OpenSSH가 설치된 CentOS 7 서버가 있는데 기본 목적은 SFTP 서버입니다. 개인/공개 키 인증 또는 비밀번호를 사용하여 이 서버에 연결하는 여러 클라이언트가 있는데 모두 잘 연결됩니다.
비밀번호와 개인/공개 키 조합으로 GlobalScape EFT 5.1을 사용하여 서버에 연결하는 특정 클라이언트가 있습니다.
그들이 우리에게 제공한 공개 키는 아래 주석으로 시작하며 여러 줄에 걸쳐 있습니다.
---- BEGIN SSH2 PUBLIC KEY ----
SSH-KEYGEN -i -f를 사용하여 공개 키를 변환하고 Authorized_keys 파일에 배치했습니다. 이제 한 줄에 있으며 ssh-rsa로 시작됩니다.
아래에 붙여넣은 로그를 보면 키를 사용하고 있다는 것을 인식하지 못하는 것 같습니다.
Sep 30 15:49:37 server14 sshd[11107]: debug3: oom_adjust_restore
Sep 30 15:49:37 server14 sshd[11107]: Set /proc/self/oom_score_adj to 0
Sep 30 15:49:37 server14 sshd[11107]: debug1: rexec start in 5 out 5 newsock 5 pipe 8 sock 9
Sep 30 15:49:37 server14 sshd[11107]: debug1: inetd sockets after dupping: 3, 3
Sep 30 15:49:37 server14 sshd[11107]: Connection from XXX.XXX.XXX.XXX port 4387
Sep 30 15:49:37 server14 sshd[11107]: debug1: Client protocol version 2.0; client software version GSSFTP1.0
Sep 30 15:49:37 server14 sshd[11107]: debug1: no match: GSSFTP1.0
Sep 30 15:49:37 server14 sshd[11107]: debug1: Enabling compatibility mode for protocol 2.0
Sep 30 15:49:37 server14 sshd[11107]: debug1: Local version string SSH-2.0-OpenSSH_5.3
Sep 30 15:49:37 server14 sshd[11107]: debug2: fd 3 setting O_NONBLOCK
Sep 30 15:49:37 server14 sshd[11107]: debug2: Network child is on pid 11108
Sep 30 15:49:37 server14 sshd[11107]: debug3: preauth child monitor started
Sep 30 15:49:37 server14 sshd[11107]: debug3: mm_request_receive entering
Sep 30 15:49:37 server14 sshd[11108]: debug3: privsep user:group 74:74
Sep 30 15:49:37 server14 sshd[11108]: debug1: permanently_set_uid: 74/74
Sep 30 15:49:37 server14 sshd[11108]: debug1: list_hostkey_types: ssh-rsa,ssh-dss
Sep 30 15:49:37 server14 sshd[11108]: debug1: SSH2_MSG_KEXINIT sent
Sep 30 15:49:37 server14 sshd[11108]: debug3: Wrote 840 bytes for a total of 861
Sep 30 15:49:37 server14 sshd[11108]: debug1: SSH2_MSG_KEXINIT received
Sep 30 15:49:37 server14 sshd[11108]: debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
Sep 30 15:49:37 server14 sshd[11108]: debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
Sep 30 15:49:37 server14 sshd[11108]: debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,[email protected]
Sep 30 15:49:37 server14 sshd[11108]: debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,[email protected]
Sep 30 15:49:37 server14 sshd[11108]: debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,[email protected],hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,[email protected],hmac-sha1-96,hmac-md5-96
Sep 30 15:49:37 server14 sshd[11108]: debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,[email protected],hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,[email protected],hmac-sha1-96,hmac-md5-96
Sep 30 15:49:37 server14 sshd[11108]: debug2: kex_parse_kexinit: none,[email protected]
Sep 30 15:49:37 server14 sshd[11108]: debug2: kex_parse_kexinit: none,[email protected]
Sep 30 15:49:37 server14 sshd[11108]: debug2: kex_parse_kexinit:
Sep 30 15:49:37 server14 sshd[11108]: debug2: kex_parse_kexinit:
Sep 30 15:49:37 server14 sshd[11108]: debug2: kex_parse_kexinit: first_kex_follows 0
Sep 30 15:49:37 server14 sshd[11108]: debug2: kex_parse_kexinit: reserved 0
Sep 30 15:49:37 server14 sshd[11108]: debug2: kex_parse_kexinit: diffie-hellman-group1-sha1
Sep 30 15:49:37 server14 sshd[11108]: debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
Sep 30 15:49:37 server14 sshd[11108]: debug2: kex_parse_kexinit: 3des-cbc,arcfour,cast128-cbc,twofish-cbc,blowfish-cbc
