Probleme mit *rsa und *dsa + *pub Keys

Bash, Shell, PHP, Python, Perl, CGI
kurvenjaeger
Posts: 39
Joined: 2003-04-04 19:57
Location: Göttingen

Probleme mit *rsa und *dsa + *pub Keys

Post by kurvenjaeger »

Hallo,

beim ssh Einloggen immer noch Fehler:

Ich hatte das Problem schon mal unter:
http://www.rootforum.org/forum/viewtopic.php?t=10997
gepostet. Leider keine Antworten mehr darauf erhalten.

Ist wirklich dringend!

Ich sollte die sshd_config posten:

Code: Select all

#   $OpenBSD: sshd_config,v 1.42 2001/09/20 20:57:51 mouring Exp $ 

# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin 

# This is the sshd server system-wide configuration file.  See sshd(8) 
# for more information. 

Port 22 
Protocol 1,2 
#ListenAddress 0.0.0.0 
#ListenAddress :: 

# HostKey for protocol version 1 
HostKey /etc/ssh/ssh_host_key 
# HostKeys for protocol version 2 
HostKey /etc/ssh/ssh_host_rsa_key 
HostKey /etc/ssh/ssh_host_dsa_key 

# Lifetime and size of ephemeral version 1 server key 
KeyRegenerationInterval 3600 
ServerKeyBits 768 

# Logging 
SyslogFacility AUTH 
LogLevel INFO 
#obsoletes QuietMode and FascistLogging 

# Authentication: 

LoginGraceTime 600 
PermitRootLogin yes 
#PermitRootLogin without-password 
StrictModes yes 

RSAAuthentication yes 
PubkeyAuthentication yes 
AuthorizedKeysFile   %h/.ssh/authorized_keys 

# rhosts authentication should not be used 
RhostsAuthentication no 
# Don't read the user's ~/.rhosts and ~/.shosts files 
IgnoreRhosts yes 
# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts 
RhostsRSAAuthentication no 
# similar for protocol version 2 
HostbasedAuthentication no 
# Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication 
#IgnoreUserKnownHosts yes 

# To disable tunneled clear text passwords, change to no here! 
PasswordAuthentication yes 
PermitEmptyPasswords no 

# Uncomment to disable s/key passwords 
ChallengeResponseAuthentication no 

# Uncomment to enable PAM keyboard-interactive authentication 
# Warning: enabling this may bypass the setting of 'PasswordAuthentication' 
#PAMAuthenticationViaKbdInt yes 

# To change Kerberos options 
#KerberosAuthentication no 
#KerberosOrLocalPasswd yes 
#AFSTokenPassing no 
#KerberosTicketCleanup no 

# Kerberos TGT Passing does only work with the AFS kaserver 
#KerberosTgtPassing yes 

X11Forwarding no 
X11DisplayOffset 10 
PrintMotd yes 
#PrintLastLog no 
KeepAlive yes 
#UseLogin no 

#MaxStartups 10:30:60 
#Banner /etc/issue.net 
#ReverseMappingCheck yes 

Subsystem   sftp   /usr/lib/ssh/sftp-server 
IgnoreUserKnownHosts no 
ReverseMappingCheck no 
GatewayPorts no 
AllowTcpForwarding yes 
UsePrivilegeSeparation yes
Gibt es Hilfe ??
captaincrunch
Userprojekt
Userprojekt
Posts: 7066
Joined: 2002-10-09 14:30
Location: Dorsten

Re: Probleme mit *rsa und *dsa + *pub Keys

Post by captaincrunch »

Mach mal auf dieser Zeile
Protocol 1,2
ein
Protocol 2
.
Warum SuSE das immer noch standardemäßig drin hat weiß der Geier ...
DebianHowTo
echo "[q]sa[ln0=aln256%Pln256/snlbx]sb729901041524823122snlbxq"|dc
kurvenjaeger
Posts: 39
Joined: 2003-04-04 19:57
Location: Göttingen

Re: Probleme mit *rsa und *dsa + *pub Keys

Post by kurvenjaeger »

hab ich auch schon versucht. Da gibt es jetzt mit -vvv eine ganz wilde Meldung ( Festhalten der Code ist länger )

