使用id_dsa.pub或id_rsa.pub或identity.pub无效的无密码ssh

0

我有一个solaris 8盒子,我尝试使用无密码验证用户george到solaris 11上。

ssh的版本:

  • solaris8:OpenSSH_3.4p1,SSH协议1.5 / 2.0,OpenSSL 0x0090607f
  • solaris11:Sun_SSH_2.0,SSH协议1.5 / 2.0,OpenSSL 0x100000af

我尝试过使用所有类型的ssh-keygen。并多次检查我的配置是否正确(创建了本地公钥/私钥,将私钥添加到ssh-add并将公钥复制到authorized_keys下的服务器。将权限600和700赋予〜/ .ssh)

当尝试旧版本的ssh(identity.pub)时,我使用-1参数 连接仍然提示我输入密码

这是输出: 

george@solaris11:~$ ssh -v george@solaris8 ls /  
Sun_SSH_2.0, SSH protocols 1.5/2.0, OpenSSL 0x100000af  
debug1: Reading configuration data /etc/ssh/ssh_config  
debug1: Rhosts Authentication disabled, originating port will not be trusted.  
debug1: ssh_connect: needpriv 0  
debug1: Connecting to alphasun [10.162.1.27] port 22.  
debug1: Connection established.  
debug1: ssh_kmf_check_uri: /export/home/george/.ssh/identity  
debug1: Identity file/URI '/export/home/george/.ssh/identity' pubkey type ssh-unknown  
debug1: ssh_kmf_check_uri: /export/home/george/.ssh/id_rsa  
debug1: ssh_kmf_key_from_blob: blob length is 277.  
debug1: Identity file/URI '/export/home/george/.ssh/id_rsa' pubkey type ssh-rsa  
debug1: ssh_kmf_check_uri: /export/home/george/.ssh/id_dsa  
debug1: ssh_kmf_key_from_blob: blob length is 433.  
debug1: Identity file/URI '/export/home/george/.ssh/id_dsa' pubkey type ssh-dss  
debug1: Logging to host: solaris8  
debug1: Local user: george Remote user: george  
debug1: Remote protocol version 1.99, remote software version OpenSSH_3.4p1  
debug1: match: OpenSSH_3.4p1 pat OpenSSH_3.2*,OpenSSH_3.3*,OpenSSH_3.4*,OpenSSH_3.5*  
debug1: Enabling compatibility mode for protocol 2.0  
debug1: Local version string SSH-2.0-Sun_SSH_2.0  
debug1: use_engine is 'yes'  
debug1: pkcs11 engine initialized, now setting it as default for RSA, DSA, and symmetric   ciphers
debug1: pkcs11 engine initialization complete  
debug1: Creating a global KMF session.  
debug1: My KEX proposal before adding the GSS KEX algorithm:  
debug1: Failed to acquire GSS-API credentials for any mechanisms (No credentials were   supplied, or the credentials were unavailable or inaccessible
)  
debug1: SSH2_MSG_KEXINIT sent  
debug1: SSH2_MSG_KEXINIT received  
debug1: My KEX proposal I sent to the peer:    
debug1: KEX proposal I received from the peer:  
debug1: kex: server->client arcfour hmac-sha1 none  
debug1: kex: client->server arcfour hmac-sha1 none  
debug1: Host key algorithm 'ssh-rsa' chosen for the KEX.  
debug1: Peer sent proposed langtags, ctos:  
debug1: Peer sent proposed langtags, stoc:  
debug1: We proposed langtags, ctos: el-GR  
debug1: We proposed langtags, stoc: el-GR  
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST sent  
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP  
debug1: dh_gen_key: priv key bits set: 144/320  
debug1: bits set: 1565/3191  
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent  
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY  
debug1: ssh_kmf_key_from_blob: blob length is 149.  
debug1: ssh_kmf_key_from_blob: blob length is 149.  
debug1: ssh_kmf_key_from_blob: blob length is 149.  
debug1: Host 'solaris' is known and matches the RSA host key.  
debug1: Found key in /export/home/george/.ssh/known_hosts:1  
debug1: bits set: 1550/3191  
debug1: ssh_rsa_verify: signature correct  
debug1: set_newkeys: setting new keys for 'out' mode  
debug1: SSH2_MSG_NEWKEYS sent  
debug1: expecting SSH2_MSG_NEWKEYS  
debug1: set_newkeys: setting new keys for 'in' mode  
debug1: SSH2_MSG_NEWKEYS received  
debug1: done: ssh_kex2.  
debug1: send SSH2_MSG_SERVICE_REQUEST  
debug1: got SSH2_MSG_SERVICE_ACCEPT  
debug1: Authentications that can continue: publickey,password,keyboard-interactive  
debug1: Next authentication method: publickey  
debug1: Trying public key: /export/home/george/.ssh/id_rsa  
debug1: Authentications that can continue: publickey,password,keyboard-interactive  
debug1: Trying public key: /export/home/george/.ssh/id_dsa  
debug1: Authentications that can continue: publickey,password,keyboard-interactive  
debug1: Next authentication method: keyboard-interactive  
debug1: Authentications that can continue: publickey,password,keyboard-interactive  
debug1: Next authentication method: password  
george@solaris8's password:

我在远程服务器上找不到authlog文件(在/ var / log /或任何其他ssh目录下没有) 我尝试过使用相同的solaris 11进行客户端 - 服务器连接的方法,它可以工作!所以这可能是ssh版本之间的兼容性问题。这就是我试图用-1连接的原因。

有人可以帮我克服这个吗? 谢谢 !!!

linux  ssh  security  authentication  solaris 
user292565
source
1
你检查过/ var / adm / messages了吗?
etherfish

Answers:

0

我有这种唠叨的感觉,十年前我用Sun 220R遇到了这个问题。我几乎可以肯定它与pam和 /etc/pam.conf。校验 /var/adm/ 对于日志文件,有时 dmesg

我记不起来了。 这个帖子 似乎有点熟悉。我认为你最好在Sol8的OpenSSH上进行调试。

顺便提一下,如果你不解决这个问题 - 那个版本的OpenSSH有很多已知的远程攻击 - 你可能可以使用其中一个。 :)

etherfish
source
0

我已经看到很多关于做这项工作的赞誉。没有说关于选项 StrictModes 与身份验证有关

显然,这只是OpenSSH_3.4p1中的情况,因为我尝试在Solaris11上启用/禁用Solaris11“ssh nopassword身份验证”选项,这没什么区别。

但在我的情况下改变了sshd_conf参数 严格模式没有 这就行了!

谢谢凯文,不能投票你的问题bcos我在网站上没有15+的声誉。然而..

user292565
source
By using our site, you acknowledge that you have read and understand our Cookie Policy and Privacy Policy.
Licensed under cc by-sa 3.0 with attribution required.