From: "Alexei V. Mezin" <alexei-mezin@rambler.ru>
To: community@lists.altlinux.org
Subject: Re: [Comm] ssh и проблема входа по ключу.
Date: Thu, 11 Feb 2016 00:23:50 +0300
Message-ID: <n9g9p6$m2d$1@ger.gmane.org> (raw)
In-Reply-To: <20160210135256.GG26587@glebfm.cloud.tilaa.com>
10.02.2016 16:52, Gleb Fotengauer-Malinovskiy пишет:
> echo $SSH_AUTH_SOCK $SSH_AGENT_PID
>
Вот как все это выглядит у меня:
перезагрузка, КДЕ, kdm автологин.
[alexei@bigbear ~]$ echo $SSH_AUTH_SOCK $SSH_AGENT_PID
/home/alexei/.ssh/agent 963
Попытка входа на сервер неудачная. Повторные попытки аналогично,
спрашивает пароль.
[alexei@bigbear ~]$ ssh -p 2022 server
alexei@server's password:
Попытка на всякий случай запустить ssh-agent:
[alexei@bigbear ~]$ ssh-agent
SSH_AUTH_SOCK=/tmp/.private/alexei/ssh-t89RTWJq5ToW/agent.1887; export
SSH_AUTH_SOCK;
SSH_AGENT_PID=1888; export SSH_AGENT_PID;
echo Agent pid 1888;
[alexei@bigbear ~]$ echo $SSH_AUTH_SOCK $SSH_AGENT_PID
/home/alexei/.ssh/agent 963
[alexei@bigbear ~]$ ssh -p 2022 server
alexei@server's password:
То есть снова не пускает.
А вот как это выглядит в verbose:
[alexei@bigbear ~]$ ssh -v -p 2022 server
OpenSSH_7.1p1, OpenSSL 1.0.2f 28 Jan 2016
debug1: Reading configuration data /etc/openssh/ssh_config
debug1: /etc/openssh/ssh_config line 20: Applying options for *
debug1: Connecting to server [192.168.0.254] port 2022.
debug1: Connection established.
debug1: identity file /home/alexei/.ssh/id_rsa type 1
debug1: key_load_public: No such file or directory
debug1: identity file /home/alexei/.ssh/id_rsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/alexei/.ssh/id_dsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/alexei/.ssh/id_dsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/alexei/.ssh/id_ecdsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/alexei/.ssh/id_ecdsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/alexei/.ssh/id_ed25519 type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/alexei/.ssh/id_ed25519-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_7.1
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.9
debug1: match: OpenSSH_5.9 pat OpenSSH_5* compat 0x0c000000
debug1: Authenticating to server:2022 as 'alexei'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes256-ctr umac-64@openssh.com none
debug1: kex: client->server aes256-ctr umac-64@openssh.com none
debug1: sending SSH2_MSG_KEX_ECDH_INIT
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ecdsa-sha2-nistp256
SHA256:MmzJkQBXZJRXVKoeX6se1zGstPYeSEQGzl3bn5j4Sow
debug1: Host '[server]:2022' is known and matches the ECDSA host key.
debug1: Found key in /home/alexei/.ssh/known_hosts:3
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /home/alexei/.ssh/id_rsa
debug1: Server accepts key: pkalg ssh-rsa blen 279
debug1: Trying private key: /home/alexei/.ssh/id_dsa
debug1: Trying private key: /home/alexei/.ssh/id_ecdsa
debug1: Trying private key: /home/alexei/.ssh/id_ed25519
debug1: Next authentication method: password
alexei@server's password:
То есть ключ находится. сервер его принимает, но клиент продолжает и
запрашивает пароль.
