Am 23.12.2007 um 14:50 schrieb Jan-Benedict Glaw:
Mach' doch bitte mal Deinen komischen Email-Client heile, sodaß er
nicht mehrere "> > > " zu einem ">>> " zusammenfaßt. Danke.
Das kann ich nicht;-(
Ich kann die "Zitat-Vorzeichen" nicht ändern.
Jup, so sollte das sein.
Prima, dann sind wir uns ja einig;-)
Schön, dass Du es auch nicht verstehen tust;-)
In der authorized_keys auf dem server (linux Laptop) steht definitiv
wirklich der pub-key!!!
Habe gerade beide verglichen.
Wenn ich die Fehlermeldung richtig verstehe ist der Fehler eher
clientseitig:
debug1: identity file /Users/tb/.ssh/identity type -1
debug3: Not a RSA1 key file /Users/tb/.ssh/id_rsa.
^^^^^^^^^^^^^^^^^^^^=Client
debug2: key_type_from_name: unknown key type '-----BEGIN'
debug3: key_read: missing keytype
debug3: key_read: missing whitespace
Ah!
Dann erzeug' doch mal einen rsa1 key (-t rsa1). Die Frage ist aber,
warum er mit dem rsa-Key (für SSH2-Protocol) nichts anfangen kann?
Welche SSH-Protokoll-Version wird denn ausgehandelt? Sollte recht weit
zu Anfang stehen.
1.0 -> Ich kann nur SSH1
1.1 -> Ich kann SSH1 und SSH2, aber bevorzuge SSH1
1.9 -> Ich kann SSH1 und SSH2, aber bevorzuge SSH2
2.0 -> Ich kann nur SSH2
Da das SSH1-Protokoll nachgewiesene Schwächen hat, solltest Du nach
Möglichkeit ausschließlich SSH2 benutzen.
Damit funktionieren dann die keys, die mit "-t rsa" und "-t dsa"
generiert worden sind.
Ich habe es jetzt mit einem rsa1-key versucht (identity und
identity.pub letzteren nach authorized-keys geschrieben).
Hast Du nochmal die -v -v -v Ausgabe von Client und Server am Stück
für mich?
MfG, JBG
--
Jan-Benedict Glaw [EMAIL PROTECTED]
+49-172-7608481
Signature of: Fortschritt bedeutet, einen Schritt so
zu machen,
the second : daß man den nächsten auch noch
machen kann.
Hier kommt die Ausgabe mit den aktuellen Werten und configs mit
demrsa1 key.
Grüße
Thomas
server:
aktuelle sshd_config:
mobil:/home/tb/.ssh# cat /etc/ssh/sshd_config
# Package generated configuration file
# See the sshd(8) manpage for details
# What ports, IPs and protocols we listen for
Port 22
# Use these options to restrict which interfaces/protocols sshd will bind to
#ListenAddress ::
#ListenAddress 0.0.0.0
Protocol 2
# HostKeys for protocol version 2
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_dsa_key
#Privilege Separation is turned on for security
UsePrivilegeSeparation yes
#PubKeyAuthentication yes
DSAAuthentication yes
RSAAuthentication yes
#StrictModes yes
#UsePrivilegeSeparation yes
KeepAlive yes
#RhostsAuthentication no
ChallengeResponseAuthentication no
#AllowUsers tb
# Lifetime and size of ephemeral version 1 server key
KeyRegenerationInterval 1800
ServerKeyBits 4096
# Logging
SyslogFacility AUTH
LogLevel VERBOSE
# Authentication:
LoginGraceTime 120
PermitRootLogin no
StrictModes yes
RSAAuthentication yes
PubkeyAuthentication yes
AuthorizedKeysFile %h/.ssh/authorized_keys
# Don't read the user's ~/.rhosts and ~/.shosts files
IgnoreRhosts no
# For this to work you will also need host keys in /etc/ssh_known_hosts
RhostsRSAAuthentication yes
# similar for protocol version 2
HostbasedAuthentication yes
# Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication
#IgnoreUserKnownHosts yes
# To enable empty passwords, change to yes (NOT RECOMMENDED)
PermitEmptyPasswords no
# Change to yes to enable challenge-response passwords (beware issues with
# some PAM modules and threads)
ChallengeResponseAuthentication no
# Change to no to disable tunnelled clear text passwords
PasswordAuthentication no
# Kerberos options
#KerberosAuthentication no
#KerberosGetAFSToken no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes
# GSSAPI options
#GSSAPIAuthentication no
#GSSAPICleanupCredentials yes
X11Forwarding yes
X11DisplayOffset 10
PrintMotd no
PrintLastLog yes
TCPKeepAlive yes
#UseLogin no
#MaxStartups 10:30:60
#Banner /etc/issue.net
# Allow client to pass locale environment variables
AcceptEnv LANG LC_*
Subsystem sftp /usr/lib/openssh/sftp-server
UsePAM yes
debug1: sshd version OpenSSH_4.6p1 Debian-5
debug1: read PEM private key done: type RSA
debug1: private host key: #0 type 1 RSA
debug1: read PEM private key done: type DSA
debug1: private host key: #1 type 2 DSA
debug1: rexec_argv[0]='/usr/sbin/sshd'
debug1: rexec_argv[1]='-d'
debug1: Bind to port 22 on ::.
Server listening on :: port 22.
debug1: Bind to port 22 on 0.0.0.0.
