Byla vydána verze 4.0 multiplatformního integrovaného vývojového prostředí (IDE) pro rychlý vývoj aplikaci (RAD) ve Free Pascalu Lazarus (Wikipedie). Přehled novinek v poznámkách k vydání. Využíván je Free Pascal Compiler (FPC) 3.2.2.
Podpora Windows 10 končí 14. října 2025. Připravovaná kampaň Konec desítek (End of 10) může uživatelům pomoci s přechodem na Linux.
Již tuto středu proběhne 50. Virtuální Bastlírna, tedy dle římského číslování L. Bude L značit velikost, tedy více diskutujících než obvykle, či délku, neboť díky svátku lze diskutovat dlouho do noci? Bude i příští Virtuální Bastlírna virtuální nebo reálná? Nejen to se dozvíte, když dorazíte na diskuzní večer o elektronice, softwaru, ale technice obecně, který si můžete představit jako virtuální posezení u piva spojené s učenou
… více »Český statistický úřad rozšiřuje Statistický geoportál o Datový portál GIS s otevřenými geografickými daty. Ten umožňuje stahování datových sad podle potřeb uživatelů i jejich prohlížení v mapě a přináší nové možnosti v oblasti analýzy a využití statistických dat.
Kevin Lin zkouší využívat chytré brýle Mentra při hraní na piano. Vytváří aplikaci AugmentedChords, pomocí které si do brýlí posílá notový zápis (YouTube). Uvnitř brýlí běží AugmentOS (GitHub), tj. open source operační systém pro chytré brýle.
Jarní konference EurOpen.cz 2025 proběhne 26. až 28. května v Brandýse nad Labem. Věnována je programovacím jazykům, vývoji softwaru a programovacím technikám.
Na čem aktuálně pracují vývojáři GNOME a KDE Plasma? Pravidelný přehled novinek v Týden v GNOME a Týden v KDE Plasma.
Před 25 lety zaplavil celý svět virus ILOVEYOU. Virus se šířil e-mailem, jenž nesl přílohu s názvem I Love You. Příjemci, zvědavému, kdo se do něj zamiloval, pak program spuštěný otevřením přílohy načetl z adresáře e-mailové adresy a na ně pak „milostný vzkaz“ poslal dál. Škody vznikaly jak zahlcením e-mailových serverů, tak i druhou činností viru, kterou bylo přemazání souborů uložených v napadeném počítači.
Byla vydána nová major verze 5.0.0 svobodného multiplatformního nástroje BleachBit (GitHub, Wikipedie) určeného především k efektivnímu čištění disku od nepotřebných souborů.
journalctl -u sshd.service -f
mi dá pouze úspěšná připojení. A ausearch -x "/usr/sbin/sshd"
sice dá i neuspěšné, ale není to log sshd s důvody. Moje otázka je jak to tedy v systemd udělat? získat logy obdobné včetně neuspěšných připojení a důvodů jako byly v /var/log/auth.log. (a nebo jak původní log zapnout vedle systemd)
Řešení dotazu:
journalctl -u sshd
zobrazí kompletní log sshd:
Mar 25 22:46:02 example.com sshd[2798]: Connection closed by 109.169.67.58 [preauth] Mar 25 22:47:21 example.com sshd[2798]: Connection closed by 109.251.138.236 [preauth] Mar 25 22:48:07 example.com sshd[2798]: Invalid user admin from 116.246.27.145 Mar 25 22:48:07 example.com sshd[2798]: input_userauth_request: invalid user admin [preauth] Mar 25 22:48:07 example.com sshd[2798]: Connection closed by 116.246.27.145 [preauth] Mar 25 22:50:20 example.com sshd[2798]: Did not receive identification string from 109.251.138.236 Mar 25 22:50:53 example.com sshd[2798]: Connection closed by 109.169.67.58 [preauth] Mar 25 22:54:33 example.com sshd[2798]: Accepted publickey for xxx from 10.0.85.123 port 63370 ssh2: RSA Mar 25 22:54:33 example.com sshd[23218]: pam_unix(sshd:session): session opened for user xxx by (uid=0)Když v logu pokus o připojení nevidíte, klient asi spojení se správným serverem vůbec nenaváže – což nejspíš bude ta hledaná chyba.
ssh -vvv root@noraza OpenSSH_5.3p1, OpenSSL 1.0.1e-fips 11 Feb 2013 debug1: Reading configuration data /etc/ssh/ssh_config debug1: Applying options for * debug2: ssh_connect: needpriv 0 debug1: Connecting to noraza [2001:xxxx:xxxx:xxxx::561] port 22. debug1: Connection established. debug1: identity file /var/lib/BackupPC/.ssh/identity type -1 debug1: identity file /var/lib/BackupPC/.ssh/identity-cert type -1 debug3: Not a RSA1 key file /var/lib/BackupPC/.ssh/id_rsa. debug2: key_type_from_name: unknown key type '-----BEGIN' debug3: key_read: missing keytype debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug2: key_type_from_name: unknown key type '-----END' debug3: key_read: missing keytype debug1: identity file /var/lib/BackupPC/.ssh/id_rsa type 1 debug1: identity file /var/lib/BackupPC/.ssh/id_rsa-cert type -1 debug1: identity file /var/lib/BackupPC/.ssh/id_dsa type -1 debug1: identity file /var/lib/BackupPC/.ssh/id_dsa-cert type -1 debug1: identity file /var/lib/BackupPC/.ssh/id_ecdsa type -1 debug1: identity file /var/lib/BackupPC/.ssh/id_ecdsa-cert type -1 debug1: Remote protocol version 2.0, remote software version OpenSSH_6.6.1 debug1: match: OpenSSH_6.6.1 pat OpenSSH* debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_5.3 debug2: fd 3 setting O_NONBLOCK debug1: SSH2_MSG_KEXINIT sent debug3: Wrote 960 bytes for a total of 981 debug1: SSH2_MSG_KEXINIT received debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1 debug2: kex_parse_kexinit: ssh-rsa-cert-v01@openssh.com,ssh-dss-cert-v01@openssh.com,ssh-rsa-cert-v00@openssh.com,ssh-dss-cert-v00@openssh.com,ssh-rsa,ssh-dss debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96 debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96 debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: first_kex_follows 0 debug2: kex_parse_kexinit: reserved 0 debug2: kex_parse_kexinit: curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1 debug2: kex_parse_kexinit: ssh-rsa,ssh-dss,ecdsa-sha2-nistp256,ssh-ed25519 debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se debug2: kex_parse_kexinit: hmac-md5-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-ripemd160-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,hmac-md5,hmac-sha1,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96 debug2: kex_parse_kexinit: hmac-md5-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-ripemd160-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,hmac-md5,hmac-sha1,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96 debug2: kex_parse_kexinit: none,zlib@openssh.com debug2: kex_parse_kexinit: none,zlib@openssh.com debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: first_kex_follows 0 debug2: kex_parse_kexinit: reserved 0 debug2: mac_setup: found hmac-md5 debug1: kex: server->client aes128-ctr hmac-md5 none debug2: mac_setup: found hmac-md5 debug1: kex: client->server aes128-ctr hmac-md5 none debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP debug3: Wrote 24 bytes for a total of 1005 debug2: dh_gen_key: priv key bits set: 109/256 debug2: bits set: 503/1024 debug1: SSH2_MSG_KEX_DH_GEX_INIT sent debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY debug3: Wrote 144 bytes for a total of 1149 Connection closed by 2001:xxxx:xxxx:xxxx::561A pomrví se to někde kolem Diffie-Hellman protokolu na výměnu klíče. Nicméně ssh se nahazovalo a nedojelo až do autentizace a potřebuji vědět proč to noraza típla. Z výpisu plyne, že to zavřel server. Ale v journalctl je až výsledek po autentizaci. Ten samý klient připojující se na 3. dopadne správně.
ssh -vvv root@dnopytle OpenSSH_5.3p1, OpenSSL 1.0.1e-fips 11 Feb 2013 debug1: Reading configuration data /etc/ssh/ssh_config debug1: Applying options for * debug2: ssh_connect: needpriv 0 debug1: Connecting to dnopytle [10.0.0.10] port 22. debug1: Connection established. debug1: identity file /var/lib/BackupPC/.ssh/identity type -1 debug1: identity file /var/lib/BackupPC/.ssh/identity-cert type -1 debug3: Not a RSA1 key file /var/lib/BackupPC/.ssh/id_rsa. debug2: key_type_from_name: unknown key type '-----BEGIN' debug3: key_read: missing keytype debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug2: key_type_from_name: unknown key type '-----END' debug3: key_read: missing keytype debug1: identity file /var/lib/BackupPC/.ssh/id_rsa type 1 debug1: identity file /var/lib/BackupPC/.ssh/id_rsa-cert type -1 debug1: identity file /var/lib/BackupPC/.ssh/id_dsa type -1 debug1: identity file /var/lib/BackupPC/.ssh/id_dsa-cert type -1 debug1: identity file /var/lib/BackupPC/.ssh/id_ecdsa type -1 debug1: identity file /var/lib/BackupPC/.ssh/id_ecdsa-cert type -1 debug1: Remote protocol version 2.0, remote software version OpenSSH_6.6.1 debug1: match: OpenSSH_6.6.1 pat OpenSSH* debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_5.3 debug2: fd 3 setting O_NONBLOCK debug1: SSH2_MSG_KEXINIT sent debug3: Wrote 960 bytes for a total of 981 debug1: SSH2_MSG_KEXINIT received debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1 debug2: kex_parse_kexinit: ssh-rsa-cert-v01@openssh.com,ssh-dss-cert-v01@openssh.com,ssh-rsa-cert-v00@openssh.com,ssh-dss-cert-v00@openssh.com,ssh-rsa,ssh-dss debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96 debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96 debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: first_kex_follows 0 debug2: kex_parse_kexinit: reserved 0 debug2: kex_parse_kexinit: curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1 debug2: kex_parse_kexinit: ssh-rsa,ssh-dss,ecdsa-sha2-nistp256,ssh-ed25519 debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se debug2: kex_parse_kexinit: hmac-md5-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-ripemd160-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,hmac-md5,hmac-sha1,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96 debug2: kex_parse_kexinit: hmac-md5-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-ripemd160-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,hmac-md5,hmac-sha1,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96 debug2: kex_parse_kexinit: none,zlib@openssh.com debug2: kex_parse_kexinit: none,zlib@openssh.com debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: first_kex_follows 0 debug2: kex_parse_kexinit: reserved 0 debug2: mac_setup: found hmac-md5 debug1: kex: server->client aes128-ctr hmac-md5 none debug2: mac_setup: found hmac-md5 debug1: kex: client->server aes128-ctr hmac-md5 none debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP debug3: Wrote 24 bytes for a total of 1005 debug2: dh_gen_key: priv key bits set: 127/256 debug2: bits set: 504/1024 debug1: SSH2_MSG_KEX_DH_GEX_INIT sent debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY debug3: Wrote 144 bytes for a total of 1149 debug3: check_host_in_hostfile: host dnopytle filename /var/lib/BackupPC/.ssh/known_hosts debug3: check_host_in_hostfile: host dnopytle filename /var/lib/BackupPC/.ssh/known_hosts debug3: check_host_in_hostfile: match line 2 debug3: check_host_in_hostfile: host 10.0.0.10 filename /var/lib/BackupPC/.ssh/known_hosts debug3: check_host_in_hostfile: host 10.0.0.10 filename /var/lib/BackupPC/.ssh/known_hosts debug3: check_host_in_hostfile: match line 1 debug1: Host 'dnopytle' is known and matches the RSA host key. debug1: Found key in /var/lib/BackupPC/.ssh/known_hosts:2 debug2: bits set: 528/1024 debug1: ssh_rsa_verify: signature correct debug2: kex_derive_keys debug2: set_newkeys: mode 1 debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug3: Wrote 16 bytes for a total of 1165 debug2: set_newkeys: mode 0 debug1: SSH2_MSG_NEWKEYS received debug1: SSH2_MSG_SERVICE_REQUEST sent debug3: Wrote 48 bytes for a total of 1213 debug2: service_accept: ssh-userauth debug1: SSH2_MSG_SERVICE_ACCEPT received debug2: key: /var/lib/BackupPC/.ssh/identity ((nil)) debug2: key: /var/lib/BackupPC/.ssh/id_rsa (0x1b7bcf0) debug2: key: /var/lib/BackupPC/.ssh/id_dsa ((nil)) debug2: key: /var/lib/BackupPC/.ssh/id_ecdsa ((nil)) debug3: Wrote 64 bytes for a total of 1277 debug1: Authentications that can continue: publickey,keyboard-interactive debug3: start over, passed a different list publickey,keyboard-interactive debug3: preferred gssapi-keyex,gssapi-with-mic,publickey,keyboard-interactive,password debug3: authmethod_lookup publickey debug3: remaining preferred: keyboard-interactive,password debug3: authmethod_is_enabled publickey debug1: Next authentication method: publickey debug1: Trying private key: /var/lib/BackupPC/.ssh/identity debug3: no such identity: /var/lib/BackupPC/.ssh/identity debug1: Offering public key: /var/lib/BackupPC/.ssh/id_rsa debug3: send_pubkey_test debug2: we sent a publickey packet, wait for reply debug3: Wrote 368 bytes for a total of 1645 debug1: Server accepts key: pkalg ssh-rsa blen 277 debug2: input_userauth_pk_ok: SHA1 fp 6c:03:0a:d2:6b:bf:99:4e:57:06:66:1e:d3:83:b8:4d:20:f1:ee:d4 debug3: sign_and_send_pubkey: RSA 6c:03:0a:d2:6b:bf:99:4e:57:06:66:1e:d3:83:b8:4d:20:f1:ee:d4 debug1: read PEM private key done: type RSA debug3: Wrote 640 bytes for a total of 2285 debug1: Authentication succeeded (publickey). debug1: channel 0: new [client-session] debug3: ssh_session2_open: channel_new: 0 debug2: channel 0: send open debug1: Requesting no-more-sessions@openssh.com debug1: Entering interactive session. debug3: Wrote 128 bytes for a total of 2413 debug2: callback start debug2: client_session2_setup: id 0 debug2: channel 0: request pty-req confirm 1 debug1: Sending environment. debug3: Ignored env HOSTNAME debug3: Ignored env SHELL debug3: Ignored env TERM debug3: Ignored env HISTSIZE debug3: Ignored env QTDIR debug3: Ignored env QTINC debug3: Ignored env USER debug3: Ignored env LS_COLORS debug3: Ignored env MAIL debug3: Ignored env PATH debug3: Ignored env PWD debug1: Sending env LANG = en_US.UTF-8 debug2: channel 0: request env confirm 0 debug3: Ignored env HISTCONTROL debug3: Ignored env SHLVL debug3: Ignored env HOME debug3: Ignored env LOGNAME debug3: Ignored env QTLIB debug3: Ignored env CVS_RSH debug3: Ignored env LESSOPEN debug3: Ignored env G_BROKEN_FILENAMES debug3: Ignored env _ debug2: channel 0: request shell confirm 1 debug2: fd 3 setting TCP_NODELAY debug2: callback done debug2: channel 0: open confirm rwindow 0 rmax 32768 debug3: Wrote 448 bytes for a total of 2861 debug2: channel_input_status_confirm: type 99 id 0 debug2: PTY allocation request accepted on channel 0 debug2: channel 0: rcvd adjust 2097152 debug2: channel_input_status_confirm: type 99 id 0 debug2: shell request accepted on channel 0 Last login: Fri Mar 18 09:01:17 2016 Have a lot of fun... dnopytle:~ #(a v IPv6 to samozřejmě není když to první neuspěšné spojení udělám s -4 tak stejně neprojde) stejně tak, když se připojuji s 3 na 2 tak to také projde.
dnopytle:~ # ssh -vvv noraza OpenSSH_6.6.1, OpenSSL 1.0.1k-fips 8 Jan 2015 debug1: Reading configuration data /etc/ssh/ssh_config debug1: /etc/ssh/ssh_config line 20: Applying options for * debug2: ssh_connect: needpriv 0 debug1: Connecting to noraza [2001:xxxx:xxxx:xxxx::d39] port 22. debug1: Connection established. debug1: permanently_set_uid: 0/0 debug3: Incorrect RSA1 identifier debug3: Could not load "/root/.ssh/id_rsa" as a RSA1 public key debug1: identity file /root/.ssh/id_rsa type 1 debug1: identity file /root/.ssh/id_rsa-cert type -1 debug1: identity file /root/.ssh/id_dsa type -1 debug1: identity file /root/.ssh/id_dsa-cert type -1 debug1: identity file /root/.ssh/id_ecdsa type -1 debug1: identity file /root/.ssh/id_ecdsa-cert type -1 debug1: identity file /root/.ssh/id_ed25519 type -1 debug1: identity file /root/.ssh/id_ed25519-cert type -1 debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_6.6.1 debug1: Remote protocol version 2.0, remote software version OpenSSH_6.6.1 debug1: match: OpenSSH_6.6.1 pat OpenSSH_6.6.1* compat 0x04000000 debug2: fd 3 setting O_NONBLOCK debug3: load_hostkeys: loading entries for host "noraza" from file "/root/.ssh/known_hosts" debug3: load_hostkeys: found key type ECDSA in file /root/.ssh/known_hosts:25 debug3: load_hostkeys: loaded 1 keys debug3: order_hostkeyalgs: prefer hostkeyalgs: ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521 debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug2: kex_parse_kexinit: curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1 debug2: kex_parse_kexinit: ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,ssh-dss-cert-v01@openssh.com,ssh-rsa-cert-v00@openssh.com,ssh-dss-cert-v00@openssh.com,ssh-ed25519,ssh-rsa,ssh-dss debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se debug2: kex_parse_kexinit: hmac-md5-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-ripemd160-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,hmac-md5,hmac-sha1,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96 debug2: kex_parse_kexinit: hmac-md5-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-ripemd160-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,hmac-md5,hmac-sha1,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96 debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: first_kex_follows 0 debug2: kex_parse_kexinit: reserved 0 debug2: kex_parse_kexinit: curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1 debug2: kex_parse_kexinit: ssh-rsa,ssh-dss,ecdsa-sha2-nistp256,ssh-ed25519 debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se debug2: kex_parse_kexinit: hmac-md5-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-ripemd160-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,hmac-md5,hmac-sha1,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96 debug2: kex_parse_kexinit: hmac-md5-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-ripemd160-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,hmac-md5,hmac-sha1,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96 debug2: kex_parse_kexinit: none,zlib@openssh.com debug2: kex_parse_kexinit: none,zlib@openssh.com debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: first_kex_follows 0 debug2: kex_parse_kexinit: reserved 0 debug2: mac_setup: setup hmac-md5-etm@openssh.com debug1: kex: server->client aes128-ctr hmac-md5-etm@openssh.com none debug2: mac_setup: setup hmac-md5-etm@openssh.com debug1: kex: client->server aes128-ctr hmac-md5-etm@openssh.com none debug1: sending SSH2_MSG_KEX_ECDH_INIT debug1: expecting SSH2_MSG_KEX_ECDH_REPLY debug1: Server host key: ECDSA 74:58:72:b9:3f:7a:32:e8:d0:21:6b:ae:46:b7:15:cb [MD5] debug3: load_hostkeys: loading entries for host "noraza" from file "/root/.ssh/known_hosts" debug3: load_hostkeys: found key type ECDSA in file /root/.ssh/known_hosts:25 debug3: load_hostkeys: loaded 1 keys debug3: load_hostkeys: loading entries for host "2001:xxxx:xxxx:xxxx::d39" from file "/root/.ssh/known_hosts" debug3: load_hostkeys: loaded 0 keys debug1: Host 'noraza' is known and matches the ECDSA host key. debug1: Found key in /root/.ssh/known_hosts:25 Warning: Permanently added the ECDSA host key for IP address '2001:xxxx:xxxx:xxxx::d39' to the list of known hosts. debug1: ssh_ecdsa_verify: signature correct debug2: kex_derive_keys debug2: set_newkeys: mode 1 debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug2: set_newkeys: mode 0 debug1: SSH2_MSG_NEWKEYS received debug1: SSH2_MSG_SERVICE_REQUEST sent debug2: service_accept: ssh-userauth debug1: SSH2_MSG_SERVICE_ACCEPT received debug2: key: /root/.ssh/id_rsa (0x7f343193daf0), debug2: key: /root/.ssh/id_dsa ((nil)), debug2: key: /root/.ssh/id_ecdsa ((nil)), debug2: key: /root/.ssh/id_ed25519 ((nil)), debug1: Authentications