Saya sangat bingung. Setiap manual yang saya baca 15 menit terakhir memberi tahu saya ini harus berhasil tetapi tidak:
$ ssh-agent -s
SSH_AUTH_SOCK=/tmp/ssh-syXn9Tk09V9P/agent.16332; export SSH_AUTH_SOCK;
SSH_AGENT_PID=16333; export SSH_AGENT_PID;
echo Agent pid 16333;
$ eval `ssh-agent -s`
Agent pid 16362
$ ssh-add -l
The agent has no identities.
$ ssh-add .ssh/user\@server.de.key
Enter passphrase for .ssh/[email protected]:
Identity added: .ssh/[email protected] (.ssh/[email protected])
$ ssh-add -l
1023 SHA256:TQ6nDwMeeP9tHf43lAG0mC5cbIPx5h7RYxMUcYKJHPI .ssh/[email protected] (RSA)
$ ssh server.de
Enter passphrase for key '/home/iras/.ssh/[email protected]':
Dalam konfigurasi ssh ada entri untuk server.de dengan pengguna identitas dan kunci ssh yang disediakan.
Output verbose:
$ ssh -vvv server.de
OpenSSH_7.2p2, OpenSSL 1.0.2h 3 May 2016
debug1: Reading configuration data /home/iras/.ssh/config
debug1: /home/iras/.ssh/config line 127: Applying options for apache4
debug1: /home/iras/.ssh/config line 177: Applying options for *
debug1: Reading configuration data /etc/ssh/ssh_config
debug2: resolving "10.0.0.42" port 22
debug2: ssh_connect_direct: needpriv 0
debug1: Connecting to 10.0.0.42 [10.0.0.42] port 22.
debug1: Connection established.
debug1: key_load_public: No such file or directory
debug1: identity file /home/iras/.ssh/[email protected] type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/iras/.ssh/[email protected] type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_7.2
debug1: Remote protocol version 2.0, remote software version OpenSSH_6.6.1p1 Ubuntu-2ubuntu2.3
debug1: match: OpenSSH_6.6.1p1 Ubuntu-2ubuntu2.3 pat OpenSSH_6.6.1* compat 0x04000000
debug2: fd 3 setting O_NONBLOCK
debug1: Authenticating to 10.0.0.42:22 as 'user'
debug3: hostkeys_foreach: reading file "/home/iras/.ssh/known_hosts"
debug3: record_hostkey: found key type ECDSA in file /home/iras/.ssh/known_hosts:69
debug3: load_hostkeys: loaded 1 keys from 10.0.0.42
debug3: order_hostkeyalgs: prefer hostkeyalgs: [email protected],[email protected],[email protected],ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521
debug3: send packet: type 20
debug1: SSH2_MSG_KEXINIT sent
debug3: receive packet: type 20
debug1: SSH2_MSG_KEXINIT received
debug2: local client KEXINIT proposal
debug2: KEX algorithms: [email protected],ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,ext-info-c
debug2: host key algorithms: [email protected],[email protected],[email protected],ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,[email protected],[email protected],ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa
debug2: ciphers ctos: [email protected],aes128-ctr,aes192-ctr,aes256-ctr,[email protected],[email protected],aes128-cbc,aes192-cbc,aes256-cbc,3des-cbc
debug2: ciphers stoc: [email protected],aes128-ctr,aes192-ctr,aes256-ctr,[email protected],[email protected],aes128-cbc,aes192-cbc,aes256-cbc,3des-cbc
debug2: MACs ctos: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: MACs stoc: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: compression ctos: none,[email protected],zlib
debug2: compression stoc: none,[email protected],zlib
debug2: languages ctos:
debug2: languages stoc:
debug2: first_kex_follows 0
debug2: reserved 0
debug2: peer server KEXINIT proposal
debug2: KEX algorithms: [email protected],ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: host key algorithms: ssh-rsa,ssh-dss,ecdsa-sha2-nistp256,ssh-ed25519
debug2: ciphers ctos: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,[email protected],[email protected],[email protected],aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,[email protected]
debug2: ciphers stoc: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,[email protected],[email protected],[email protected],aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,[email protected]
debug2: MACs ctos: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-md5,hmac-sha1,[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,[email protected],hmac-sha1-96,hmac-md5-96
debug2: MACs stoc: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-md5,hmac-sha1,[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,[email protected],hmac-sha1-96,hmac-md5-96
debug2: compression ctos: none,[email protected]
debug2: compression stoc: none,[email protected]
debug2: languages ctos:
debug2: languages stoc:
debug2: first_kex_follows 0
debug2: reserved 0
debug1: kex: algorithm: [email protected]
debug1: kex: host key algorithm: ecdsa-sha2-nistp256
debug1: kex: server->client cipher: [email protected] MAC: <implicit> compression: none
debug1: kex: client->server cipher: [email protected] MAC: <implicit> compression: none
debug3: send packet: type 30
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug3: receive packet: type 31
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:KAU//7qfeZspCpZwJWB7tZdYqQkGwUHVMV+830TdTwE
debug3: hostkeys_foreach: reading file "/home/iras/.ssh/known_hosts"
debug3: record_hostkey: found key type ECDSA in file /home/iras/.ssh/known_hosts:69
debug3: load_hostkeys: loaded 1 keys from 10.0.0.42
debug1: Host '10.0.0.42' is known and matches the ECDSA host key.
debug1: Found key in /home/iras/.ssh/known_hosts:69
debug3: send packet: type 21
debug2: set_newkeys: mode 1
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug3: receive packet: type 21
debug2: set_newkeys: mode 0
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS received
debug2: key: /home/iras/.ssh/[email protected] ((nil)), explicit
debug3: send packet: type 5
debug3: receive packet: type 6
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug3: send packet: type 50
debug3: receive packet: type 51
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug3: start over, passed a different list publickey,password,keyboard-interactive
debug3: preferred publickey,keyboard-interactive,password
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Trying private key: /home/iras/.ssh/[email protected]
Enter passphrase for key '/home/iras/.ssh/[email protected]':
ssh -vvv server.de. Apassh-add -Lcetakan setelah kunci ditambahkan ke agen?Jawaban:
Masalahnya adalah bahwa Anda telah secara eksplisit menentukan kunci Anda di
~/.ssh/configdan Anda tidak menyimpan kunci publik tambahan (tidak terenkripsi). Oleh karena itu klien mencoba kunci yang tercantum dalam file konfigurasi terlebih dahulu dan kunci agen kemudian (tidak dapat mencocokkannya, karena kunci eksplisit dienkripsi).Jika teori saya benar, itu akan bekerja untuk Anda, jika Anda menghapus garis
IdentityFile ~.ssh/[email protected]dari Anda~/.ssh/config, atau mengekspor kunci publik ke.ssh/[email protected]sumber