Forum Linux.debian/ubuntu Problème d’accès root en ssh / MySecureShell

Posté par  . Licence CC By‑SA.
Étiquettes :
0
15
juil.
2016

Bonjour,

Voila, j'ai des souçis avec un de mes serveurs de son passage a MySecureShell.

Au debut tout fonctionnais mais depuis quelque jours, je n'ai plus de sFTP avec root et avec tout les autres utilisateur utilisant bash, aucun problème du coté des utilisateurs MySecureShell.

Je vous joins la conf en dessous :
Passwd :

root:x:0:0:root:/root:/bin/bash
daemon:x:1:1:daemon:/usr/sbin:/usr/sbin/nologin
bin:x:2:2:bin:/bin:/usr/sbin/nologin
sys:x:3:3:sys:/dev:/usr/sbin/nologin
sync:x:4:65534:sync:/bin:/bin/sync
games:x:5:60:games:/usr/games:/usr/sbin/nologin
man:x:6:12:man:/var/cache/man:/usr/sbin/nologin
lp:x:7:7:lp:/var/spool/lpd:/usr/sbin/nologin
mail:x:8:8:mail:/var/mail:/usr/sbin/nologin
news:x:9:9:news:/var/spool/news:/usr/sbin/nologin
uucp:x:10:10:uucp:/var/spool/uucp:/usr/sbin/nologin
proxy:x:13:13:proxy:/bin:/usr/sbin/nologin
www-data:x:33:33:www-data:/var/www:/usr/sbin/nologin
backup:x:34:34:backup:/var/backups:/usr/sbin/nologin
list:x:38:38:Mailing List Manager:/var/list:/usr/sbin/nologin
irc:x:39:39:ircd:/var/run/ircd:/usr/sbin/nologin
gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/usr/sbin/nologin
nobody:x:65534:65534:nobody:/nonexistent:/usr/sbin/nologin
systemd-timesync:x:100:103:systemd Time Synchronization,,,:/run/systemd:/bin/false
systemd-network:x:101:104:systemd Network Management,,,:/run/systemd/netif:/bin/false
systemd-resolve:x:102:105:systemd Resolver,,,:/run/systemd/resolve:/bin/false
systemd-bus-proxy:x:103:106:systemd Bus Proxy,,,:/run/systemd:/bin/false
sshd:x:104:65534::/var/run/sshd:/usr/sbin/nologin
bind:x:105:110::/var/cache/bind:/bin/false
mysql:x:106:111:MySQL Server,,,:/nonexistent:/bin/false
postfix:x:107:113::/var/spool/postfix:/bin/false
smmta:x:108:115:Mail Transfer Agent,,,:/var/lib/sendmail:/bin/false
smmsp:x:109:116:Mail Submission Program,,,:/var/lib/sendmail:/bin/false
wpupdate:x:1003:1004:,,,:/home/wpupdate:/bin/bash
proftpd:x:110:65534::/run/proftpd:/bin/false
ftp:x:111:65534::/srv/ftp:/bin/false
user1:x:1004:1006:,,,:/home/web/abc-eleveurs:/bin/mysecureshell
user2:x:1002:1002:,,,:/home/web:/usr/bin/mysecureshell

sftp_config :

    <Default>
        GlobalDownload      1m  
        GlobalUpload        0   
        Download        0
        Upload          0
        StayAtHome      true
        VirtualChroot       true
        LimitConnection     0
        LimitConnectionByUser   0
        LimitConnectionByIP 0
        Home            $HOME
        IdleTimeOut     5m
        ResolveIP       true
        HideNoAccess        true
        DefaultRights       0640 0750
        ShowLinksAsLinks    false
    </Default>

    <User user1>
        Home /home/user1
        Download 900k
        Upload 0
        LogFile         /var/log/sftp-server_user1.log    #Change logfile
        StayAtHome      TRUE
    </User>
    <User user2>
        Home /home/user2
        Download 0
        Upload 0
        StayAtHome  TRUE
        Shell /bin/bash
    </User>

sshd_config :

Port 22
Protocol 2
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_ed25519_key
UsePrivilegeSeparation yes

AllowUsers root user1 user2

KeyRegenerationInterval 3600
ServerKeyBits 1024

SyslogFacility AUTH
LogLevel INFO

LoginGraceTime 120
PermitRootLogin yes
StrictModes yes

RSAAuthentication yes
PubkeyAuthentication yes

IgnoreRhosts yes
RhostsRSAAuthentication no
HostbasedAuthentication no

PermitEmptyPasswords no

ChallengeResponseAuthentication no

X11Forwarding yes
X11DisplayOffset 10
PrintMotd no
PrintLastLog yes
TCPKeepAlive yes
AcceptEnv LANG LC_*

Subsystem sftp /usr/lib/openssh/sftp-server

UsePAM yes
Ciphers aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes128-ctr
MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,hmac-ripemd160
KexAlgorithms diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1

Voila, si quelqu'un a une idée de piste pour résoudre mon problème :)

  • # quel est le message d'erreur ?

    Posté par  (site Web personnel) . Évalué à 1.

    que donne slogin -v root@ton_serveur ?

  • # slogin -v root@monserveur

    Posté par  . Évalué à 1.

    slogin -v root@monserveur
    OpenSSH_6.7p1 Debian-5+deb8u2, OpenSSL 1.0.1t  3 May 2016
    debug1: Reading configuration data /etc/ssh/ssh_config
    debug1: /etc/ssh/ssh_config line 19: Applying options for *
    debug1: Connecting to monserveur [monserveur] port 22.
    debug1: Connection established.
    debug1: permanently_set_uid: 0/0
    debug1: key_load_public: No such file or directory
    debug1: identity file /root/.ssh/id_rsa type -1
    debug1: key_load_public: No such file or directory
    debug1: identity file /root/.ssh/id_rsa-cert type -1
    debug1: key_load_public: No such file or directory
    debug1: identity file /root/.ssh/id_dsa type -1
    debug1: key_load_public: No such file or directory
    debug1: identity file /root/.ssh/id_dsa-cert type -1
    debug1: key_load_public: No such file or directory
    debug1: identity file /root/.ssh/id_ecdsa type -1
    debug1: key_load_public: No such file or directory
    debug1: identity file /root/.ssh/id_ecdsa-cert type -1
    debug1: key_load_public: No such file or directory
    debug1: identity file /root/.ssh/id_ed25519 type -1
    debug1: key_load_public: No such file or directory
    debug1: identity file /root/.ssh/id_ed25519-cert type -1
    debug1: Enabling compatibility mode for protocol 2.0
    debug1: Local version string SSH-2.0-OpenSSH_6.7p1 Debian-5+deb8u2
    debug1: Remote protocol version 2.0, remote software version OpenSSH_6.7p1 Debian-5+deb8u2
    debug1: match: OpenSSH_6.7p1 Debian-5+deb8u2 pat OpenSSH* compat 0x04000000
    debug1: SSH2_MSG_KEXINIT sent
    debug1: SSH2_MSG_KEXINIT received
    debug1: kex: server->client aes128-ctr umac-128-etm@openssh.com none
    debug1: kex: client->server aes128-ctr umac-128-etm@openssh.com none
    debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<3072<8192) sent
    debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
    debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
    debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
    debug1: Server host key: ED25519
    The authenticity of host 'monserveur (monserveur)' can't be established.
    ED25519 key fingerprint is ED25519
    Are you sure you want to continue connecting (yes/no)? yes
    Warning: Permanently added 'monserveur' (ED25519) to the list of known hosts.
    debug1: SSH2_MSG_NEWKEYS sent
    debug1: expecting SSH2_MSG_NEWKEYS
    debug1: SSH2_MSG_NEWKEYS received
    debug1: SSH2_MSG_SERVICE_REQUEST sent
    debug1: SSH2_MSG_SERVICE_ACCEPT received
    debug1: Authentications that can continue: publickey,password
    debug1: Next authentication method: publickey
    debug1: Trying private key: /root/.ssh/id_rsa
    debug1: Trying private key: /root/.ssh/id_dsa
    debug1: Trying private key: /root/.ssh/id_ecdsa
    debug1: Trying private key: /root/.ssh/id_ed25519
    debug1: Next authentication method: password
    root@monserveur's password:
    debug1: Authentication succeeded (password).
    Authenticated to monserveur ([monserveur]:22).
    debug1: channel 0: new [client-session]
    debug1: Requesting no-more-sessions@openssh.com
    debug1: Entering interactive session.
    debug1: Sending environment.
    debug1: Sending env LANG = fr_FR.UTF-8
    Linux monserveur 3.14.32-xxxx-grs-ipv6-64 #5 SMP Wed Sep 9 17:24:34 CEST 2015 x86_64 GNU/Linux
    
    server    : 606648
    ip        : monserveur
    hostname  : monserveur
    
    You have new mail.
    Last login: Sun Jul 17 14:44:25 2016 from monip
    

    La connexion se fait bien apparemment .

