SSH klic projde az napotreti
Adam Pribyl
pribyl na lowlevel.cz
Středa Únor 6 11:46:35 CET 2013
Zkuste jeste ssh -vvv, nicmene neni to treba RSA vs. DSA nebo
proste jinym typem klice?
Adam Pribyl
On Wed, 6 Feb 2013, Jan Kasprzak wrote:
> msk.conf wrote:
> : Pripadne este ma napada ine meno hosta v authorized_keys.
>
> Ani jedno. V authorized_keys je teda FQDN a ne IP adresa,
> ale je to to spravne ("monitoring.fi.muni.cz"), a pokud by nesedelo
> FQDN proti host key ze ssh_known_hosts, neprosla by autentizace vubec.
>
> No ale i kdyz od toho klice v authorized_keys zrusim veskera
> omezeni (from, no-pty, prikaz, ...), tak stejne pri pokusu o SSH spojeni
> dostavam ty stejne chyby v logu a ty stejne hlasky v ssh -v.
>
> -Y.
>
> : >
> : >Feb 6 09:45:04 myhost sshd[3409]: Authentication tried for root with correct key but not from a permitted host (host=monitoring.fi.muni.cz, ip=1.2.3.4).
> : >Feb 6 09:45:04 myhost sshd[3409]: Authentication tried for root with correct key but not from a permitted host (host=monitoring.fi.muni.cz, ip=1.2.3.4).
> : >Feb 6 09:45:04 myhost sshd[3409]: Accepted publickey for root from 1.2.3.4 port 45637 ssh2
> : >Feb 6 09:45:04 myhost sshd[3409]: pam_unix(sshd:session): session opened for user root by (uid=0)
> : >Feb 6 09:45:04 myhost sshd[3409]: Received disconnect from 1.2.3.4: 11: disconnected by user
> : >Feb 6 09:45:04 myhost sshd[3409]: pam_unix(sshd:session): session closed for user root
> : >[...]
> : >debug1: Offering public key: /home/monitoring/.ssh/nazev_ssh_klice
> : >debug1: Server accepts key: pkalg ssh-rsa blen 277
> : >debug1: read PEM private key done: type RSA
> : >debug1: Authentication succeeded (publickey).
> : >debug1: channel 0: new [client-session]
> : >debug1: Requesting no-more-sessions na openssh.com
> : >debug1: Entering interactive session.
> : >debug1: Remote: Your host 'monitoring.fi.muni.cz' is not permitted to use this key for login.
> : >debug1: Remote: Port forwarding disabled.
> : >debug1: Remote: X11 forwarding disabled.
> : >debug1: Remote: Agent forwarding disabled.
> : >debug1: Remote: Pty allocation disabled.
> : >debug1: Remote: Forced command: /bin/prikaz
> : >debug1: Remote: Your host 'monitoring.fi.muni.cz' is not permitted to use this key for login.
> : >debug1: Remote: Port forwarding disabled.
> : >debug1: Remote: X11 forwarding disabled.
> : >debug1: Remote: Agent forwarding disabled.
> : >debug1: Remote: Pty allocation disabled.
> : >debug1: Remote: Forced command: /bin/prikaz
> : >debug1: Sending environment.
> : >debug1: Sending env LC_PAPER = cs_CZ.UTF-8
> : >debug1: Sending env LC_COLLATE = cs_CZ.UTF-8
> : >debug1: Sending env LANG = en_US.UTF-8
>
> --
> | Jan "Yenya" Kasprzak <kas at {fi.muni.cz - work | yenya.net - private}> |
> | New GPG 4096R/A45477D5 - see http://www.fi.muni.cz/~kas/pgp-rollover.txt |
> | http://www.fi.muni.cz/~kas/ Journal: http://www.fi.muni.cz/~kas/blog/ |
> Please don't top post and in particular don't attach entire digests to your
> mail or we'll all soon be using bittorrent to read the list. --Alan Cox
> _______________________________________________
> Linux mailing list
> Linux na linux.cz
> http://www.linux.cz/mailman/listinfo/linux
>
Odchozi zprava neobsahuje viry, protoze nebyla odeslana z Windows.
Otestovano zdarma a legalne na OS Linux.
(Proc pouzivat Linux - http://proc.linux.cz/).
Další informace o konferenci Linux