SSH ainda pedindo senha mesmo depois de eu ter tentado de tudo (que eu saiba)

Question

SSH ainda pedindo senha mesmo depois de eu ter tentado de tudo (que eu saiba)

#1 resposta do (1 votos)

0

ssh ainda está pedindo uma senha, mesmo que eu tenha feito tudo pelo livro. Eu incluí todas as saídas, desde o início. Alguma idéia?

Obrigado!

Gary

1) Gerando pares de chaves rsa pública / privada e verificando permissões no host local

Editar: = > Como se viu, esse era o problema. O par de chaves precisava ser gerado na máquina remota, não na máquina local, já que «Mat» apontou no primeiro comentário. Por favor, leia os muitos comentários na solução, se você precisar saber como chegamos lá.

on local computer:
mms: admin$ ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/Users/admin/.ssh/id_rsa): 
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /Users/admin/.ssh/id_rsa.
Your public key has been saved in /Users/admin/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:ekIFdhbYVGnWsRcpyhPXRPDF5LTqYI+u6l3URsIjC90 [email protected]
The key's randomart image is:
+---[RSA 2048]----+
|      o+=o.oo*+++|
|     ..+o B +oo=o|
|       ..* E.oo..|
|       .. * =..  |
|      . S. = +   |
|     . .  o *    |
|      o .  o o   |
|       o. o      |
|      .o.o..     |
+----[SHA256]-----+

mms: admin$ pwd && ls -al
/Users/admin/.ssh
total 16
drwx------   4 admin  staff   136 Dec 26 09:37 .
drwxr-xr-x+ 32 admin  staff  1088 Dec 26 08:53 ..
-rw-------   1 admin  staff  1675 Dec 26 09:37 id_rsa
-rw-r--r--   1 admin  staff   401 Dec 26 09:37 id_rsa.pub

2) Copiando chave pública: (do host remoto, porque o host remoto não pode ser acessado remotamente)

server:.ssh sinclair$ scp [email protected]:.ssh/id_rsa.pub ~/.ssh/authorized_keys
The authenticity of host 'domain-of-local-computer.com (123.456.789.012)' can't be established.
RSA key fingerprint is 1f:14:32:84:c4:f8:4e:25:df:2d:56:49:e6:e5:79:1d.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'domain-of-local-computer.com,123.456.789.012' (RSA) to the list of known hosts.
Password:
id_rsa.pub
100%  401     0.4KB/s   00:00

3) Copiando chave privada e verificando permissões:

Editar (por sugestão)

server:.ssh sinclair$ scp [email protected]:.ssh/id_rsa ~/.ssh/id_rsa
Password:
id_rsa
100% 1675     1.6KB/s   00:00    
server:.ssh sinclair$ ls -al
server:.ssh sinclair$ scp [email protected]:.ssh/id_rsa ~/.ssh/id_rsa
Password:
id_rsa                                                                                                        100% 1675     1.6KB/s   00:00    
server:.ssh sinclair$ ls -al
total 24
drwx------   5 sinclair  staff   170 26 Dez 12:07 .
drwxr-xr-x+ 18 sinclair  staff   612 10 Dez 09:19 ..
-rw-------   1 sinclair  staff   401 26 Dez 09:58 authorized_keys
-rw-------   1 sinclair  staff  1675 26 Dez 12:07 id_rsa
-rw-r--r--   1 sinclair  staff   410 26 Dez 09:58 known_hosts

4) ssh ainda pede senha (saída -vvv) [edite após mudanças sugeridas]

