>>>>>На машине с ssh1 сделан DSA публичный ключ. Роздан другим тачкам. На
>>>>>те, на которых ssh1 она заходит, а на те, на которых
>>>>>ssh2, требует пароль. Как настроить ssh2, чтобы достаточно было аутентификации по
>>>>>DSA-ключу? Или может совместимость с ssh1 настроить, или еще чего?
>>>>
>>>>ssh1Compatibility
>>>
>>>Сделал, нифига не работает, все равно требует пароль
>>
>>
>>-v сюда клиента и сервера
>
>Вот:
>TestServer_/root# ssh -vvv 192.168.0.2
>OpenSSH_3.6.1p1 FreeBSD-20030924, SSH protocols 1.5/2.0, OpenSSL 0x0090703f
>debug1: Reading configuration data /etc/ssh/ssh_config
>debug1: Rhosts Authentication disabled, originating port will not be trusted.
>debug2: ssh_connect: needpriv 0
>debug1: Connecting to 192.168.0.2 [192.168.0.2] port 22.
>debug1: Connection established.
>debug1: identity file /root/.ssh/identity type -1
>debug1: identity file /root/.ssh/id_rsa type -1
>debug3: Not a RSA1 key file /root/.ssh/id_dsa.
>debug2: key_type_from_name: unknown key type '-----BEGIN'
ну вот тут же ясно видно проблему ключа
>debug3: key_read: missing keytype
>debug3: key_read: missing whitespace
>debug3: key_read: missing whitespace
>debug3: key_read: missing whitespace
>debug3: key_read: missing whitespace
>debug3: key_read: missing whitespace
>debug3: key_read: missing whitespace
>debug3: key_read: missing whitespace
>debug3: key_read: missing whitespace
>debug3: key_read: missing whitespace
>debug3: key_read: missing whitespace
>debug2: key_type_from_name: unknown key type '-----END'
>debug3: key_read: missing keytype
>debug1: identity file /root/.ssh/id_dsa type 2
>debug1: Remote protocol version 2.0, remote software version 3.2.0 SSH Secure Shell
>(non-commercial)
>debug1: no match: 3.2.0 SSH Secure Shell (non-commercial)
версию можно взять и поновее, 3.2.9.1 лежит на фтп давно.
>debug1: Enabling compatibility mode for protocol 2.0
>debug1: Local version string SSH-2.0-OpenSSH_3.6.1p1 FreeBSD-20030924
>debug1: SSH2_MSG_KEXINIT sent
>debug1: SSH2_MSG_KEXINIT received
>debug2: kex_parse_kexinit:
невижу включения ssh1
diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
>debug2: kex_parse_kexinit: ssh-dss,ssh-rsa
>debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se
>debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se
>debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
>debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
>debug2: kex_parse_kexinit: none,zlib
>debug2: kex_parse_kexinit: none,zlib
>debug2: kex_parse_kexinit:
>debug2: kex_parse_kexinit:
>debug2: kex_parse_kexinit: first_kex_follows 0
>debug2: kex_parse_kexinit: reserved 0
>debug2: kex_parse_kexinit: diffie-hellman-group1-sha1
>debug2: kex_parse_kexinit: ssh-dss
>debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,twofish128-cbc,cast128-cbc,twofish-cbc,blowfish-cbc,aes192-cbc,aes256-cbc,twofish192-cbc,twofish256-cbc,arcfour
>debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,twofish128-cbc,cast128-cbc,twofish-cbc,blowfish-cbc,aes192-cbc,aes256-cbc,twofish192-cbc,twofish256-cbc,arcfour
>debug2: kex_parse_kexinit: hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96
>debug2: kex_parse_kexinit: hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96
>debug2: kex_parse_kexinit: none,zlib
>debug2: kex_parse_kexinit: none,zlib
>debug2: kex_parse_kexinit:
>debug2: kex_parse_kexinit:
>debug2: kex_parse_kexinit: first_kex_follows 0
>debug2: kex_parse_kexinit: reserved 0
>debug2: mac_init: found hmac-md5
>debug1: kex: server->client aes128-cbc hmac-md5 none
>debug2: mac_init: found hmac-md5
>debug1: kex: client->server aes128-cbc hmac-md5 none
>debug2: dh_gen_key: priv key bits set: 134/256
>debug2: bits set: 500/1024
>debug1: sending SSH2_MSG_KEXDH_INIT
>debug1: expecting SSH2_MSG_KEXDH_REPLY
>debug3: check_host_in_hostfile: filename /root/.ssh/known_hosts
>debug3: check_host_in_hostfile: match line 4
>debug1: Host '192.168.0.2' is known and matches the DSA host key.
>debug1: Found key in /root/.ssh/known_hosts:4
>debug2: bits set: 510/1024
>debug1: ssh_dss_verify: signature correct
>debug2: kex_derive_keys
>debug2: set_newkeys: mode 1
>debug1: SSH2_MSG_NEWKEYS sent
>debug1: expecting SSH2_MSG_NEWKEYS
>debug2: set_newkeys: mode 0
>debug1: SSH2_MSG_NEWKEYS received
>debug1: SSH2_MSG_SERVICE_REQUEST sent
>debug2: service_accept: ssh-userauth
>debug1: SSH2_MSG_SERVICE_ACCEPT received
>debug1: Authentications that can continue: hostbased,publickey,password
>debug3: start over, passed a different list hostbased,publickey,password
>debug3: preferred publickey,keyboard-interactive,password
>debug3: authmethod_lookup publickey
>debug3: remaining preferred: keyboard-interactive,password
>debug3: authmethod_is_enabled publickey
>debug1: Next authentication method: publickey
>debug1: Trying private key: /root/.ssh/identity
>debug3: no such identity: /root/.ssh/identity
>debug1: Trying private key: /root/.ssh/id_rsa
>debug3: no such identity: /root/.ssh/id_rsa
>debug1: Offering public key: /root/.ssh/id_dsa
>debug3: send_pubkey_test
>debug2: we sent a publickey packet, wait for reply
>debug1: Authentications that can continue: hostbased,publickey,password
>debug2: we did not send a packet, disable method
>debug3: authmethod_lookup password
>debug3: remaining preferred: ,password
>debug3: authmethod_is_enabled password
>debug1: Next authentication method: password
>root@192.168.0.2's password:
Вариант для распечатки
Информационная безопасность (Public)
(ok) on
31-Авг-04, 17:26 (MSK)
