Kata sandi SSH kurang login berfungsi di satu target tetapi tidak pada yang lain

-1

Saya telah membuat kunci ssh menggunakan ssh-keygen -t rsatarget tertanam (imx6) dan menyalin kunci publik ke mesin host.

Mesin target IMX6: OpenSSH: 7.1p2 IP: 192.168.2.31

Mesin host: OpenSSH: OpenSSH_5.9p1 IP: 192.168.2.11

Target A ke Mesin B Saya telah mencoba menghubungkan host dari target dan itu berfungsi dengan baik. Silakan temukan log di bawah ini.

mx6q:~# ssh pnallathambi@192.168.2.11 -vv
OpenSSH_7.1p2, OpenSSL 1.0.2g  1 Mar 2016
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 20: Applying options for *
debug2: ssh_connect: needpriv 0
debug1: Connecting to 192.168.2.11 [192.168.2.11] port 22.
debug1: Connection established.
debug1: permanently_set_uid: 0/0
debug1: identity file /home/root/.ssh/id_rsa type 1
debug1: key_load_public: No such file or directory
debug1: identity file /home/root/.ssh/id_rsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/root/.ssh/id_dsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/root/.ssh/id_dsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/root/.ssh/id_ecdsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/root/.ssh/id_ecdsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/root/.ssh/id_ed25519 type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/root/.ssh/id_ed25519-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_7.1
debug1: Remote protocol version 2.0, remote software version OpenSSH_7.1
debug1: match: OpenSSH_7.1 pat OpenSSH* compat 0x04000000
debug2: fd 4 setting O_NONBLOCK
debug1: Authenticating to 192.168.2.11:22 as 'pnallathambi'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit: curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchan1
debug2: kex_parse_kexinit: ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sa
debug2: kex_parse_kexinit: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,arcfour256,arcfour128,aes128-cbc,3des-cbce
debug2: kex_parse_kexinit: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,arcfour256,arcfour128,aes128-cbc,3des-cbce
debug2: kex_parse_kexinit: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh6
debug2: kex_parse_kexinit: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh6
debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
debug2: kex_parse_kexinit: 
debug2: kex_parse_kexinit: 
debug2: first_kex_follows 0 
debug2: reserved 0 
debug2: kex_parse_kexinit: gss-gex-sha1-toWM5Slw5Ew8Mqkay+al2g==,gss-group1-sha1-toWM5Slw5Ew8Mqkay+al2g==,gss-group14-sha1-toWM5Slw5Ew8Mqkay+al2g==,curve25519-sha256@libssh.org,1
debug2: kex_parse_kexinit: ssh-rsa,ecdsa-sha2-nistp256,ssh-ed25519
debug2: kex_parse_kexinit: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr
debug2: kex_parse_kexinit: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr
debug2: kex_parse_kexinit: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh1
debug2: kex_parse_kexinit: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh1
debug2: kex_parse_kexinit: none,zlib@openssh.com
debug2: kex_parse_kexinit: none,zlib@openssh.com
debug2: kex_parse_kexinit: 
debug2: kex_parse_kexinit: 
debug2: first_kex_follows 0 
debug2: reserved 0 
debug1: kex: server->client chacha20-poly1305@openssh.com <implicit> none
debug1: kex: client->server chacha20-poly1305@openssh.com <implicit> none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:6hGhaP5vujRRSDEE7e6unEHBXIkPgx9Q6f0U9zvXt1E
debug1: Host '192.168.2.11' is known and matches the ECDSA host key.
debug1: Found key in /home/root/.ssh/known_hosts:1
debug2: set_newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug2: set_newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug2: key: /home/root/.ssh/id_rsa (0x15e3c28),
debug2: key: /home/root/.ssh/id_dsa ((nil)),
debug2: key: /home/root/.ssh/id_ecdsa ((nil)),
debug2: key: /home/root/.ssh/id_ed25519 ((nil)),
Ubuntu 12.04.5 LTS vmlxhi-025 ssh-pty

debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password,keyboard-interactive
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /home/root/.ssh/id_rsa
debug2: we sent a publickey packet, wait for reply
debug1: Server accepts key: pkalg ssh-rsa blen 279
debug2: input_userauth_pk_ok: fp SHA256:VaQIZBXXXq8H7m6Um+/hfEllTx3VsgygYZhwUd/i1dY
debug1: Authentication succeeded (publickey).
Authenticated to 192.168.2.11 ([192.168.2.11]:22).
debug1: channel 0: new [client-session]
debug2: channel 0: send open
debug1: Requesting no-more-sessions@openssh.com
debug1: Entering interactive session.
debug1: client_input_global_request: rtype hostkeys-00@openssh.com want_reply 0
debug2: callback start
debug1: X11 forwarding requested but DISPLAY not set
debug2: fd 4 setting TCP_NODELAY
debug2: client_session2_setup: id 0
debug2: channel 0: request pty-req confirm 1
debug2: channel 0: request shell confirm 1
debug2: callback done
debug2: channel 0: open confirm rwindow 0 rmax 32768
debug2: channel_input_status_confirm: type 99 id 0
debug2: PTY allocation request accepted on channel 0
debug2: channel 0: rcvd adjust 2097152
debug2: channel_input_status_confirm: type 99 id 0
debug2: shell request accepted on channel 0
Welcome to Ubuntu 12.04.5 LTS (GNU/Linux 3.13.0-95-generic x86_64)

 * Documentation:  https://help.ubuntu.com/

35 packages can be updated.
35 updates are security updates.


Your Hardware Enablement Stack (HWE) is supported until April 2017.

Last login: Fri Sep 23 15:42:05 2016 from 192.168.2.31
pnallathambi@vmlxhi-025:~$ exit
logout
debug1: client_input_channel_req: channel 0 rtype exit-status reply 0
debug1: client_input_channel_req: channel 0 rtype eow@openssh.com reply 0
debug2: channel 0: rcvd eow
debug2: channel 0: close_read
debug2: channel 0: input open -> closed
debug2: channel 0: rcvd eof
debug2: channel 0: output open -> drain
debug2: channel 0: obuf empty
debug2: channel 0: close_write
debug2: channel 0: output drain -> closed
debug2: channel 0: rcvd close
debug2: channel 0: almost dead
debug2: channel 0: gc: notify user
debug2: channel 0: gc: user detached
debug2: channel 0: send close
debug2: channel 0: is dead
debug2: channel 0: garbage collecting
debug1: channel 0: free: client-session, nchannels 1
Connection to 192.168.2.11 closed.
Transferred: sent 3564, received 3364 bytes, in 2.7 seconds
Bytes per second: sent 1309.0, received 1235.5
debug1: Exit status 0

Target C ke Mesin D: Saya telah menyalin kunci yang sama ke sepasang mesin lain yaitu target lain dan menambahkan kunci publik ke mesin host yang terhubung. Kali ini tidak berhasil dan saya tidak bisa mempersempit alasannya.

Silakan temukan log di bawah ini.

mx6q:/home/root# ssh [email protected] -vv
OpenSSH_7.1p2, OpenSSL 1.0.2g  1 Mar 2016
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 20: Applying options for *
debug2: ssh_connect: needpriv 0
debug1: Connecting to 192.168.2.11 [192.168.2.11] port 22.
debug1: Connection established.
debug1: permanently_set_uid: 0/0
debug1: identity file /home/root/.ssh/id_rsa type 1
debug1: key_load_public: No such file or directory
debug1: identity file /home/root/.ssh/id_rsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/root/.ssh/id_dsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/root/.ssh/id_dsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/root/.ssh/id_ecdsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/root/.ssh/id_ecdsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/root/.ssh/id_ed25519 type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/root/.ssh/id_ed25519-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_7.1
debug1: Remote protocol version 2.0, remote software version OpenSSH_7.1
debug1: match: OpenSSH_7.1 pat OpenSSH* compat 0x04000000
debug2: fd 4 setting O_NONBLOCK
debug1: Authenticating to 192.168.2.11:22 as 'brinda.mc'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit: curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchan1
debug2: kex_parse_kexinit: ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sa
debug2: kex_parse_kexinit: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,arcfour256,arcfour128,aes128-cbc,3des-cbce
debug2: kex_parse_kexinit: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,arcfour256,arcfour128,aes128-cbc,3des-cbce
debug2: kex_parse_kexinit: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh6
debug2: kex_parse_kexinit: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh6
debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
debug2: kex_parse_kexinit: 
debug2: kex_parse_kexinit: 
debug2: first_kex_follows 0 
debug2: reserved 0 
debug2: kex_parse_kexinit: gss-gex-sha1-toWM5Slw5Ew8Mqkay+al2g==,gss-group1-sha1-toWM5Slw5Ew8Mqkay+al2g==,gss-group14-sha1-toWM5Slw5Ew8Mqkay+al2g==,curve25519-sha256@libssh.org,1
debug2: kex_parse_kexinit: ssh-rsa,ecdsa-sha2-nistp256,ssh-ed25519
debug2: kex_parse_kexinit: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr
debug2: kex_parse_kexinit: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr
debug2: kex_parse_kexinit: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh1
debug2: kex_parse_kexinit: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh1
debug2: kex_parse_kexinit: none,zlib@openssh.com
debug2: kex_parse_kexinit: none,zlib@openssh.com
debug2: kex_parse_kexinit: 
debug2: kex_parse_kexinit: 
debug2: first_kex_follows 0 
debug2: reserved 0 
debug1: kex: server->client chacha20-poly1305@openssh.com <implicit> none
debug1: kex: client->server chacha20-poly1305@openssh.com <implicit> none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:GAh4JM8Gft7dIgC7nqT+8k5LCpTFJ1hy6t20xQ+hcbc
debug1: Host '192.168.2.11' is known and matches the ECDSA host key.
debug1: Found key in /home/root/.ssh/known_hosts:1
debug2: set_newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug2: set_newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug2: key: /home/root/.ssh/id_rsa (0x12e5c18),
debug2: key: /home/root/.ssh/id_dsa ((nil)),
debug2: key: /home/root/.ssh/id_ecdsa ((nil)),
debug2: key: /home/root/.ssh/id_ed25519 ((nil)),
Ubuntu 12.04.5 LTS vmlxhi-079 ssh-pty

debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password,keyboard-interactive
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /home/root/.ssh/id_rsa
debug2: we sent a publickey packet, wait for reply
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password,keyboard-interactive
debug1: Trying private key: /home/root/.ssh/id_dsa
debug1: Trying private key: /home/root/.ssh/id_ecdsa
debug1: Trying private key: /home/root/.ssh/id_ed25519
debug2: we did not send a packet, disable method
debug1: Next authentication method: keyboard-interactive
debug2: userauth_kbdint
debug2: we sent a keyboard-interactive packet, wait for reply
debug2: input_userauth_info_req
debug2: input_userauth_info_req: num_prompts 1
Password:
Parthiban
sumber
Harap bagikan alasan sebelum pemungutan suara negatif. Terima kasih sebelumnya.
Parthiban
Saya tidak downvote, tapi agak membingungkan menyebut sesuatu target dan kemudian menghubungkannya. Dan memanggil satu komputer sebagai tuan rumah ketika mereka berdua adalah tuan rumah, dan memanggil 'dari' komputer tuan rumah, ketika sementara komputer mana pun secara online dapat menjadi tuan rumah, tuan rumah sering dianggap sebagai satu dengan server.
barlop
juga jika Anda dapat terhubung dengan kata sandi maka gunakan perintah ssh-copyid setelah perintah ssh keygen. Dan umumnya bahasa Inggris lebih mudah diproses untuk mengatakan terhubung dari A ke B, daripada mengatakan terhubung ke B dari A.
barlop
@barlop Terima kasih. Apa yang saya maksud target di sini adalah untuk menentukan dan menyematkan target seperti Beabgle Bone Black. Ya, ini mesin host lain. ssh-copy-id tidak hadir sebagai bagian dari RFS saya, saya dapat mencoba menggunakannya sekali dan memperbarui Anda. Tetapi pertanyaan saya adalah "Saya memiliki set topologi yang sama di banyak orang. Host A terhubung ke B, saya mencoba menghubungkan B dari A dengan kunci yang dihasilkan. Saya ingin kunci yang sama digunakan di pasangan mesin lain juga, seperti C ke D dll. Jadi saya mencoba menyalin kunci yang sama untuk mencapai ini. Tapi itu tidak bekerja di komputer lain, itu hanya bekerja di A ke B. "
Parthiban
Anda dapat memasukkan dalam pertanyaan Anda, kucing dari file yang membuktikan bahwa Anda menyalin kunci. Juga lakukan ssh --version atau apa pun, untuk menunjukkan versi apa yang Anda gunakan 'karena rasanya aneh bahwa Anda tidak memiliki ssh-copy-id saya pikir ssh-copy-id harus datang dengan openssh apa pun meskipun saya tidak 100% yakin. Saya kira mungkin Anda tidak menggunakan openssh. Anda juga dapat melakukan chmod pada file-file penting untuk melihat apakah Anda mendapatkan izin dengan benar karena itu adalah kesalahan klasik yang dilakukan orang dengan ssh.
barlop

Jawaban:

0

Anda harus membuat kunci secara berbeda jika Anda ingin satu kunci berfungsi pada banyak host.

untuk cara Anda membuat kunci, mereka hanya berlaku untuk kombinasi pengguna / host tersebut. Anda akan dapat beralih dari A ke B, A ke C, A ke D, jika Anda mau, tetapi Anda tidak akan dapat menyalin id_rsa dari A meletakkannya di C, dan kemudian berharap untuk ssh dari C ke D .

mereka tidak dibangun seperti itu. itu sebabnya mereka aman.

baca halaman manual lagi, terutama bagian tentang sertifikat.

emetib
sumber