OpenSSHD 서버에 연결할 수 없습니다.
세부 사항은 다음과 같습니다.
client $ ls -al .ssh/
total 16
drwx------ 2 administrateur administrateur 4096 Nov 30 15:32 ./
drwxr-x--- 14 administrateur administrateur 4096 Nov 30 15:32 ../
-rw------- 1 administrateur administrateur 2675 Nov 30 15:04 id_rsa
-rw------- 1 administrateur administrateur 1768 Nov 30 15:01 known_hosts
server $ ls -al .ssh/
total 12
drwx------ 2 git git 4096 nov. 30 15:34 .
drwxr-x--- 9 git git 4096 nov. 30 15:34 ..
-rw------- 1 git git 886 nov. 30 15:12 authorized_keys
일어나는 일은 다음과 같습니다.
client $ ssh-copy-id git@server
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
git@server_s password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh 'git@server'"
and check to make sure that only the key(s) you wanted were added.
client $ ssh-add -l
3072 SHA256:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX administrateur@CLIENT (RSA)
client $ ssh git@server
git@server_s password:
그래서 포트 1234에서 디버그 모드로 서버를 실행해 본 후 다음을 수행했습니다 ssh -p 1234 git@server.
server $ sudo $(which sshd) -d -p 1234
debug1: sshd version OpenSSH_6.6.1, OpenSSL 1.0.1f 6 Jan 2014
debug1: key_parse_private2: missing begin marker
debug1: read PEM private key done: type RSA
debug1: private host key: #0 type 1 RSA
debug1: key_parse_private2: missing begin marker
debug1: read PEM private key done: type DSA
debug1: private host key: #1 type 2 DSA
debug1: key_parse_private2: missing begin marker
debug1: read PEM private key done: type ECDSA
debug1: private host key: #2 type 3 ECDSA
debug1: private host key: #3 type 4 ED25519
debug1: rexec_argv[0]='/usr/sbin/sshd'
debug1: rexec_argv[1]='-d'
debug1: rexec_argv[2]='-p'
debug1: rexec_argv[3]='1234'
Set /proc/self/oom_score_adj from 0 to -1000
debug1: Bind to port 1234 on 0.0.0.0.
Server listening on 0.0.0.0 port 1234.
debug1: Bind to port 1234 on ::.
Server listening on :: port 1234.
### Connecting from client to server on port 1234 ###
debug1: Server will not fork when running in debugging mode.
debug1: rexec start in 5 out 5 newsock 5 pipe -1 sock 8
debug1: inetd sockets after dupping: 3, 3
Connection from x.y.z.t1 port 47084 on x.y.z.t2 port 1234
debug1: Client protocol version 2.0; client software version OpenSSH_8.9p1 Ubuntu-3
debug1: match: OpenSSH_8.9p1 Ubuntu-3 pat OpenSSH* compat 0x04000000
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.6.1p1 Ubuntu-2ubuntu2.13
debug1: permanently_set_uid: 104/65534 [preauth]
debug1: list_hostkey_types: ssh-rsa,ssh-dss,ecdsa-sha2-nistp256,ssh-ed25519 [preauth]
debug1: SSH2_MSG_KEXINIT sent [preauth]
debug1: SSH2_MSG_KEXINIT received [preauth]
debug1: kex: client->server [email protected] <implicit> none [preauth]
debug1: kex: server->client [email protected] <implicit> none [preauth]
debug1: expecting SSH2_MSG_KEX_ECDH_INIT [preauth]
debug1: SSH2_MSG_NEWKEYS sent [preauth]
debug1: expecting SSH2_MSG_NEWKEYS [preauth]
debug1: SSH2_MSG_NEWKEYS received [preauth]
debug1: KEX done [preauth]
debug1: userauth-request for user git service ssh-connection method none [preauth]
debug1: attempt 0 failures 0 [preauth]
debug1: PAM: initializing for "git"
debug1: PAM: setting PAM_RHOST to "par-postgres01.orion.lan"
debug1: PAM: setting PAM_TTY to "ssh"
### Now appears the ssh prompt so I type the password instead ###
debug1: userauth-request for user git service ssh-connection method password [preauth]
debug1: attempt 1 failures 0 [preauth]
debug1: PAM: password authentication accepted for git
debug1: do_pam_account: called
Accepted password for git from x.y.z.t1 port 47086 ssh2
debug1: monitor_child_preauth: git has been authenticated by privileged process
debug1: monitor_read_log: child log fd closed
debug1: PAM: establishing credentials
User child is on pid 11239
debug1: SELinux support disabled
debug1: PAM: establishing credentials
debug1: permanently_set_uid: 105/115
debug1: Entering interactive session for SSH2.
debug1: server_init_dispatch_20
debug1: server_input_channel_open: ctype session rchan 0 win 1048576 max 16384
debug1: input_session_request
debug1: channel 0: new [server-session]
debug1: session_new: session 0
debug1: session_open: channel 0
debug1: session_open: session 0: link with channel 0
debug1: server_input_channel_open: confirm session
debug1: server_input_global_request: rtype [email protected] want_reply 0
debug1: server_input_channel_req: channel 0 request pty-req reply 1
debug1: session_by_channel: session 0 channel 0
debug1: session_input_channel_req: session 0 req pty-req
debug1: Allocating pty.
