Проблемы с OpenSSH on AIX 5.3

Главная Форумы POWER Systems AIX/Hardware Проблемы с OpenSSH on AIX 5.3

Просмотр 20 веток ответов
  • Автор
    Сообщения
    • #9338
      Aleksandr
      Участник

      Дано.
      5300-12-01-1016
      openssh.base.client 5.2.0.5300 COMMITTED Open Secure Shell Commands
      openssh.base.server 5.2.0.5300 COMMITTED Open Secure Shell Server
      openssh.man.en_US 5.2.0.5300 COMMITTED Open Secure Shell
      openssh.msg.en_US 5.2.0.5300 COMMITTED Open Secure Shell Messages –
      openssh.base.client 5.2.0.5300 COMMITTED Open Secure Shell Commands
      openssh.base.server 5.2.0.5300 COMMITTED Open Secure Shell Server

      И в итоге не работает. Стартует без ошибок. Пытаюсь зайти, просто Connection closed by ххх.ххх.ххх.ххх

      Вот кусок лога на сервере
      Aug 21 16:55:44 dbquorum01 auth|security:debug sshd[291034]: debug1: fd 4 clearing O_NONBLOCK
      Aug 21 16:55:44 dbquorum01 auth|security:debug sshd[364774]: debug1: rexec start in 4 out 4 newsock 4 pipe 6 sock 7
      Aug 21 16:55:44 dbquorum01 auth|security:debug sshd[291034]: debug1: Forked child 364774.
      Aug 21 16:55:44 dbquorum01 auth|security:debug sshd[291034]: debug3: send_rexec_state: entering fd = 7 config len 390
      Aug 21 16:55:44 dbquorum01 auth|security:debug sshd[291034]: debug3: ssh_msg_send: type 0
      Aug 21 16:55:44 dbquorum01 auth|security:debug sshd[291034]: debug3: send_rexec_state: done
      Aug 21 16:55:44 dbquorum01 auth|security:debug sshd[364774]: debug1: inetd sockets after dupping: 5, 5
      Aug 21 16:55:44 dbquorum01 auth|security:info sshd[364774]: Connection from 172.26.26.21 port 36250
      Aug 21 16:55:44 dbquorum01 auth|security:debug sshd[364774]: debug1: Client protocol version 2.0; client software version OpenSSH_5.4
      Aug 21 16:55:44 dbquorum01 auth|security:debug sshd[364774]: debug1: match: OpenSSH_5.4 pat OpenSSH*
      Aug 21 16:55:44 dbquorum01 auth|security:debug sshd[364774]: debug1: Enabling compatibility mode for protocol 2.0
      Aug 21 16:55:44 dbquorum01 auth|security:debug sshd[364774]: debug1: Local version string SSH-2.0-OpenSSH_5.2
      Aug 21 16:55:44 dbquorum01 auth|security:debug sshd[364774]: debug3: Value for authType is STD_AUTH
      Aug 21 16:55:44 dbquorum01 auth|security:debug sshd[364774]: debug1: Failed dlopen: /usr/krb5/lib/libkrb5.a(libkrb5.a.so): t0509-022 Cannot load module /usr/krb5/lib/libkrb5.a(libkrb5.a.so).nt0509-026 System error: A file or directory in the path name does not exist.n
      Aug 21 16:55:44 dbquorum01 auth|security:debug sshd[364774]: debug1: Error loading Kerberos, disabling the Kerberos auth
      Aug 21 16:55:44 dbquorum01 auth|security:debug sshd[364774]: debug2: fd 5 setting O_NONBLOCK
      Aug 21 16:55:44 dbquorum01 auth|security:debug sshd[364774]: debug2: Network child is on pid 442504
      Aug 21 16:55:44 dbquorum01 auth|security:debug sshd[364774]: debug3: preauth child monitor started
      Aug 21 16:55:44 dbquorum01 auth|security:debug sshd[364774]: debug3: mm_request_receive entering
      Aug 21 16:55:44 dbquorum01 auth|security:debug sshd[364774]: debug3: monitor_read: checking request 0
      Aug 21 16:55:44 dbquorum01 auth|security:debug sshd[364774]: debug3: mm_answer_moduli: got parameters: 1024 1024 8192
      Aug 21 16:55:44 dbquorum01 auth|security:debug sshd[364774]: debug3: mm_request_send entering: type 1
      Aug 21 16:55:44 dbquorum01 auth|security:debug sshd[364774]: debug2: monitor_read: 0 used once, disabling now
      Aug 21 16:55:44 dbquorum01 auth|security:debug sshd[364774]: debug3: mm_request_receive entering
      Aug 21 16:55:44 dbquorum01 auth|security:debug sshd[364774]: debug3: monitor_read: checking request 4
      Aug 21 16:55:44 dbquorum01 auth|security:debug sshd[364774]: debug3: mm_answer_sign
      Aug 21 16:55:44 dbquorum01 auth|security:debug sshd[364774]: debug3: mm_answer_sign: signature 2005d128(271)
      Aug 21 16:55:44 dbquorum01 auth|security:debug sshd[364774]: debug3: mm_request_send entering: type 5
      Aug 21 16:55:44 dbquorum01 auth|security:debug sshd[364774]: debug2: monitor_read: 4 used once, disabling now
      Aug 21 16:55:44 dbquorum01 auth|security:debug sshd[364774]: debug3: mm_request_receive entering
      Aug 21 16:55:44 dbquorum01 auth|security:debug sshd[364774]: debug3: monitor_read: checking request 6
      Aug 21 16:55:44 dbquorum01 auth|security:debug sshd[364774]: debug3: mm_answer_pwnamallow
      Aug 21 16:55:44 dbquorum01 auth|security:debug sshd[364774]: debug2: parse_server_config: config reprocess config len 390
      Aug 21 16:55:44 dbquorum01 auth|security:debug sshd[364774]: debug3: AIX/loginrestrictions returned 0 msg (none)
      Aug 21 16:55:44 dbquorum01 auth|security:debug sshd[364774]: debug3: mm_answer_pwnamallow: sending MONITOR_ANS_PWNAM: 1
      Aug 21 16:55:44 dbquorum01 auth|security:debug sshd[364774]: debug3: mm_request_send entering: type 7
      Aug 21 16:55:44 dbquorum01 auth|security:debug sshd[364774]: debug2: monitor_read: 6 used once, disabling now
      Aug 21 16:55:44 dbquorum01 auth|security:debug sshd[364774]: debug3: mm_request_receive entering
      Aug 21 16:55:44 dbquorum01 auth|security:debug sshd[364774]: debug3: monitor_read: checking request 3
      Aug 21 16:55:44 dbquorum01 auth|security:debug sshd[364774]: debug3: mm_answer_authserv: service=ssh-connection, style=
      Aug 21 16:55:44 dbquorum01 auth|security:debug sshd[364774]: debug2: monitor_read: 3 used once, disabling now
      Aug 21 16:55:44 dbquorum01 auth|security:debug sshd[364774]: debug3: mm_request_receive entering
      Aug 21 16:55:44 dbquorum01 auth|security:debug sshd[364774]: debug3: monitor_read: checking request 10
      Aug 21 16:55:44 dbquorum01 auth|security:debug sshd[364774]: debug3: mm_answer_authpassword: sending result 0
      Aug 21 16:55:44 dbquorum01 auth|security:debug sshd[364774]: debug3: mm_request_send entering: type 11
      Aug 21 16:55:44 dbquorum01 auth|security:info sshd[364774]: Failed none for marad from 172.26.26.21 port 36250 ssh2
      Aug 21 16:55:44 dbquorum01 auth|security:debug sshd[364774]: debug3: mm_request_receive entering
      Aug 21 16:55:44 dbquorum01 auth|security:debug sshd[364774]: debug3: monitor_read: checking request 20
      Aug 21 16:55:44 dbquorum01 auth|security:debug sshd[364774]: debug3: mm_answer_keyallowed entering
      Aug 21 16:55:44 dbquorum01 auth|security:debug sshd[364774]: debug3: mm_answer_keyallowed: key_from_blob: 2005cb98
      Aug 21 16:55:44 dbquorum01 auth|security:debug sshd[364774]: debug1: temporarily_use_uid: 1001/0 (e=0/0)
      Aug 21 16:55:44 dbquorum01 auth|security:debug sshd[364774]: debug1: trying public key file /home/marad/.ssh/authorized_keys
      Aug 21 16:55:44 dbquorum01 auth|security:debug sshd[364774]: debug1: fd 4 clearing O_NONBLOCK
      Aug 21 16:55:44 dbquorum01 auth|security:debug sshd[364774]: debug3: secure_filename: checking ‘/home/marad/.ssh’
      Aug 21 16:55:44 dbquorum01 auth|security:debug sshd[364774]: debug3: secure_filename: checking ‘/home/marad’
      Aug 21 16:55:44 dbquorum01 auth|security:debug sshd[364774]: debug3: secure_filename: terminating check at ‘/home/marad’
      Aug 21 16:55:44 dbquorum01 auth|security:debug sshd[364774]: debug1: matching key found: file /home/marad/.ssh/authorized_keys, line 1
      Aug 21 16:55:44 dbquorum01 auth|security:info sshd[364774]: Found matching RSA key: a7:3f:11:ac:bc:70:99:e3:3a:fa:c5:d7:83:9c:73:32
      Aug 21 16:55:44 dbquorum01 auth|security:debug sshd[364774]: debug1: restore_uid: 0/0
      Aug 21 16:55:44 dbquorum01 auth|security:debug sshd[364774]: debug3: mm_answer_keyallowed: key 2005cb98 is allowed
      Aug 21 16:55:44 dbquorum01 auth|security:debug sshd[364774]: debug3: mm_request_send entering: type 21
      Aug 21 16:55:44 dbquorum01 auth|security:debug sshd[364774]: debug3: mm_request_receive entering
      Aug 21 16:55:44 dbquorum01 auth|security:debug sshd[364774]: debug1: do_cleanup

