ssh funziona per un solo utente

To: Debian mailing list <debian-italian@lists.debian.org>
Subject: ssh funziona per un solo utente
From: beppe <gitrec@tin.it>
Date: Fri, 25 Jul 2008 15:31:22 +0200
Message-id: <[🔎] 4889D5AA.9010705@tin.it>

ho due macchine con i nomi: debian0 (192.168.240.100) e linux1(192.168.240.3)

devo connettermi in ssh da linux1 a debian0

con utente giuseppe@linux1:~$ ssh -i ~/.ssh/id_dsa 192.168.240.100 -v
si connette, non chiede password come dovrebbe essere
e mi ritrovo nella home di giuseppe

con utente beppe@linux1:~$ ssh -i /home/beppe/.ssh/id_dsa -l beppe192.168.240.100 -v

non si connette e non mi chiede la password

se da utente giuseppe@linux1:~$ ssh -i /home/beppe/.ssh/id_dsa -l beppe192.168.240.100 -v

non si connette, mi chiede la password e si connette,
quello che non riesco a capire come mai non si connette
ne' chiede la password dall'utente beppe@linux1.

ho rigenerato le chiavi da linux1:

beppe@linux1:~/.ssh$ ssh-keygen -b 1024 -t dsa
Generating public/private dsa key pair.
Enter file in which to save the key (/home/beppe/.ssh/id_dsa):
/home/beppe/.ssh/id_dsa already exists.
Overwrite (y/n)? y
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/beppe/.ssh/id_dsa.
Your public key has been saved in /home/beppe/.ssh/id_dsa.pub.
The key fingerprint is:
a7:... beppe@linux1

le ho copiate sul server debian0 dove devo connettermi in~/.ssh/authorized_key

con ~$ cat id_dsa.pub >> autorized_key

con utente beppe@linux1:~$ ssh -i /home/beppe/.ssh/id_dsa -l beppe192.168.240.100 -vnon si connette con questi errori, nonostante la chiave si stata copiatasul server debian0

beppe@linux1:~/.ssh$ ssh -i /home/beppe/.ssh/id_dsa -l beppe192.168.240.100 -v

OpenSSH_4.3p2 Debian-9etch2, OpenSSL 0.9.8c 05 Sep 2006
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Connecting to 192.168.240.100 [192.168.240.100] port 22.
debug1: Connection established.
debug1: identity file /home/beppe/.ssh/id_dsa type 2

debug1: Remote protocol version 2.0, remote software versionOpenSSH_4.3p2 Debian-9

debug1: match: OpenSSH_4.3p2 Debian-9 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_4.3p2 Debian-9etch2
debug1: Miscellaneous failure
No credentials cache found

debug1: Miscellaneous failure
No credentials cache found

debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-cbc hmac-md5 none
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that the RSA host key has just been changed.
The fingerprint for the RSA key sent by the remote host is
f9:...
Please contact your system administrator.

Add correct host key in /home/beppe/.ssh/known_hosts to get rid of thismessage.

Offending key in /home/beppe/.ssh/known_hosts:1

RSA host key for 192.168.240.100 has changed and you have requestedstrict checking.

Host key verification failed.


Nella risposta il server debian0 parla di fingerprint RSA diversa,
ma avevo usato per entrambi gli utenti DSA

Questi sono i files di configurazione:

$ cat /etc/ssh/ssh_config |grep -v -E '#|^$'
Host *
PasswordAuthentication no
IdentityFile ~/.ssh/id_dsa
SendEnv LANG LC_*
HashKnownHosts yes
GSSAPIAuthentication yes
GSSAPIDelegateCredentials no

$ cat /etc/ssh/sshd_config |grep -v -E '#|^$'
Port 22
Protocol 2
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_dsa_key
UsePrivilegeSeparation yes
KeyRegenerationInterval 3600
ServerKeyBits 768
SyslogFacility AUTH
LogLevel INFO
LoginGraceTime 120
PermitRootLogin no
StrictModes yes
AllowUsers beppe giuseppe
RSAAuthentication yes
PubkeyAuthentication yes
AuthorizedKeysFile      %h/.ssh/authorized_keys
IgnoreRhosts yes
RhostsRSAAuthentication no
HostbasedAuthentication no
PermitEmptyPasswords no
ChallengeResponseAuthentication no
X11Forwarding yes
X11DisplayOffset 10
PrintMotd no
PrintLastLog yes
TCPKeepAlive yes
AcceptEnv LANG LC_*
Subsystem sftp /usr/lib/openssh/sftp-server
UsePAM yes

$ ls /etc/ssh/
moduli
ssh_config
sshd_config
ssh_host_dsa_key
ssh_host_dsa_key.pub
ssh_host_rsa_key
ssh_host_rsa_key.pub

Certo potrei cancellare tutti i file di configurazione, reinstallare ssh
riconfigurarli, ma volevo capire dove avevo sbagliato, sicuramente
facevo prima (se non sbagliavo di nuovo).
ciao
Beppe

--
le nuvole non hanno regole,
perchè non hanno mai rinunciato
alla libertà di sognare.

Reply to:

Prev by Date: Re: R: Sudo e Su
Next by Date: Re: R: Sudo e Su
Previous by thread: Re: ssh funziona per un solo utente
Next by thread: Kernel + patchs
Index(es):
- Date
- Thread