Re: troca de chaves
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Habilitou a opção "PermitEmptyPasswords" no sshd_config?
Em 27/4/2010 15:22, Leonardo Carneiro - Veltrac escreveu:
> Já fiz troca de chaves um bilhão de vezes, mas por algum motivo,
> essa vez estou tendo problemas. Estou enviando a chave de um
> servidor Debian Lenny para um host Ubuntu Karmic Koala para que o
> Debian possa logar no Ubuntu sem senha. Segue o procedimento:
>
> kody:~# ssh-keygen -b 4096 -t rsa
> kody:~# ssh-copy-id -i ~/.ssh/id_rsa.pub usuario@maquina_ubuntu
>
> Entro com a senha da máquina ubuntu, e teoricamente era pra estar
> tudo certo. Porém, ao tentar logar na máquina ubuntu, o ssh continua
> pedindo a senha (mesmo tendo deixado a senha em branco no comando
> ssh-keygen). Segue o debug do ssh
>
>
> kody:~# ssh -vvv usuario@ubuntu_ip
> OpenSSH_5.1p1 Debian-5, OpenSSL 0.9.8g 19 Oct 2007
> debug1: Reading configuration data /etc/ssh/ssh_config
> debug1: Applying options for * debug2:
> ssh_connect: needpriv 0 debug1: Connecting to
> 192.168.1.107 [192.168.1.107] port 22.
> debug1: Connection established. debug1:
> permanently_set_uid: 0/0 debug1: identity
> file /root/.ssh/identity type -1 debug3: Not a RSA1 key
> file /root/.ssh/id_rsa. debug2: key_type_from_name:
> unknown key type '-----BEGIN' debug3: key_read: missing
> keytype debug3: key_read: missing
> whitespace debug3: key_read: missing
> whitespace debug3: key_read: missing
> whitespace debug3: key_read: missing
> whitespace debug3: key_read: missing
> whitespace debug3: key_read: missing
> whitespace debug3: key_read: missing
> whitespace debug3: key_read: missing
> whitespace debug3: key_read: missing
> whitespace debug3: key_read: missing
> whitespace debug3: key_read: missing
> whitespace debug3: key_read: missing
> whitespace debug3: key_read: missing
> whitespace debug3: key_read: missing
> whitespace debug3: key_read: missing
> whitespace debug3: key_read: missing
> whitespace debug3: key_read: missing
> whitespace debug3: key_read: missing
> whitespace debug3: key_read: missing
> whitespace debug3: key_read: missing
> whitespace debug3: key_read: missing
> whitespace debug3: key_read: missing
> whitespace debug3: key_read: missing
> whitespace debug3: key_read: missing
> whitespace debug3: key_read: missing
> whitespace debug3: key_read: missing
> whitespace debug3: key_read: missing
> whitespace debug3: key_read: missing
> whitespace debug3: key_read: missing
> whitespace debug3: key_read: missing
> whitespace debug3: key_read: missing
> whitespace debug3: key_read: missing
> whitespace debug3: key_read: missing
> whitespace debug3: key_read: missing
> whitespace debug3: key_read: missing
> whitespace debug3: key_read: missing
> whitespace debug3: key_read: missing
> whitespace debug3: key_read: missing
> whitespace debug3: key_read: missing
> whitespace debug3: key_read: missing
> whitespace debug3: key_read: missing
> whitespace debug3: key_read: missing
> whitespace debug3: key_read: missing
> whitespace debug3: key_read: missing
> whitespace debug3: key_read: missing
> whitespace debug3: key_read: missing
> whitespace debug3: key_read: missing
> whitespace debug3: key_read: missing
> whitespace debug3: key_read: missing
> whitespace debug2: key_type_from_name: unknown
> key type '-----END' debug3: key_read: missing
> keytype debug1: identity file
> /root/.ssh/id_rsa type 1 debug1: Checking blacklist file
> /usr/share/ssh/blacklist.RSA-4096
> debug1: Checking blacklist file /etc/ssh/blacklist.RSA-4096
> debug3: Not a RSA1 key file /root/.ssh/id_dsa.
