1 votos

Las claves SSH no funcionan a pesar de SELinux deshabilitado, las claves copiadas y los permisos establecidos

Las Claves SSH están rotos, y he leído muchos hilos tratando de solucionar este problema. Algún consejo?

He enmascarado, posiblemente, la información sensible, tales como las direcciones IP y las claves SSH con [DIRECCIÓN_IP_], [LOCAL_IP_ADDRESS] y XXXXXXXXXXXXXX.

EN EL EQUIPO LOCAL

SELinux está apagado

getenforce Disabled
sestatus 
SELinux status:                 disabled

ESTÁNDAR DE TRANSFERENCIA DE LLAVES

cat .ssh/id_rsa.pub | ssh jnowacki@[REMOTE_IP_ADDRESS] 'cat >> .ssh/authorized_keys' 
ssh jnowacki@[REMOTE_IP_ADDRESS] "chmod 700 .ssh; > chmod 640 .ssh/authorized_keys" 
ssh jnowacki@[REMOTE_IP_ADDRESS] "chmod > 700 .ssh; chmod 640 .ssh/authorized_keys" 
ssh jnowacki@[REMOTE_IP_ADDRESS]

FRACASADO. Todavía pide una contraseña. Realizado múltiples intentos.

Lo hice y no sirvió de nada:

ssh-agent bash 
ssh-add ~/.ssh/id_rsa

ALSTERNATIVE CLAVE DE TRANSFERENCIA DE

ssh-copy-id -i jnowacki@[REMOTE_IP_ADDRESS] 
ssh jnowacki@[REMOTE_IP_ADDRESS] ssh 'jnowacki@11.22.81.50'

FAIL: PIDE CONTRASEÑA

LOCAL DEL SERVIDOR SSH PERMISOS DE LA CLAVE

ls -ltrh ~/.ssh/  | awk '{print $1 "\t" $9}' 
-rw-r--r--      id_rsa.pub
-rw-------      id_rsa
-rw-------      known_hosts.old
-rw-------      known_hosts
-rw-r-----      authorized_keys

MÁQUINA REMOTA

Me encontré con esto ssh-agent bash ssh-add ~/.ssh/id_rsa

LOCAL DEL SERVIDOR SSH PERMISOS DE LA CLAVE

ls -ltrh ~/.ssh/  | awk '{print $1 "\t" $9}'
-rw-r--r--      id_rsa.pub
-rw-------      id_rsa
-rw-------      known_hosts.old
-rw-------      known_hosts
-rw-r-----      authorized_keys

Cada vez comprobado para asegurarse de que solo 1 clave está en los archivos.

cat authorized_keys  | grep ssh-rsa | wc -l 
1

cat id_rsa.pub  | grep ssh-rsa | wc -l 
1

La DEPURACIÓN en el SERVIDOR REMOTO

root@Ubuntu-Z800F:/etc/ssh# /usr/sbin/sshd -d -p 2222
debug1: sshd version OpenSSH_7.2, OpenSSL 1.0.2g  1 Mar 2016
debug1: private host key #0: ssh-rsa SHA256:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
debug1: private host key #1: ssh-dss SHA256:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
debug1: private host key #2: ecdsa-sha2-nistp256 SHA256:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
debug1: private host key #3: ssh-ed25519 SHA256:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
debug1: rexec_argv[0]='/usr/sbin/sshd'
debug1: rexec_argv[1]='-d'
debug1: rexec_argv[2]='-p'
debug1: rexec_argv[3]='2222'
debug1: Set /proc/self/oom_score_adj from 0 to -1000
debug1: Bind to port 2222 on 0.0.0.0.Server listening on 0.0.0.0 port 2222.
debug1: Bind to port 2222 on ::.Server listening on :: port 2222.
debug1: Server will not fork when running in debugging mode.
debug1: rexec start in 5 out 5 newsock 5 pipe -1 sock 8
debug1: inetd sockets after dupping: 3, 3Connection from [LOCAL_IP_ADDRESS] port 41850 on [REMOTE_IP_ADDRESS] port 2222
debug1: Client protocol version 2.0; client software version OpenSSH_5.3
debug1: match: OpenSSH_5.3 pat OpenSSH_5* compat 0x0c000000
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_7.2p2 Ubuntu-4ubuntu2.4
debug1: permanently_set_uid: 105/65534 [preauth]
debug1: list_hostkey_types: ssh-rsa,rsa-sha2-512,rsa-sha2-256,ecdsa-sha2-nistp256,ssh-ed25519 [preauth]
debug1: SSH2_MSG_KEXINIT sent [preauth]
debug1: SSH2_MSG_KEXINIT received [preauth]
debug1: kex: algorithm: diffie-hellman-group-exchange-sha256 [preauth]
debug1: kex: host key algorithm: ssh-rsa [preauth]
debug1: kex: client->server cipher: aes128-ctr MAC: hmac-sha1 compression: none [preauth]
debug1: kex: server->client cipher: aes128-ctr MAC: hmac-sha1 compression: none [preauth]
debug1: expecting SSH2_MSG_KEX_DH_GEX_REQUEST [preauth]
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST received [preauth]
debug1: SSH2_MSG_KEX_DH_GEX_GROUP sent [preauth]
debug1: expecting SSH2_MSG_KEX_DH_GEX_INIT [preauth]
debug1: rekey after 4294967296 blocks [preauth]
debug1: SSH2_MSG_NEWKEYS sent [preauth]
debug1: expecting SSH2_MSG_NEWKEYS [preauth]
debug1: rekey after 4294967296 blocks [preauth]
debug1: SSH2_MSG_NEWKEYS received [preauth]
debug1: KEX done [preauth]
debug1: userauth-request for user jnowacki service ssh-connection method none [preauth]
debug1: attempt 0 failures 0 [preauth]
debug1: PAM: initializing for "jnowacki"
debug1: PAM: setting PAM_RHOST to "[LOCAL_IP_ADDRESS]"
debug1: PAM: setting PAM_TTY to "ssh"

