Re: ssh-server non accetta le nuove chiavi
operatore@host113-236-static.28-87-b.business.telecomitalia.it wrote:
Dopo il recente "problemino" ho pensato "bene" di rigenerare chiave
pubblica e privata di ssh, come già fatto altre volte in passato
aggiungo i dati di debug lato client(riprovavo oggi su macchine diverse,
stesso problema
[quote]
debug1: Found key in /home/operatore/.ssh/known_hosts:1
debug2: bits set: 506/1024
debug1: ssh_rsa_verify: signature correct
debug2: kex_derive_keys
debug2: set_newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug2: set_newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug2: key: /home/operatore/.ssh/identity ((nil))
debug2: key: /home/operatore/.ssh/id_rsa (0x800565e0)
debug2: key: /home/operatore/.ssh/id_dsa ((nil))
debug1: Authentications that can continue: publickey
debug3: start over, passed a different list publickey
debug3: preferred
gssapi-keyex,gssapi-with-mic,gssapi,publickey,keyboard-interactive,password
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Trying private key: /home/operatore/.ssh/identity
debug3: no such identity: /home/operatore/.ssh/identity
debug1: Offering public key: /home/operatore/.ssh/id_rsa
debug3: send_pubkey_test
debug2: we sent a publickey packet, wait for reply
debug1: Authentications that can continue: publickey
debug1: Trying private key: /home/operatore/.ssh/id_dsa
debug3: no such identity: /home/operatore/.ssh/id_dsa
debug2: we did not send a packet, disable method
debug1: No more authentication methods to try.
Permission denied (publickey).
[/quote]
in questo caso, utilizzando la SOLA chiave pubblica legata alla chiave
privata attuale(in authorized_keys) ottengo
[quote]
May 16 11:37:55 P3-Deb31 sshd[25084]: debug1: Checking blacklist file
/etc/ssh/blacklist.RSA-2048
May 16 11:37:55 P3-Deb31 sshd[25084]: debug1: temporarily_use_uid:
1000/1000 (e=0/0)
May 16 11:37:55 P3-Deb31 sshd[25084]: debug1: trying public key file
/home/operatore/.ssh/authorized_keys
May 16 11:37:55 P3-Deb31 sshd[25084]: debug1: restore_uid: 0/0
May 16 11:37:55 P3-Deb31 sshd[25084]: debug2: key not found
May 16 11:37:55 P3-Deb31 sshd[25084]: debug1: temporarily_use_uid:
1000/1000 (e=0/0)
May 16 11:37:55 P3-Deb31 sshd[25084]: debug1: trying public key file
/home/operatore/.ssh/authorized_keys
May 16 11:37:55 P3-Deb31 sshd[25084]: debug1: restore_uid: 0/0
May 16 11:37:55 P3-Deb31 sshd[25084]: debug2: key not found
May 16 11:37:55 P3-Deb31 sshd[25084]: debug3: mm_answer_keyallowed: key
0x80a9888 is disallowed
May 16 11:37:55 P3-Deb31 sshd[25084]: debug3: mm_request_send entering:
type 22
May 16 11:37:55 P3-Deb31 sshd[25084]: debug3: mm_request_receive entering
May 16 11:37:55 P3-Deb31 sshd[25084]: debug1: do_cleanup
[/quote]
i permessi sul server mi sembrano corretti
[quote]
drwx------ 2 operatore operatore 4096 2008-05-16 11:05 .
drwxr-xr-x 39 operatore operatore 4096 2008-05-16 11:05 ..
-rw------- 1 operatore operatore 856 2008-05-16 11:05 authorized_keys
-rw------- 1 operatore operatore 951 2007-02-15 11:08 id_rsa
-rw-r--r-- 1 operatore operatore 835 2007-04-17 17:32 known_hosts
-rw-r--r-- 1 operatore operatore 400 2008-05-16 11:03 out.key.pub
[/quote]
notavo però che le chiavi pubbliche pre-patch erano nettamente più corte
dell'attuale(227 contro 399 byte)
non so più cosa pensare...
ciao
Umberto Belladelli
Reply to: