El inicio de sesión sin contraseña SSH funciona en un objetivo pero no en otro

El inicio de sesión sin contraseña SSH funciona en un objetivo pero no en otro

Generé las claves ssh usando ssh-keygen -t rsaun destino integrado (imx6) y copié la clave pública en la máquina host.

Máquina de destino IMX6: OpenSSH: 7.1p2 IP: 192.168.2.31

Máquina anfitriona: OpenSSH: OpenSSH_5.9p1 IP: 192.168.2.11

Objetivo A a la máquina B Intenté conectar el host desde el destino y funcionó bien. Encuentre los registros a continuación.

mx6q:~# ssh [email protected] -vv
OpenSSH_7.1p2, OpenSSL 1.0.2g  1 Mar 2016
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 20: Applying options for *
debug2: ssh_connect: needpriv 0
debug1: Connecting to 192.168.2.11 [192.168.2.11] port 22.
debug1: Connection established.
debug1: permanently_set_uid: 0/0
debug1: identity file /home/root/.ssh/id_rsa type 1
debug1: key_load_public: No such file or directory
debug1: identity file /home/root/.ssh/id_rsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/root/.ssh/id_dsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/root/.ssh/id_dsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/root/.ssh/id_ecdsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/root/.ssh/id_ecdsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/root/.ssh/id_ed25519 type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/root/.ssh/id_ed25519-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_7.1
debug1: Remote protocol version 2.0, remote software version OpenSSH_7.1
debug1: match: OpenSSH_7.1 pat OpenSSH* compat 0x04000000
debug2: fd 4 setting O_NONBLOCK
debug1: Authenticating to 192.168.2.11:22 as 'pnallathambi'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit: [email protected],ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchan1
debug2: kex_parse_kexinit: [email protected],[email protected],[email protected],ecdsa-sha2-nistp256,ecdsa-sa
debug2: kex_parse_kexinit: [email protected],aes128-ctr,aes192-ctr,aes256-ctr,[email protected],[email protected],arcfour256,arcfour128,aes128-cbc,3des-cbce
debug2: kex_parse_kexinit: [email protected],aes128-ctr,aes192-ctr,aes256-ctr,[email protected],[email protected],arcfour256,arcfour128,aes128-cbc,3des-cbce
debug2: kex_parse_kexinit: [email protected],[email protected],[email protected],[email protected],[email protected],umac-64@openssh6
debug2: kex_parse_kexinit: [email protected],[email protected],[email protected],[email protected],[email protected],umac-64@openssh6
debug2: kex_parse_kexinit: none,[email protected],zlib
debug2: kex_parse_kexinit: none,[email protected],zlib
debug2: kex_parse_kexinit: 
debug2: kex_parse_kexinit: 
debug2: first_kex_follows 0 
debug2: reserved 0 
debug2: kex_parse_kexinit: gss-gex-sha1-toWM5Slw5Ew8Mqkay+al2g==,gss-group1-sha1-toWM5Slw5Ew8Mqkay+al2g==,gss-group14-sha1-toWM5Slw5Ew8Mqkay+al2g==,[email protected],1
debug2: kex_parse_kexinit: ssh-rsa,ecdsa-sha2-nistp256,ssh-ed25519
debug2: kex_parse_kexinit: [email protected],aes128-ctr,aes192-ctr,aes256-ctr
debug2: kex_parse_kexinit: [email protected],aes128-ctr,aes192-ctr,aes256-ctr
debug2: kex_parse_kexinit: [email protected],[email protected],[email protected],[email protected],[email protected],umac-64@openssh1
debug2: kex_parse_kexinit: [email protected],[email protected],[email protected],[email protected],[email protected],umac-64@openssh1
debug2: kex_parse_kexinit: none,[email protected]
debug2: kex_parse_kexinit: none,[email protected]
debug2: kex_parse_kexinit: 
debug2: kex_parse_kexinit: 
debug2: first_kex_follows 0 
debug2: reserved 0 
debug1: kex: server->client [email protected] <implicit> none
debug1: kex: client->server [email protected] <implicit> none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:6hGhaP5vujRRSDEE7e6unEHBXIkPgx9Q6f0U9zvXt1E
debug1: Host '192.168.2.11' is known and matches the ECDSA host key.
debug1: Found key in /home/root/.ssh/known_hosts:1
debug2: set_newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug2: set_newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug2: key: /home/root/.ssh/id_rsa (0x15e3c28),
debug2: key: /home/root/.ssh/id_dsa ((nil)),
debug2: key: /home/root/.ssh/id_ecdsa ((nil)),
debug2: key: /home/root/.ssh/id_ed25519 ((nil)),
Ubuntu 12.04.5 LTS vmlxhi-025 ssh-pty

debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password,keyboard-interactive
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /home/root/.ssh/id_rsa
debug2: we sent a publickey packet, wait for reply
debug1: Server accepts key: pkalg ssh-rsa blen 279
debug2: input_userauth_pk_ok: fp SHA256:VaQIZBXXXq8H7m6Um+/hfEllTx3VsgygYZhwUd/i1dY
debug1: Authentication succeeded (publickey).
Authenticated to 192.168.2.11 ([192.168.2.11]:22).
debug1: channel 0: new [client-session]
debug2: channel 0: send open
debug1: Requesting [email protected]
debug1: Entering interactive session.
debug1: client_input_global_request: rtype [email protected] want_reply 0
debug2: callback start
debug1: X11 forwarding requested but DISPLAY not set
debug2: fd 4 setting TCP_NODELAY
debug2: client_session2_setup: id 0
debug2: channel 0: request pty-req confirm 1
debug2: channel 0: request shell confirm 1
debug2: callback done
debug2: channel 0: open confirm rwindow 0 rmax 32768
debug2: channel_input_status_confirm: type 99 id 0
debug2: PTY allocation request accepted on channel 0
debug2: channel 0: rcvd adjust 2097152
debug2: channel_input_status_confirm: type 99 id 0
debug2: shell request accepted on channel 0
Welcome to Ubuntu 12.04.5 LTS (GNU/Linux 3.13.0-95-generic x86_64)

 * Documentation:  https://help.ubuntu.com/

35 packages can be updated.
35 updates are security updates.


Your Hardware Enablement Stack (HWE) is supported until April 2017.

Last login: Fri Sep 23 15:42:05 2016 from 192.168.2.31
pnallathambi@vmlxhi-025:~$ exit
logout
debug1: client_input_channel_req: channel 0 rtype exit-status reply 0
debug1: client_input_channel_req: channel 0 rtype [email protected] reply 0
debug2: channel 0: rcvd eow
debug2: channel 0: close_read
debug2: channel 0: input open -> closed
debug2: channel 0: rcvd eof
debug2: channel 0: output open -> drain
debug2: channel 0: obuf empty
debug2: channel 0: close_write
debug2: channel 0: output drain -> closed
debug2: channel 0: rcvd close
debug2: channel 0: almost dead
debug2: channel 0: gc: notify user
debug2: channel 0: gc: user detached
debug2: channel 0: send close
debug2: channel 0: is dead
debug2: channel 0: garbage collecting
debug1: channel 0: free: client-session, nchannels 1
Connection to 192.168.2.11 closed.
Transferred: sent 3564, received 3364 bytes, in 2.7 seconds
Bytes per second: sent 1309.0, received 1235.5
debug1: Exit status 0

Objetivo C a la máquina D: Copié las mismas claves en otro par de máquinas, es decir, en otro destino, y agregué la clave pública a la máquina host conectada. Esta vez no funcionó y no pude precisar el motivo.

Encuentre los registros a continuación.

mx6q:/home/root# ssh [email protected] -vv
OpenSSH_7.1p2, OpenSSL 1.0.2g  1 Mar 2016
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 20: Applying options for *
debug2: ssh_connect: needpriv 0
debug1: Connecting to 192.168.2.11 [192.168.2.11] port 22.
debug1: Connection established.
debug1: permanently_set_uid: 0/0
debug1: identity file /home/root/.ssh/id_rsa type 1
debug1: key_load_public: No such file or directory
debug1: identity file /home/root/.ssh/id_rsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/root/.ssh/id_dsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/root/.ssh/id_dsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/root/.ssh/id_ecdsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/root/.ssh/id_ecdsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/root/.ssh/id_ed25519 type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/root/.ssh/id_ed25519-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_7.1
debug1: Remote protocol version 2.0, remote software version OpenSSH_7.1
debug1: match: OpenSSH_7.1 pat OpenSSH* compat 0x04000000
debug2: fd 4 setting O_NONBLOCK
debug1: Authenticating to 192.168.2.11:22 as 'brinda.mc'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit: [email protected],ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchan1
debug2: kex_parse_kexinit: [email protected],[email protected],[email protected],ecdsa-sha2-nistp256,ecdsa-sa
debug2: kex_parse_kexinit: [email protected],aes128-ctr,aes192-ctr,aes256-ctr,[email protected],[email protected],arcfour256,arcfour128,aes128-cbc,3des-cbce
debug2: kex_parse_kexinit: [email protected],aes128-ctr,aes192-ctr,aes256-ctr,[email protected],[email protected],arcfour256,arcfour128,aes128-cbc,3des-cbce
debug2: kex_parse_kexinit: [email protected],[email protected],[email protected],[email protected],[email protected],umac-64@openssh6
debug2: kex_parse_kexinit: [email protected],[email protected],[email protected],[email protected],[email protected],umac-64@openssh6
debug2: kex_parse_kexinit: none,[email protected],zlib
debug2: kex_parse_kexinit: none,[email protected],zlib
debug2: kex_parse_kexinit: 
debug2: kex_parse_kexinit: 
debug2: first_kex_follows 0 
debug2: reserved 0 
debug2: kex_parse_kexinit: gss-gex-sha1-toWM5Slw5Ew8Mqkay+al2g==,gss-group1-sha1-toWM5Slw5Ew8Mqkay+al2g==,gss-group14-sha1-toWM5Slw5Ew8Mqkay+al2g==,[email protected],1
debug2: kex_parse_kexinit: ssh-rsa,ecdsa-sha2-nistp256,ssh-ed25519
debug2: kex_parse_kexinit: [email protected],aes128-ctr,aes192-ctr,aes256-ctr
debug2: kex_parse_kexinit: [email protected],aes128-ctr,aes192-ctr,aes256-ctr
debug2: kex_parse_kexinit: [email protected],[email protected],[email protected],[email protected],[email protected],umac-64@openssh1
debug2: kex_parse_kexinit: [email protected],[email protected],[email protected],[email protected],[email protected],umac-64@openssh1
debug2: kex_parse_kexinit: none,[email protected]
debug2: kex_parse_kexinit: none,[email protected]
debug2: kex_parse_kexinit: 
debug2: kex_parse_kexinit: 
debug2: first_kex_follows 0 
debug2: reserved 0 
debug1: kex: server->client [email protected] <implicit> none
debug1: kex: client->server [email protected] <implicit> none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:GAh4JM8Gft7dIgC7nqT+8k5LCpTFJ1hy6t20xQ+hcbc
debug1: Host '192.168.2.11' is known and matches the ECDSA host key.
debug1: Found key in /home/root/.ssh/known_hosts:1
debug2: set_newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug2: set_newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug2: key: /home/root/.ssh/id_rsa (0x12e5c18),
debug2: key: /home/root/.ssh/id_dsa ((nil)),
debug2: key: /home/root/.ssh/id_ecdsa ((nil)),
debug2: key: /home/root/.ssh/id_ed25519 ((nil)),
Ubuntu 12.04.5 LTS vmlxhi-079 ssh-pty

debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password,keyboard-interactive
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /home/root/.ssh/id_rsa
debug2: we sent a publickey packet, wait for reply
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password,keyboard-interactive
debug1: Trying private key: /home/root/.ssh/id_dsa
debug1: Trying private key: /home/root/.ssh/id_ecdsa
debug1: Trying private key: /home/root/.ssh/id_ed25519
debug2: we did not send a packet, disable method
debug1: Next authentication method: keyboard-interactive
debug2: userauth_kbdint
debug2: we sent a keyboard-interactive packet, wait for reply
debug2: input_userauth_info_req
debug2: input_userauth_info_req: num_prompts 1
Password:

Respuesta1

debe crear sus claves de manera diferente si desea que una clave funcione en varios hosts.

Por la forma en que creó las claves, solo son válidas para esa combinación de usuario/host. Podrás ir de A a B, de A a C, de A a D, si lo deseas, pero no podrás copiar id_rsa de A, ponerlo en C y luego esperar a realizar ssh de C a D. .

no están construidos así. por eso son seguros.

lea la página de manual nuevamente, especialmente la parte sobre certificados.

información relacionada