O login da chave SSH não está funcionando

Navegue suas respostas
1

Estou tendo alguns problemas para fazer login em um servidor para o SSH por meio de uma chave

esta é a saída do cliente: ssh '[email protected]' -p 2201 -v 

OpenSSH_6.0p1 Debian-4, OpenSSL 1.0.1e 11 Feb 2013
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug1: Connecting to pdwhost [107.191.34.35] port 2201.
debug1: Connection established.
debug1: identity file /home/importer/.ssh/id_rsa type -1
debug1: identity file /home/importer/.ssh/id_rsa-cert type -1
debug1: identity file /home/importer/.ssh/id_dsa type 2
debug1: Checking blacklist file /usr/share/ssh/blacklist.DSA-1024
debug1: Checking blacklist file /etc/ssh/blacklist.DSA-1024
debug1: identity file /home/importer/.ssh/id_dsa-cert type -1
debug1: identity file /home/importer/.ssh/id_ecdsa type -1
debug1: identity file /home/importer/.ssh/id_ecdsa-cert type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_6.0p1 Debian-4+deb7u2
debug1: match: OpenSSH_6.0p1 Debian-4+deb7u2 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.0p1 Debian-4
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: sending SSH2_MSG_KEX_ECDH_INIT
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ECDSA cd:23:7f:17:0c:a3:97:37:71:97:ba:d0:0d:d6:7f:43
debug1: Host '[pdwhost]:2201' is known and matches the ECDSA host key.
debug1: Found key in /home/importer/.ssh/known_hosts:4
debug1: ssh_ecdsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Trying private key: /home/importer/.ssh/id_rsa
debug1: Offering DSA public key: /home/importer/.ssh/id_dsa
debug1: Authentications that can continue: publickey
debug1: Trying private key: /home/importer/.ssh/id_ecdsa
debug1: No more authentication methods to try.
Permission denied (publickey).

e esta é a saída no servidor (quando eu começo com -debug)

/ usr / sbin / sshd -d -p 22 

debug1: sshd version OpenSSH_6.0p1 Debian-4+deb7u2
debug1: read PEM private key done: type RSA
debug1: Checking blacklist file /usr/share/ssh/blacklist.RSA-2048
debug1: Checking blacklist file /etc/ssh/blacklist.RSA-2048
debug1: private host key: #0 type 1 RSA
debug1: read PEM private key done: type DSA
debug1: Checking blacklist file /usr/share/ssh/blacklist.DSA-1024
debug1: Checking blacklist file /etc/ssh/blacklist.DSA-1024
debug1: private host key: #1 type 2 DSA
debug1: read PEM private key done: type ECDSA
debug1: Checking blacklist file /usr/share/ssh/blacklist.ECDSA-256
debug1: Checking blacklist file /etc/ssh/blacklist.ECDSA-256
debug1: private host key: #2 type 3 ECDSA
debug1: rexec_argv[0]='/usr/sbin/sshd'
debug1: rexec_argv[1]='-d'
debug1: rexec_argv[2]='-p'
debug1: rexec_argv[3]='22'
Set /proc/self/oom_score_adj from 0 to -1000
debug1: Bind to port 22 on 0.0.0.0.
Server listening on 0.0.0.0 port 22.
debug1: Bind to port 22 on ::.
Server listening on :: port 22.
debug1: Server will not fork when running in debugging mode.
debug1: rexec start in 5 out 5 newsock 5 pipe -1 sock 8
debug1: inetd sockets after dupping: 3, 3
Connection from 144.76.186.42 port 58956
debug1: Client protocol version 2.0; client software version OpenSSH_6.0p1 Debian-4
debug1: match: OpenSSH_6.0p1 Debian-4 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.0p1 Debian-4+deb7u2
debug1: permanently_set_uid: 103/65534 [preauth]
debug1: list_hostkey_types: ssh-rsa,ssh-dss,ecdsa-sha2-nistp256 [preauth]
debug1: SSH2_MSG_KEXINIT sent [preauth]
debug1: SSH2_MSG_KEXINIT received [preauth]
debug1: kex: client->server aes128-ctr hmac-md5 none [preauth]
debug1: kex: server->client aes128-ctr hmac-md5 none [preauth]
debug1: expecting SSH2_MSG_KEX_ECDH_INIT [preauth]
debug1: SSH2_MSG_NEWKEYS sent [preauth]
debug1: expecting SSH2_MSG_NEWKEYS [preauth]
debug1: SSH2_MSG_NEWKEYS received [preauth]
debug1: KEX done [preauth]
debug1: userauth-request for user importer service ssh-connection method none [preauth]
debug1: attempt 0 failures 0 [preauth]
debug1: PAM: initializing for "importer"
debug1: PAM: setting PAM_RHOST to "static.42.clients.your-server.de"
debug1: PAM: setting PAM_TTY to "ssh"
debug1: userauth-request for user importer service ssh-connection method publickey [preauth]
debug1: attempt 1 failures 0 [preauth]
debug1: test whether pkalg/pkblob are acceptable [preauth]
debug1: Checking blacklist file /usr/share/ssh/blacklist.DSA-1024
debug1: Checking blacklist file /etc/ssh/blacklist.DSA-1024
debug1: temporarily_use_uid: 1000/1000 (e=0/0)
debug1: trying public key file /home/importer/.ssh/authorized_keys
debug1: fd 4 clearing O_NONBLOCK
debug1: restore_uid: 0/0
Failed publickey for importer from 144.XXX port 58956 ssh2
Connection closed by 144.XXX [preauth]
debug1: do_cleanup [preauth]
debug1: do_cleanup
debug1: PAM: cleanup
debug1: Killing privsep child 17937

Não tenho certeza do que está acontecendo aqui, o SSHD se mata quando o cliente tenta fazer o login. É um Debian 7 em um container openVZ (o host também é Debian 7)

SSH Login via senha funciona bem, eu apenas desabilitei para o propósito de testar o Key login, ele sempre pedia uma senha ao tentar o login da chave (como chave não funcionava).

Eu configurei o% HOME% para 700, o .ssh também está definido para 700, arquivos dentro de 500

Copiei a chave com ssh-copy-id (e fiz uma segunda vez). As chaves que estou usando são um pouco mais antigas, então eu não as criei apenas para este cliente SSH. Eu não consigo encontrar nenhum erro no authorized_keys

isto a partir do sshd_config 

RSAAuthentication yes 
PubkeyAuthentication yes
 AuthorizedKeysFile   %h/.ssh/authorized_keys

Ainda recebe uma chave pública com falha.

entre. Enquanto isso, tentei acessar o mesmo servidor de outro cliente: ssh-keygen -t rsa ssh-id-copy ssh ..

e funcionou, então deve ser algo no cliente acima

    
por Chris 28.01.2015 / 14:09

1 resposta

0

Primeiro, verifique o básico:

  1. o conteúdo do seu .ssh / authorized_keys está correto? Nenhuma quebra de linha extra na chave pública?

  2. as permissões do arquivo estão corretas? O sshd pode ser muito estrito com relação a isso: você deve ver lotes de 600 ou mesmo 400 (somente leitura para raiz). Citando seu log:

debug1: trying public key file /home/importer/.ssh/authorized_keys debug1: fd 4 clearing O_NONBLOCK debug1: restore_uid: 0/0 Failed publickey for importer from 144.XXX port 58956 ssh2

  1. O sshd pode até ser incomodado com as permissões de outras pastas
por 28.01.2015 / 16:27

Tags

servidor mysql principalmente pára de funcionar quando o log binário desativado RabbitMQ limitado a um escravo