Re: troca de chaves

To: debian-user-portuguese@lists.debian.org
Subject: Re: troca de chaves
From: Leonardo Carneiro - Veltrac <lscarneiro@veltrac.com.br>
Date: Tue, 27 Apr 2010 15:41:30 -0300
Message-id: <[🔎] 4BD72FDA.5070401@veltrac.com.br>
In-reply-to: <[🔎] 4BD72C9C.60105@yahoo.com.br>
References: <[🔎] 4BD72B74.1000601@veltrac.com.br> <[🔎] 4BD72C9C.60105@yahoo.com.br>

Oi Allisson,

Na verdade não, mas tenho ctz que isso não influencia. Essa flag só temsignificado qdo o modo de autenticação é password. Quando é pubkey essaflag não faz diferente. Acabei de testar, trocando chave com outramáquina (também rodando ubuntu karmic) que tem a flag"PermitEmptyPasswords" setado para "no" e deu certo.




Allison Vollmann wrote:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Habilitou a opção "PermitEmptyPasswords" no sshd_config?


Em 27/4/2010 15:22, Leonardo Carneiro - Veltrac escreveu:

Já fiz troca de chaves um bilhão de vezes, mas por algum motivo,
essa vez estou tendo problemas. Estou enviando a chave de um
servidor Debian Lenny para um host Ubuntu Karmic Koala para que o
Debian possa logar no Ubuntu sem senha. Segue o procedimento:

kody:~# ssh-keygen -b 4096 -t rsa
kody:~# ssh-copy-id -i ~/.ssh/id_rsa.pub usuario@maquina_ubuntu

Entro com a senha da máquina ubuntu, e teoricamente era pra estar
tudo certo. Porém, ao tentar logar na máquina ubuntu, o ssh continua
pedindo a senha (mesmo tendo deixado a senha em branco no comando
ssh-keygen). Segue o debug do ssh


kody:~# ssh -vvv usuario@ubuntu_ip
OpenSSH_5.1p1 Debian-5, OpenSSL 0.9.8g 19 Oct 2007
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *                       debug2:
ssh_connect: needpriv 0                      debug1: Connecting to
192.168.1.107 [192.168.1.107] port 22.
debug1: Connection established.                            debug1:
permanently_set_uid: 0/0                           debug1: identity
file /root/.ssh/identity type -1          debug3: Not a RSA1 key
file /root/.ssh/id_rsa.             debug2: key_type_from_name:
unknown key type '-----BEGIN'  debug3: key_read: missing
keytype                          debug3: key_read: missing
whitespace                       debug3: key_read: missing
whitespace                       debug3: key_read: missing
whitespace                       debug3: key_read: missing
whitespace                       debug3: key_read: missing
whitespace                       debug3: key_read: missing
whitespace                       debug3: key_read: missing
whitespace                       debug3: key_read: missing
whitespace                       debug3: key_read: missing
whitespace                       debug3: key_read: missing
whitespace                       debug3: key_read: missing
whitespace                       debug3: key_read: missing
whitespace                       debug3: key_read: missing
whitespace                       debug3: key_read: missing
whitespace                       debug3: key_read: missing
whitespace                       debug3: key_read: missing
whitespace                       debug3: key_read: missing
whitespace                       debug3: key_read: missing
whitespace                       debug3: key_read: missing
whitespace                       debug3: key_read: missing
whitespace                       debug3: key_read: missing
whitespace                       debug3: key_read: missing
whitespace                       debug3: key_read: missing
whitespace                       debug3: key_read: missing
whitespace                       debug3: key_read: missing
whitespace                       debug3: key_read: missing
whitespace                       debug3: key_read: missing
whitespace                       debug3: key_read: missing
whitespace                       debug3: key_read: missing
whitespace                       debug3: key_read: missing
whitespace                       debug3: key_read: missing
whitespace                       debug3: key_read: missing
whitespace                       debug3: key_read: missing
whitespace                       debug3: key_read: missing
whitespace                       debug3: key_read: missing
whitespace                       debug3: key_read: missing
whitespace                       debug3: key_read: missing
whitespace                       debug3: key_read: missing
whitespace                       debug3: key_read: missing
whitespace                       debug3: key_read: missing
whitespace                       debug3: key_read: missing
whitespace                       debug3: key_read: missing
whitespace                       debug3: key_read: missing
whitespace                       debug3: key_read: missing
whitespace                       debug3: key_read: missing
whitespace                       debug3: key_read: missing
whitespace                       debug3: key_read: missing
whitespace                       debug3: key_read: missing
whitespace                       debug3: key_read: missing
whitespace                       debug2: key_type_from_name: unknown
key type '-----END'    debug3: key_read: missing
keytype                          debug1: identity file
/root/.ssh/id_rsa type 1             debug1: Checking blacklist file
/usr/share/ssh/blacklist.RSA-4096

debug1: Checking blacklist file /etc/ssh/blacklist.RSA-4096debug3: Not a RSA1 key file /root/.ssh/id_dsa.debug2: key_type_from_name: unknown key type '-----BEGIN'debug3: key_read: missing keytypedebug3: key_read: missing whitespacedebug3: key_read: missing whitespacedebug3: key_read: missing whitespacedebug3: key_read: missing whitespacedebug3: key_read: missing whitespacedebug3: key_read: missing whitespacedebug3: key_read: missing whitespacedebug3: key_read: missing whitespacedebug3: key_read: missing whitespacedebug3: key_read: missing whitespacedebug2: key_type_from_name: unknown key type '-----END'debug3: key_read: missing keytypedebug1: identity file /root/.ssh/id_dsa type -1debug1: Remote protocol version 2.0, remote software version

