SSH klic projde az napotreti

Jan Kasprzak kas na fi.muni.cz
Středa Únor 6 10:46:30 CET 2013 

msk.conf wrote:
: Pripadne este ma napada ine meno hosta v authorized_keys.

	Ani jedno. V authorized_keys je teda FQDN a ne IP adresa,
ale je to to spravne ("monitoring.fi.muni.cz"), a pokud by nesedelo
FQDN proti host key ze ssh_known_hosts, neprosla by autentizace vubec.

	No ale i kdyz od toho klice v authorized_keys zrusim veskera
omezeni (from, no-pty, prikaz, ...), tak stejne pri pokusu o SSH spojeni
dostavam ty stejne chyby v logu a ty stejne hlasky v ssh -v.

-Y.

: >
: >Feb  6 09:45:04 myhost sshd[3409]: Authentication tried for root with correct key but not from a permitted host (host=monitoring.fi.muni.cz, ip=1.2.3.4).
: >Feb  6 09:45:04 myhost sshd[3409]: Authentication tried for root with correct key but not from a permitted host (host=monitoring.fi.muni.cz, ip=1.2.3.4).
: >Feb  6 09:45:04 myhost sshd[3409]: Accepted publickey for root from 1.2.3.4 port 45637 ssh2
: >Feb  6 09:45:04 myhost sshd[3409]: pam_unix(sshd:session): session opened for user root by (uid=0)
: >Feb  6 09:45:04 myhost sshd[3409]: Received disconnect from 1.2.3.4: 11: disconnected by user
: >Feb  6 09:45:04 myhost sshd[3409]: pam_unix(sshd:session): session closed for user root
: >[...]
: >debug1: Offering public key: /home/monitoring/.ssh/nazev_ssh_klice
: >debug1: Server accepts key: pkalg ssh-rsa blen 277
: >debug1: read PEM private key done: type RSA
: >debug1: Authentication succeeded (publickey).
: >debug1: channel 0: new [client-session]
: >debug1: Requesting no-more-sessions na openssh.com
: >debug1: Entering interactive session.
: >debug1: Remote: Your host 'monitoring.fi.muni.cz' is not permitted to use this key for login.
: >debug1: Remote: Port forwarding disabled.
: >debug1: Remote: X11 forwarding disabled.
: >debug1: Remote: Agent forwarding disabled.
: >debug1: Remote: Pty allocation disabled.
: >debug1: Remote: Forced command: /bin/prikaz
: >debug1: Remote: Your host 'monitoring.fi.muni.cz' is not permitted to use this key for login.
: >debug1: Remote: Port forwarding disabled.
: >debug1: Remote: X11 forwarding disabled.
: >debug1: Remote: Agent forwarding disabled.
: >debug1: Remote: Pty allocation disabled.
: >debug1: Remote: Forced command: /bin/prikaz
: >debug1: Sending environment.
: >debug1: Sending env LC_PAPER = cs_CZ.UTF-8
: >debug1: Sending env LC_COLLATE = cs_CZ.UTF-8
: >debug1: Sending env LANG = en_US.UTF-8

-- 
| Jan "Yenya" Kasprzak  <kas at {fi.muni.cz - work | yenya.net - private}> |
| New GPG 4096R/A45477D5 - see http://www.fi.muni.cz/~kas/pgp-rollover.txt |
| http://www.fi.muni.cz/~kas/    Journal: http://www.fi.muni.cz/~kas/blog/ |
Please don't top post and in particular don't attach entire digests to your
mail or we'll all soon be using bittorrent to read the list.     --Alan Cox

Další informace o konferenci Linux