Sep 30 15:49:37 server14 sshd[11108]: debug2: kex_parse_kexinit: 3des-cbc,arcfour,cast128-cbc,twofish-cbc,blowfish-cbc
Sep 30 15:49:37 server14 sshd[11108]: debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-sha1-96,hmac-md5-96
Sep 30 15:49:37 server14 sshd[11108]: debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-sha1-96,hmac-md5-96
Sep 30 15:49:37 server14 sshd[11108]: debug2: kex_parse_kexinit: zlib,none
Sep 30 15:49:37 server14 sshd[11108]: debug2: kex_parse_kexinit: zlib,none
Sep 30 15:49:37 server14 sshd[11108]: debug2: kex_parse_kexinit:
Sep 30 15:49:37 server14 sshd[11108]: debug2: kex_parse_kexinit:
Sep 30 15:49:37 server14 sshd[11108]: debug2: kex_parse_kexinit: first_kex_follows 0
Sep 30 15:49:37 server14 sshd[11108]: debug2: kex_parse_kexinit: reserved 0
Sep 30 15:49:37 server14 sshd[11108]: debug2: mac_setup: found hmac-md5
Sep 30 15:49:37 server14 sshd[11108]: debug1: kex: client->server 3des-cbc hmac-md5 none
Sep 30 15:49:37 server14 sshd[11108]: debug3: mm_request_send entering: type 78
Sep 30 15:49:37 server14 sshd[11108]: debug3: mm_request_receive_expect entering: type 79
Sep 30 15:49:37 server14 sshd[11108]: debug3: mm_request_receive entering
Sep 30 15:49:37 server14 sshd[11107]: debug3: monitor_read: checking request 78
Sep 30 15:49:37 server14 sshd[11107]: debug3: mm_request_send entering: type 79
Sep 30 15:49:37 server14 sshd[11107]: debug3: mm_request_receive entering
Sep 30 15:49:37 server14 sshd[11108]: debug2: mac_setup: found hmac-md5
Sep 30 15:49:37 server14 sshd[11108]: debug1: kex: server->client 3des-cbc hmac-md5 none
Sep 30 15:49:37 server14 sshd[11108]: debug3: mm_request_send entering: type 78
Sep 30 15:49:37 server14 sshd[11108]: debug3: mm_request_receive_expect entering: type 79
Sep 30 15:49:37 server14 sshd[11108]: debug3: mm_request_receive entering
Sep 30 15:49:37 server14 sshd[11107]: debug3: monitor_read: checking request 78
Sep 30 15:49:37 server14 sshd[11107]: debug3: mm_request_send entering: type 79
Sep 30 15:49:37 server14 sshd[11107]: debug3: mm_request_receive entering
Sep 30 15:49:37 server14 sshd[11108]: debug2: dh_gen_key: priv key bits set: 208/384
Sep 30 15:49:37 server14 sshd[11108]: debug2: bits set: 502/1024
Sep 30 15:49:37 server14 sshd[11108]: debug1: expecting SSH2_MSG_KEXDH_INIT
Sep 30 15:49:37 server14 sshd[11108]: debug2: bits set: 539/1024
Sep 30 15:49:37 server14 sshd[11108]: debug3: mm_key_sign entering
Sep 30 15:49:37 server14 sshd[11108]: debug3: mm_request_send entering: type 5
Sep 30 15:49:37 server14 sshd[11108]: debug3: mm_key_sign: waiting for MONITOR_ANS_SIGN
Sep 30 15:49:37 server14 sshd[11108]: debug3: mm_request_receive_expect entering: type 6
Sep 30 15:49:37 server14 sshd[11108]: debug3: mm_request_receive entering
Sep 30 15:49:37 server14 sshd[11107]: debug3: monitor_read: checking request 5
Sep 30 15:49:37 server14 sshd[11107]: debug3: mm_answer_sign
Sep 30 15:49:37 server14 sshd[11107]: debug3: mm_answer_sign: signature 0x7fe361d8dbf0(271)
Sep 30 15:49:37 server14 sshd[11107]: debug3: mm_request_send entering: type 6
Sep 30 15:49:37 server14 sshd[11108]: debug2: kex_derive_keys
Sep 30 15:49:37 server14 sshd[11108]: debug2: set_newkeys: mode 1
Sep 30 15:49:37 server14 sshd[11108]: debug1: SSH2_MSG_NEWKEYS sent
Sep 30 15:49:37 server14 sshd[11108]: debug1: expecting SSH2_MSG_NEWKEYS
Sep 30 15:49:37 server14 sshd[11108]: debug3: Wrote 720 bytes for a total of 1581
Sep 30 15:49:37 server14 sshd[11107]: debug2: monitor_read: 5 used once, disabling now