    • #9341
      andrewk
      Участник

      проверьте:

      Aug 21 16:55:44 dbquorum01 auth|security:debug sshd[364774]: debug1: Failed dlopen: /usr/krb5/lib/libkrb5.a(libkrb5.a.so): t0509-022 Cannot load module /usr/krb5/lib/libkrb5.a(libkrb5.a.so).nt0509-026 System error: A file or directory in the path name does not exist.n

    • #9342
      Serg
      Участник

      или так попробуйте зайти ssh -vv ip_address

    • #9343
      Serg
      Участник

      это две v

    • #9344
      Aleksandr
      Участник

      ssh -vvvvv dbquorum01
      OpenSSH_5.4p1, OpenSSL 1.0.0 29 Mar 2010
      debug1: Reading configuration data /etc/ssh/ssh_config
      debug1: Applying options for *
      debug2: ssh_connect: needpriv 0
      debug1: Connecting to dbquorum01 [172.29.4.189] port 22.
      debug1: Connection established.
      debug3: Not a RSA1 key file /home/marad/.ssh/id_rsa.
      debug2: key_type_from_name: unknown key type ‘—–BEGIN’
      debug3: key_read: missing keytype
      debug3: key_read: missing whitespace
      debug3: key_read: missing whitespace
      debug3: key_read: missing whitespace
      debug3: key_read: missing whitespace
      debug3: key_read: missing whitespace
      debug3: key_read: missing whitespace
      debug3: key_read: missing whitespace
      debug3: key_read: missing whitespace
      debug3: key_read: missing whitespace
      debug3: key_read: missing whitespace
      debug3: key_read: missing whitespace
      debug3: key_read: missing whitespace
      debug3: key_read: missing whitespace
      debug2: key_type_from_name: unknown key type ‘—–END’
      debug3: key_read: missing keytype
      debug1: identity file /home/marad/.ssh/id_rsa type 1
      debug1: identity file /home/marad/.ssh/id_rsa-cert type -1
      debug1: identity file /home/marad/.ssh/id_dsa type -1
      debug1: identity file /home/marad/.ssh/id_dsa-cert type -1
      debug1: Remote protocol version 2.0, remote software version OpenSSH_5.2
      debug1: match: OpenSSH_5.2 pat OpenSSH*
      debug1: Enabling compatibility mode for protocol 2.0
      debug1: Local version string SSH-2.0-OpenSSH_5.4
      debug2: fd 3 setting O_NONBLOCK
      debug1: SSH2_MSG_KEXINIT sent
      debug1: SSH2_MSG_KEXINIT received
      debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
      debug2: kex_parse_kexinit: ssh-rsa-cert-v00@openssh.com,ssh-dss-cert-v00@openssh.com,ssh-rsa,ssh-dss
      debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
      debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
      debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
      debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
      debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
      debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
      debug2: kex_parse_kexinit:
      debug2: kex_parse_kexinit:
      debug2: kex_parse_kexinit: first_kex_follows 0
      debug2: kex_parse_kexinit: reserved 0
      debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
      debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
      debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
      debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
      debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
      debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
      debug2: kex_parse_kexinit: none,zlib@openssh.com
      debug2: kex_parse_kexinit: none,zlib@openssh.com
      debug2: kex_parse_kexinit:
      debug2: kex_parse_kexinit:
      debug2: kex_parse_kexinit: first_kex_follows 0
      debug2: kex_parse_kexinit: reserved 0
      debug2: mac_setup: found hmac-md5
      debug1: kex: server->client aes128-ctr hmac-md5 none
      debug2: mac_setup: found hmac-md5
      debug1: kex: client->server aes128-ctr hmac-md5 none
      debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
      debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
      debug2: dh_gen_key: priv key bits set: 112/256
      debug2: bits set: 500/1024
      debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
      debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
      debug3: check_host_in_hostfile: host dbquorum01 filename /home/marad/.ssh/known_hosts
      debug3: check_host_in_hostfile: host dbquorum01 filename /home/marad/.ssh/known_hosts
      debug3: check_host_in_hostfile: match line 84
      debug3: check_host_in_hostfile: host 172.29.4.189 filename /home/marad/.ssh/known_hosts
      debug3: check_host_in_hostfile: host 172.29.4.189 filename /home/marad/.ssh/known_hosts
      debug3: check_host_in_hostfile: match line 84
      debug1: Host 'dbquorum01' is known and matches the RSA host key.
      debug1: Found key in /home/marad/.ssh/known_hosts:84
      debug2: bits set: 536/1024
      debug1: ssh_rsa_verify: signature correct
      debug2: kex_derive_keys
      debug2: set_newkeys: mode 1
      debug1: SSH2_MSG_NEWKEYS sent
      debug1: expecting SSH2_MSG_NEWKEYS
      debug2: set_newkeys: mode 0
      debug1: SSH2_MSG_NEWKEYS received
      debug1: Roaming not allowed by server
      debug1: SSH2_MSG_SERVICE_REQUEST sent
      debug2: service_accept: ssh-userauth
      debug1: SSH2_MSG_SERVICE_ACCEPT received
      debug2: key: /home/marad/.ssh/id_rsa (0xb7839090)
      debug2: key: /home/marad/.ssh/id_dsa ((nil))
      debug1: Authentications that can continue: publickey,password,keyboard-interactive
      debug3: start over, passed a different list publickey,password,keyboard-interactive
      debug3: preferred publickey,keyboard-interactive,password
      debug3: authmethod_lookup publickey
      debug3: remaining preferred: keyboard-interactive,password
      debug3: authmethod_is_enabled publickey
      debug1: Next authentication method: publickey
      debug1: Offering public key: /home/marad/.ssh/id_rsa
      debug3: send_pubkey_test
      debug2: we sent a publickey packet, wait for reply
      Connection closed by 172.29.4.189

    • #9345
      Serg
      Участник

      похоже ваш публичный ключ на dbquorum01 не ваш, а чей то чужой)

    • #9346
      Aleksandr
      Участник

      Без ключа он так же не заходит

    • #9347
      Serg
      Участник

      а в sshd_config
      этот параметр чему равен PasswordAuthentication?

    • #9348
      Aleksandr
      Участник

      # $OpenBSD: sshd_config,v 1.77 2008/02/08 23:24:07 djm Exp $

      # This is the sshd server system-wide configuration file. See
      # sshd_config(5) for more information.

      # This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin

      # The strategy used for options in the default sshd_config shipped with
      # OpenSSH is to specify options with their default value where
      # possible, but leave them commented. Uncommented options change a
      # default value.

