ssh problem
Ing. Ivan Volny
volny na brn.pvt.cz
Čtvrtek Říjen 31 11:14:53 CET 1996
On Wed, 30 Oct 1996, Jakub Jelinek wrote:
> >
> > On 30 Oct 1996, Honza Burdil wrote:
> >
> > >
> > > Dobry den,
> > > prosim Vas pouzivam ted novou verzi ssh-1.2.16 a sice vse funguje bez
> > > problemu, ale zajimalo by me co je nasledujici hlaska
> > >
> > > Trying rhosts or /etc/hosts.equiv with RSA host authentication.
> > > Server refused our rhosts authentication or host key.
> >
> > Server ma zrejme zakazanou autentizaci pres rhosts/hosts.equiv. Takze to
> > zkusit vypnout na strane klienta?
> Ono je urcite nejlepsi reseni prejit na ssh kompletne a vsechny .rhosty a
> hosts.equiv poslat tam, kam patri (/dev/null), nastavit si spravne public
> klice v ~/.ssh/authorized_keys a jde to jako po masle.
Souhlasim plne s kolegou Jelinkem, .rhosts a podobne vyhodit, na serveru
pomoci sshd.config zakazat autentikaci pomoci techto souboru a spolehnout
se pouze na RSA (IgnoreRhosts yes). A PasswordAuthentication na no, takze
si muzeme byt jisti, ze bez RSA autentikace by to nemelo projit. Pak
jeste RSAAuthentication na yes. Mozna jsem jeste neco zapomel (viz man).
Komprese prenosu se da ladit volbou Compression yes/no a CompresionLevel,
a tak se klasicky login s MC zkompresuje az na 15% ;-). Samozrejme za
bezpecnost a kryptovani je treba platit.... I v man-u pisou, ze na LAN je
rychlejsi bez komprese. Ale na WANce je to moc hezke.
Pres TIS FWTK a podobne jde procpat ssh spojeni pomoci nastavene plug-gw.
Pak by nemel byt snad problem. Nastavit spojeni mezi bastion hostem a
ssh serverem v Internetu. Pak ale spoustet ssh -l user bastion a to, kam
se bude pripojovat je dano nastavenim v netperm-table.
Hlaska couldn't connect to agent socket se mi vypisuje take ale RSA
autentikace probehne v poradku. Nekde je problem - treba spatna
prava a vlastnici souboru authorized_keys, sshd.conf a podobne.
Asi to nebude ale tak vazna chyba, kdyz to normalne ani nevypise, jen ve
verbose rezimu.
Viz vypis:
bubak:~# ssh -l volny -v marka
SSH Version 1.2.16 [i586-unknown-linux], protocol version 1.4.
Standard version. Does not use RSAREF.
Reading configuration data /etc/ssh_config
Applying options for marka*
Applying options for *
ssh_connect: getuid 0 geteuid 0 anon 0
Connecting to olorin [175.17.44.20] port 22.
Allocated local port 1023.
Connection established.
Remote protocol version 1.4, remote software version 1.2.14
Waiting for server public key.
Received server public key (768 bits) and host key (1024 bits).
Host 'marka' is known and matches the host key.
Initializing random; seed file /root/.ssh/random_seed
Encryption type: idea
Sent encrypted session key.
Received encrypted confirmation.
Couldn't connect to agent's socket.
Trying RSA authentication with key 'klic1'
Received RSA challenge from server.
Enter passphrase for RSA key 'klic1':
Sending response to host key RSA challenge.
Remote: RSA authentication accepted.
RSA authentication accepted by server.
Requesting compression at level 9.
Enabling compression at level 9.
Requesting pty.
Requesting shell.
Entering interactive session.
...
Ivan Volny
Další informace o konferenci Linux