SSH公開鍵の問題

SSH公開鍵の問題

公開鍵認証を使用してSSHサーバーに接続する複数のクライアントがあります。

Ubuntu 14.04 VMで同じサーバーに接続しようとしています。公開鍵認証が機能しません。接続ログです。考えられる問題は太字で表示されます。クライアントとサーバーのプロトコルとソフトウェアのバージョンに問題があるようです。また、公開鍵認証をまったく試していないようです。パスワードだけです。

関連ファイルに対するすべての権限を確認しました。また、秘密鍵にはパスワードはありません。

    OpenSSH_6.6.1, OpenSSL 1.0.1f 6 Jan 2014
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug2: ssh_connect: needpriv 0
debug1: Connecting to ........ [........] port 22.
debug1: Connection established.
debug1: identity file ....../.ssh/id_rsa_perf type 1
debug1: identity file ....../.ssh/id_rsa_perf-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.6.1p1 Ubuntu-2ubuntu2.3
****debug1: Remote protocol version 2.0, remote software version xxxxxxx
debug1: no match: xxxxxxx****
debug2: fd 3 setting O_NONBLOCK
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit: [email protected],ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: [email protected],[email protected],ssh-rsa,[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519,ssh-dss
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,[email protected],[email protected],[email protected],aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,[email protected]
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,[email protected],[email protected],[email protected],aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,[email protected]
debug2: kex_parse_kexinit: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-md5,hmac-sha1,[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,[email protected],hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-md5,hmac-sha1,[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,[email protected],hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,[email protected],zlib
debug2: kex_parse_kexinit: none,[email protected],zlib
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,[email protected]
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,[email protected]
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,[email protected],hmac-ripemd160,[email protected],hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,[email protected],hmac-ripemd160,[email protected],hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none
debug2: kex_parse_kexinit: none
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: mac_setup: setup hmac-md5
debug1: kex: server->client aes128-ctr hmac-md5 none
debug2: mac_setup: setup hmac-md5
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<3072<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug2: bits set: 1022/2048
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Server host key: RSA fb:e2:06:14:e6:5f:94:91:a4:2f:8d:50:aa:ca:d1:0d
debug1: Host '........' is known and matches the RSA host key.
debug1: Found key in ......../.ssh/known_hosts:1
debug2: bits set: 1036/2048
debug1: ssh_rsa_verify: signature correct
debug2: kex_derive_keys
debug2: set_newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug2: set_newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug2: key: ........../.ssh/id_rsa_perf (0xb7878c10), explicit
****debug1: Authentications that can continue: password****
debug1: Next authentication method: password
debug1: read_passphrase: can't open /dev/tty: No such device or address
debug2: we sent a password packet, wait for reply
debug1: Authentications that can continue: password
Permission denied, please try again.
debug1: read_passphrase: can't open /dev/tty: No such device or address
debug2: we sent a password packet, wait for reply
debug1: Authentications that can continue: password
Permission denied, please try again.
debug1: read_passphrase: can't open /dev/tty: No such device or address
debug2: we sent a password packet, wait for reply
debug1: Authentications that can continue: password
debug2: we did not send a packet, disable method
debug1: No more authentication methods to try.
Permission denied (password).

以下は、同じ設定、両方のクライアントで同じopensshバージョンを使用して同じサーバーに接続するクライアントの接続ログです。私が見るときの唯一の違いは、プロトコル/ソフトウェアバージョンの検出に関連するエラーがないことです。接続されたクライアントは物理ボックスで、接続されていないクライアントはVMWare仮想インスタンスです。どちらもUbuntu 14.04です

