SSH-Key wird auch mit ssh-add nicht freigeschaltet
467
iRaS
Ich bin sehr verwirrt. Jedes Handbuch, das ich die letzten 15 Minuten gelesen habe, besagt, dass dies funktionieren sollte, aber es funktioniert nicht:
$ ssh-agent -s SSH_AUTH_SOCK=/tmp/ssh-syXn9Tk09V9P/agent.16332; export SSH_AUTH_SOCK; SSH_AGENT_PID=16333; export SSH_AGENT_PID; echo Agent pid 16333; $ eval `ssh-agent -s` Agent pid 16362 $ ssh-add -l The agent has no identities. $ ssh-add .ssh/user\@server.de.key Enter passphrase for .ssh/user@server.de.key: Identity added: .ssh/user@server.de.key (.ssh/user@server.de.key) $ ssh-add -l 1023 SHA256:TQ6nDwMeeP9tHf43lAG0mC5cbIPx5h7RYxMUcYKJHPI .ssh/user@server.de.key (RSA) $ ssh server.de Enter passphrase for key '/home/iras/.ssh/user@server.de.key':
In der ssh config gibt es für server.de einen Eintrag mit Identitätsbenutzer und dem mitgelieferten ssh-Schlüssel.
Die ausführliche Ausgabe:
$ ssh -vvv server.de OpenSSH_7.2p2, OpenSSL 1.0.2h 3 May 2016 debug1: Reading configuration data /home/iras/.ssh/config debug1: /home/iras/.ssh/config line 127: Applying options for apache4 debug1: /home/iras/.ssh/config line 177: Applying options for * debug1: Reading configuration data /etc/ssh/ssh_config debug2: resolving "10.0.0.42" port 22 debug2: ssh_connect_direct: needpriv 0 debug1: Connecting to 10.0.0.42 [10.0.0.42] port 22. debug1: Connection established. debug1: key_load_public: No such file or directory debug1: identity file /home/iras/.ssh/user@server.de.key type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/iras/.ssh/user@server.de.key-cert type -1 debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_7.2 debug1: Remote protocol version 2.0, remote software version OpenSSH_6.6.1p1 Ubuntu-2ubuntu2.3 debug1: match: OpenSSH_6.6.1p1 Ubuntu-2ubuntu2.3 pat OpenSSH_6.6.1* compat 0x04000000 debug2: fd 3 setting O_NONBLOCK debug1: Authenticating to 10.0.0.42:22 as 'user' debug3: hostkeys_foreach: reading file "/home/iras/.ssh/known_hosts" debug3: record_hostkey: found key type ECDSA in file /home/iras/.ssh/known_hosts:69 debug3: load_hostkeys: loaded 1 keys from 10.0.0.42 debug3: order_hostkeyalgs: prefer hostkeyalgs: ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521 debug3: send packet: type 20 debug1: SSH2_MSG_KEXINIT sent debug3: receive packet: type 20 debug1: SSH2_MSG_KEXINIT received debug2: local client KEXINIT proposal debug2: KEX algorithms: curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,ext-info-c debug2: host key algorithms: ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa debug2: ciphers ctos: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc,3des-cbc debug2: ciphers stoc: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc,3des-cbc debug2: MACs ctos: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1 debug2: MACs stoc: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1 debug2: compression ctos: none,zlib@openssh.com,zlib debug2: compression stoc: none,zlib@openssh.com,zlib debug2: languages ctos: debug2: languages stoc: debug2: first_kex_follows 0 debug2: reserved 0 debug2: peer server KEXINIT proposal debug2: KEX algorithms: curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1 debug2: host key algorithms: ssh-rsa,ssh-dss,ecdsa-sha2-nistp256,ssh-ed25519 debug2: ciphers ctos: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se debug2: ciphers stoc: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se debug2: MACs ctos: hmac-md5-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-ripemd160-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,hmac-md5,hmac-sha1,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96 debug2: MACs stoc: hmac-md5-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-ripemd160-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,hmac-md5,hmac-sha1,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96 debug2: compression ctos: none,zlib@openssh.com debug2: compression stoc: none,zlib@openssh.com debug2: languages ctos: debug2: languages stoc: debug2: first_kex_follows 0 debug2: reserved 0 debug1: kex: algorithm: curve25519-sha256@libssh.org debug1: kex: host key algorithm: ecdsa-sha2-nistp256 debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none debug3: send packet: type 30 debug1: expecting SSH2_MSG_KEX_ECDH_REPLY debug3: receive packet: type 31 debug1: Server host key: ecdsa-sha2-nistp256 SHA256:KAU//7qfeZspCpZwJWB7tZdYqQkGwUHVMV+830TdTwE debug3: hostkeys_foreach: reading file "/home/iras/.ssh/known_hosts" debug3: record_hostkey: found key type ECDSA in file /home/iras/.ssh/known_hosts:69 debug3: load_hostkeys: loaded 1 keys from 10.0.0.42 debug1: Host '10.0.0.42' is known and matches the ECDSA host key. debug1: Found key in /home/iras/.ssh/known_hosts:69 debug3: send packet: type 21 debug2: set_newkeys: mode 1 debug1: rekey after 134217728 blocks debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug3: receive packet: type 21 debug2: set_newkeys: mode 0 debug1: rekey after 134217728 blocks debug1: SSH2_MSG_NEWKEYS received debug2: key: /home/iras/.ssh/user@server.de.key ((nil)), explicit debug3: send packet: type 5 debug3: receive packet: type 6 debug2: service_accept: ssh-userauth debug1: SSH2_MSG_SERVICE_ACCEPT received debug3: send packet: type 50 debug3: receive packet: type 51 debug1: Authentications that can continue: publickey,password,keyboard-interactive debug3: start over, passed a different list publickey,password,keyboard-interactive debug3: preferred publickey,keyboard-interactive,password debug3: authmethod_lookup publickey debug3: remaining preferred: keyboard-interactive,password debug3: authmethod_is_enabled publickey debug1: Next authentication method: publickey debug1: Trying private key: /home/iras/.ssh/user@server.de.key Enter passphrase for key '/home/iras/.ssh/user@server.de.key':
Was ist mit dem ausführlichen Protokoll? `ssh -vvv server.de`. Was druckt der `ssh-add -L`, nachdem der Schlüssel dem Agenten hinzugefügt wurde?
Jakuje vor 8 Jahren
0
@Jakuje fügte die angeforderte Ausgabe hinzu
iRaS vor 8 Jahren
0
1 Antwort auf die Frage
1
Jakuje
Das Problem ist, dass Sie Ihren Schlüssel explizit in angegeben haben ~/.ssh/configund keinen zusätzlichen (unverschlüsselten) öffentlichen Schlüssel gespeichert haben. Daher versucht der Client zuerst die in der Konfigurationsdatei aufgelisteten Schlüssel und die Agentenschlüssel später (er kann nicht mit ihnen übereinstimmen, da der explizite Schlüssel verschlüsselt ist).
Wenn meine Theorie richtig ist, sollte es für Sie funktionieren, wenn Sie die Zeile IdentityFile ~.ssh/user@server.de.keyvon Ihrem entfernen ~/.ssh/configoder den öffentlichen Schlüssel in den exportieren.ssh/user@server.de.key.pub