Re: Una de SSH

To: Llista Debian Català <debian-user-catalan@lists.debian.org>
Subject: Re: Una de SSH
From: Ricard Pradell <rpbsant@gmail.com>
Date: Sun, 6 Sep 2009 14:18:19 +0200
Message-id: <b7251f310909060518r6340c397g6e72bc4c67adc68@mail.gmail.com>
In-reply-to: <200909051810.58410.orestes@tsc.upc.edu>
References: <200909051810.58410.orestes@tsc.upc.edu>
Si que és estrany... suposo que deus haver mirat i remirat el
/etc/ssh/sshd_config de la banda del servidor... dono per suposat que
deus tenir:
RSAAuthentication yes
PubkeyAuthentication yes

Per provar, pots deshabilitar completament l'autenticació per
password, que si no recordo malament era posant:
PasswordAuthentication no

Comprova que la copia de la clau a authorized_keys sigui correcta.
Pots provar-ho amb
$ssh-copy-id -i id_rsa.pub user@host

T'envio el resultat de debugar les meves connexions per si et dóna alguna pista:

debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Trying private key: /home/rpb/.ssh/identity
debug1: Offering public key: /home/rpb/.ssh/id_rsa
debug1: Server accepts key: pkalg ssh-rsa blen 277
debug1: read PEM private key done: type RSA
debug1: Authentication succeeded (publickey).
debug1: channel 0: new [client-session]
debug1: Requesting no-more-sessions@openssh.com
debug1: Entering interactive session.
debug1: Sending environment.
debug1: Sending env LANG = ca_ES.UTF-8