Después se le pedirá una contraseña en el servidor local. Esta es la última línea que yo veo. Captura de pantalla de siempre para la prueba.

La Última Línea

SSH -VV EN EL SERVIDOR LOCAL

ssh -vv -p 2222 jnowacki@[REMOTE_SERVER]
OpenSSH_5.3p1, OpenSSL 1.0.1e-fips 11 Feb 2013
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug2: ssh_connect: needpriv 0
debug1: Connecting to [LOCAL_SERVER} [[LOCAL_SERVER}] port 2222.
debug1: Connection established.
debug1: identity file /home/bckadm/nowackj1/.ssh/id_dsa type -1
debug1: identity file /home/bckadm/nowackj1/.ssh/id_dsa-cert type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_7.2p2 Ubuntu-4ubuntu2.4
debug1: match: OpenSSH_7.2p2 Ubuntu-4ubuntu2.4 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.3
debug2: fd 3 setting O_NONBLOCK
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa-cert-v01@openssh.com,ssh-dss-cert-v01@openssh.com,ssh-rsa-cert-v00@openssh.com,ssh-dss-cert-v00@openssh.com,ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: kex_parse_kexinit: curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1
debug2: kex_parse_kexinit: ssh-rsa,rsa-sha2-512,rsa-sha2-256,ecdsa-sha2-nistp256,ssh-ed25519
debug2: kex_parse_kexinit: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
debug2: kex_parse_kexinit: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
debug2: kex_parse_kexinit: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: kex_parse_kexinit: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: kex_parse_kexinit: none,zlib@openssh.com
debug2: kex_parse_kexinit: none,zlib@openssh.com
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: mac_setup: found hmac-sha1
debug1: kex: server->client aes128-ctr hmac-sha1 none
debug2: mac_setup: found hmac-sha1
debug1: kex: client->server aes128-ctr hmac-sha1 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<2048<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug2: dh_gen_key: priv key bits set: 159/320
debug2: bits set: 1030/2048
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: checking without port identifier
debug1: Host '[LOCAL_SERVER}' is known and matches the RSA host key.
debug1: Found key in /home/bckadm/nowackj1/.ssh/known_hosts:2
debug1: found matching key w/out port
debug2: bits set: 1008/2048
debug1: ssh_rsa_verify: signature correct
debug2: kex_derive_keys
debug2: set_newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug2: set_newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug2: key: /home/bckadm/nowackj1/.ssh/id_dsa ((nil))
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: Trying private key: /home/bckadm/nowackj1/.ssh/id_dsa
debug2: we did not send a packet, disable method
debug1: Next authentication method: password
jnowacki@[LOCAL_SERVER}'s password:

1voto

HBruijn Puntos 16577

La línea

debug1: identidad archivo /home/bckadm/nowackj1/.ssh/id_dsa

indica que su cliente ssh es solamente la búsqueda y el uso de un dsa clave, donde todos sus otros comandos se refieren a rsa claves.

Como OpenSSH 7.0 el dss (dsa) algoritmo está desactivada por defecto 1 (que creo que la posterior depuración de las líneas apuntan a):

debug1: Tratando de clave privada: /home/bckadm/nowackj1/.ssh/id_dsa
debug2: no enviamos un paquete, deshabilitar el método

Así que en mi humilde opinión que explica por qué usted no puede iniciar sesión, pero en cuanto a por qué pasa eso... yo no te puedo decir.

0voto

user708503 Puntos 3

Tuve que escribir este comando:

vim /etc/ssh/ssh_config

Y luego active id_rsa des-comentándolo. ¡Muchas gracias chicos! ¡Usted es maravilloso!

Roto:

  # IdentityFile ~/.ssh/identity
 # IdentityFile ~/.ssh/id_rsa 
 IdentityFile ~/.ssh/id_dsa
 

Trabajando:

 #   StrictHostKeyChecking ask
#   IdentityFile ~/.ssh/identity
IdentityFile ~/.ssh/id_rsa
IdentityFile ~/.ssh/id_dsa
 

Error clave en el archivo de registro:

 debug1: Trying private key: /home/bckadm/nowackj1/.ssh/id_dsa debug2: we did not send a packet, disable method
 

EnMiMaquinaFunciona.com

EnMiMaquinaFunciona es una comunidad de administradores de sistemas en la que puedes resolver tus problemas y dudas.
Puedes consultar las preguntas de otros sysadmin, hacer tus propias preguntas o resolver las de los demás.

Powered by: