Portál AbcLinuxu, 11. května 2025 17:47
Řešení dotazu:
Protocol 2 Subsystem sftp /usr/libexec/sftp-serverStačí takto? Výpis ssh -vvv resp. posledných x riadkov je:
debug2: set_newkeys: mode 0 debug1: SSH2_MSG_NEWKEYS received debug1: SSH2_MSG_SERVICE_REQUEST sent debug2: service_accept: ssh-userauth debug1: SSH2_MSG_SERVICE_ACCEPT received debug2: key: /home/user/.ssh/identity ((nil)) debug2: key: /home/user/.ssh/id_rsa ((nil)) debug2: key: /home/user/.ssh/id_dsa (0xb7f2cb08) debug1: Authentications that can continue: publickey,password,keyboard-interactive debug3: start over, passed a different list publickey,password,keyboard-interactive debug3: preferred gssapi-keyex,gssapi-with-mic,gssapi,publickey,keyboard-interactive,password debug3: authmethod_lookup publickey debug3: remaining preferred: keyboard-interactive,password debug3: authmethod_is_enabled publickey debug1: Next authentication method: publickey debug1: Trying private key: /home/user/.ssh/identity debug3: no such identity: /home/user/.ssh/identity debug1: Trying private key: /home/user/.ssh/id_rsa debug3: no such identity: /home/user/.ssh/id_rsa debug1: Offering public key: /home/user/.ssh/id_dsa debug3: send_pubkey_test debug2: we sent a publickey packet, wait for reply Connection closed by xxx.xx.xxx.xxx
debug1: Server accepts key: pkalg ssh-rsa blen 277ted jsem se dival na AIX 5.3, kde mi publickey funguje. Ukaz sshd_config.
# $OpenBSD: sshd_config,v 1.80 2008/07/02 02:24:18 djm Exp $ # This is the sshd server system-wide configuration file. See # sshd_config(5) for more information. # This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin # The strategy used for options in the default sshd_config shipped with # OpenSSH is to specify options with their default value where # possible, but leave them commented. Uncommented options change a # default value. #Port 22 #AddressFamily any #ListenAddress 0.0.0.0 #ListenAddress :: # Disable legacy (protocol version 1) support in the server for new # installations. In future the default will change to require explicit # activation of protocol 1 Protocol 2 # HostKey for protocol version 1 #HostKey /etc/ssh/ssh_host_key # HostKeys for protocol version 2 #HostKey /etc/ssh/ssh_host_rsa_key #HostKey /etc/ssh/ssh_host_dsa_key # Lifetime and size of ephemeral version 1 server key #KeyRegenerationInterval 1h #ServerKeyBits 1024 # Logging # obsoletes QuietMode and FascistLogging #SyslogFacility AUTH #LogLevel INFO # Authentication: #LoginGraceTime 2m #PermitRootLogin yes #StrictModes yes #MaxAuthTries 6 #MaxSessions 10 #RSAAuthentication yes #PubkeyAuthentication yes #AuthorizedKeysFile .ssh/authorized_keys # For this to work you will also need host keys in /etc/ssh/ssh_known_hosts #RhostsRSAAuthentication no # similar for protocol version 2 #HostbasedAuthentication no # Change to yes if you don't trust ~/.ssh/known_hosts for # RhostsRSAAuthentication and HostbasedAuthentication #IgnoreUserKnownHosts no # Don't read the user's ~/.rhosts and ~/.shosts files #IgnoreRhosts yes # To disable tunneled clear text passwords, change to no here! #PasswordAuthentication yes #PermitEmptyPasswords no # Change to no to disable s/key passwords #ChallengeResponseAuthentication yes # Kerberos options #KerberosAuthentication no #KerberosOrLocalPasswd yes #KerberosTicketCleanup yes #KerberosGetAFSToken no # GSSAPI options #GSSAPIAuthentication no #GSSAPICleanupCredentials yes # Set this to 'yes' to enable PAM authentication, account processing, # and session processing. If this is enabled, PAM authentication will # be allowed through the ChallengeResponseAuthentication and # PasswordAuthentication. Depending on your PAM configuration, # PAM authentication via ChallengeResponseAuthentication may bypass # the setting of "PermitRootLogin without-password". # If you just want the PAM account and session checks to run without # PAM authentication, then enable this but set PasswordAuthentication # and ChallengeResponseAuthentication to 'no'. #UsePAM no #AllowAgentForwarding yes #AllowTcpForwarding yes #GatewayPorts no #X11Forwarding no #X11DisplayOffset 10 #X11UseLocalhost yes #PrintMotd yes #PrintLastLog yes #TCPKeepAlive yes #UseLogin no #UsePrivilegeSeparation yes #PermitUserEnvironment no #Compression delayed #ClientAliveInterval 0 #ClientAliveCountMax 3 #UseDNS yes #PidFile /var/run/sshd.pid #MaxStartups 10 #PermitTunnel no #ChrootDirectory none # no default banner path #Banner none # override default of no subsystems Subsystem sftp /usr/libexec/sftp-server # Example of overriding settings on a per-user basis #Match User anoncvs # X11Forwarding no # AllowTcpForwarding no # ForceCommand cvs server
Mar 16 11:01:50 p570b3 auth|security:debug sshd[241740]: debug1: fd 4 clearing O_NONBLOCK Mar 16 11:01:50 p570b3 auth|security:debug sshd[372966]: debug1: rexec start in 4 out 4 newsock 4 pipe 6 sock 7 Mar 16 11:01:50 p570b3 auth|security:debug sshd[241740]: debug1: Forked child 372966. Mar 16 11:01:50 p570b3 auth|security:debug sshd[241740]: debug3: send_rexec_state: entering fd = 7 config len 203 Mar 16 11:01:50 p570b3 auth|security:debug sshd[241740]: debug3: ssh_msg_send: type 0 Mar 16 11:01:50 p570b3 auth|security:debug sshd[241740]: debug3: send_rexec_state: done Mar 16 11:01:50 p570b3 auth|security:debug sshd[372966]: debug1: inetd sockets after dupping: 5, 5 Mar 16 11:01:50 p570b3 auth|security:info sshd[372966]: Connection from AA.B.CC.DDD port 38352 Mar 16 11:01:50 p570b3 auth|security:debug sshd[372966]: debug1: Client protocol version 2.0; client software version OpenSSH_5.1p1 Debian-5 Mar 16 11:01:50 p570b3 auth|security:debug sshd[372966]: debug1: match: OpenSSH_5.1p1 Debian-5 pat OpenSSH* Mar 16 11:01:50 p570b3 auth|security:debug sshd[372966]: debug1: Enabling compatibility mode for protocol 2.0 Mar 16 11:01:50 p570b3 auth|security:debug sshd[372966]: debug1: Local version string SSH-2.0-OpenSSH_5.2 Mar 16 11:01:50 p570b3 auth|security:debug sshd[372966]: debug3: Value for authType is STD_AUTH Mar 16 11:01:50 p570b3 auth|security:debug sshd[372966]: debug1: Failed dlopen: /usr/krb5/lib/libkrb5.a(libkrb5.a.so): \t0509-022 Cannot load module /usr/krb5/lib/libkrb5.a(libkrb5.a.so).\n\t0509-026 System error: A file or directory in the path name does not exist.\n Mar 16 11:01:50 p570b3 auth|security:debug sshd[372966]: debug1: Error loading Kerberos, disabling the Kerberos auth Mar 16 11:01:50 p570b3 auth|security:debug sshd[372966]: debug2: fd 5 setting O_NONBLOCK Mar 16 11:01:50 p570b3 auth|security:debug sshd[372966]: debug2: Network child is on pid 229410 Mar 16 11:01:50 p570b3 auth|security:debug sshd[372966]: debug3: preauth child monitor started Mar 16 11:01:50 p570b3 auth|security:debug sshd[372966]: debug3: mm_request_receive entering Mar 16 11:01:50 p570b3 auth|security:debug sshd[372966]: debug3: monitor_read: checking request 0 Mar 16 11:01:50 p570b3 auth|security:debug sshd[372966]: debug3: mm_answer_moduli: got parameters: 1024 1024 8192 Mar 16 11:01:50 p570b3 auth|security:debug sshd[372966]: debug3: mm_request_send entering: type 1 Mar 16 11:01:50 p570b3 auth|security:debug sshd[372966]: debug2: monitor_read: 0 used once, disabling now Mar 16 11:01:50 p570b3 auth|security:debug sshd[372966]: debug3: mm_request_receive entering Mar 16 11:01:50 p570b3 auth|security:debug sshd[372966]: debug3: monitor_read: checking request 4 Mar 16 11:01:50 p570b3 auth|security:debug sshd[372966]: debug3: mm_answer_sign Mar 16 11:01:50 p570b3 auth|security:debug sshd[372966]: debug3: mm_answer_sign: signature 20035878(271) Mar 16 11:01:50 p570b3 auth|security:debug sshd[372966]: debug3: mm_request_send entering: type 5 Mar 16 11:01:50 p570b3 auth|security:debug sshd[372966]: debug2: monitor_read: 4 used once, disabling now Mar 16 11:01:50 p570b3 auth|security:debug sshd[372966]: debug3: mm_request_receive entering Mar 16 11:01:50 p570b3 auth|security:debug sshd[372966]: debug3: monitor_read: checking request 6 Mar 16 11:01:50 p570b3 auth|security:debug sshd[372966]: debug3: mm_answer_pwnamallow Mar 16 11:01:50 p570b3 auth|security:debug sshd[372966]: debug3: Trying to reverse map address AA.B.CC.DDD. Mar 16 11:01:50 p570b3 auth|security:debug sshd[372966]: debug2: parse_server_config: config reprocess config len 203 Mar 16 11:01:50 p570b3 auth|security:debug sshd[372966]: debug3: AIX/loginrestrictions returned 0 msg (none) Mar 16 11:01:50 p570b3 auth|security:debug sshd[372966]: debug3: mm_answer_pwnamallow: sending MONITOR_ANS_PWNAM: 1 Mar 16 11:01:50 p570b3 auth|security:debug sshd[372966]: debug3: mm_request_send entering: type 7 Mar 16 11:01:50 p570b3 auth|security:debug sshd[372966]: debug2: monitor_read: 6 used once, disabling now Mar 16 11:01:50 p570b3 auth|security:debug sshd[372966]: debug3: mm_request_receive entering Mar 16 11:01:50 p570b3 auth|security:debug sshd[372966]: debug3: monitor_read: checking request 3 Mar 16 11:01:50 p570b3 auth|security:debug sshd[372966]: debug3: mm_answer_authserv: service=ssh-connection, style= Mar 16 11:01:50 p570b3 auth|security:debug sshd[372966]: debug2: monitor_read: 3 used once, disabling now Mar 16 11:01:50 p570b3 auth|security:debug sshd[372966]: debug3: mm_request_receive entering Mar 16 11:01:50 p570b3 auth|security:debug sshd[372966]: debug3: monitor_read: checking request 10 Mar 16 11:01:50 p570b3 auth|security:debug sshd[372966]: debug3: mm_answer_authpassword: sending result 0 Mar 16 11:01:50 p570b3 auth|security:debug sshd[372966]: debug3: mm_request_send entering: type 11 Mar 16 11:01:50 p570b3 auth|security:info sshd[372966]: Failed none for userXY from AA.B.CC.DDD port 38352 ssh2 Mar 16 11:01:50 p570b3 auth|security:debug sshd[372966]: debug3: mm_request_receive entering Mar 16 11:01:50 p570b3 auth|security:debug sshd[372966]: debug3: monitor_read: checking request 20 Mar 16 11:01:50 p570b3 auth|security:debug sshd[372966]: debug3: mm_answer_keyallowed entering Mar 16 11:01:50 p570b3 auth|security:debug sshd[372966]: debug3: mm_answer_keyallowed: key_from_blob: 200353a8 Mar 16 11:01:50 p570b3 auth|security:debug sshd[372966]: debug1: temporarily_use_uid: 620/600 (e=0/0) Mar 16 11:01:50 p570b3 auth|security:debug sshd[372966]: debug1: trying public key file /home/userXY/.ssh/authorized_keys Mar 16 11:01:50 p570b3 auth|security:debug sshd[372966]: debug1: restore_uid: 0/0 Mar 16 11:01:50 p570b3 auth|security:debug sshd[372966]: debug1: temporarily_use_uid: 620/600 (e=0/0) Mar 16 11:01:50 p570b3 auth|security:debug sshd[372966]: debug1: trying public key file /home/userXY/.ssh/authorized_keys2 Mar 16 11:01:50 p570b3 auth|security:debug sshd[372966]: debug1: fd 4 clearing O_NONBLOCK Mar 16 11:01:50 p570b3 auth|security:debug sshd[372966]: debug3: secure_filename: checking '/home/userXY/.ssh' Mar 16 11:01:50 p570b3 auth|security:debug sshd[372966]: debug3: secure_filename: checking '/home/userXY' Mar 16 11:01:50 p570b3 auth|security:debug sshd[372966]: debug3: secure_filename: terminating check at '/home/userXY' Mar 16 11:01:50 p570b3 auth|security:debug sshd[372966]: debug1: matching key found: file /home/userXY/.ssh/authorized_keys2, line 1 Mar 16 11:01:50 p570b3 auth|security:info sshd[372966]: Found matching DSA key: de:b2:0f:77:f0:fe:e7:97:48:29:e8:29:16:ff:dc:4e Mar 16 11:01:50 p570b3 auth|security:debug sshd[372966]: debug1: restore_uid: 0/0 Mar 16 11:01:50 p570b3 auth|security:debug sshd[372966]: debug3: mm_answer_keyallowed: key 200353a8 is allowed Mar 16 11:01:50 p570b3 auth|security:debug sshd[372966]: debug3: mm_request_send entering: type 21 Mar 16 11:01:50 p570b3 auth|security:debug sshd[372966]: debug3: mm_request_receive entering Mar 16 11:01:50 p570b3 auth|security:debug sshd[372966]: debug1: do_cleanuphosts.allow v /etc/ nemám
Tiskni
Sdílej:
ISSN 1214-1267, (c) 1999-2007 Stickfish s.r.o.