  • # sftp -v root@monserveur

    Posté par  . Évalué à 1.

    root@monserveur:~# sftp -v root@monserveur
    OpenSSH_6.7p1 Debian-5+deb8u2, OpenSSL 1.0.1t 3 May 2016
    debug1: Reading configuration data /etc/ssh/ssh_config
    debug1: /etc/ssh/ssh_config line 19: Applying options for *
    debug1: Connecting to monserveur [monserveur] port 22.
    debug1: Connection established.
    debug1: permanently_set_uid: 0/0
    debug1: key_load_public: No such file or directory
    debug1: identity file /root/.ssh/id_rsa type -1
    debug1: key_load_public: No such file or directory
    debug1: identity file /root/.ssh/id_rsa-cert type -1
    debug1: key_load_public: No such file or directory
    debug1: identity file /root/.ssh/id_dsa type -1
    debug1: key_load_public: No such file or directory
    debug1: identity file /root/.ssh/id_dsa-cert type -1
    debug1: key_load_public: No such file or directory
    debug1: identity file /root/.ssh/id_ecdsa type -1
    debug1: key_load_public: No such file or directory
    debug1: identity file /root/.ssh/id_ecdsa-cert type -1
    debug1: key_load_public: No such file or directory
    debug1: identity file /root/.ssh/id_ed25519 type -1
    debug1: key_load_public: No such file or directory
    debug1: identity file /root/.ssh/id_ed25519-cert type -1
    debug1: Enabling compatibility mode for protocol 2.0
    debug1: Local version string SSH-2.0-OpenSSH_6.7p1 Debian-5+deb8u2
    debug1: Remote protocol version 2.0, remote software version OpenSSH_6.7p1 Debian-5+deb8u2
    debug1: match: OpenSSH_6.7p1 Debian-5+deb8u2 pat OpenSSH* compat 0x04000000
    debug1: SSH2_MSG_KEXINIT sent
    debug1: SSH2_MSG_KEXINIT received
    debug1: kex: server->client aes128-ctr umac-128-etm@openssh.com none
    debug1: kex: client->server aes128-ctr umac-128-etm@openssh.com none
    debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<3072<8192) sent
    debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
    debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
    debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
    debug1: Server host key: ED25519
    debug1: Host 'monserveur' is known and matches the ED25519 host key.
    debug1: Found key in /root/.ssh/known_hosts:1
    debug1: SSH2_MSG_NEWKEYS sent
    debug1: expecting SSH2_MSG_NEWKEYS
    debug1: SSH2_MSG_NEWKEYS received
    debug1: SSH2_MSG_SERVICE_REQUEST sent
    debug1: SSH2_MSG_SERVICE_ACCEPT received
    debug1: Authentications that can continue: publickey,password
    debug1: Next authentication method: publickey
    debug1: Trying private key: /root/.ssh/id_rsa
    debug1: Trying private key: /root/.ssh/id_dsa
    debug1: Trying private key: /root/.ssh/id_ecdsa
    debug1: Trying private key: /root/.ssh/id_ed25519
    debug1: Next authentication method: password
    root@monserveur's password:
    debug1: Authentication succeeded (password).
    Authenticated to monserveur ([monserveur]:22).
    debug1: channel 0: new [client-session]
    debug1: Requesting no-more-sessions@openssh.com
    debug1: Entering interactive session.
    debug1: Sending environment.
    debug1: Sending env LANG = fr_FR.UTF-8
    debug1: Sending subsystem: sftp
    debug1: client_input_channel_req: channel 0 rtype exit-status reply 0
    debug1: client_input_channel_req: channel 0 rtype eow@openssh.com reply 0
    debug1: channel 0: free: client-session, nchannels 1
    debug1: fd 0 clearing O_NONBLOCK
    Transferred: sent 2912, received 1872 bytes, in 0.0 seconds
    Bytes per second: sent 423311.7, received 272129.0
    debug1: Exit status 127
    Connection closed

Suivre le flux des commentaires

Note : les commentaires appartiennent à ceux qui les ont postés. Nous n’en sommes pas responsables.