Однако! Запускаем ssh-add и все проходит:
[alexei@bigbear ~]$ ssh-add
Identity added: /home/alexei/.ssh/id_rsa (/home/alexei/.ssh/id_rsa)
[alexei@bigbear ~]$ ssh -p 2022 server
Last login: Thu Feb 11 00:00:27 2016 from 192.168.0.244
Вот как это выглядит на этот раз:
[alexei@bigbear ~]$ ssh -v -p 2022 server
OpenSSH_7.1p1, OpenSSL 1.0.2f 28 Jan 2016
debug1: Reading configuration data /etc/openssh/ssh_config
debug1: /etc/openssh/ssh_config line 20: Applying options for *
debug1: Connecting to server [192.168.0.254] port 2022.
debug1: Connection established.
debug1: identity file /home/alexei/.ssh/id_rsa type 1
debug1: key_load_public: No such file or directory
debug1: identity file /home/alexei/.ssh/id_rsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/alexei/.ssh/id_dsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/alexei/.ssh/id_dsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/alexei/.ssh/id_ecdsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/alexei/.ssh/id_ecdsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/alexei/.ssh/id_ed25519 type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/alexei/.ssh/id_ed25519-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_7.1
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.9
debug1: match: OpenSSH_5.9 pat OpenSSH_5* compat 0x0c000000
debug1: Authenticating to server:2022 as 'alexei'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes256-ctr umac-64@openssh.com none
debug1: kex: client->server aes256-ctr umac-64@openssh.com none
debug1: sending SSH2_MSG_KEX_ECDH_INIT
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ecdsa-sha2-nistp256
SHA256:MmzJkQBXZJRXVKoeX6se1zGstPYeSEQGzl3bn5j4Sow
debug1: Host '[server]:2022' is known and matches the ECDSA host key.
debug1: Found key in /home/alexei/.ssh/known_hosts:3
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /home/alexei/.ssh/id_rsa
debug1: Server accepts key: pkalg ssh-rsa blen 279
debug1: Authentication succeeded (publickey).
Authenticated to server ([192.168.0.254]:2022).
debug1: channel 0: new [client-session]
debug1: Requesting no-more-sessions@openssh.com
debug1: Entering interactive session.
debug1: Sending environment.
debug1: Sending env LANG = ru_RU.UTF-8
debug1: Sending env LANGUAGE =
Last login: Thu Feb 11 00:05:21 2016 from 192.168.0.244
Все то же самое, сервер принимает ключ, и клиент считает, что этого
достаточно.
next prev parent reply other threads:[~2016-02-10 21:23 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-02-10 7:10 Четвериков К.В.
2016-02-10 7:31 ` Alexei V. Mezin
2016-02-10 7:55 ` Четвериков К.В.
2016-02-10 9:18 ` Sergey
2016-02-10 9:28 ` Антон Мидюков
2016-02-10 9:31 ` Alexei V. Mezin
2016-02-10 13:52 ` Gleb Fotengauer-Malinovskiy
2016-02-10 14:29 ` Четвериков К.В.
2016-02-10 21:55 ` Dmitry V. Levin
2016-02-10 16:25 ` Andrey Liakhovets
2016-02-10 21:23 ` Alexei V. Mezin [this message]
2016-02-10 21:25 ` Alexei V. Mezin
2016-02-11 11:57 ` Четвериков К.В.
2016-02-11 15:18 ` Шенцев Алексей
2016-02-15 6:45 ` Gleb Kulikov
2016-02-15 13:19 ` Sergey V Turchin
2016-02-15 13:58 ` Mikhail Efremov
2016-02-15 15:01 ` Sergey V Turchin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='n9g9p6$m2d$1@ger.gmane.org' \
--to=alexei-mezin@rambler.ru \
--cc=community@lists.altlinux.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
ALT Linux Community general discussions
This inbox may be cloned and mirrored by anyone:
git clone --mirror http://lore.altlinux.org/community/0 community/git/0.git
# If you have public-inbox 1.1+ installed, you may
# initialize and index your mirror using the following commands:
public-inbox-init -V2 community community/ http://lore.altlinux.org/community \
mandrake-russian@linuxteam.iplabs.ru community@lists.altlinux.org community@lists.altlinux.ru community@lists.altlinux.com
public-inbox-index community
Example config snippet for mirrors.
Newsgroup available over NNTP:
nntp://lore.altlinux.org/org.altlinux.lists.community
AGPL code for this site: git clone https://public-inbox.org/public-inbox.git