that can continue: publickey,keyboard-interactive debug3: start over, passed a different list publickey,keyboard-interactive debug3: preferred publickey,keyboard-interactive,password debug3: authmethod_lookup publickey debug3: remaining preferred: keyboard-interactive,password debug3: authmethod_is_enabled publickey debug1: Next authentication method: publickey debug1: Offering RSA public key: /root/.ssh/id_rsa debug3: send_pubkey_test debug2: we sent a publickey packet, wait for reply debug1: Server accepts key: pkalg ssh-rsa blen 535 debug2: input_userauth_pk_ok: fp 33:f3:63:1b:45:f6:3a:bd:ab:e9:6b:e1:01:b1:0e:bb [MD5] debug3: sign_and_send_pubkey: RSA 33:f3:63:1b:45:f6:3a:bd:ab:e9:6b:e1:01:b1:0e:bb [MD5] debug1: key_parse_private2: missing begin marker debug1: read PEM private key done: type RSA debug1: Authentication succeeded (publickey). Authenticated to noraza ([2001:xxxx:xxxx:xxxx::d39]:22). debug1: channel 0: new [client-session] debug3: ssh_session2_open: channel_new: 0 debug2: channel 0: send open debug1: Requesting no-more-sessions@openssh.com debug1: Entering interactive session. debug2: callback start debug2: fd 3 setting TCP_NODELAY debug3: packet_set_tos: set IPV6_TCLASS 0x10 debug2: client_session2_setup: id 0 debug2: channel 0: request pty-req confirm 1 debug1: Sending environment. debug3: Ignored env LESSKEY debug3: Ignored env XDG_VTNR debug3: Ignored env NNTPSERVER debug3: Ignored env MANPATH debug3: Ignored env XDG_SESSION_ID debug3: Ignored env HOSTNAME debug3: Ignored env XKEYSYMDB debug3: Ignored env HOST debug3: Ignored env SHELL debug3: Ignored env TERM debug3: Ignored env PROFILEREAD debug3: Ignored env HISTSIZE debug3: Ignored env MORE debug3: Ignored env JRE_HOME debug3: Ignored env USER debug3: Ignored env LS_COLORS debug3: Ignored env XNLSPATH debug3: Ignored env QEMU_AUDIO_DRV debug3: Ignored env HOSTTYPE debug3: Ignored env CONFIG_SITE debug3: Ignored env FROM_HEADER debug3: Ignored env PAGER debug3: Ignored env CSHEDIT debug3: Ignored env XDG_CONFIG_DIRS debug3: Ignored env MINICOM debug3: Ignored env MAIL debug3: Ignored env PATH debug3: Ignored env CPU debug3: Ignored env JAVA_BINDIR debug3: Ignored env INPUTRC debug3: Ignored env PWD debug3: Ignored env JAVA_HOME debug1: Sending env LANG = cs_CZ.UTF-8 debug2: channel 0: request env confirm 0 debug3: Ignored env PYTHONSTARTUP debug3: Ignored env GPG_TTY debug3: Ignored env AUDIODRIVER debug3: Ignored env QT_SYSTEM_DIR debug3: Ignored env SHLVL debug3: Ignored env XDG_SEAT debug3: Ignored env HOME debug3: Ignored env SDL_AUDIODRIVER debug3: Ignored env ALSA_CONFIG_PATH debug3: Ignored env LESS_ADVANCED_PREPROCESSOR debug3: Ignored env OSTYPE debug3: Ignored env LS_OPTIONS debug3: Ignored env XCURSOR_THEME debug3: Ignored env WINDOWMANAGER debug3: Ignored env G_FILENAME_ENCODING debug3: Ignored env LESS debug3: Ignored env MACHTYPE debug3: Ignored env LOGNAME debug3: Ignored env CVS_RSH debug3: Ignored env XDG_DATA_DIRS debug3: Ignored env LESSOPEN debug3: Ignored env DISPLAY debug3: Ignored env XDG_RUNTIME_DIR debug3: Ignored env XAUTHLOCALHOSTNAME debug3: Ignored env VDPAU_DRIVER debug3: Ignored env LESSCLOSE debug3: Ignored env G_BROKEN_FILENAMES debug3: Ignored env JAVA_ROOT debug3: Ignored env COLORTERM debug3: Ignored env XAUTHORITY debug3: Ignored env BASH_FUNC_mc%% debug3: Ignored env _ debug2: channel 0: request shell confirm 1 debug2: callback done debug2: channel 0: open confirm rwindow 0 rmax 32768 debug2: channel_input_status_confirm: type 99 id 0 debug2: PTY allocation request accepted on channel 0 debug2: channel 0: rcvd adjust 2097152 debug2: channel_input_status_confirm: type 99 id 0 debug2: shell request accepted on channel 0 Last login: Tue May 3 23:34:24 2016 from 2001:xxxx:xxxx:xxxx:xxxx:1f61:d3bf:b75c Have a lot of fun... noraza:~ #Taky je podstatné, že to není nový klient, nové spojení. Fungovalo rok. Nicméně poslední záloha proběhla 1.5.2016 a od té doby se připojení nefunguje. Vzhledem k tomu, že na distro na klientu je roling release opensuse tumbleweed a aktualizací je opravdu hodně, tak mám podezření, že některá přinesla změnu pravidel pro povolené šifrovací algoritmy, (generátory prvočísel) nebo něco podobného, a na šifrách se server nedomluví se starším klientem na CentOS 6. S novějším klientem na opensuse 13.2 se domluví. Stejně tak se CentOS dohodne na algoritmech s 13.2. A nemohu najít, co je chybně.
unknown key type '-----BEGIN'Není poškozený ten id_rsa klíč? Mělo by to být '-----BEGIN RSA...'
journalctl
je to, co mu z sshd
pošlete. Pokud si myslíte, že sshd
spojení odmítne, zvyšte si úroveň logování nebo debugovacích výpisů z sshd
. Díky journald
ani nemusíte sshd
spouštět na popředí, protože journald
loguje i to, co služby posílají na standardní výstup nebo chybový výstup.
