Pentru mine, la un moment dat, n-a mai mers (dupa niste ani) corkscrew si am trecut pe httptunnel. Legat de neclaritatea de mai sus: probabil te intreaba interactiv cum sa tratezi cheia ssh necunoscuta a serverului (cu accentul pe "interactiv") - ergo, crapa. Rezolvarea e : StrictHostKeyChecking=accept-new // de preferat StrictHostKeyChecking=no // trade-off pe security -- Have a nice one, Marius Luca
On Fri, Nov 8, 2019 at 3:41 PM Mihai Osian <[email protected]> wrote: > Hmm, tot nu mi-e foarte clar ce se intampla, dar problema se rezolva daca > adaug manual cheia serverului meu la .ssh/known_hosts > > cat ~/.ssh/known_hosts > server.acasa.com ecdsa-sha2-nistp256 AAAAE2V[...] > > ssh user@*www*.acasa.com -o [...] > ==> REMOTE HOST IDENTIFICATION HAS CHANGED > > ssh user@*server*.acasa.com -o [...] > ==> ok > > Aparent daca nu gaseste o cheie explicita atunci face pattern-matching la > domeniul/ip-ul care corespunde proxy-ului (in /etc/ssh/known_hosts). > > Mihai > > > > > On Wed, Nov 6, 2019 at 3:55 PM Mihai Osian <[email protected]> wrote: > > > Salut, > > > > La locul meu de munca se foloseste un HTTP proxy pentru conexiunile > catre > > exterior. In browser proxy-ul e configurat automat si arata ceva de genul > > http://pac.companyproxy.com:9512/proxy.pac > > > > Ambitia mea este sa ma conectez cu ssh la calculatorul de acasa. Citind > > howto-uri am ajuns la urmatoarea formula: > > > > ssh [email protected] -o "ProxyCommand ~/bin/corkscrew pac.companyproxy.com > > 9512 www.acasa.com 22 ~/.ssh/auth" > > > > Acest "corkscrew" e un mic programel care se conecteaza la proxy folosind > > HTTP si trimite username+parola pentru autentificare (specificate in > > ~/.ssh/auth sau intr-o variabila de mediu). Ruland linia de mai sus obtin > > asa: > > > > @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ > > @ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @ > > @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ > > IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY! > > Someone could be eavesdropping on you right now (man-in-the-middle > attack)! > > It is also possible that a host key has just been changed. > > The fingerprint for the RSA key sent by the remote host is > > SHA256:OhXPy3SjwV3zei5RGwCaQ4zFIVYfDvl/B+WAuDiGQgw. > > Please contact your system administrator. > > Add correct host key in /auto/home/mih/.ssh/known_hosts to get rid of > this > > message. > > Offending RSA key in /etc/ssh/ssh_known_hosts:627 > > RSA host key for <acasa> has changed and you have requested strict > > checking. > > Host key verification failed. > > > > Linia 627 din /etc/ssh/ssh_known_hosts arata asa: > > mih@dhws039: sed '627!d' /etc/ssh/ssh_known_hosts > > *,<proxy_ip_prefix>.* ssh-rsa AAAAB3Nza[...] > > > > Daca rulez ssh cu "-vv" vad asa: > > ssh -vv [email protected] -o "ProxyCommand ~/bin/corkscrew > > pac.companyproxy.com 9512 www.acasa.com 22 ~/.ssh/auth" > > > > OpenSSH_7.4p1, OpenSSL 1.0.2k-fips 26 Jan 2017 > > debug1: Reading configuration data /auto/home/mih/.ssh/config > > debug1: Reading configuration data /etc/ssh/ssh_config > > debug1: /etc/ssh/ssh_config line 51: Applying options for * > > debug1: Executing proxy command: exec /auto/home/mih/bin/corkscrew > > pac.<proxy>.com 9512 <acasa> 22 /auto/home/mih/.ssh/auth > > debug1: permanently_drop_suid: 10336 > > debug1: identity file /auto/home/mih/.ssh/id_rsa type 1 > > debug1: key_load_public: No such file or directory > > [...] > > debug1: Enabling compatibility mode for protocol 2.0 > > debug1: Local version string SSH-2.0-OpenSSH_7.4 > > > > *debug1: Remote protocol version 2.0, remote software version > > OpenSSH_6.6.1_hpn13v11 FreeBSD-20140420debug1: match: > > OpenSSH_6.6.1_hpn13v11 FreeBSD-20140420 pat OpenSSH_6.6.1* compat > > 0x04000000* > > debug1: Authenticating to acasa:22 as 'mike' > > debug1: SSH2_MSG_KEXINIT sent > > debug1: SSH2_MSG_KEXINIT received > > debug1: kex: algorithm: [email protected] > > debug1: kex: host key algorithm: ssh-rsa > > debug1: kex: server->client cipher: [email protected] MAC: > > <implicit> compression: none > > debug1: kex: client->server cipher: [email protected] MAC: > > <implicit> compression: none > > debug1: kex: [email protected] need=64 dh_need=64 > > debug1: kex: [email protected] need=64 dh_need=64 > > debug1: expecting SSH2_MSG_KEX_ECDH_REPLY > > debug1: Server host key: ssh-rsa > > SHA256:OhXPy3SjwV3zei5RGwCaQ4zFIVYfDvl/B+WAuDiGQgw > > @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ > > @ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @ > > @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ > > IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY! > > Someone could be eavesdropping on you right now (man-in-the-middle > attack)! > > It is also possible that a host key has just been changed. > > The fingerprint for the RSA key sent by the remote host is > > SHA256:OhXPy3SjwV3zei5RGwCaQ4zFIVYfDvl/B+WAuDiGQgw. > > Please contact your system administrator. > > Add correct host key in /auto/home/mih/.ssh/known_hosts to get rid of > this > > message. > > Offending RSA key in /etc/ssh/ssh_known_hosts:627 > > RSA host key for erebus has changed and you have requested strict > checking. > > Host key verification failed. > > mih@dhws039: > > > > Linia subliniata mai sus ("*OpenSSH_6.6.1_hpn13v11 FreeBSD-20140420") *e > > serverul de acasa, deci ajunge pana acolo, dar apoi o ia razna. De > > asemenea, rulat singur din linia de comanda programelul corkscrew isi > face > > treaba: > > > > mih@dhws039: /auto/home/mih/bin/corkscrew <proxy> 9512 <acasa> 22 > > /auto/home/mih/.ssh/auth > > SSH-2.0-OpenSSH_6.6.1_hpn13v11 FreeBSD-20140420 > > > > Poate cineva sa ma lamureasca ce se intampla ? Cum isi obtine ssh-ul > > cheile de server, si de ce ajunge sa le confunde cu alea de la proxy ? > > > > Mihai > > > > > _______________________________________________ > RLUG mailing list > [email protected] > http://lists.lug.ro/mailman/listinfo/rlug_lists.lug.ro > _______________________________________________ RLUG mailing list [email protected] http://lists.lug.ro/mailman/listinfo/rlug_lists.lug.ro