Ricard


El 5 / setembre / 2009 18:10, Orestes Mas<orestes@tsc.upc.edu> va escriure:
> Hola,
>
> Tinc un contenciós amb el SSH que m'està portant de cap. A veure si algú de
> vosaltres hi veu la llum.
>
> La cosa és senzilla d'explicar: vull connectar via ssh a un servidor, i vull
> fer-ho sense password, és a dir amb clau ssh. Sé com fer-ho, i ho he fet
> altres vegades: Em genero un parell de claus RSA pública/privada, i copio la
> clau pública al fitxer .ssh/authorized_keys del servidor, però no hi ha
> manera. SEMPRE EM DEMANA EL PASSWORD. Abans que feu les vostres hipòtesis,
> deixeu-me dir el següent.
>
> - No sembla un problema de permisos dels fitxers, atès que la cosa funciona
> cap a altres servidors, i els fitxers implicats tenen els mateixos permisos
> (700 el directori .ssh i 600 els fitxers implicats).
>
> - Les claus estan ben generades. He repetit el procés diverses vegades, i amb
> altres 2 servidors funciona sense problemes.
>
> - No sembla cosa dels paràmetres del servidor SSH, perquè me'ls he repassat i
> no hi veig res estrany o diferent als altres servidors.
>
> - AQUESTA ÉS BONA: Si intento establir una sessió ssh per primer cop,
> l'autenticació per clau falla i em demana el password, però un cop establida,
> si provo d'establir-ne una segona des d'un altre terminal, ALESHORES
> FUNCIONA!! És de bojos.
>
> Si voleu els logs..., però no hi veig res estrany:
>
> Quan no funciona:
> debug1: Reading configuration data /home/orestes/.ssh/config
> debug1: Reading configuration data /etc/ssh/ssh_config
> debug1: Applying options for *
> debug1: Connecting to xx.xx.xx.xx [xx.xx.xx.xx] port 22.
> (**una mica de privacitat, que la llista és pública**)
> debug1: Connection established.
> debug1: identity file /home/orestes/.ssh/identity type 1
> debug1: Checking blacklist file /usr/share/ssh/blacklist.RSA-2048
> debug1: Checking blacklist file /etc/ssh/blacklist.RSA-2048
> debug1: identity file /home/orestes/.ssh/id_rsa type 1
> debug1: Checking blacklist file /usr/share/ssh/blacklist.RSA-2048
> debug1: Checking blacklist file /etc/ssh/blacklist.RSA-2048
> debug1: identity file /home/orestes/.ssh/id_dsa type -1
> debug1: Remote protocol version 2.0, remote software version OpenSSH_5.1p1
> Debian-5ubuntu1
> debug1: match: OpenSSH_5.1p1 Debian-5ubuntu1 pat OpenSSH*
> debug1: Enabling compatibility mode for protocol 2.0
> debug1: Local version string SSH-2.0-OpenSSH_5.1p1 Debian-5ubuntu1
> debug1: SSH2_MSG_KEXINIT sent
> debug1: SSH2_MSG_KEXINIT received
> debug1: kex: server->client aes128-cbc hmac-md5 none
> debug1: kex: client->server aes128-cbc hmac-md5 none
> debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
> debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
> debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
> debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
> debug1: Host 'xx.xx.xx.xx' is known and matches the RSA host key.
> debug1: Found key in /home/orestes/.ssh/known_hosts:29
> debug1: ssh_rsa_verify: signature correct
> debug1: SSH2_MSG_NEWKEYS sent
> debug1: expecting SSH2_MSG_NEWKEYS
> debug1: SSH2_MSG_NEWKEYS received
> debug1: SSH2_MSG_SERVICE_REQUEST sent
> debug1: SSH2_MSG_SERVICE_ACCEPT received
> debug1: Authentications that can continue: publickey,password
> debug1: Next authentication method: publickey
> debug1: Offering public key: /home/orestes/.ssh/identity
> debug1: Authentications that can continue: publickey,password
> debug1: Offering public key: /home/orestes/.ssh/id_rsa
> debug1: Authentications that can continue: publickey,password
> debug1: Trying private key: /home/orestes/.ssh/id_dsa
> debug1: Next authentication method: password
> orestes@xx.xx.xx.xx's password:
>
>
> I quan funciona (és a dir amb una altra sessió establerta):
> debug1: Reading configuration data /home/orestes/.ssh/config
> debug1: Reading configuration data /etc/ssh/ssh_config
> debug1: Applying options for *
> debug1: Connecting to xx.xx.xx.xx [xx.xx.xx.xx] port 22.
> debug1: Connection established.
> debug1: identity file /home/orestes/.ssh/identity type 1
> debug1: Checking blacklist file /usr/share/ssh/blacklist.RSA-2048
> debug1: Checking blacklist file /etc/ssh/blacklist.RSA-2048
> debug1: identity file /home/orestes/.ssh/id_rsa type 1
> debug1: Checking blacklist file /usr/share/ssh/blacklist.RSA-2048
> debug1: Checking blacklist file /etc/ssh/blacklist.RSA-2048
> debug1: identity file /home/orestes/.ssh/id_dsa type -1
> debug1: Remote protocol version 2.0, remote software version OpenSSH_5.1p1
> Debian-5ubuntu1
> debug1: match: OpenSSH_5.1p1 Debian-5ubuntu1 pat OpenSSH*
> debug1: Enabling compatibility mode for protocol 2.0
> debug1: Local version string SSH-2.0-OpenSSH_5.1p1 Debian-5ubuntu1
> debug1: SSH2_MSG_KEXINIT sent
> debug1: SSH2_MSG_KEXINIT received
> debug1: kex: server->client aes128-cbc hmac-md5 none
> debug1: kex: client->server aes128-cbc hmac-md5 none
> debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
> debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
> debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
> debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
> debug1: Host 'xx.xx.xx.xx' is known and matches the RSA host key.
> debug1: Found key in /home/orestes/.ssh/known_hosts:29
> debug1: ssh_rsa_verify: signature correct
> debug1: SSH2_MSG_NEWKEYS sent
> debug1: expecting SSH2_MSG_NEWKEYS
> debug1: SSH2_MSG_NEWKEYS received
> debug1: SSH2_MSG_SERVICE_REQUEST sent
> debug1: SSH2_MSG_SERVICE_ACCEPT received
> debug1: Authentications that can continue: publickey,password
> debug1: Next authentication method: publickey
> debug1: Offering public key: /home/orestes/.ssh/identity
> debug1: Server accepts key: pkalg ssh-rsa blen 277
> debug1: Authentication succeeded (publickey).
> debug1: channel 0: new [client-session]
> debug1: Requesting no-more-sessions@openssh.com
> debug1: Entering interactive session.
> debug1: Sending environment.
> debug1: Sending env LANG = ca_ES.UTF-8
> (i aquí ve el prompt del bash)
>
> No ho trobeu estrany? Algú té alguna idea?
>
> --
>  Orestes Mas Casals - UPC
>
>
> --
> To UNSUBSCRIBE, email to debian-user-catalan-REQUEST@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
>
>
Reply to:
Follow-Ups:
- Re: Una de SSH
  - From: Oscar Osta Pueyo <oostap.listas@gmail.com>
- Re: Una de SSH
  - From: Orestes Mas <orestes@tsc.upc.edu>
References:
- Una de SSH
  - From: Orestes Mas <orestes@tsc.upc.edu>
Prev by Date: Re: Una de SSH
Next by Date: Re: Una de SSH
Previous by thread: Re: Una de SSH
Next by thread: Re: Una de SSH
Index(es):
- Date
- Thread