|
|
|
google unix.com
|
|||||||
| Forums | Registrer | Forum Rules | Lenker | Album | FAQ | Medlemsliste | Kalender | Søke | Dagens innlegg | Marker forumene som lest |
| Sikkerhet Diskuter UNIX og Linux datamaskinen og nettverkssikkerhet, cybersecurity, cyberattacks, IT-sikkerhet, CISSP, OWASP og mer. |
Mer UNIX og Linux Forum Emner Du kan finne nyttig
|
||||
| Tråd | Tråd startet | Forum | Svar | Siste innlegg |
| Hvordan endre root-passordet du bruker shell script med standard passord | kurva | Shell programmering og Skripting | 2 | 02-25-2009 02:35 |
| ssh_exchange_identification: Tilkobling avsluttet av ekstern vert Tilkobling avsluttet | jeevan_fimare | UNIX for Dummies Spørsmål og svar | 1 | 02-05-2009 01:43 |
| passord bekreftelsesprosessen bekrefte passordet til en bruker bare første 8 tegn | amitpansuria | UNIX for Advanced & ekspertbrukere | 12 | 10-23-2008 11:03 |
| Jeg vil hard kode brukernavn og passord til en FTP-tilkobling | naree | Sun Solaris | 2 | 02-26-2008 10:43 |
| Endre passord ved å skyve krypterte passord til systemer | benq70 | UNIX for Dummies Spørsmål og svar | 1 | 09-02-2005 10:08 |
 |
Powered by 
|
|
|
LinkBack | Thread Tools | Søk i denne tråden | Rate Thread | Visningsmoduser |
|
|
05-29-2009
|
||||
|
||||
|
SSH-tilkobling uten passord
Emnet er beskrevet i mange artikler, men jeg kan ikke etablere en passord-mindre ssh forbindelse. Nedenfor viser jeg hva jeg gjorde, og jeg ta ssh debug info, kanskje noen ville være i stand til å peke på noe jeg ikke gjør riktig. Mitt oppsett: to SCO 5.0.7 bokser på en privat län, bruker equivalency etablert, rcmd / rcp arbeider fra en til en annen helt fint. Brukerens konto, som er den samme på begge sider, har ikke noe passord. på begge boksene: Code:
$ grep -v '^#' /etc/ssh/sshd_config | grep -v '^$' RSAAuthentication yes PubkeyAuthentication yes Subsystem sftp /usr/lib/openssh/sftp-server På min kilde boksen jeg genererte offentlig nøkkel Code:
$ ssh-keygen -t rsa $ l -g -rw------- 1 group 887 May 29 11:39 id_rsa -rw-r--r-- 1 group 229 May 29 11:39 id_rsa.pub Og jeg kopiert pub filen til målet boksen På målet boksen: Code:
$ cd; mkdir .ssh; chmod 700 .ssh; l -dg .ssh drwx------ 2 group 512 May 29 11:33 .ssh $ cd .ssh $ cat ../my_pub > authorized_keys; chmod 600 authorized_keys $ l -g -rw------- 1 group 229 May 29 11:33 authorized_keys Nå, når jeg prøver å koble fra min kilde boksen: Code:
$ ssh -v target_server OpenSSH_3.8p1, SSH protocols 1.5/2.0, OpenSSL 0.9.7d 17 Mar 2004 debug1: Reading configuration data /etc/ssh/ssh_config debug1: Connecting to target_server [192.168.1.74] port 22. debug1: Connection established. debug1: identity file /u/target_user/.ssh/identity type -1 debug1: identity file /u/target_user/.ssh/id_rsa type 1 debug1: identity file /u/target_user/.ssh/id_dsa type -1 debug1: Remote protocol version 1.99, remote software version OpenSSH_4.3 debug1: match: OpenSSH_4.3 pat OpenSSH* debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_3.8p1 debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug1: kex: server->client aes128-cbc hmac-md5 none debug1: kex: client->server aes128-cbc hmac-md5 none debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP debug1: SSH2_MSG_KEX_DH_GEX_INIT sent debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY debug1: Host 'target_server' is known and matches the RSA host key. debug1: Found key in /u/target_user/.ssh/known_hosts:1 debug1: ssh_rsa_verify: signature correct debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug1: SSH2_MSG_NEWKEYS received debug1: SSH2_MSG_SERVICE_REQUEST sent debug1: SSH2_MSG_SERVICE_ACCEPT received debug1: Authentications that can continue: publickey,password,keyboard-interactive debug1: Next authentication method: publickey debug1: Trying private key: /u/target_user/.ssh/identity debug1: Offering public key: /u/target_user/.ssh/id_rsa debug1: Authentications that can continue: publickey,password,keyboard-interactive debug1: Trying private key: /u/target_user/.ssh/id_dsa debug1: Next authentication method: keyboard-interactive debug1: Authentications that can continue: publickey,password,keyboard-interactive debug1: Next authentication method: password target_user@target_server's password: debug1: Authentications that can continue: publickey,password,keyboard-interactive Permission denied, please try again. target_user@target_server's password: Jeg ser meldingen "ssh_rsa_verify: signatur riktig" i feilsøkingsmodus, som ser ut som en lovende tegnet, men det er noe som ikke klikke og det gjør be om passord, som er fjernet for denne brukerkontoen, så er det ikke gå. Noen tips ville være verdsatt. Sist endret av migurus; 05-29-2009 på 05:14.. Grunn: glemte å vise sshd_config |
|
05-29-2009
|
||||
|
||||
|
En ting jeg skulle gjøre fra start er påse at. Ssh katalogen og autorized_keys filer eies av brukeren. Ser ut som en av dem er eid av 1, og den andre av 2.
----- Innlegg Update ----- Også sikre at det ikke er noen linjeskift i authorized_keys fil fra kopiere og lime. |
|
05-29-2009
|
||||
|
||||
|
Sitat:
Vel, dette er bare "l-g" format, 1 og 2 er ikke bruker-ID, bruker-IDen er definitivt samme target_user. ----- Innlegg Update ----- Sitat:
|
|
05-29-2009
|
||||
|
||||
|
På mitt oppsett, jeg kopiert den til authorized_keys2 (Merk forskjellen i filnavn). Jeg har alltid bruke root kontoen og det er et passord (det litt forskjellig fra din).
|
|
05-30-2009
|
||||
|
||||
|
Sitat:
Code:
$ ssh -vvv target_srvr OpenSSH_3.8p1, SSH protocols 1.5/2.0, OpenSSL 0.9.7d 17 Mar 2004 debug1: Reading configuration data /etc/ssh/ssh_config debug2: ssh_connect: needpriv 0 debug1: Connecting to target_srvr [192.168.123.123] port 22. debug1: Connection established. debug1: identity file /u/target_user/.ssh/identity type -1 debug3: Not a RSA1 key file /u/target_user/.ssh/id_rsa. debug2: key_type_from_name: unknown key type '-----BEGIN' debug3: key_read: missing keytype debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug2: key_type_from_name: unknown key type '-----END' debug3: key_read: missing keytype debug1: identity file /u/target_user/.ssh/id_rsa type 1 debug1: identity file /u/target_user/.ssh/id_dsa type -1 debug1: Remote protocol version 1.99, remote software version OpenSSH_4.3 debug1: match: OpenSSH_4.3 pat OpenSSH* debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_3.8p1 debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1 debug2: kex_parse_kexinit: ssh-rsa,ssh-dss debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96 debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96 debug2: kex_parse_kexinit: none,zlib debug2: kex_parse_kexinit: none,zlib debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: first_kex_follows 0 debug2: kex_parse_kexinit: reserved 0 debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1 debug2: kex_parse_kexinit: ssh-rsa,ssh-dss debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96 debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96 debug2: kex_parse_kexinit: none,zlib@openssh.com debug2: kex_parse_kexinit: none,zlib@openssh.com debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: first_kex_follows 0 debug2: kex_parse_kexinit: reserved 0 debug2: mac_init: found hmac-md5 debug1: kex: server->client aes128-cbc hmac-md5 none debug2: mac_init: found hmac-md5 debug1: kex: client->server aes128-cbc hmac-md5 none debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP debug2: dh_gen_key: priv key bits set: 120/256 debug2: bits set: 486/1024 debug1: SSH2_MSG_KEX_DH_GEX_INIT sent debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY debug3: check_host_in_hostfile: filename /u/target_user/.ssh/known_hosts debug3: check_host_in_hostfile: match line 1 debug3: check_host_in_hostfile: filename /u/target_user/.ssh/known_hosts debug3: check_host_in_hostfile: match line 1 debug1: Host 'target_srvr' is known and matches the RSA host key. debug1: Found key in /u/target_user/.ssh/known_hosts:1 debug2: bits set: 486/1024 debug1: ssh_rsa_verify: signature correct debug2: kex_derive_keys debug2: set_newkeys: mode 1 debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug2: set_newkeys: mode 0 debug1: SSH2_MSG_NEWKEYS received debug1: SSH2_MSG_SERVICE_REQUEST sent debug2: service_accept: ssh-userauth debug1: SSH2_MSG_SERVICE_ACCEPT received debug2: key: /u/target_user/.ssh/identity (0) debug2: key: /u/target_user/.ssh/id_rsa (80856c4) debug2: key: /u/target_user/.ssh/id_dsa (0) debug1: Authentications that can continue: publickey,password,keyboard-interactive debug3: start over, passed a different list publickey,password,keyboard-interactive debug3: preferred publickey,keyboard-interactive,password debug3: authmethod_lookup publickey debug3: remaining preferred: keyboard-interactive,password debug3: authmethod_is_enabled publickey debug1: Next authentication method: publickey debug1: Trying private key: /u/target_user/.ssh/identity debug3: no such identity: /u/target_user/.ssh/identity debug1: Offering public key: /u/target_user/.ssh/id_rsa debug3: send_pubkey_test debug2: we sent a publickey packet, wait for reply debug1: Authentications that can continue: publickey,password,keyboard-interactive debug1: Trying private key: /u/target_user/.ssh/id_dsa debug3: no such identity: /u/target_user/.ssh/id_dsa debug2: we did not send a packet, disable method debug3: authmethod_lookup keyboard-interactive debug3: remaining preferred: password debug3: authmethod_is_enabled keyboard-interactive debug1: Next authentication method: keyboard-interactive debug2: userauth_kbdint debug2: we sent a keyboard-interactive packet, wait for reply debug1: Authentications that can continue: publickey,password,keyboard-interactive debug3: userauth_kbdint: disable: no info_req_seen debug2: we did not send a packet, disable method debug3: authmethod_lookup password debug3: remaining preferred: debug3: authmethod_is_enabled password debug1: Next authentication method: password target_user@target_srvr's password: $ ----- Innlegg Update ----- Bare for registrering, Problemet var at target_user hjemme dir var 775. Gruppen skriver tillatelse var den skyldige, så jeg endret det til 755. Etter det fikk jeg klar melding: Tomme passord begrenset av ssh Så jeg redigerte sshd_config på target_srvr og sa PermitEmptyPasswords ja Deretter startet sshd og det virker som en sjarm. |
|
| Hugseliste |
| Thread Tools | Søk i denne tråden |
| Visningsmoduser | Ranger denne tråden |
|
|
Hybridmodus
