits set: 511/1024
    debug1: ssh_rsa_verify: signature correct
    debug2: kex_derive_keys
    debug2: set_newkeys: mode 1
    debug1: SSH2_MSG_NEWKEYS sent
    debug1: expecting SSH2_MSG_NEWKEYS
    debug2: set_newkeys: mode 0
    debug1: SSH2_MSG_NEWKEYS received
    debug1: Roaming not allowed by server
    debug1: SSH2_MSG_SERVICE_REQUEST sent
    debug2: service_accept: ssh-userauth
    debug1: SSH2_MSG_SERVICE_ACCEPT received
    debug2: key: /home/paul/.ssh/id_rsa (0xb9434eb0)
    debug2: key: /home/paul/.ssh/id_dsa ((nil))
    debug2: key: /home/paul/.ssh/id_ecdsa ((nil))
    debug1: Authentications that can continue: publickey,password
    debug3: start over, passed a different list publickey,password
    debug3: preferred gssapi-keyex,gssapi-with-mic,publickey,keyboard-interactive
    debug3: authmethod_lookup publickey
    debug3: remaining preferred: keyboard-interactive
    debug3: authmethod_is_enabled publickey
    debug1: Next authentication method: publickey
    debug1: Offering RSA public key: /home/paul/.ssh/id_rsa
    debug3: send_pubkey_test
    debug2: we sent a publickey packet, wait for reply
    debug1: Authentications that can continue: publickey,password
    debug1: Trying private key: /home/paul/.ssh/id_dsa
    debug3: no such identity: /home/paul/.ssh/id_dsa
    debug1: Trying private key: /home/paul/.ssh/id_ecdsa
    debug3: no such identity: /home/paul/.ssh/id_ecdsa
    debug2: we did not send a packet, disable method
    debug1: No more authentication methods to try.
    Permission denied (publickey,password).
    

Toda essa saída está me dizendo algo, mas não tenho certeza do que. O que eu fiz de errado e por que não posso obter esse ssh por chave para funcionar?

Parece haver algumas perguntas aqui sobre 11.10 problemas de acesso ssh / key, mas não pude ver nada que eu pudesse tentar em qualquer lugar que pudesse resolver isso para mim.

    
por Whippy 13.12.2011 / 11:20

1 resposta

2

Em primeiro lugar,

  

debug3: Identificador RSA1 incorreto

     

debug3: Não foi possível carregar "/home/paul/.ssh/id_rsa" como uma chave pública RSA1

     

debug2: key_type_from_name: tipo de chave desconhecido '----- BEGIN'

Uma chave pública não inicia com as palavras '----- BEGIN'. Essas são as palavras encontradas em uma chave privada.

Em segundo lugar, você tem certeza de que isso funcionou:

  

paul @ paul-K53BY: ~ / .ssh $ ssh-copy-id -i id_rsa.pub 10.1.1.28

tente:

  

ssh-copy-id 10.1.1.28

(este será o padrão para ~ / .ssh / id_rsa.pub. Não tenho certeza se o caminho completo é obrigatório ou não).

Em terceiro lugar, a sua pasta pessoal no servidor está encriptada? Se estiver, você precisa fazer login fisicamente no servidor e manter essa sessão aberta o tempo todo. Então, quando você ssh da sua máquina para o servidor, as chaves ssh serão usadas automaticamente

    
por rigved 13.12.2011 / 12:48