> debug2: key_type_from_name: unknown key type '-----BEGIN'
> debug3: key_read: missing keytype
> debug3: key_read: missing whitespace
> debug3: key_read: missing whitespace
> debug3: key_read: missing whitespace
> debug3: key_read: missing whitespace
> debug3: key_read: missing whitespace
> debug3: key_read: missing whitespace
> debug3: key_read: missing whitespace
> debug3: key_read: missing whitespace
> debug3: key_read: missing whitespace
> debug3: key_read: missing whitespace
> debug2: key_type_from_name: unknown key type '-----END'
> debug3: key_read: missing keytype
> debug1: identity file /root/.ssh/id_dsa type -1
> debug1: Remote protocol version 2.0, remote software version
> OpenSSH_5.1p1 Debian-6ubuntu2
> debug1: match: OpenSSH_5.1p1 Debian-6ubuntu2 pat
> OpenSSH* debug1: Enabling
> compatibility mode for protocol
> 2.0 debug1: Local version string
> SSH-2.0-OpenSSH_5.1p1 Debian-5 debug2:
> fd 3 setting
> O_NONBLOCK
> debug1: SSH2_MSG_KEXINIT
> sent
> debug1: SSH2_MSG_KEXINIT
> received
> debug2: kex_parse_kexinit:
> diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
>
> debug2: kex_parse_kexinit:
> ssh-rsa,ssh-dss
>
> debug2: kex_parse_kexinit:
> aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr
>
> debug2: kex_parse_kexinit:
> aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr
>
> debug2: kex_parse_kexinit:
> hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
>
> debug2: kex_parse_kexinit:
> hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
>
> debug2: kex_parse_kexinit:
> none,zlib@openssh.com,zlib
>
> debug2: kex_parse_kexinit:
> none,zlib@openssh.com,zlib
>
> debug2:
> kex_parse_kexinit:
>
> debug2:
> kex_parse_kexinit:
>
> debug2: kex_parse_kexinit: first_kex_follows
> 0
>
> debug2: kex_parse_kexinit: reserved
> 0
>
> debug2: kex_parse_kexinit:
> diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
>
> debug2: kex_parse_kexinit:
> ssh-rsa,ssh-dss
>
> debug2: kex_parse_kexinit:
> aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr
>
> debug2: kex_parse_kexinit:
> aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr
>
> debug2: kex_parse_kexinit:
> hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
>
> debug2: kex_parse_kexinit:
> hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
>
> debug2: kex_parse_kexinit:
> none,zlib@openssh.com
>
> debug2: kex_parse_kexinit:
> none,zlib@openssh.com
>
> debug2:
> kex_parse_kexinit:
>
> debug2:
> kex_parse_kexinit:
>
> debug2: kex_parse_kexinit: first_kex_follows
> 0
>
> debug2: kex_parse_kexinit: reserved
> 0
>
> debug2: mac_setup: found
> hmac-md5
>
> debug1: kex: server->client aes128-cbc hmac-md5
> none
>
> debug2: mac_setup: found
> hmac-md5
>
> debug1: kex: client->server aes128-cbc hmac-md5
> none
>
> debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192)
> sent
>
> debug1: expecting
> SSH2_MSG_KEX_DH_GEX_GROUP
>
> debug2: dh_gen_key: priv key bits set:
> 130/256
>
> debug2: bits set:
> 492/1024
>
> debug1: SSH2_MSG_KEX_DH_GEX_INIT
> sent
>
> debug1: expecting
> SSH2_MSG_KEX_DH_GEX_REPLY
>
> debug3: check_host_in_hostfile: filename
> /root/.ssh/known_hosts
>
> debug3: check_host_in_hostfile: match line
> 6
>
> debug1: Host '192.168.1.107' is known and matches the RSA host
> key.
>
> debug1: Found key in
> /root/.ssh/known_hosts:6
>
> debug2: bits set:
> 494/1024
>
> debug1: ssh_rsa_verify: signature
> correct
>
> debug2:
> kex_derive_keys
>
> debug2: set_newkeys: mode
> 1
>
> debug1: SSH2_MSG_NEWKEYS
> sent
>
> debug1: expecting
> SSH2_MSG_NEWKEYS
>
> debug2: set_newkeys: mode
> 0
>
> debug1: SSH2_MSG_NEWKEYS
> received
>
> debug1: SSH2_MSG_SERVICE_REQUEST
> sent
>
> debug2: service_accept:
> ssh-userauth
>
> debug1: SSH2_MSG_SERVICE_ACCEPT
> received
>
> debug2: key: /root/.ssh/identity
> ((nil))
>
> debug2: key: /root/.ssh/id_rsa
> (0xb7fc7968)
>
> debug2: key: /root/.ssh/id_dsa
> ((nil))
>
> debug1: Authentications that can continue:
> publickey,password
>
> debug3: start over, passed a different list
> publickey,password
>
> debug3: preferred
> gssapi-keyex,gssapi-with-mic,gssapi,publickey,keyboard-interactive,password
>
> debug3: authmethod_lookup publickey
> debug3: remaining preferred: keyboard-interactive,password
> debug3: authmethod_is_enabled publickey
> debug1: Next authentication method: publickey
> debug1: Trying private key: /root/.ssh/identity
> debug3: no such identity: /root/.ssh/identity
> debug1: Offering public key: /root/.ssh/id_rsa
> debug3: send_pubkey_test
> debug2: we sent a publickey packet, wait for reply
> debug1: Authentications that can continue: publickey,password
> debug1: Trying private key: /root/.ssh/id_dsa
> debug1: read PEM private key done: type DSA
> debug3: sign_and_send_pubkey
> debug2: we sent a publickey packet, wait for reply
> debug1: Authentications that can continue: publickey,password
> debug2: we did not send a packet, disable method
> debug3: authmethod_lookup password
> debug3: remaining preferred: ,password
> debug3: authmethod_is_enabled password
> debug1: Next authentication method: password
> usuario@ubuntu_ip's password:
>
> Agradeço desde já.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAkvXLJoACgkQ7OAY7mv8BhmTqwCgkGdjLwfunTuBIPUsFQf1eTAj
gMsAn3lbu3pxXxTfQRF/1fwKZEyX8uix
=BtW4
-----END PGP SIGNATURE-----
Reply to:
- References:
- troca de chaves
- From: Leonardo Carneiro - Veltrac <lscarneiro@veltrac.com.br>