私は2つのDebian(11と12)システムを持っています。キーを介してサーバーAからサーバーBへのSSHアクセスを確認するために、このビデオに従ってください。https://www.youtube.com/watch?v=vINn1MIrf7o。キーを試してみましたが、まだパスワードの入力を求められます。
サーバーA:鍵の生成と権限の確認
$ ssh-keygen -a ed25519 -f ~/.ssh/id_ed25519 -C "email@address"
$ ssh-copy-id USERNAME-B@SERVER-B
$ cat /home/USERNAME-A/.ssh/id_ed25519.pub
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAnsoixDlpGFTrBRfoV+flboh7rIFvAphI6xRe4G+3HO email@address
$ ls -l /home/USERNAME-A/.ssh
total 16
-rw------- 1 USERNAME-A USERNAME-A 111 Sep 25 16:51 authorized_keys
-rwx------ 1 USERNAME-A USERNAME-A 411 Sep 25 00:48 id_ed25519
-rwx------ 1 USERNAME-A USERNAME-A 97 Sep 25 00:48 id_ed25519.pub
-rwx------ 1 USERNAME-A USERNAME-A 444 Sep 25 16:05 known_hosts
サーバーB:キーと権限の確認
$ cat /home/USERNAME-B/.ssh/authorized_keys
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAnsoixDlpGFTrBRfoV+flboh7rIFvAphI6xRe4G+3HO email@address
$ ls -l /home/USERNAME-B/.ssh/
total 12
-rw------- 1 USERNAME-B USERNAME-B 214 Sep 25 16:52 authorized_keys
-rwx------ 1 USERNAME-B USERNAME-B 97 Sep 25 15:16 id_ed25519.pub
-rwx------ 1 USERNAME-B USERNAME-B 142 Sep 25 00:38 known_hosts.old
サーバーA:SSHを介してサーバーBに接続する
$ ssh -v USERNAME-B@SERVER-B
OpenSSH_8.4p1 Debian-5+deb11u1, OpenSSL 1.1.1n 15 Mar 2022
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: include /etc/ssh/ssh_config.d/*.conf matched no files
debug1: /etc/ssh/ssh_config line 21: Applying options for *
debug1: Connecting to 192.168.0.98 [192.168.0.98] port 22.
debug1: Connection established.
debug1: identity file /root/.ssh/id_rsa type 0
debug1: identity file /root/.ssh/id_rsa-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_8.4p1 Debian-5+deb11u1
debug1: Remote protocol version 2.0, remote software version OpenSSH_9.2p1 Debian-2
debug1: match: OpenSSH_9.2p1 Debian-2 pat OpenSSH* compat 0x04000000
debug1: Authenticating to 192.168.0.98:22 as 'internalrouter01'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: curve25519-sha256
debug1: kex: host key algorithm: ecdsa-sha2-nistp256
debug1: kex: server->client cipher: [email protected] MAC: <implicit> compression: none
debug1: kex: client->server cipher: [email protected] MAC: <implicit> compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:jsyFKXsTm5jC6GpM49Z9NdZTqaynwadcD80118n8/ck
debug1: Host '192.168.0.98' is known and matches the ECDSA host key.
debug1: Found key in /root/.ssh/known_hosts:5
debug1: rekey out after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey in after 134217728 blocks
debug1: Will attempt key: /root/.ssh/id_rsa RSA SHA256:3fj8TFQ7RMRBsWyjPvTUYQWGvhMcmEGxM/9Bh5hCIdE
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<ssh-ed25519,[email protected],ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,[email protected],[email protected],ssh-dss,ssh-rsa,rsa-sha2-256,rsa-sha2-512>
debug1: kex_input_ext_info: [email protected] (unrecognised)
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: Offering public key: /root/.ssh/id_rsa RSA SHA256:3fj8TFQ7RMRBsWyjPvTUYQWGvhMcmEGxM/9Bh5hCIdE
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: password
この構成が機能するにはどうすればよいかわかりません。ヒントがあれば教えてください。権限の問題を調べて推測してみましたが、そうではなく、私にとっては特別なことではありませんが、繰り返しますが、私はまだsshをデバッグするのに慣れていません。
編集1:(これ以上サーバー名をUSERNAME-Bなどに変更しません。)
返信するエマルーオ
$ ls -ld / /home /home/USERNAME-B/ /home/USERNAME-B/.ssh
drwxr-xr-x 18 root root 4096 Sep 22 15:42 /
drwxr-xr-x 4 root root 4096 Sep 22 23:03 /home
drwx------ 4 USERNAME-B USERNAME-B 4096 Sep 24 21:54 /home/USERNAME-B/
drwx------ 2 USERNAME-B USERNAME-B 4096 Sep 25 16:32 /home/USERNAME-B/.ssh
返信する ジルケノ(Gilles Quénot)
必要に応じて権限を更新しましたが、役に立ちません。
root@home-ok-ir01p:/home/internalrouter01# chmod 700 /home/internalrouter01/.ssh/
root@home-ok-ir01p:/home/internalrouter01# chmod 600 /home/internalrouter01/.ssh/*
root@home-ok-ir01p:/home/internalrouter01# ls -ld / /home /home/internalrouter01/ /home/internalrouter01/.ssh
drwxr-xr-x 18 root root 4096 Sep 22 15:42 /
drwxr-xr-x 4 root root 4096 Sep 22 23:03 /home
drwx------ 4 internalrouter01 internalrouter01 4096 Sep 24 21:54 /home/internalrouter01/
drwx------ 2 internalrouter01 internalrouter01 4096 Sep 25 16:32 /home/internalrouter01/.ssh
私のSSH設定
root@HomeNAS:/home/homenas# cat /etc/ssh/sshd_config
Include /etc/ssh/sshd_config.d/*.conf
ChallengeResponseAuthentication no
UsePAM yes
X11Forwarding yes
PrintMotd no
AcceptEnv LANG LC_*
Subsystem sftp /usr/lib/openssh/sftp-server
sshd
以下は最新のエントリです/var/log/auth.log
。
root@home-ok-ir01p:/home/internalrouter01# tail -40 /var/log/auth.log | grep ssh
2023-09-25T17:31:38.020752-05:00 home-ok-ir01p sshd[8418]: pam_unix(sshd:session): session closed for user root
2023-09-25T18:05:45.894039-05:00 home-ok-ir01p sshd[11468]: fatal: Timeout before authentication for 192.168.0.109 port 49624
2023-09-25T19:13:37.747404-05:00 home-ok-ir01p sshd[12124]: Connection closed by authenticating user internalrouter01 192.168.0.109 port 36860 [preauth]
2023-09-25T19:26:50.115306-05:00 home-ok-ir01p sshd[12253]: Connection closed by authenticating user internalrouter01 192.168.0.109 port 33018 [preauth]
これは私のサーバーです/etc/ssh/sshd_config
。
Include /etc/ssh/sshd_config.d/*.conf
ListenAddress 0.0.0.0
PubkeyAuthentication yes
PasswordAuthentication no
ChallengeResponseAuthentication no
UsePAM yes
X11Forwarding yes
PrintMotd no
AcceptEnv LANG LC_*
Subsystem sftp /usr/lib/openssh/sftp-server
chmod
特権
顧客返品
root@home-ok-ir01p:/home/internalrouter01# env | grep '^SSH'
SSH_CONNECTION=10.7.0.2 35516 192.168.0.98 22
SSH_CLIENT=10.7.0.2 35516 22
SSH_TTY=/dev/pts/1
パスワードを許可しないように変更した以外は、現在変更されていません()。ssh -v [email protected]
PasswordAuthentication no