May 07 12:54:56 noraza.doma sshd[25343]: Connection from 2001:xxxx:xxxx:xxxx:xxxx:4ff:fed8:36f1 port 54470 on 2001:xxxx:xxxx:xxxx::d39 port 22 May 07 12:54:56 noraza.doma sshd[25343]: debug1: Client protocol version 2.0; client software version OpenSSH_5.3 May 07 12:54:56 noraza.doma sshd[25343]: debug1: match: OpenSSH_5.3 pat OpenSSH_5* compat 0x0c000000 May 07 12:54:56 noraza.doma sshd[25343]: debug1: Enabling compatibility mode for protocol 2.0 May 07 12:54:56 noraza.doma sshd[25343]: debug1: Local version string SSH-2.0-OpenSSH_6.6.1 May 07 12:54:56 noraza.doma sshd[25343]: debug2: fd 3 setting O_NONBLOCK May 07 12:54:56 noraza.doma sshd[25343]: debug3: ssh_sandbox_init: preparing seccomp filter sandbox May 07 12:54:56 noraza.doma sshd[25343]: debug2: Network child is on pid 25344 May 07 12:54:56 noraza.doma sshd[25343]: debug3: preauth child monitor started May 07 12:54:56 noraza.doma sshd[25343]: debug3: privsep user:group 493:491 [preauth] May 07 12:54:56 noraza.doma sshd[25343]: debug1: permanently_set_uid: 493/491 [preauth] May 07 12:54:56 noraza.doma sshd[25343]: debug3: ssh_sandbox_child: setting PR_SET_NO_NEW_PRIVS [preauth] May 07 12:54:56 noraza.doma sshd[25343]: debug3: ssh_sandbox_child: attaching seccomp filter program [preauth] May 07 12:54:56 noraza.doma sshd[25343]: debug1: list_hostkey_types: ssh-rsa,ssh-dss,ecdsa-sha2-nistp256,ssh-ed25519 [preauth] May 07 12:54:56 noraza.doma sshd[25343]: debug1: SSH2_MSG_KEXINIT sent [preauth] May 07 12:54:56 noraza.doma sshd[25343]: debug1: SSH2_MSG_KEXINIT received [preauth] May 07 12:54:56 noraza.doma sshd[25343]: debug2: kex_parse_kexinit: curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffi May 07 12:54:56 noraza.doma sshd[25343]: debug2: kex_parse_kexinit: ssh-rsa,ssh-dss,ecdsa-sha2-nistp256,ssh-ed25519 [preauth] May 07 12:54:56 noraza.doma sshd[25343]: debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes2 May 07 12:54:56 noraza.doma sshd[25343]: debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes2 May 07 12:54:56 noraza.doma sshd[25343]: debug2: kex_parse_kexinit: hmac-md5-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-ripemd160-etm@openssh.com, May 07 12:54:56 noraza.doma sshd[25343]: debug2: kex_parse_kexinit: hmac-md5-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-ripemd160-etm@openssh.com, May 07 12:54:56 noraza.doma sshd[25343]: debug2: kex_parse_kexinit: none,zlib@openssh.com [preauth] May 07 12:54:56 noraza.doma sshd[25343]: debug2: kex_parse_kexinit: none,zlib@openssh.com [preauth] May 07 12:54:56 noraza.doma sshd[25343]: debug2: kex_parse_kexinit: [preauth] May 07 12:54:56 noraza.doma sshd[25343]: debug2: kex_parse_kexinit: [preauth] May 07 12:54:56 noraza.doma sshd[25343]: debug2: kex_parse_kexinit: first_kex_follows 0 [preauth] May 07 12:54:56 noraza.doma sshd[25343]: debug2: kex_parse_kexinit: reserved 0 [preauth] May 07 12:54:56 noraza.doma sshd[25343]: debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1 [preauth] May 07 12:54:56 noraza.doma sshd[25343]: debug2: kex_parse_kexinit: ssh-rsa-cert-v01@openssh.com,ssh-dss-cert-v01@openssh.com,ssh-rsa-cert-v00@openssh.com,ssh-dss-cert-v00@openssh.com,ssh-rsa,ssh-dss [preauth] May 07 12:54:56 noraza.doma sshd[25343]: debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se [preauth] May 07 12:54:56 noraza.doma sshd[25343]: debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se [preauth] May 07 12:54:56 noraza.doma sshd[25343]: debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96 [preauth] May 07 12:54:56 noraza.doma sshd[25343]: debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96 [preauth] May 07 12:54:56 noraza.doma sshd[25343]: debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib [preauth] May 07 12:54:56 noraza.doma sshd[25343]: debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib [preauth]Pro úspěšné připojení se systému 3 dopadne část výpis takto:
May 07 13:06:09 noraza.doma sshd[25482]: debug1: Client protocol version 2.0; client software version OpenSSH_6.6.1 May 07 13:06:09 noraza.doma sshd[25482]: debug1: match: OpenSSH_6.6.1 pat OpenSSH_6.6.1* compat 0x04000000 May 07 13:06:09 noraza.doma sshd[25482]: debug1: Enabling compatibility mode for protocol 2.0 May 07 13:06:09 noraza.doma sshd[25482]: debug1: Local version string SSH-2.0-OpenSSH_6.6.1 May 07 13:06:09 noraza.doma sshd[25482]: debug2: fd 3 setting O_NONBLOCK May 07 13:06:09 noraza.doma sshd[25482]: debug3: ssh_sandbox_init: preparing seccomp filter sandbox May 07 13:06:09 noraza.doma sshd[25482]: debug2: Network child is on pid 25483 May 07 13:06:09 noraza.doma sshd[25482]: debug3: preauth child monitor started May 07 13:06:09 noraza.doma sshd[25482]: debug3: privsep user:group 493:491 [preauth] May 07 13:06:09 noraza.doma sshd[25482]: debug1: permanently_set_uid: 493/491 [preauth] May 07 13:06:09 noraza.doma sshd[25482]: debug3: ssh_sandbox_child: setting PR_SET_NO_NEW_PRIVS [preauth] May 07 13:06:09 noraza.doma sshd[25482]: debug3: ssh_sandbox_child: attaching seccomp filter program [preauth] May 07 13:06:09 noraza.doma sshd[25482]: debug1: list_hostkey_types: ssh-rsa,ssh-dss,ecdsa-sha2-nistp256,ssh-ed25519 [preauth] May 07 13:06:09 noraza.doma sshd[25482]: debug1: SSH2_MSG_KEXINIT sent [preauth] May 07 13:06:09 noraza.doma sshd[25482]: debug1: SSH2_MSG_KEXINIT received [preauth] May 07 13:06:09 noraza.doma sshd[25482]: debug2: kex_parse_kexinit: curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffi May 07 13:06:09 noraza.doma sshd[25482]: debug2: kex_parse_kexinit: ssh-rsa,ssh-dss,ecdsa-sha2-nistp256,ssh-ed25519 [preauth] May 07 13:06:09 noraza.doma sshd[25482]: debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes2 May 07 13:06:09 noraza.doma sshd[25482]: debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes2 May 07 13:06:09 noraza.doma sshd[25482]: debug2: kex_parse_kexinit: hmac-md5-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-ripemd160-etm@openssh.com, May 07 13:06:09 noraza.doma sshd[25482]: debug2: kex_parse_kexinit: hmac-md5-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-ripemd160-etm@openssh.com, May 07 13:06:09 noraza.doma sshd[25482]: debug2: kex_parse_kexinit: none,zlib@openssh.com [preauth] May 07 13:06:09 noraza.doma sshd[25482]: debug2: kex_parse_kexinit: none,zlib@openssh.com [preauth] May 07 13:06:09 noraza.doma sshd[25482]: debug2: kex_parse_kexinit: [preauth] May 07 13:06:09 noraza.doma sshd[25482]: debug2: kex_parse_kexinit: [preauth] May 07 13:06:09 noraza.doma sshd[25482]: debug2: kex_parse_kexinit: first_kex_follows 0 [preauth] May 07 13:06:09 noraza.doma sshd[25482]: debug2: kex_parse_kexinit: reserved 0 [preauth] May 07 13:06:09 noraza.doma sshd[25482]: debug2: kex_parse_kexinit: curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffi May 07 13:06:09 noraza.doma sshd[25482]: debug2: kex_parse_kexinit: ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25 May 07 13:06:09 noraza.doma sshd[25482]: debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes2 May 07 13:06:09 noraza.doma sshd[25482]: debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes2 May 07 13:06:09 noraza.doma sshd[25482]: debug2: kex_parse_kexinit: hmac-md5-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-ripemd160-etm@openssh.com, May 07 13:06:09 noraza.doma sshd[25482]: debug2: kex_parse_kexinit: hmac-md5-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-ripemd160-etm@openssh.com, May 07 13:06:09 noraza.doma sshd[25482]: debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib [preauth] May 07 13:06:09 noraza.doma sshd[25482]: debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib [preauth] May 07 13:06:09 noraza.doma sshd[25482]: debug2: kex_parse_kexinit: [preauth] May 07 13:06:09 noraza.doma sshd[25482]: debug2: kex_parse_kexinit: [preauth] May 07 13:06:09 noraza.doma sshd[25482]: debug2: kex_parse_kexinit: first_kex_follows 0 [preauth] May 07 13:06:09 noraza.doma sshd[25482]: debug2: kex_parse_kexinit: reserved 0 [preauth] May 07 13:06:09 noraza.doma sshd[25482]: debug2: mac_setup: setup hmac-md5-etm@openssh.com [preauth] May 07 13:06:09 noraza.doma sshd[25482]: debug1: kex: client->server aes128-ctr hmac-md5-etm@openssh.com none [preauth] May 07 13:06:09 noraza.doma sshd[25482]: debug3: mm_request_send entering: type 118 [preauth] May 07 13:06:09 noraza.doma sshd[25482]: debug3: mm_request_receive entering May 07 13:06:09 noraza.doma sshd[25482]: debug3: monitor_read: checking request 118 May 07 13:06:09 