      Port 22
      AddressFamily inet
      ListenAddress 172.29.4.189
      #ListenAddress ::

      # Disable legacy (protocol version 1) support in the server for new
      # installations. In future the default will change to require explicit
      # activation of protocol 1
      Protocol 2,1

      # HostKey for protocol version 1
      #HostKey /etc/ssh/ssh_host_key
      # HostKeys for protocol version 2
      #HostKey /etc/ssh/ssh_host_rsa_key
      #HostKey /etc/ssh/ssh_host_dsa_key

      # Lifetime and size of ephemeral version 1 server key
      #KeyRegenerationInterval 1h
      #ServerKeyBits 768

      # Logging
      # obsoletes QuietMode and FascistLogging
      #SyslogFacility AUTH
      #LogLevel INFO
      LogLevel DEBUG3

      # Authentication:

      #LoginGraceTime 2m
      PermitRootLogin yes
      #StrictModes yes
      #MaxAuthTries 6

      #RSAAuthentication yes
      #PubkeyAuthentication yes
      #AuthorizedKeysFile .ssh/authorized_keys

      # For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
      #RhostsRSAAuthentication no
      # similar for protocol version 2
      #HostbasedAuthentication no
      # Change to yes if you don’t trust ~/.ssh/known_hosts for
      # RhostsRSAAuthentication and HostbasedAuthentication
      #IgnoreUserKnownHosts no
      # Don’t read the user’s ~/.rhosts and ~/.shosts files
      #IgnoreRhosts yes

      # To disable tunneled clear text passwords, change to no here!
      PasswordAuthentication yes
      PermitEmptyPasswords no

      # Change to no to disable s/key passwords
      #ChallengeResponseAuthentication yes

      # Kerberos options
      KerberosAuthentication no
      #KerberosOrLocalPasswd yes
      #KerberosTicketCleanup yes
      #KerberosGetAFSToken no

      # GSSAPI options
      #GSSAPIAuthentication no
      #GSSAPICleanupCredentials yes

      # Set this to ‘yes’ to enable PAM authentication, account processing,
      # and session processing. If this is enabled, PAM authentication will
      # be allowed through the ChallengeResponseAuthentication and
      # PasswordAuthentication. Depending on your PAM configuration,
      # PAM authentication via ChallengeResponseAuthentication may bypass
      # the setting of “PermitRootLogin without-password”.
      # If you just want the PAM account and session checks to run without
      # PAM authentication, then enable this but set PasswordAuthentication
      # and ChallengeResponseAuthentication to ‘no’.
      #UsePAM no

      #AllowTcpForwarding yes
      #GatewayPorts no
      X11Forwarding yes
      X11DisplayOffset 10
      X11UseLocalhost yes
      #PrintMotd yes
      #PrintLastLog yes
      TCPKeepAlive yes
      UseLogin yes
      #UsePrivilegeSeparation yes
      #PermitUserEnvironment no
      #Compression delayed
      #ClientAliveInterval 0
      #ClientAliveCountMax 3
      UseDNS no
      PidFile /var/run/sshd.pid
      #MaxStartups 10
      #PermitTunnel no
      #ChrootDirectory none

      # no default banner path
      #Banner none

      # override default of no subsystems
      Subsystem sftp /usr/sbin/sftp-server

      # Example of overriding settings on a per-user basis
      #Match User anoncvs
      # X11Forwarding no
      # AllowTcpForwarding no
      # ForceCommand cvs server

    • #9349
      Serg
      Участник

      через putty попробуйте зайти, или переименуйте .ssh

    • #9350
      Aleksandr
      Участник

      Вот такой конфиг с putty пускает Windows машины. С любой *NIX пускать не хочет.

      bash-3.2# cat /etc/ssh/sshd_config
      # $OpenBSD: sshd_config,v 1.77 2008/02/08 23:24:07 djm Exp $

      # This is the sshd server system-wide configuration file. See
      # sshd_config(5) for more information.

      # This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin

      # The strategy used for options in the default sshd_config shipped with
      # OpenSSH is to specify options with their default value where
      # possible, but leave them commented. Uncommented options change a
      # default value.

      Port 22
      AddressFamily inet
      ListenAddress 172.29.4.189
      #ListenAddress ::

      # Disable legacy (protocol version 1) support in the server for new
      # installations. In future the default will change to require explicit
      # activation of protocol 1
      Protocol 2

      # HostKey for protocol version 1
      #HostKey /etc/ssh/ssh_host_key
      # HostKeys for protocol version 2
      #HostKey /etc/ssh/ssh_host_rsa_key
      #HostKey /etc/ssh/ssh_host_dsa_key

      # Lifetime and size of ephemeral version 1 server key
      #KeyRegenerationInterval 1h
      #ServerKeyBits 768

      # Logging
      # obsoletes QuietMode and FascistLogging
      #SyslogFacility AUTH
      #LogLevel INFO
      LogLevel DEBUG3

      # Authentication:

      #LoginGraceTime 2m
      PermitRootLogin yes
      #StrictModes yes
      #MaxAuthTries 6

      RSAAuthentication yes
      PubkeyAuthentication yes
      #AuthorizedKeysFile .ssh/authorized_keys

      # For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
      RhostsRSAAuthentication no
      # similar for protocol version 2
      HostbasedAuthentication no
      # Change to yes if you don’t trust ~/.ssh/known_hosts for
      # RhostsRSAAuthentication and HostbasedAuthentication
      IgnoreUserKnownHosts no
      # Don’t read the user’s ~/.rhosts and ~/.shosts files
      IgnoreRhosts yes

      # To disable tunneled clear text passwords, change to no here!
      PasswordAuthentication yes
      PermitEmptyPasswords no

      # Change to no to disable s/key passwords
      ChallengeResponseAuthentication yes

      # Kerberos options
      KerberosAuthentication no
      #KerberosOrLocalPasswd yes
      #KerberosTicketCleanup yes
      #KerberosGetAFSToken no

      # GSSAPI options
      GSSAPIAuthentication no
      #GSSAPICleanupCredentials yes

      # Set this to ‘yes’ to enable PAM authentication, account processing,
      # and session processing. If this is enabled, PAM authentication will
      # be allowed through the ChallengeResponseAuthentication and
      # PasswordAuthentication. Depending on your PAM configuration,
      # PAM authentication via ChallengeResponseAuthentication may bypass
      # the setting of “PermitRootLogin without-password”.
      # If you just want the PAM account and session checks to run without
      # PAM authentication, then enable this but set PasswordAuthentication
      # and ChallengeResponseAuthentication to ‘no’.
      UsePAM no

      #AllowTcpForwarding yes
      #GatewayPorts no
      X11Forwarding yes
      X11DisplayOffset 10
      X11UseLocalhost yes
      #PrintMotd yes
      #PrintLastLog yes
      TCPKeepAlive yes
      #UseLogin yes
      #UsePrivilegeSeparation yes
      #PermitUserEnvironment no
      #Compression delayed
      #ClientAliveInterval 0
      #ClientAliveCountMax 3
      UseDNS no
      PidFile /var/run/sshd.pid
      #MaxStartups 10
      #PermitTunnel no
      #ChrootDirectory none

      # no default banner path
      #Banner none

      # override default of no subsystems
      Subsystem sftp /usr/sbin/sftp-server

      # Example of overriding settings on a per-user basis
      #Match User anoncvs
      # X11Forwarding no
      # AllowTcpForwarding no
      # ForceCommand cvs server

    • #9351
      Aleksandr
      Участник

      Выяснил, не проходит авторизация по ключу. Стоит только в каталоге .ssh появится файлу id_rsa тут же перестает работать. Ключи менял

    • #9352
      Serg
      Участник

      а зачем они если хотите по паролю заходить?
      а ssh имя_пользователя@host тоже не заходит?

    • #9353
      Aleksandr
      Участник

      Я как раз для себя хочу по ключу, и только если его нет, то по паролю. ssh имя_пользователя@host тоже не заходит

    • #9354
      Serg
      Участник

      нужно для всех пользователей из под которых вы хотите без пароля заходить распостронить закрытые
      закрытые, попробуйте явно указать ваш закрытый ключ ssh -i private_key_file пользователь@host,
      вообщем вот тут все описано http://www.opennet.ru/base/sec/ssh_pubkey_auth.txt.html

    • #9355
      Aleksandr
      Участник

      Все это хорошо описано. Но могу сказать следующее, что с этой версий SSH не у одного меня проблемы. На свех прочих машинах и весиях все работает. Когда поменял на pware openssh 5.3 со старым конфигом все заработало.