server:.ssh sinclair$ ssh -vvv [email protected]
OpenSSH_5.2p1, OpenSSL 0.9.8k 25 Mar 2009
debug1: Reading configuration data /etc/ssh_config
debug2: ssh_connect: needpriv 0
debug1: Connecting to domain-of-local-computer.com [123.456.789.012] port 22.
debug1: Connection established.
debug1: identity file /Users/sinclair/.ssh/identity type -1
debug3: Not a RSA1 key file /Users/sinclair/.ssh/id_rsa.
debug2: key_type_from_name: unknown key type '-----BEGIN'
debug3: key_read: missing keytype
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug2: key_type_from_name: unknown key type '-----END'
debug3: key_read: missing keytype
debug1: identity file /Users/sinclair/.ssh/id_rsa type -1
debug1: identity file /Users/sinclair/.ssh/id_dsa type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_6.9
debug1: match: OpenSSH_6.9 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.2
debug2: fd 3 setting O_NONBLOCK
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,[email protected]
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,[email protected]
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,[email protected],hmac-ripemd160,[email protected],hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,[email protected],hmac-ripemd160,[email protected],hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,[email protected],zlib
debug2: kex_parse_kexinit: none,[email protected],zlib
debug2: kex_parse_kexinit: 
debug2: kex_parse_kexinit: 
debug2: kex_parse_kexinit: first_kex_follows 0 
debug2: kex_parse_kexinit: reserved 0 
debug2: kex_parse_kexinit: [email protected],ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss,ecdsa-sha2-nistp256,ssh-ed25519
debug2: kex_parse_kexinit: [email protected],aes128-ctr,aes192-ctr,aes256-ctr,[email protected],[email protected]
debug2: kex_parse_kexinit: [email protected],aes128-ctr,aes192-ctr,aes256-ctr,[email protected],[email protected]
debug2: kex_parse_kexinit: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: kex_parse_kexinit: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: kex_parse_kexinit: none,[email protected]
debug2: kex_parse_kexinit: none,[email protected]
debug2: kex_parse_kexinit: 
debug2: kex_parse_kexinit: 
debug2: kex_parse_kexinit: first_kex_follows 0 
debug2: kex_parse_kexinit: reserved 0 
debug2: mac_setup: found hmac-sha1
debug1: kex: server->client aes128-ctr hmac-sha1 none
debug2: mac_setup: found hmac-sha1
debug1: kex: client->server aes128-ctr hmac-sha1 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<2048<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug2: dh_gen_key: priv key bits set: 158/320
debug2: bits set: 1048/2048
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug3: check_host_in_hostfile: filename /Users/sinclair/.ssh/known_hosts
debug3: check_host_in_hostfile: match line 1
debug3: check_host_in_hostfile: filename /Users/sinclair/.ssh/known_hosts
debug3: check_host_in_hostfile: match line 1
debug1: Host 'domain-of-local-computer.com' is known and matches the RSA host key.
debug1: Found key in /Users/sinclair/.ssh/known_hosts:1
debug2: bits set: 1023/2048
debug1: ssh_rsa_verify: signature correct
debug2: kex_derive_keys
debug2: set_newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug2: set_newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug2: key: /Users/sinclair/.ssh/identity (0x0)
debug2: key: /Users/sinclair/.ssh/id_rsa (0x0)
debug2: key: /Users/sinclair/.ssh/id_dsa (0x0)
debug1: Authentications that can continue: publickey,keyboard-interactive
debug3: start over, passed a different list publickey,keyboard-interactive
debug3: preferred publickey,keyboard-interactive,password
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Trying private key: /Users/sinclair/.ssh/identity
debug3: no such identity: /Users/sinclair/.ssh/identity
debug1: Trying private key: /Users/sinclair/.ssh/id_rsa
debug1: read PEM private key done: type RSA
debug3: sign_and_send_pubkey
debug2: we sent a publickey packet, wait for reply
debug1: Authentications that can continue: publickey,keyboard-interactive
debug1: Trying private key: /Users/sinclair/.ssh/id_dsa
debug3: no such identity: /Users/sinclair/.ssh/id_dsa
debug2: we did not send a packet, disable method
debug3: authmethod_lookup keyboard-interactive
debug3: remaining preferred: password
debug3: authmethod_is_enabled keyboard-interactive
debug1: Next authentication method: keyboard-interactive
debug2: userauth_kbdint
debug2: we sent a keyboard-interactive packet, wait for reply
debug2: input_userauth_info_req
debug2: input_userauth_info_req: num_prompts 1

Password:

debug3: packet_send2: adding 32 (len 21 padlen 11 extra_pad 64)
debug2: input_userauth_info_req
debug2: input_userauth_info_req: num_prompts 0
debug3: packet_send2: adding 48 (len 10 padlen 6 extra_pad 64)
debug1: Authentication succeeded (keyboard-interactive).
debug1: channel 0: new [client-session]
debug3: ssh_session2_open: channel_new: 0
debug2: channel 0: send open
debug1: Requesting [email protected]
debug1: Entering interactive session.
debug1: client_input_global_request: rtype [email protected] want_reply 0
debug2: callback start
debug2: client_session2_setup: id 0
debug2: channel 0: request pty-req confirm 1
debug2: channel 0: request shell confirm 1
debug2: fd 3 setting TCP_NODELAY
debug2: callback done
debug2: channel 0: open confirm rwindow 0 rmax 32768
debug2: channel_input_status_confirm: type 99 id 0
debug2: PTY allocation request accepted on channel 0
debug2: channel 0: rcvd adjust 2097152
debug2: channel_input_status_confirm: type 99 id 0
debug2: shell request accepted on channel 0
Last login: Sat Dec 26 12:22:40 2015 from 123.456.789.012
mms:~ admin$

Não consigo examinar os arquivos de log (/var/log/auth.log ou /var/log/daemon.log não existem e não sei onde eles estão localizados). Computador local é um Mac rodando 10.10.5 e computador remoto é um Mac rodando 10.6 (o qual não pode ser alterado).

Obrigado!

ssh password openssh

por Gary Czychi 26.12.2015 / 10:50

1 resposta

Tags ssh password openssh

alterando a unidade de inicialização do grub Pular para a iteração de loop, dependendo da resposta à seleção interna

score 1 · Accepted Answer

(I'm wondering if the term "[email protected]" could cause any problems. Thats the name of the local host computer in the local network. fritz.box is the router's name)

Não, é que acabou de comentar .

debug1: identity file /Users/sinclair/.ssh/id_rsa type -1
[...]
debug1: Trying private key: /Users/sinclair/.ssh/id_rsa
debug3: no such identity: /Users/sinclair/.ssh/id_rsa

Seu cliente não está usando a chave.

Para comentar @Mat, no cliente, você precisa do ~/.ssh/id_rsa acessível e no servidor ~/.ssh/authorized_keys . Você configurou de outra maneira.