OpenSSH_6.6.1, OpenSSL 1.0.1f 6 Jan 2014
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug2: ssh_connect: needpriv 0
debug1: Connecting to ..............[.....] port 22.
debug1: Connection established.
debug1: identity file /home/...../.ssh/id_rsa_perf type 1
debug1: identity file /home/..../.ssh/id_rsa_perf-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
**debug1: Local version string SSH-2.0-OpenSSH_6.6.1p1 Ubuntu-2ubuntu2.3
debug1: Remote protocol version 2.0, remote software version OpenSSH_6.7p1-hpn14v5**
**debug1: match: OpenSSH_6.7p1-hpn14v5 pat OpenSSH* compat 0x04000000**
debug2: fd 3 setting O_NONBLOCK
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit: [email protected],ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: [email protected],[email protected],[email protected],ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,[email protected],[email protected],[email protected],[email protected],[email protected],ssh-ed25519,ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,[email protected],[email protected],[email protected],aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,[email protected]
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,[email protected],[email protected],[email protected],aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,[email protected]
debug2: kex_parse_kexinit: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-md5,hmac-sha1,[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,[email protected],hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-md5,hmac-sha1,[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,[email protected],hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,[email protected],zlib
debug2: kex_parse_kexinit: none,[email protected],zlib
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: kex_parse_kexinit: [email protected],ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss,ecdsa-sha2-nistp256,ssh-ed25519
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,[email protected],[email protected],[email protected]
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,[email protected],[email protected],[email protected]
debug2: kex_parse_kexinit: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: kex_parse_kexinit: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: kex_parse_kexinit: none,[email protected]
debug2: kex_parse_kexinit: none,[email protected]
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: mac_setup: setup [email protected]
debug1: kex: server->client aes128-ctr [email protected] none
debug2: mac_setup: setup [email protected]
debug1: kex: client->server aes128-ctr [email protected] none
debug1: sending SSH2_MSG_KEX_ECDH_INIT
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ECDSA 8c:84:b3:25:e5:6c:35:53:24:d0:d2:db:66:8f:ce:3d
debug1: Host '......' is known and matches the ECDSA host key.
debug1: Found key in /home/...../.ssh/known_hosts:3
debug1: ssh_ecdsa_verify: signature correct
debug2: kex_derive_keys
debug2: set_newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug2: set_newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug2: key: /home/...../.ssh/id_rsa_perf (0xb7afa098), explicit
**debug1: Authentications that can continue: publickey,keyboard-interactive
debug1: Next authentication method: publickey**
debug1: Offering RSA public key: /home/...../.ssh/id_rsa_perf
debug2: we sent a publickey packet, wait for reply
debug1: Server accepts key: pkalg ssh-rsa blen 279
debug2: input_userauth_pk_ok: fp 4e:af:a4:b5:23:da:0d:98:ee:c5:b2:f9:80:94:77:40
debug1: key_parse_private2: missing begin marker
debug1: read PEM private key done: type RSA
debug1: Authentication succeeded (publickey).
Authenticated to main.scan-dent.com ([....]:22).

答え1

2つの出力を比較すると、次のようになります。

少し似ているようですが、そのうちの1つは別の認証を実行するため、SSHサーバーの設定を確認する必要があります。

1つはmd5をしていてもう1つはsha1をしているので確認してみてください。

そしてすでに知っているかどうかはわかりませんが、顧客は異なります。したがって、1つは機能し、もう1つは機能しない理由について仮説を立てるには、少なくともエラーが何であるかを追跡するなどの作業を実行する必要があります。

40,53c40,49
< debug2: mac_setup: setup hmac-md5
< debug1: kex: server->client aes128-ctr hmac-md5 none
< debug2: mac_setup: setup hmac-md5
< debug1: kex: client->server aes128-ctr hmac-md5 none
< debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<3072<8192) sent
< debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
< debug2: bits set: 1022/2048
< debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
< debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
< **debug1: Server host key: RSA fb:e2:06:14:e6:5f:94:91:a4:2f:8d:50:aa:ca:d1:0d**
< debug1: Host '........' is known and matches the RSA host key.
< debug1: Found key in ......../.ssh/known_hosts:1
< debug2: bits set: 1036/2048
< debug1: ssh_rsa_verify: signature correct
---
> debug2: mac_setup: setup [email protected]
> debug1: kex: server->client aes128-ctr [email protected] none
> debug2: mac_setup: setup [email protected]
> debug1: kex: client->server aes128-ctr [email protected] none
> debug1: sending SSH2_MSG_KEX_ECDH_INIT
> debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
**> debug1: Server host key: ECDSA 8c:84:b3:25:e5:6c:35:53:24:d0:d2:db:66:8f:ce:3d**
> debug1: Host '......' is known and matches the ECDSA host key.
> debug1: Found key in /home/...../.ssh/known_hosts:3
> debug1: ssh_ecdsa_verify: signature correct
64,80c60,70

答え2

問題が解決しました。接続されていないクライアントがあるファイアウォールにいくつかの問題があることがわかりました。これを削除した後、クライアントは公開鍵認証を使用して正しく接続できます。

関連情報