cli sftp não está usando a chave ssh especificada [closed]

0

Informação:

[foo@mysql01 .ssh]$ cat /etc/centos-release ;pwd ;ls -al
CentOS release 6.9 (Final)
/home/foo/.ssh
total 20
drwx------ 2 foo foo 4096 Oct  3 11:00 .
drwx------ 3 foo foo 4096 Oct  3 11:09 ..
-rw------- 1 foo foo 3311 Oct  3 10:54 id_rsa-foo
-rw------- 1 foo foo  742 Oct  3 10:54 id_rsa-foo.pub
-rw-r--r-- 1 foo foo  403 Oct  3 10:55 known_hosts

ssh regular funciona bem com chave:

[foo@mysql01 .ssh]$ ssh -v bar@sftp01 -i ./id_rsa-foo
OpenSSH_5.3p1, OpenSSL 1.0.1e-fips 11 Feb 2013
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Connecting to sftp01 [192.168.10.104] port 22.
debug1: Connection established.
debug1: identity file ./id_rsa-foo type 1
debug1: identity file ./id_rsa-foo-cert type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.3
debug1: match: OpenSSH_5.3 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.3
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-sha1 none
debug1: kex: client->server aes128-ctr hmac-sha1 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<2048<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host 'sftp01' is known and matches the RSA host key.
debug1: Found key in /home/foo/.ssh/known_hosts:1
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
debug1: Next authentication method: gssapi-keyex
debug1: No valid Key exchange context
debug1: Next authentication method: gssapi-with-mic
debug1: Unspecified GSS failure.  Minor code may provide more information
Credentials cache file '/tmp/krb5cc_500' not found

debug1: Unspecified GSS failure.  Minor code may provide more information
Credentials cache file '/tmp/krb5cc_500' not found

debug1: Next authentication method: publickey
debug1: Offering public key: ./id_rsa-foo
debug1: Server accepts key: pkalg ssh-rsa blen 533
debug1: PEM_read_PrivateKey failed
debug1: read PEM private key done: type <unknown>
Enter passphrase for key './id_rsa-foo': 
debug1: read PEM private key done: type RSA
debug1: Authentication succeeded (publickey).
debug1: channel 0: new [client-session]
debug1: Requesting [email protected]
debug1: Entering interactive session.
debug1: Sending environment.
Last login: Tue Oct  3 10:58:21 2017 from 192.168.10.109
[bar@sftp01 ~]$ 

O SFTP não parece usar o arquivo de chave que eu especificar - trys todos os padrões (comportamento similar no Mac OSX):

[foo@mysql01 .ssh]$ sftp -v bar@sftp01 -oIdentityFile=./id_rsa-foo
Connecting to sftp01...
OpenSSH_5.3p1, OpenSSL 1.0.1e-fips 11 Feb 2013
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Connecting to sftp01 [192.168.10.104] port 22.
debug1: Connection established.
debug1: identity file /home/foo/.ssh/id_rsa type -1
debug1: identity file /home/foo/.ssh/id_rsa-cert type -1
debug1: identity file /home/foo/.ssh/id_dsa type -1
debug1: identity file /home/foo/.ssh/id_dsa-cert type -1
debug1: identity file /home/foo/.ssh/id_ecdsa type -1
debug1: identity file /home/foo/.ssh/id_ecdsa-cert type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.3
debug1: match: OpenSSH_5.3 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.3
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-sha1 none
debug1: kex: client->server aes128-ctr hmac-sha1 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<2048<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host 'sftp01' is known and matches the RSA host key.
debug1: Found key in /home/foo/.ssh/known_hosts:1
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
debug1: Next authentication method: gssapi-keyex
debug1: No valid Key exchange context
debug1: Next authentication method: gssapi-with-mic
debug1: Unspecified GSS failure.  Minor code may provide more information
Credentials cache file '/tmp/krb5cc_500' not found

debug1: Unspecified GSS failure.  Minor code may provide more information
Credentials cache file '/tmp/krb5cc_500' not found

debug1: Next authentication method: publickey
debug1: Trying private key: /home/foo/.ssh/id_rsa
debug1: Trying private key: /home/foo/.ssh/id_dsa
debug1: Trying private key: /home/foo/.ssh/id_ecdsa
debug1: Next authentication method: password
bar@sftp01's password: 

Nota: o sftp funciona bem se eu renomear as teclas para um padrão (como "id_rsa" & "id_rsa.pub"), mas estou tentando evitar isso.

    
por Zell 03.10.2017 / 18:15

1 resposta

0

@sato_katsura Você está certo! Eu tive que mover os argumentos ao redor (estranho):

[foo@mysql01 .ssh]$ sftp -v -oIdentityFile=./id_rsa-foo bar@sftp01
Connecting to sftp01...
OpenSSH_5.3p1, OpenSSL 1.0.1e-fips 11 Feb 2013
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Connecting to sftp01 [192.168.10.104] port 22.
debug1: Connection established.
debug1: identity file ./id_rsa-foo type 1
debug1: identity file ./id_rsa-foo-cert type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.3
debug1: match: OpenSSH_5.3 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.3
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-sha1 none
debug1: kex: client->server aes128-ctr hmac-sha1 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<2048<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host 'sftp01' is known and matches the RSA host key.
debug1: Found key in /home/foo/.ssh/known_hosts:1
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
debug1: Next authentication method: gssapi-keyex
debug1: No valid Key exchange context
debug1: Next authentication method: gssapi-with-mic
debug1: Unspecified GSS failure.  Minor code may provide more information
Credentials cache file '/tmp/krb5cc_500' not found

debug1: Unspecified GSS failure.  Minor code may provide more information
Credentials cache file '/tmp/krb5cc_500' not found

debug1: Next authentication method: publickey
debug1: Offering public key: ./id_rsa-foo
debug1: Server accepts key: pkalg ssh-rsa blen 533
debug1: PEM_read_PrivateKey failed
debug1: read PEM private key done: type <unknown>
Enter passphrase for key './id_rsa-foo': 
debug1: read PEM private key done: type RSA
debug1: Authentication succeeded (publickey).
debug1: channel 0: new [client-session]
debug1: Requesting [email protected]
debug1: Entering interactive session.
debug1: Sending environment.
debug1: Sending subsystem: sftp
sftp> 
    
por 04.10.2017 / 00:01

Tags