Bind to port 22 on 0.0.0.0 failed: Address already in use.
debug1: Server will not fork when running in debugging mode.
debug1: rexec start in 4 out 4 newsock 4 pipe -1 sock 7
debug1: inetd sockets after dupping: 3, 3
Connection from 192.168.2.20 port 49194
debug1: Client protocol version 2.0; client software version OpenSSH_4.5
debug1: match: OpenSSH_4.5 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_4.6p1 Debian-5
debug1: permanently_set_uid: 110/65534
debug1: list_hostkey_types: ssh-rsa,ssh-dss
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: kex: server->client aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST received
debug1: SSH2_MSG_KEX_DH_GEX_GROUP sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_INIT
debug1: SSH2_MSG_KEX_DH_GEX_REPLY sent
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: KEX done
debug1: userauth-request for user tb service ssh-connection method none
debug1: attempt 0 failures 0
debug1: PAM: initializing for "tb"
debug1: PAM: setting PAM_RHOST to "imac"
debug1: PAM: setting PAM_TTY to "ssh"
Connection closed by 192.168.2.20
debug1: do_cleanup
debug1: do_cleanup
client:
imac:~/.ssh tb$ cat /etc/ssh_config
# $OpenBSD: ssh_config,v 1.20 2005/01/28 09:45:53 dtucker Exp $
# This is the ssh client system-wide configuration file. See
# ssh_config(5) for more information. This file provides defaults for
# users, and the values can be changed in per-user configuration files
# or on the command line.
# Configuration data is parsed as follows:
# 1. command line options
# 2. user-specific file
# 3. system-wide file
# Any configuration value is only changed the first time it is set.
# Thus, host-specific definitions should be at the beginning of the
# configuration file, and defaults at the end.
# Site-wide defaults for some commonly used options. For a comprehensive
# list of available options, their meanings and defaults, please see the
# ssh_config(5) man page.
# Host *
# ForwardAgent no
# ForwardX11 no
RhostsRSAAuthentication no
RSAAuthentication yes
PasswordAuthentication no
# HostbasedAuthentication no
# PreferredAuthentications publickey
PubkeyAuthentication yes
GSSAPIAuthentication no
GSSAPIDelegateCredentials no
GSSAPIKeyExchange no
GSSAPITrustDNS no
# BatchMode no
# CheckHostIP yes
# AddressFamily any
# ConnectTimeout 0
# StrictHostKeyChecking ask
# IdentityFile ~/.ssh/identity
# IdentityFile ~/.ssh/id_rsa
# IdentityFile ~/.ssh/id_dsa
Port 22
Protocol 2,1
# Cipher 3des
# Ciphers
aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc
# EscapeChar ~
# Tunnel no
# TunnelDevice any:any
# PermitLocalCommand no
imac:~/.ssh tb$ ssh [EMAIL PROTECTED] -vvv
OpenSSH_4.5p1, OpenSSL 0.9.7l 28 Sep 2006
debug1: Reading configuration data /etc/ssh_config
debug2: ssh_connect: needpriv 0
debug1: Connecting to 192.168.2.21 [192.168.2.21] port 22.
debug1: Connection established.
debug1: identity file /Users/tb/.ssh/identity type 0
debug1: identity file /Users/tb/.ssh/id_rsa type -1
debug1: identity file /Users/tb/.ssh/id_dsa type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_4.6p1
Debian-5
debug1: match: OpenSSH_4.6p1 Debian-5 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_4.5
debug2: fd 3 setting O_NONBLOCK
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit:
diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit:
aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,[EMAIL
PROTECTED],aes128-ctr,aes192-ctr,aes256-ctr
debug2: kex_parse_kexinit:
aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,[EMAIL
PROTECTED],aes128-ctr,aes192-ctr,aes256-ctr
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,[EMAIL
PROTECTED],hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,[EMAIL
PROTECTED],hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,[EMAIL PROTECTED],zlib
debug2: kex_parse_kexinit: none,[EMAIL PROTECTED],zlib
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: kex_parse_kexinit:
diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit:
aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,[EMAIL
PROTECTED],aes128-ctr,aes192-ctr,aes256-ctr
debug2: kex_parse_kexinit:
aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,[EMAIL
PROTECTED],aes128-ctr,aes192-ctr,aes256-ctr
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,[EMAIL
PROTECTED],hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,[EMAIL
PROTECTED],hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,[EMAIL PROTECTED]
debug2: kex_parse_kexinit: none,[EMAIL PROTECTED]
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: mac_init: found hmac-md5
debug1: kex: server->client aes128-cbc hmac-md5 none
debug2: mac_init: found hmac-md5
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug2: dh_gen_key: priv key bits set: 115/256
debug2: bits set: 491/1024
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug3: check_host_in_hostfile: filename /Users/tb/.ssh/known_hosts
debug3: check_host_in_hostfile: match line 1
debug1: Host '192.168.2.21' is known and matches the RSA host key.
debug1: Found key in /Users/tb/.ssh/known_hosts:1
debug2: bits set: 518/1024
debug1: ssh_rsa_verify: signature correct
debug2: kex_derive_keys
debug2: set_newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug2: set_newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug2: key: /Users/tb/.ssh/id_rsa (0x0)
debug2: key: /Users/tb/.ssh/id_dsa (0x0)
debug1: Authentications that can continue: publickey,hostbased
debug3: start over, passed a different list publickey,hostbased
debug3: preferred publickey,keyboard-interactive
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Trying private key: /Users/tb/.ssh/id_rsa
debug3: no such identity: /Users/tb/.ssh/id_rsa
debug1: Trying private key: /Users/tb/.ssh/id_dsa
debug3: no such identity: /Users/tb/.ssh/id_dsa
debug2: we did not send a packet, disable method
debug1: No more authentication methods to try.
Permission denied (publickey,hostbased).
--
Linux mailing list [email protected]
subscribe/unsubscribe: http://lug-owl.de/mailman/listinfo/linux
Hinweise zur Nutzung: http://www.lug-owl.de/Mailingliste/hints.epo