    • #9359
      Aleksandr
      Участник

      Долго игрался. Сухо остаток в такой связке
      oslevel -s
      5300-12-01-1016
      ssh -V
      OpenSSH_5.2p1, OpenSSL 0.9.8k 25 Mar 2009

      авторизайи по ключу не работает. Коннект просто закрывается сервером. Работает только с ключом
      PubkeyAuthentication no (только по паролю)

    • #9361
      DanGer
      Участник

      На сервере (AIX) – OpenSSH_5.2p1, OpenSSL 0.9.8k 25 Mar 2009
      На клиенте (Mac OS X) – OpenSSH_5.1p1, OpenSSL 0.9.7l 28 Sep 2006
      Все работает. У меня такое ощущение, что у Вас на сервере новые ключи не вписаны в файл autorized_keys.

    • #9362
      DanGer
      Участник

      Самый простой рабочий конфиг:

      cat /etc/ssh/sshd_config

      ListenAddress 192.168.1.2
      LogLevel INFO
      RSAAuthentication yes
      PubkeyAuthentication yes
      AuthorizedKeysFile .ssh/authorized_keys
      X11Forwarding yes
      DenyUsers root

      При этом, если у Вас есть ключ, прописанный в authorized_keys – Вы заходите по ключу без ввода пароля, другие пользователи, у кого нет ключей – по паролю.

    • #9366
      Aleksandr
      Участник

      Все это стоит. Ключи прописал. Ошибка вылетает просто при наличии ключей на клиенте. Можно даже снести на сервер этот файл authorized_keys, все равно зайти не удасться просто по тому, что у вас в каталоге лежит ключ.

      Это клиент (конец)
      ebug1: SSH2_MSG_SERVICE_ACCEPT received
      debug2: key: /home/marad/.ssh/id_dsa (0xb77cdf50)
      debug2: key: /home/marad/.ssh/id_rsa (0xb77d3090)
      debug1: Authentications that can continue: publickey,password,keyboard-interactive
      debug3: start over, passed a different list publickey,password,keyboard-interactive
      debug3: preferred publickey,keyboard-interactive,password
      debug3: authmethod_lookup publickey
      debug3: remaining preferred: keyboard-interactive,password
      debug3: authmethod_is_enabled publickey
      debug1: Next authentication method: publickey
      debug1: Offering public key: /home/marad/.ssh/id_dsa
      debug3: send_pubkey_test
      debug2: we sent a publickey packet, wait for reply
      Connection closed by 172.29.4.189

      Это сервер

      Aug 25 11:45:00 dbquorum01 auth|security:info sshd[442486]: Failed none for marad from 172.26.26.21 port 47790 ssh2
      Aug 25 11:45:00 dbquorum01 auth|security:debug sshd[442486]: debug3: mm_request_receive entering
      Aug 25 11:45:00 dbquorum01 auth|security:debug sshd[442486]: debug3: monitor_read: checking request 20
      Aug 25 11:45:00 dbquorum01 auth|security:debug sshd[442486]: debug3: mm_answer_keyallowed entering
      Aug 25 11:45:00 dbquorum01 auth|security:debug sshd[442486]: debug3: mm_answer_keyallowed: key_from_blob: 2004cb38
      Aug 25 11:45:00 dbquorum01 auth|security:debug sshd[442486]: debug1: temporarily_use_uid: 1001/0 (e=0/0)
      Aug 25 11:45:00 dbquorum01 auth|security:debug sshd[442486]: debug1: trying public key file /home/marad/.ssh/authorized_keys
      Aug 25 11:45:00 dbquorum01 auth|security:debug sshd[442486]: debug1: fd 4 clearing O_NONBLOCK
      Aug 25 11:45:00 dbquorum01 auth|security:debug sshd[442486]: debug3: secure_filename: checking ‘/home/marad/.ssh’
      Aug 25 11:45:00 dbquorum01 auth|security:debug sshd[442486]: debug3: secure_filename: checking ‘/home/marad’
      Aug 25 11:45:00 dbquorum01 auth|security:debug sshd[442486]: debug3: secure_filename: terminating check at ‘/home/marad’
      Aug 25 11:45:00 dbquorum01 auth|security:debug sshd[442486]: debug3: key_read: type mismatch
      Aug 25 11:45:00 dbquorum01 auth|security:debug sshd[442486]: debug2: user_key_allowed: check options: ‘ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC/tZv1HGrs8XpDIH0h/NaXUE1DnAJgzS6fA6KnWQDnE6icxEWOpWRoDv6/kdTuz8vbR9ziIxxhqytuaY8AfL3nh+QVMxcVleoOc+2qlCOIAd1ZBHMENcS7U6pJ+vaQ44VtTzunSw3UTLjzx/mKPZIVaOiuzpRezjDIeaksaH8kJQ/RuWpwiIZ1M3wrYiWGunZPwvVIxTmw632PJr0omCQPmFzBMbtMF3/40UaQp5gcG15peaROHpoCeTun/GzMsN/mOYo2NnZQzUaPzX1bKkN7Mdhy9Tka3veYVh7JNGkFqklcgQvaLMMbj0b8TMeXWe664f8FLRzsETSkrV+i3CSf marad@baglinn’
      Aug 25 11:45:00 dbquorum01 auth|security:debug sshd[442486]: debug2: key_type_from_name: unknown key type ‘AAAAB3NzaC1yc2EAAAADAQABAAABAQC/tZv1HGrs8XpDIH0h/NaXUE1DnAJgzS6fA6KnWQDnE6icxEWOpWRoDv6/kdTuz8vbR9ziIxxhqytuaY8AfL3nh+QVMxcVleoOc+2qlCOIAd1ZBHMENcS7U6pJ+vaQ44VtTzunSw3UTLjzx/mKPZIVaOiuzpRezjDIeaksaH8kJQ/RuWpwiIZ1M3wrYiWGunZPwvVIxTmw632PJr0omCQPmFzBMbtMF3/40UaQp5gcG15peaROHpoCeTun/GzMsN/mOYo2NnZQzUaPzX1bKkN7Mdhy9Tka3veYVh7JNGkFqklcgQvaLMMbj0b8TMeXWe664f8FLRzsETSkrV+i3CSf’
      Aug 25 11:45:00 dbquorum01 auth|security:debug sshd[442486]: debug3: key_read: missing keytype
      Aug 25 11:45:00 dbquorum01 auth|security:debug sshd[442486]: debug2: user_key_allowed: advance: ‘AAAAB3NzaC1yc2EAAAADAQABAAABAQC/tZv1HGrs8XpDIH0h/NaXUE1DnAJgzS6fA6KnWQDnE6icxEWOpWRoDv6/kdTuz8vbR9ziIxxhqytuaY8AfL3nh+QVMxcVleoOc+2qlCOIAd1ZBHMENcS7U6pJ+vaQ44VtTzunSw3UTLjzx/mKPZIVaOiuzpRezjDIeaksaH8kJQ/RuWpwiIZ1M3wrYiWGunZPwvVIxTmw632PJr0omCQPmFzBMbtMF3/40UaQp5gcG15peaROHpoCeTun/GzMsN/mOYo2NnZQzUaPzX1bKkN7Mdhy9Tka3veYVh7JNGkFqklcgQvaLMMbj0b8TMeXWe664f8FLRzsETSkrV+i3CSf marad@baglinn’
      Aug 25 11:45:00 dbquorum01 auth|security:debug sshd[442486]: debug1: matching key found: file /home/marad/.ssh/authorized_keys, line 2
      Aug 25 11:45:00 dbquorum01 auth|security:info sshd[442486]: Found matching DSA key: cb:38:1d:7a:c9:f2:ac:36:c6:98:0d:af:17:21:fe:9b
      Aug 25 11:45:00 dbquorum01 auth|security:debug sshd[442486]: debug1: restore_uid: 0/0
      Aug 25 11:45:00 dbquorum01 auth|security:debug sshd[442486]: debug3: mm_answer_keyallowed: key 2004cb38 is allowed
      Aug 25 11:45:00 dbquorum01 auth|security:debug sshd[442486]: debug3: mm_request_send entering: type 21
      Aug 25 11:45:00 dbquorum01 auth|security:debug sshd[442486]: debug3: mm_request_receive entering
      Aug 25 11:45:00 dbquorum01 auth|security:debug sshd[442486]: debug1: do_cleanup

    • #9368
      DanGer
      Участник

      Проверьте, пожалуйста, в своем id_rsa.pub и authorized_keys ключи совпадают? Меня смущает вот это: marad@baglinn

Просмотр 20 веток ответов
  • Для ответа в этой теме необходимо авторизоваться.