OpenSSH_5.1p1 Debian-6ubuntu2
debug1: match: OpenSSH_5.1p1 Debian-6ubuntu2 pat
OpenSSH*                                debug1: Enabling
compatibility mode for protocol
2.0                                     debug1: Local version string
SSH-2.0-OpenSSH_5.1p1 Debian-5                              debug2:
fd 3 setting

O_NONBLOCKdebug1: SSH2_MSG_KEXINITsentdebug1: SSH2_MSG_KEXINITreceiveddebug2: kex_parse_kexinit:

diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1

debug2: kex_parse_kexinit:

ssh-rsa,ssh-dss

debug2: kex_parse_kexinit:
aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr

debug2: kex_parse_kexinit:
aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr

debug2: kex_parse_kexinit:

hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96

debug2: kex_parse_kexinit:

hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96

debug2: kex_parse_kexinit:

none,zlib@openssh.com,zlib

debug2: kex_parse_kexinit:

none,zlib@openssh.com,zlib

debug2:

kex_parse_kexinit:

debug2:

kex_parse_kexinit:

debug2: kex_parse_kexinit: first_kex_follows

0

debug2: kex_parse_kexinit: reserved

0

debug2: kex_parse_kexinit:

diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1

debug2: kex_parse_kexinit:

ssh-rsa,ssh-dss

debug2: kex_parse_kexinit:
aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr

debug2: kex_parse_kexinit:
aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr

debug2: kex_parse_kexinit:

hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96

debug2: kex_parse_kexinit:

hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96

debug2: kex_parse_kexinit:

none,zlib@openssh.com

debug2: kex_parse_kexinit:

none,zlib@openssh.com

debug2:

kex_parse_kexinit:

debug2:

kex_parse_kexinit:

debug2: kex_parse_kexinit: first_kex_follows

0

debug2: kex_parse_kexinit: reserved

0

debug2: mac_setup: found

hmac-md5

debug1: kex: server->client aes128-cbc hmac-md5

none

debug2: mac_setup: found

hmac-md5

debug1: kex: client->server aes128-cbc hmac-md5

none

debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192)

sent

debug1: expecting

SSH2_MSG_KEX_DH_GEX_GROUP

debug2: dh_gen_key: priv key bits set:

130/256

debug2: bits set:

492/1024

debug1: SSH2_MSG_KEX_DH_GEX_INIT

sent

debug1: expecting

SSH2_MSG_KEX_DH_GEX_REPLY

debug3: check_host_in_hostfile: filename

/root/.ssh/known_hosts

debug3: check_host_in_hostfile: match line

6

debug1: Host '192.168.1.107' is known and matches the RSA host

key.

debug1: Found key in

/root/.ssh/known_hosts:6

debug2: bits set:

494/1024

debug1: ssh_rsa_verify: signature

correct

debug2:

kex_derive_keys

debug2: set_newkeys: mode

1

debug1: SSH2_MSG_NEWKEYS

sent

debug1: expecting

SSH2_MSG_NEWKEYS

debug2: set_newkeys: mode

0

debug1: SSH2_MSG_NEWKEYS

received

debug1: SSH2_MSG_SERVICE_REQUEST

sent

debug2: service_accept:

ssh-userauth

debug1: SSH2_MSG_SERVICE_ACCEPT

received

debug2: key: /root/.ssh/identity

((nil))

debug2: key: /root/.ssh/id_rsa

(0xb7fc7968)

debug2: key: /root/.ssh/id_dsa

((nil))

debug1: Authentications that can continue:

publickey,password

debug3: start over, passed a different list

publickey,password

debug3: preferred
gssapi-keyex,gssapi-with-mic,gssapi,publickey,keyboard-interactive,password

debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Trying private key: /root/.ssh/identity
debug3: no such identity: /root/.ssh/identity
debug1: Offering public key: /root/.ssh/id_rsa
debug3: send_pubkey_test
debug2: we sent a publickey packet, wait for reply
debug1: Authentications that can continue: publickey,password
debug1: Trying private key: /root/.ssh/id_dsa
debug1: read PEM private key done: type DSA
debug3: sign_and_send_pubkey
debug2: we sent a publickey packet, wait for reply
debug1: Authentications that can continue: publickey,password
debug2: we did not send a packet, disable method
debug3: authmethod_lookup password
debug3: remaining preferred: ,password
debug3: authmethod_is_enabled password
debug1: Next authentication method: password
usuario@ubuntu_ip's password:

Agradeço desde já.


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAkvXLJoACgkQ7OAY7mv8BhmTqwCgkGdjLwfunTuBIPUsFQf1eTAj

gMsAn3lbu3pxXxTfQRF/1fwKZEyX8uix
=BtW4
-----END PGP SIGNATURE-----

Reply to:

References:
- troca de chaves
  - From: Leonardo Carneiro - Veltrac <lscarneiro@veltrac.com.br>
- Re: troca de chaves
  - From: Allison Vollmann <allisonvoll@yahoo.com.br>

Prev by Date: Re: troca de chaves
Next by Date: DVD Shrink
Previous by thread: Re: troca de chaves
Next by thread: DVD Shrink
Index(es):
- Date
- Thread