debug1: session_new: session 0
debug1: SELinux support disabled
debug1: session_pty_req: session 0 alloc /dev/pts/5
debug1: Ignoring unsupported tty mode opcode 42 (0x2a)
debug1: server_input_channel_req: channel 0 request env reply 0
debug1: session_by_channel: session 0 channel 0
debug1: session_input_channel_req: session 0 req env
debug1: server_input_channel_req: channel 0 request shell reply 1
debug1: session_by_channel: session 0 channel 0
debug1: session_input_channel_req: session 0 req shell
Starting session: shell on pts/5 for git from x.y.z.t1 port 47086
debug1: Setting controlling tty using TIOCSCTTY.
debug1: session_by_tty: session 0 tty /dev/pts/5
debug1: Unable to open session: The name org.freedesktop.ConsoleKit was not provided by any .service files
클라이언트에 표시되는 변수는 다음과 같습니다.
Last login: Wed Nov 30 15:31:22 2022 from client
Environment:
LANG=fr_FR.UTF-8
USER=git
LOGNAME=git
HOME=/git/
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games
MAIL=/var/mail/git
SHELL=/bin/bash
SSH_CLIENT=x.y.z.t1 47086 1234
SSH_CONNECTION=x.y.z.t1 47086 x.y.z.t2 1234
SSH_TTY=/dev/pts/5
TERM=xterm
XDG_SESSION_ID=114077
git@server:~$ déconnexion
Connection to server closed.
다음은 서버의 SSHD 구성입니다.
server $ sudo egrep -v '^(#|$)' /etc/ssh/sshd_config
Port 22
Protocol 2
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_dsa_key
HostKey /etc/ssh/ssh_host_ecdsa_key
HostKey /etc/ssh/ssh_host_ed25519_key
UsePrivilegeSeparation yes
KeyRegenerationInterval 3600
ServerKeyBits 1024
SyslogFacility AUTH
LogLevel INFO
LoginGraceTime 120
PermitRootLogin yes
StrictModes yes
RSAAuthentication yes
PubkeyAuthentication yes
IgnoreRhosts yes
RhostsRSAAuthentication no
HostbasedAuthentication no
PermitEmptyPasswords no
ChallengeResponseAuthentication no
X11Forwarding yes
X11DisplayOffset 10
PrintMotd no
PrintLastLog yes
TCPKeepAlive yes
AcceptEnv LANG LC_*
Subsystem sftp /usr/lib/openssh/sftp-server
UsePAM yes
다음은 클라이언트 로그입니다.
$ ssh -vv -p1234 git@server
OpenSSH_8.9p1 Ubuntu-3, OpenSSL 3.0.2 15 Mar 2022
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: include /etc/ssh/ssh_config.d/*.conf matched no files
debug1: /etc/ssh/ssh_config line 21: Applying options for *
debug2: resolving "server" port 1234
debug1: Connecting to server [x.y.z.t2] port 1234.
debug1: Connection established.
debug1: identity file /home/administrateur/.ssh/id_rsa type 0
debug1: identity file /home/administrateur/.ssh/id_rsa-cert type -1
debug1: identity file /home/administrateur/.ssh/id_ecdsa type -1
debug1: identity file /home/administrateur/.ssh/id_ecdsa-cert type -1
debug1: identity file /home/administrateur/.ssh/id_ecdsa_sk type -1
debug1: identity file /home/administrateur/.ssh/id_ecdsa_sk-cert type -1
debug1: identity file /home/administrateur/.ssh/id_ed25519 type -1
debug1: identity file /home/administrateur/.ssh/id_ed25519-cert type -1
debug1: identity file /home/administrateur/.ssh/id_ed25519_sk type -1
debug1: identity file /home/administrateur/.ssh/id_ed25519_sk-cert type -1
debug1: identity file /home/administrateur/.ssh/id_xmss type -1
debug1: identity file /home/administrateur/.ssh/id_xmss-cert type -1
debug1: identity file /home/administrateur/.ssh/id_dsa type -1
debug1: identity file /home/administrateur/.ssh/id_dsa-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_8.9p1 Ubuntu-3
debug1: Remote protocol version 2.0, remote software version OpenSSH_6.6.1p1 Ubuntu-2ubuntu2.13
debug1: compat_banner: match: OpenSSH_6.6.1p1 Ubuntu-2ubuntu2.13 pat OpenSSH_6.6.1* compat 0x04000002
debug2: fd 3 setting O_NONBLOCK
debug1: Authenticating to server:1234 as 'git'
debug1: load_hostkeys: fopen /home/administrateur/.ssh/known_hosts2: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts2: No such file or directory
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: local client KEXINIT proposal
debug2: KEX algorithms: curve25519-sha256,[email protected],ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,[email protected],diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,ext-info-c
debug2: host key algorithms: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],ssh-ed25519,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,[email protected],[email protected],rsa-sha2-512,rsa-sha2-256
debug2: ciphers ctos: [email protected],aes128-ctr,aes192-ctr,aes256-ctr,[email protected],[email protected]
debug2: ciphers stoc: [email protected],aes128-ctr,aes192-ctr,aes256-ctr,[email protected],[email protected]
