Forum Linux.général [ssh] authentification RSA/DSA avec plusieurs poste

Posté par (page perso) .
Tags : aucun
2
15
oct.
2009
Bonjour,

Sur une machine j'ai généré ma clé RSA avec passphrase et tout et tout, je la déploie sur mes différents serveurs, parfait!
Je me dit "ha je voulais bientôt refaire mon poste, et j'aimerai bien que ma clé me suive sur ma clé USB pour aller au boulot" Bon ok, je test, récupère id_rsa, la colle au boulot et là c'est le drame :

debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: Offering public key: /home/david/.ssh/id_rsa
debug1: Server accepts key: pkalg ssh-rsa blen 277
Agent admitted failure to sign using the key.
debug1: Trying private key: /home/david/.ssh/identity
debug1: Trying private key: /home/david/.ssh/id_dsa
debug1: Next authentication method: password


Cela ne fonctionne pas... qu'est ce que j'ai loupé? une clé RSA a-t-elle un lien avec la machine?
Le DSA c'est mieux? dépend aussi de la machine?

A la fin de ma clé public (dans authorized_keys) il y a le nom de ma machine.. même en le retirant j'ai le même soucie!

Tous cela veux dire que quand je formaterai il faudra re-balancer ma clé public partout?

Merci d'avance,

David
  • # permissions laxistes ?

    Posté par (page perso) . Évalué à 1.

    tu as mis quelles permissions sur les fichiers clef publique / privées ?

    Système - Réseau - Sécurité Open Source

    • [^] # Re: permissions laxistes ?

      Posté par (page perso) . Évalué à 1.

      $ ls -la .ssh
      total 36
      drwx------ 2 david david 4096 2009-10-14 18:59 .
      drwxr-xr-x 103 david david 4096 2009-10-15 15:41 ..
      -rw------- 1 david david 1743 2009-10-14 19:03 id_rsa
      -rwx------ 1 david david 630 2008-11-11 16:04 id_rsa.keystore
      -rw-r--r-- 1 david david 397 2009-10-14 18:59 id_rsa.pub
      -rw-r--r-- 1 david david 5844 2009-10-15 10:35 known_hosts


      Merci de ton aide!
      • [^] # Re: permissions laxistes ?

        Posté par (page perso) . Évalué à 1.

        Que donne la sortie de ssh -vvv ?

        Système - Réseau - Sécurité Open Source

        • [^] # Re: permissions laxistes ?

          Posté par (page perso) . Évalué à 1.

          debug3: key_read: missing keytype
          debug1: identity file /home/david/.ssh/id_rsa type 1
          debug1: Checking blacklist file /usr/share/ssh/blacklist.RSA-2048
          debug1: Checking blacklist file /etc/ssh/blacklist.RSA-2048
          debug1: identity file /home/david/.ssh/id_dsa type -1
          debug1: Remote protocol version 2.0, remote software version OpenSSH_5.1p1 Debian-5
          debug1: match: OpenSSH_5.1p1 Debian-5 pat OpenSSH*
          debug1: Enabling compatibility mode for protocol 2.0
          debug1: Local version string SSH-2.0-OpenSSH_5.1p1 Debian-5ubuntu1
          debug2: fd 3 setting O_NONBLOCK
          debug1: SSH2_MSG_KEXINIT sent
          debug1: SSH2_MSG_KEXINIT received
          debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
          debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
          debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr
          debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr
          debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
          debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
          debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
          debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
          debug2: kex_parse_kexinit:
          debug2: kex_parse_kexinit:
          debug2: kex_parse_kexinit: first_kex_follows 0
          debug2: kex_parse_kexinit: reserved 0
          debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
          debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
          debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr
          debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr
          debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
          debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
          debug2: kex_parse_kexinit: none,zlib@openssh.com
          debug2: kex_parse_kexinit: none,zlib@openssh.com
          debug2: kex_parse_kexinit:
          debug2: kex_parse_kexinit:
          debug2: kex_parse_kexinit: first_kex_follows 0
          debug2: kex_parse_kexinit: reserved 0
          debug2: mac_setup: found hmac-md5
          debug1: kex: server->client aes128-cbc hmac-md5 none
          debug2: mac_setup: found hmac-md5
          debug1: kex: client->server aes128-cbc hmac-md5 none
          debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
          debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
          debug2: dh_gen_key: priv key bits set: 130/256
          debug2: bits set: 493/1024
          debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
          debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
          debug3: put_host_port: xxxxxxxxxx
          debug3: put_host_port: xxxxxxxxxx
          debug3: check_host_in_hostfile: filename /home/david/.ssh/known_hosts
          debug3: check_host_in_hostfile: filename /etc/ssh/ssh_known_hosts
          debug3: check_host_in_hostfile: filename /home/david/.ssh/known_hosts
          debug3: check_host_in_hostfile: filename /etc/ssh/ssh_known_hosts
          debug1: checking without port identifier
          debug3: check_host_in_hostfile: filename /home/david/.ssh/known_hosts
          debug3: check_host_in_hostfile: match line 3
          debug3: check_host_in_hostfile: filename /home/david/.ssh/known_hosts
          debug3: check_host_in_hostfile: match line 4
          debug1: Host 'xxxxxxxxxx' is known and matches the RSA host key.
          debug1: Found key in /home/david/.ssh/known_hosts:3
          debug1: found matching key w/out port
          debug2: bits set: 524/1024
          debug1: ssh_rsa_verify: signature correct
          debug2: kex_derive_keys
          debug2: set_newkeys: mode 1
          debug1: SSH2_MSG_NEWKEYS sent
          debug1: expecting SSH2_MSG_NEWKEYS
          debug2: set_newkeys: mode 0
          debug1: SSH2_MSG_NEWKEYS received
          debug1: SSH2_MSG_SERVICE_REQUEST sent
          debug2: service_accept: ssh-userauth
          debug1: SSH2_MSG_SERVICE_ACCEPT received
          debug2: key: /home/david/.ssh/id_rsa (0xb97ccaa0)
          debug2: key: /home/david/.ssh/identity ((nil))
          debug2: key: /home/david/.ssh/id_dsa ((nil))
          debug1: Authentications that can continue: publickey,password
          debug3: start over, passed a different list publickey,password
          debug3: preferred publickey,keyboard-interactive,password
          debug3: authmethod_lookup publickey
          debug3: remaining preferred: keyboard-interactive,password
          debug3: authmethod_is_enabled publickey
          debug1: Next authentication method: publickey
          debug1: Offering public key: /home/david/.ssh/id_rsa
          debug3: send_pubkey_test
          debug2: we sent a publickey packet, wait for reply
          debug1: Server accepts key: pkalg ssh-rsa blen 277
          debug2: input_userauth_pk_ok: fp 9c:d2:23:fd:e4:57:3a:1d:e3:bd:6e:f6:a1:6d:b4:93
          debug3: sign_and_send_pubkey
          Agent admitted failure to sign using the key.
          debug1: Trying private key: /home/david/.ssh/identity
          debug3: no such identity: /home/david/.ssh/identity
          debug1: Trying private key: /home/david/.ssh/id_dsa
          debug3: no such identity: /home/david/.ssh/id_dsa
          debug2: we did not send a packet, disable method
          debug3: authmethod_lookup password
          debug3: remaining preferred: ,password
          debug3: authmethod_is_enabled password
          debug1: Next authentication method: password
  • # donne le chemin...

    Posté par . Évalué à 0.

    quand tu envoies ta commande ssh, il faut peut-être lui dire où trouver la clé (par défaut, ssh va chercher la clé dans ~/.ssh), donc

    > ssh -i /montageBoulot/TaCleUSB/leFichierID ton_user@ta_machine

Suivre le flux des commentaires

Note : les commentaires appartiennent à ceux qui les ont postés. Nous n'en sommes pas responsables.