[Comm] ssh и проблема входа по ключу.

Alexei V. Mezin alexei-mezin на rambler.ru
Чт Фев 11 00:23:50 MSK 2016


10.02.2016 16:52, Gleb Fotengauer-Malinovskiy пишет:

> echo $SSH_AUTH_SOCK $SSH_AGENT_PID
>


Вот как все это выглядит у меня:

перезагрузка, КДЕ, kdm автологин.

[alexei на bigbear ~]$ echo $SSH_AUTH_SOCK $SSH_AGENT_PID
/home/alexei/.ssh/agent 963


Попытка входа на сервер неудачная. Повторные попытки аналогично, 
спрашивает пароль.

[alexei на bigbear ~]$ ssh -p 2022 server
alexei на server's password:

Попытка на всякий случай запустить ssh-agent:

[alexei на bigbear ~]$ ssh-agent
SSH_AUTH_SOCK=/tmp/.private/alexei/ssh-t89RTWJq5ToW/agent.1887; export 
SSH_AUTH_SOCK;
SSH_AGENT_PID=1888; export SSH_AGENT_PID;
echo Agent pid 1888;
[alexei на bigbear ~]$ echo $SSH_AUTH_SOCK $SSH_AGENT_PID
/home/alexei/.ssh/agent 963
[alexei на bigbear ~]$ ssh -p 2022 server
alexei на server's password:

То есть снова не пускает.


А вот как это выглядит в verbose:

[alexei на bigbear ~]$ ssh -v -p 2022 server
OpenSSH_7.1p1, OpenSSL 1.0.2f  28 Jan 2016
debug1: Reading configuration data /etc/openssh/ssh_config
debug1: /etc/openssh/ssh_config line 20: Applying options for *
debug1: Connecting to server [192.168.0.254] port 2022.
debug1: Connection established.
debug1: identity file /home/alexei/.ssh/id_rsa type 1
debug1: key_load_public: No such file or directory
debug1: identity file /home/alexei/.ssh/id_rsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/alexei/.ssh/id_dsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/alexei/.ssh/id_dsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/alexei/.ssh/id_ecdsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/alexei/.ssh/id_ecdsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/alexei/.ssh/id_ed25519 type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/alexei/.ssh/id_ed25519-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_7.1
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.9
debug1: match: OpenSSH_5.9 pat OpenSSH_5* compat 0x0c000000
debug1: Authenticating to server:2022 as 'alexei'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes256-ctr umac-64 на openssh.com none
debug1: kex: client->server aes256-ctr umac-64 на openssh.com none
debug1: sending SSH2_MSG_KEX_ECDH_INIT
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ecdsa-sha2-nistp256 
SHA256:MmzJkQBXZJRXVKoeX6se1zGstPYeSEQGzl3bn5j4Sow
debug1: Host '[server]:2022' is known and matches the ECDSA host key.
debug1: Found key in /home/alexei/.ssh/known_hosts:3
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password 

debug1: Next authentication method: publickey 

debug1: Offering RSA public key: /home/alexei/.ssh/id_rsa 

debug1: Server accepts key: pkalg ssh-rsa blen 279 

debug1: Trying private key: /home/alexei/.ssh/id_dsa 

debug1: Trying private key: /home/alexei/.ssh/id_ecdsa 

debug1: Trying private key: /home/alexei/.ssh/id_ed25519 

debug1: Next authentication method: password 

alexei на server's password:


То есть ключ находится. сервер его принимает, но клиент продолжает и 
запрашивает пароль.


Однако! Запускаем ssh-add и все проходит:

[alexei на bigbear ~]$ ssh-add
Identity added: /home/alexei/.ssh/id_rsa (/home/alexei/.ssh/id_rsa)
[alexei на bigbear ~]$ ssh -p 2022 server
Last login: Thu Feb 11 00:00:27 2016 from 192.168.0.244


Вот как это выглядит на этот раз:


[alexei на bigbear ~]$ ssh -v -p 2022 server
OpenSSH_7.1p1, OpenSSL 1.0.2f  28 Jan 2016
debug1: Reading configuration data /etc/openssh/ssh_config
debug1: /etc/openssh/ssh_config line 20: Applying options for *
debug1: Connecting to server [192.168.0.254] port 2022.
debug1: Connection established.
debug1: identity file /home/alexei/.ssh/id_rsa type 1
debug1: key_load_public: No such file or directory
debug1: identity file /home/alexei/.ssh/id_rsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/alexei/.ssh/id_dsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/alexei/.ssh/id_dsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/alexei/.ssh/id_ecdsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/alexei/.ssh/id_ecdsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/alexei/.ssh/id_ed25519 type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/alexei/.ssh/id_ed25519-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_7.1
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.9
debug1: match: OpenSSH_5.9 pat OpenSSH_5* compat 0x0c000000
debug1: Authenticating to server:2022 as 'alexei'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes256-ctr umac-64 на openssh.com none
debug1: kex: client->server aes256-ctr umac-64 на openssh.com none
debug1: sending SSH2_MSG_KEX_ECDH_INIT
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ecdsa-sha2-nistp256 
SHA256:MmzJkQBXZJRXVKoeX6se1zGstPYeSEQGzl3bn5j4Sow
debug1: Host '[server]:2022' is known and matches the ECDSA host key.
debug1: Found key in /home/alexei/.ssh/known_hosts:3
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /home/alexei/.ssh/id_rsa
debug1: Server accepts key: pkalg ssh-rsa blen 279
debug1: Authentication succeeded (publickey).
Authenticated to server ([192.168.0.254]:2022).
debug1: channel 0: new [client-session]
debug1: Requesting no-more-sessions на openssh.com
debug1: Entering interactive session.
debug1: Sending environment.
debug1: Sending env LANG = ru_RU.UTF-8
debug1: Sending env LANGUAGE =
Last login: Thu Feb 11 00:05:21 2016 from 192.168.0.244


Все то же самое, сервер принимает ключ, и клиент считает, что этого 
достаточно.



Подробная информация о списке рассылки community