SSH klic projde az napotreti

msk.conf msk.conf na gmail.com
Středa Únor 6 10:34:49 CET 2013


Pripadne este ma napada ine meno hosta v authorized_keys.

Dusan

> 	Dobry den,
>
> mam monitorovaci server, ktery se pripojuje na ruzne pocitace pres ssh
> s klicem a spousti tam ruzne testy. Vse funguje jak ma, ale ted jsem si
> vsiml, ze na jednom pocitaci se pri kazdem pristupu do logu vypisuje tohle:
>
> Feb  6 09:45:04 myhost sshd[3409]: Authentication tried for root with correct key but not from a permitted host (host=monitoring.fi.muni.cz, ip=1.2.3.4).
> Feb  6 09:45:04 myhost sshd[3409]: Authentication tried for root with correct key but not from a permitted host (host=monitoring.fi.muni.cz, ip=1.2.3.4).
> Feb  6 09:45:04 myhost sshd[3409]: Accepted publickey for root from 1.2.3.4 port 45637 ssh2
> Feb  6 09:45:04 myhost sshd[3409]: pam_unix(sshd:session): session opened for user root by (uid=0)
> Feb  6 09:45:04 myhost sshd[3409]: Received disconnect from 1.2.3.4: 11: disconnected by user
> Feb  6 09:45:04 myhost sshd[3409]: pam_unix(sshd:session): session closed for user root
>
> A pokud si rucne spustim na tom monitorovacim stroji ssh -v, vypada relevantni
> cast takto:
>
> [...]
> debug1: Offering public key: /home/monitoring/.ssh/nazev_ssh_klice
> debug1: Server accepts key: pkalg ssh-rsa blen 277
> debug1: read PEM private key done: type RSA
> debug1: Authentication succeeded (publickey).
> debug1: channel 0: new [client-session]
> debug1: Requesting no-more-sessions na openssh.com
> debug1: Entering interactive session.
> debug1: Remote: Your host 'monitoring.fi.muni.cz' is not permitted to use this key for login.
> debug1: Remote: Port forwarding disabled.
> debug1: Remote: X11 forwarding disabled.
> debug1: Remote: Agent forwarding disabled.
> debug1: Remote: Pty allocation disabled.
> debug1: Remote: Forced command: /bin/prikaz
> debug1: Remote: Your host 'monitoring.fi.muni.cz' is not permitted to use this key for login.
> debug1: Remote: Port forwarding disabled.
> debug1: Remote: X11 forwarding disabled.
> debug1: Remote: Agent forwarding disabled.
> debug1: Remote: Pty allocation disabled.
> debug1: Remote: Forced command: /bin/prikaz
> debug1: Sending environment.
> debug1: Sending env LC_PAPER = cs_CZ.UTF-8
> debug1: Sending env LC_COLLATE = cs_CZ.UTF-8
> debug1: Sending env LANG = en_US.UTF-8
> [...]
>
> Takze server 2x vypise ze klic neni ze spravne IP adresy, ale napotreti
> tentyz klic projde. Bez -v vse funguje jak ma, akorat na tom ssh serveru
> se do logu zapise to dvoji neuspesne prihlaseni a pak jedno uspesne.
>
> Delam neco spatne?
>
> 	Diky,
>
> -Y.
>



Další informace o konferenci Linux