noraza.doma sshd[25482]: debug3: mm_request_send entering: type 119 May 07 13:06:09 noraza.doma sshd[25482]: debug3: mm_request_receive_expect entering: type 119 [preauth] May 07 13:06:09 noraza.doma sshd[25482]: debug3: mm_request_receive entering [preauth] May 07 13:06:09 noraza.doma sshd[25482]: debug2: mac_setup: setup hmac-md5-etm@openssh.com [preauth] May 07 13:06:09 noraza.doma sshd[25482]: debug1: kex: server->client aes128-ctr hmac-md5-etm@openssh.com none [preauth] May 07 13:06:09 noraza.doma sshd[25482]: debug3: mm_request_send entering: type 118 [preauth] May 07 13:06:09 noraza.doma sshd[25482]: debug3: mm_request_receive entering May 07 13:06:09 noraza.doma sshd[25482]: debug3: monitor_read: checking request 118 May 07 13:06:09 noraza.doma sshd[25482]: debug3: mm_request_send entering: type 119 May 07 13:06:09 noraza.doma sshd[25482]: debug3: mm_request_receive_expect entering: type 119 [preauth] May 07 13:06:09 noraza.doma sshd[25482]: debug3: mm_request_receive entering [preauth] May 07 13:06:09 noraza.doma sshd[25482]: debug1: expecting SSH2_MSG_KEX_ECDH_INIT [preauth] May 07 13:06:09 noraza.doma sshd[25482]: debug3: mm_key_sign entering [preauth] May 07 13:06:09 noraza.doma sshd[25482]: debug3: mm_request_send entering: type 6 [preauth] May 07 13:06:09 noraza.doma sshd[25482]: debug3: mm_key_sign: waiting for MONITOR_ANS_SIGN [preauth] May 07 13:06:09 noraza.doma sshd[25482]: debug3: mm_request_receive_expect entering: type 7 [preauth] May 07 13:06:09 noraza.doma sshd[25482]: debug3: mm_request_receive entering [preauth] May 07 13:06:09 noraza.doma sshd[25482]: debug3: mm_request_receive entering May 07 13:06:09 noraza.doma sshd[25482]: debug3: monitor_read: checking request 6 May 07 13:06:09 noraza.doma sshd[25482]: debug3: mm_answer_sign May 07 13:06:09 noraza.doma sshd[25482]: debug3: mm_answer_sign: signature 0x55eef95d7800(101) May 07 13:06:09 noraza.doma sshd[25482]: debug3: mm_request_send entering: type 7 May 07 13:06:09 noraza.doma sshd[25482]: debug2: monitor_read: 6 used once, disabling now May 07 13:06:09 noraza.doma sshd[25482]: debug2: kex_derive_keys [preauth] May 07 13:06:09 noraza.doma sshd[25482]: debug2: set_newkeys: mode 1 [preauth] May 07 13:06:09 noraza.doma sshd[25482]: debug1: SSH2_MSG_NEWKEYS sent [preauth] May 07 13:06:09 noraza.doma sshd[25482]: debug1: expecting SSH2_MSG_NEWKEYS [preauth] May 07 13:06:15 noraza.doma sshd[25482]: debug2: set_newkeys: mode 0 [preauth] May 07 13:06:15 noraza.doma sshd[25482]: debug1: SSH2_MSG_NEWKEYS received [preauth] May 07 13:06:15 noraza.doma sshd[25482]: debug1: KEX done [preauth] May 07 13:06:15 noraza.doma sshd[25482]: debug1: userauth-request for user root service ssh-connection method none [preauth] May 07 13:06:15 noraza.doma sshd[25482]: debug1: attempt 0 failures 0 [preauth] May 07 13:06:15 noraza.doma sshd[25482]: debug3: mm_getpwnamallow entering [preauth] May 07 13:06:15 noraza.doma sshd[25482]: debug3: mm_request_send entering: type 8 [preauth] May 07 13:06:15 noraza.doma sshd[25482]: debug3: mm_request_receive entering May 07 13:06:15 noraza.doma sshd[25482]: debug3: monitor_read: checking request 8 May 07 13:06:15 noraza.doma sshd[25482]: debug3: mm_answer_pwnamallowa pak následuje asi další dvě stránky. Pokud výpisu rozumím dobře, tak první sada kex_parse_kexinit jsou algoritmy serveru a druhá algoritmy klienta (už to bylo i v tom prvním dotazu ve výpisu klienta, ale tam jsem tomu nerozuměl) a problém myslím, že je tento: Noraza (ssh server) má v seznamu hmac jen s Encrypt-then-MAC (etm) zatímco neúspěšný klient nemá žádné. A teď jak přesvědčit jednu nebo druhou stranu.
ssh -Q mac
, konkrétní můžete zvolit parametrem -mac
. Povolené algoritmy jsou pak v konfiguračním souboru ssh_config
. Pokud se nějaký algoritmus stal nedůvěryhodným a distribuce ho v rámci patchování zakázala, předpokládám, že bude zakázaný jen v konfiguraci ale v binárce bude stále zakompilovaný – kompilace bez toho algoritmu se dělá obvykle až v nějaké hlavní verzi.
Ale povolení nedůvěryhodných algoritmů bych bral až jako poslední možnost, snažil bych se spíš dopracovat k novějším verzím OpenSSH s bezpečnějšími algoritmy, než se vracet ke starším verzím s nedůvěryhodnými algoritmy.
Tiskni
Sdílej: