SCP SSH - batch

Milan Roubal roubm9am na barbora.ms.mff.cuni.cz
Pátek Červen 14 21:35:10 CEST 2002


Nikoli, to co popisujete vy je pouze ze znate verejny klic te masiny,
tedy jste si overil, ze se pripojujete k te masine, ale uz nikoliv ze si
ta masina overuje vas.

debug1: Found key in /root/.ssh/known_hosts:7
debug1: bits set: 513/1024
debug1: ssh_dss_verify: signature correct
debug1: kex_derive_keys
debug1: newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: waiting for SSH2_MSG_NEWKEYS
debug1: newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: done: ssh_kex2.
debug1: send SSH2_MSG_SERVICE_REQUEST
debug1: service_accept: ssh-userauth
debug1: got SSH2_MSG_SERVICE_ACCEPT
debug1: authentications that can continue: publickey,password
debug3: start over, passed a different list publickey,password
debug3: preferred publickey,keyboard-interactive,password
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: next auth method to try is publickey
debug1: try privkey: /root/.ssh/id_rsa
debug3: no such identity: /root/.ssh/id_rsa
debug1: try pubkey: /root/.ssh/id_dsa
debug3: send_pubkey_test
debug2: we sent a publickey packet, wait for reply
debug1: input_userauth_pk_ok: pkalg ssh-dss blen 433 lastkey 0x81086c8 hint
2
debug2: input_userauth_pk_ok: fp
63:21:7d:40:f0:d5:76:c1:14:79:94:9d:7c:36:88:30
debug3: sign_and_send_pubkey
debug1: read PEM private key done: type DSA
debug1: ssh-userauth2 successful: method publickey

Podle meho nazoru mate vygenerovane klice pro verzi protokolu 1
a kdyz se pripojite, tak se domluvi masiny na protokulu 2 a chteji
heslo, presto ze by na verzi 1 heslo nechtel.
Vygenerujte si klice pomoci prikazu ssh-keygen -t dsa
a nechte jej v souborech id_dsa a authorized_keys na druhe masine
a melo by to zacit fungovat.
Zdravi
    Milan Roubal

----- Original Message -----
From: "M.B." <m.benes na sh.cvut.cz>
To: <linux na linux.cz>
Sent: Friday, June 14, 2002 6:49 PM
Subject: Re: SCP SSH - batch


OpenSSH_3.1p1, SSH protocols 1.5/2.0, OpenSSL 0x0090602f
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Rhosts Authentication disabled, originating port will not be
trusted.
debug1: restore_uid
debug1: ssh_connect: getuid 84 geteuid 0 anon 1
debug1: Connecting to comp2 [192.168.2.3] port 22.
debug1: temporarily_use_uid: 84/84 (e=0)
debug1: restore_uid
debug1: temporarily_use_uid: 84/84 (e=0)
debug1: restore_uid
debug1: Connection established.
debug1: read PEM private key done: type DSA
debug1: read PEM private key done: type RSA
debug1: identity file /home/firebird/.ssh/identity type 0
debug1: identity file /home/firebird/.ssh/id_rsa type -1
debug1: identity file /home/firebird/.ssh/id_dsa type -1
debug1: Remote protocol version 1.99, remote software version OpenSSH_2.9p2
debug1: match: OpenSSH_2.9p2 pat OpenSSH*
Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_3.1p1
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-cbc hmac-md5 none
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: dh_gen_key: priv key bits set: 123/256
debug1: bits set: 1007/2049
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host 'comp2' is known and matches the RSA host key.
debug1: Found key in /home/firebird/.ssh/known_hosts:1
debug1: bits set: 1011/2049
debug1: ssh_rsa_verify: signature correct
debug1: kex_derive_keys
debug1: newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: waiting for SSH2_MSG_NEWKEYS
debug1: newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: done: ssh_kex2.
debug1: send SSH2_MSG_SERVICE_REQUEST
debug1: service_accept: ssh-userauth
debug1: got SSH2_MSG_SERVICE_ACCEPT
debug1: authentications that can continue:
publickey,password,keyboard-interactive
debug1: next auth method to try is publickey
debug1: try privkey: /home/firebird/.ssh/id_rsa
debug1: try privkey: /home/firebird/.ssh/id_dsa
debug1: next auth method to try is keyboard-interactive
debug1: authentications that can continue:
publickey,password,keyboard-interactive
debug1: next auth method to try is password
user2 na comp2's password:


prestoze:
debug1: Host 'comp2' is known and matches the RSA host key.
debug1: Found key in /home/firebird/.ssh/known_hosts:1
debug1: bits set: 1011/2049
debug1: ssh_rsa_verify: signature correct

tak i tak chce heslo :-(

"Ivo Kocvara" <xkocvara na fi.muni.cz> wrote in message
news:3D09F899.A57E46B4 na fi.muni.cz...
> "M.B." wrote:
> >
> > nejdobry den, nemohu se prilogovat bez hesla a nechapu proc:
> >
> > pocitac1-uzivatel1
> > pocitac2-uzivatel2
> >
> > pocitac1:ssh-keygen -t rsa1
> > heslo - prazdne
> > - tim se vygeneruje na pocitaci1 ./ssh/identity a identity.pub
> >
> > identity.pub prekopiruji na pocitac2 do domovskeho adresare
> > uzivatel2 /.ssh/ jako authorized_keys
> >
> > na pocitaci1 pak zadam
> >
> > ssh -l uzivatel2 pocitac2
> >
> > a stejne chce heslo ! ;-(((
> >
> > to same scp -B soubor1 uzivate2 na pocitac2:soubor2
> > (neprojde a pokud odendam -B, chce zase heslo ;-( )
> >
> > nevite kde je chybka ?
> > dekuji
>
> Tak treba v konfiguracnim souboru sshd muzete zkontrolovat veci jako
> RSAAuthentication yes
> PubkeyAuthentication yes
>
> A jeste lepsi napad je ssh -v ....
> --
> ivo kocvara





Další informace o konferenci Linux