debug2: MACs ctos: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: MACs stoc: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: compression ctos: none,[email protected],zlib
debug2: compression stoc: none,[email protected],zlib
debug2: languages ctos:
debug2: languages stoc:
debug2: first_kex_follows 0
debug2: reserved 0
debug2: peer server KEXINIT proposal
debug2: KEX algorithms: [email protected],ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: host key algorithms: ssh-rsa,ssh-dss,ecdsa-sha2-nistp256,ssh-ed25519
debug2: ciphers ctos: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,[email protected],[email protected],[email protected],aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,[email protected]
debug2: ciphers stoc: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,[email protected],[email protected],[email protected],aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,[email protected]
debug2: MACs ctos: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-md5,hmac-sha1,[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,[email protected],hmac-sha1-96,hmac-md5-96
debug2: MACs stoc: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-md5,hmac-sha1,[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,[email protected],hmac-sha1-96,hmac-md5-96
debug2: compression ctos: none,[email protected]
debug2: compression stoc: none,[email protected]
debug2: languages ctos:
debug2: languages stoc:
debug2: first_kex_follows 0
debug2: reserved 0
debug1: kex: algorithm: [email protected]
debug1: kex: host key algorithm: ssh-ed25519
debug1: kex: server->client cipher: [email protected] MAC: <implicit> compression: none
debug1: kex: client->server cipher: [email protected] MAC: <implicit> compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: SSH2_MSG_KEX_ECDH_REPLY received
debug1: Server host key: ssh-ed25519 SHA256:AkYT7N1FHn9cd1nkTNt1/S5pcXKNkizpM6pifhSV+uY
debug1: load_hostkeys: fopen /home/administrateur/.ssh/known_hosts2: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts2: No such file or directory
debug1: checking without port identifier
debug1: load_hostkeys: fopen /home/administrateur/.ssh/known_hosts2: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts2: No such file or directory
debug1: Host 'server' is known and matches the ED25519 host key.
debug1: Found key in /home/administrateur/.ssh/known_hosts:8
debug1: found matching key w/out port
debug1: check_host_key: hostkey not known or explicitly trusted: disabling UpdateHostkeys
debug2: ssh_set_newkeys: mode 1
debug1: rekey out after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug2: ssh_set_newkeys: mode 0
debug1: rekey in after 134217728 blocks
debug1: get_agent_identities: bound agent to hostkey
debug1: get_agent_identities: agent returned 1 keys
debug1: Will attempt key: /home/administrateur/.ssh/id_rsa RSA SHA256:XOoqCfyDPSinHDaNokW0oo6sauWik03yD6Jp8CVGQKU agent
debug1: Will attempt key: /home/administrateur/.ssh/id_ecdsa
debug1: Will attempt key: /home/administrateur/.ssh/id_ecdsa_sk
debug1: Will attempt key: /home/administrateur/.ssh/id_ed25519
debug1: Will attempt key: /home/administrateur/.ssh/id_ed25519_sk
debug1: Will attempt key: /home/administrateur/.ssh/id_xmss
debug1: Will attempt key: /home/administrateur/.ssh/id_dsa
debug2: pubkey_prepare: done
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: Offering public key: /home/administrateur/.ssh/id_rsa RSA SHA256:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX agent
debug1: send_pubkey_test: no mutual signature algorithm
debug1: Trying private key: /home/administrateur/.ssh/id_ecdsa
debug1: Trying private key: /home/administrateur/.ssh/id_ecdsa_sk
debug1: Trying private key: /home/administrateur/.ssh/id_ed25519
debug1: Trying private key: /home/administrateur/.ssh/id_ed25519_sk
debug1: Trying private key: /home/administrateur/.ssh/id_xmss
debug1: Trying private key: /home/administrateur/.ssh/id_dsa
debug2: we did not send a packet, disable method
debug1: Next authentication method: password
git@server's password:
답변1
send_pubkey_test: no mutual signature algorithm
나에게 이것은 관련 라인 인 것 같습니다. 사용하려는 키가 서버에서 허용되지 않는 알고리즘을 사용하고 있습니다.
클라이언트에서 .ssh 구성 파일을 사용하고 있습니까? 나는 그것들이 정말 유용하다고 생각합니다.
다음과 같이 호스트에 대한 광범위한 정보를 지정할 수 있습니다.
Host quodlibet
HostName 172.28.104.99
User root
IdentityFile ~/.ssh/name-of-private-key-ecdsa
보유한 모든 키를 시도하는 것 같으므로 사용할 키를 지정하는 것이 도움이 될 수 있습니다.
Authorized_keys 파일에 키가 추가되었는지 확인할 수 있나요? 저는 보통 공개 키를 서버의 이 파일 끝에 수동으로 복사합니다.