Code: Select all

p12345678:~ # ssh -vvv 217.160.xxx.xx
OpenSSH_3.4p1, SSH protocols 1.5/2.0, OpenSSL 0x0090607f
20828: debug1: Reading configuration data /etc/ssh/ssh_config
20828: debug1: Applying options for *
20828: debug1: Rhosts Authentication disabled, originating port will not be trusted.
20828: debug1: ssh_connect: needpriv 0
20828: debug1: Connecting to 217.160.xxx.xx [217.160.xxx.xx] port 22.
20828: debug1: Connection established.
20828: debug1: identity file /root/.ssh/identity type -1
20828: debug3: Not a RSA1 key file /root/.ssh/id_rsa.
20828: debug2: key_type_from_name: unknown key type '-----BEGIN'
20828: debug3: key_read: no key found
20828: debug2: key_type_from_name: unknown key type 'Proc-Type:'
20828: debug3: key_read: no key found
20828: debug2: key_type_from_name: unknown key type 'DEK-Info:'
20828: debug3: key_read: no key found
20828: debug3: key_read: no space
20828: debug3: key_read: no space
20828: debug3: key_read: no space
20828: debug3: key_read: no space
20828: debug3: key_read: no space
20828: debug3: key_read: no space
20828: debug3: key_read: no space
20828: debug3: key_read: no space
20828: debug3: key_read: no space
20828: debug3: key_read: no space
20828: debug3: key_read: no space
20828: debug3: key_read: no space
20828: debug3: key_read: no space
20828: debug2: key_type_from_name: unknown key type '-----END'
20828: debug3: key_read: no key found
20828: debug1: identity file /root/.ssh/id_rsa type 1
20828: debug1: identity file /root/.ssh/id_dsa type -1
20828: debug1: Remote protocol version 2.0, remote software version OpenSSH_3.4p1
20828: debug1: match: OpenSSH_3.4p1 pat OpenSSH*
20828: Enabling compatibility mode for protocol 2.0
20828: debug1: Local version string SSH-2.0-OpenSSH_3.4p1
20828: debug1: SSH2_MSG_KEXINIT sent
20828: debug1: SSH2_MSG_KEXINIT received
20828: debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
20828: debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
20828: debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se
20828: debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se
20828: debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
20828: debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
20828: debug2: kex_parse_kexinit: none
20828: debug2: kex_parse_kexinit: none
20828: debug2: kex_parse_kexinit:
20828: debug2: kex_parse_kexinit:
20828: debug2: kex_parse_kexinit: first_kex_follows 0
20828: debug2: kex_parse_kexinit: reserved 0
20828: debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
20828: debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
20828: debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se
20828: debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se
20828: debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
20828: debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
20828: debug2: kex_parse_kexinit: none,zlib
20828: debug2: kex_parse_kexinit: none,zlib
20828: debug2: kex_parse_kexinit:
20828: debug2: kex_parse_kexinit:
20828: debug2: kex_parse_kexinit: first_kex_follows 0
20828: debug2: kex_parse_kexinit: reserved 0
20828: debug2: mac_init: found hmac-md5
20828: debug1: kex: server->client aes128-cbc hmac-md5 none
20828: debug2: mac_init: found hmac-md5
20828: debug1: kex: client->server aes128-cbc hmac-md5 none
20828: debug1: SSH2_MSG_KEX_DH_GEX_REQUEST sent
20828: debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
20828: debug1: dh_gen_key: priv key bits set: 141/256
20828: debug1: bits set: 1594/3191
20828: debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
20828: debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
20828: debug3: check_host_in_hostfile: filename /root/.ssh/known_hosts
20828: debug3: check_host_in_hostfile: match line 1
20828: debug1: Host '217.160.185.4' is known and matches the RSA host key.
20828: debug1: Found key in /root/.ssh/known_hosts:1
20828: debug1: bits set: 1579/3191
20828: debug1: ssh_rsa_verify: signature correct
20828: debug1: kex_derive_keys
20828: debug1: newkeys: mode 1
20828: debug1: SSH2_MSG_NEWKEYS sent
20828: debug1: waiting for SSH2_MSG_NEWKEYS
20828: debug1: newkeys: mode 0
20828: debug1: SSH2_MSG_NEWKEYS received
20828: debug1: done: ssh_kex2.
20828: debug1: send SSH2_MSG_SERVICE_REQUEST
20828: debug1: service_accept: ssh-userauth
20828: debug1: got SSH2_MSG_SERVICE_ACCEPT
20828: debug1: authentications that can continue: publickey,password
20828: debug3: start over, passed a different list publickey,password
20828: debug3: preferred publickey,keyboard-interactive,password
20828: debug3: authmethod_lookup publickey
20828: debug3: remaining preferred: keyboard-interactive,password
20828: debug3: authmethod_is_enabled publickey
20828: debug1: next auth method to try is publickey
20828: debug1: try privkey: /root/.ssh/identity
20828: debug3: no such identity: /root/.ssh/identity
20828: debug1: try pubkey: /root/.ssh/id_rsa
20828: debug3: send_pubkey_test
20828: debug2: we sent a publickey packet, wait for reply
20828: debug1: authentications that can continue: publickey,password
20828: debug1: try privkey: /root/.ssh/id_dsa
20828: debug3: no such identity: /root/.ssh/id_dsa
20828: debug2: we did not send a packet, disable method
20828: debug3: authmethod_lookup password
20828: debug3: remaining preferred: ,password
20828: debug3: authmethod_is_enabled password
20828: debug1: next auth method to try is password
Hilft euch dass evt weiter?? -- Ich bin jedenfalls ratlos ..... :cry:
Gibt es eine Alternative ??
dodolin
Posts: 3840
Joined: 2003-01-21 01:59
Location: Sinsheim/Karlsruhe

Re: Probleme mit *rsa und *dsa + *pub Keys

Post by dodolin »

20828: debug3: Not a RSA1 key file /root/.ssh/id_rsa.
Da ist was beim Erzeugen schiefgegangen. Wiederhole das nochmal nach der Anleitung und lese gegebenenfalls auch nochmal die manpage von ssh-keygen. Aber IIRC sagte ich das doch bereits im anderen Thread?!
kurvenjaeger
Posts: 39
Joined: 2003-04-04 19:57
Location: Göttingen

Re: Probleme mit *rsa und *dsa + *pub Keys

Post by kurvenjaeger »

Ich habe die Keys genau nach Anleitung aif dem Clienten erstellt und den pub key auf den Server kopiert. Bin exakt nach
http://www.rootforum.org/faq/index.php? ... d=38&lang= vorgegangen. Ich weis nicht mehr weiter... p.s. wenn es nützt: auf beiden Servern (Client+Zielhost) läuft Suse 8.1