Sep 30 15:49:37 server14 sshd[11107]: debug3: mm_request_receive entering
Sep 30 15:49:37 server14 sshd[11108]: debug2: set_newkeys: mode 0
Sep 30 15:49:37 server14 sshd[11108]: debug1: SSH2_MSG_NEWKEYS received
Sep 30 15:49:37 server14 sshd[11108]: debug1: KEX done
Sep 30 15:49:37 server14 sshd[11108]: debug3: Wrote 48 bytes for a total of 1629
Sep 30 15:49:37 server14 sshd[11108]: debug3: Received SSH2_MSG_IGNORE
Sep 30 15:49:37 server14 sshd[11108]: debug1: userauth-request for user SFTPUserName service ssh-connection method none
Sep 30 15:49:37 server14 sshd[11108]: debug1: attempt 0 failures 0
Sep 30 15:49:37 server14 sshd[11108]: debug3: mm_getpwnamallow entering
Sep 30 15:49:37 server14 sshd[11108]: debug3: mm_request_send entering: type 7
Sep 30 15:49:37 server14 sshd[11108]: debug3: mm_getpwnamallow: waiting for MONITOR_ANS_PWNAM
Sep 30 15:49:37 server14 sshd[11108]: debug3: mm_request_receive_expect entering: type 8
Sep 30 15:49:37 server14 sshd[11108]: debug3: mm_request_receive entering
Sep 30 15:49:37 server14 sshd[11107]: debug3: monitor_read: checking request 7
Sep 30 15:49:37 server14 sshd[11107]: debug3: mm_answer_pwnamallow
Sep 30 15:49:37 server14 sshd[11107]: debug3: Trying to reverse map address XXX.XXX.XXX.XXX.
Sep 30 15:49:37 server14 sshd[11107]: debug2: parse_server_config: config reprocess config len 901
Sep 30 15:49:37 server14 sshd[11107]: debug3: checking match for 'User SFTPUserName' user SFTPUserName host XXX.XXX.XXX.XXX addr XXX.XXX.XXX.XXX
Sep 30 15:49:37 server14 sshd[11107]: debug1: user ScotPower matched 'User SFTPUserName' at line 147
Sep 30 15:49:37 server14 sshd[11107]: debug3: match found
Sep 30 15:49:37 server14 sshd[11107]: debug3: reprocess config:148 setting ForceCommand internal-sftp
Sep 30 15:49:37 server14 sshd[11107]: debug3: reprocess config:149 setting AllowTCPForwarding no
Sep 30 15:49:37 server14 sshd[11107]: debug3: mm_answer_pwnamallow: sending MONITOR_ANS_PWNAM: 1
Sep 30 15:49:37 server14 sshd[11107]: debug3: mm_request_send entering: type 8
Sep 30 15:49:37 server14 sshd[11108]: debug2: input_userauth_request: setting up authctxt for SFTPUserName
Sep 30 15:49:37 server14 sshd[11108]: debug3: mm_start_pam entering
Sep 30 15:49:37 server14 sshd[11108]: debug3: mm_request_send entering: type 50
Sep 30 15:49:37 server14 sshd[11108]: debug3: mm_inform_authserv entering
Sep 30 15:49:37 server14 sshd[11108]: debug3: mm_request_send entering: type 3
Sep 30 15:49:37 server14 sshd[11108]: debug3: mm_inform_authrole entering
Sep 30 15:49:37 server14 sshd[11108]: debug3: mm_request_send entering: type 4
Sep 30 15:49:37 server14 sshd[11108]: debug2: input_userauth_request: try method none
Sep 30 15:49:37 server14 sshd[11108]: debug3: Wrote 80 bytes for a total of 1709
Sep 30 15:49:37 server14 sshd[11107]: debug2: monitor_read: 7 used once, disabling now
Sep 30 15:49:37 server14 sshd[11107]: debug3: mm_request_receive entering
Sep 30 15:49:37 server14 sshd[11107]: debug3: monitor_read: checking request 50
Sep 30 15:49:37 server14 sshd[11107]: debug1: PAM: initializing for "SFTPUserName"
Sep 30 15:49:37 server14 sshd[11107]: debug1: PAM: setting PAM_RHOST to "XXX.XXX.XXX.XXX"
Sep 30 15:49:37 server14 sshd[11107]: debug1: PAM: setting PAM_TTY to "ssh"
Sep 30 15:49:37 server14 sshd[11107]: debug2: monitor_read: 50 used once, disabling now
Sep 30 15:49:37 server14 sshd[11107]: debug3: mm_request_receive entering
Sep 30 15:49:37 server14 sshd[11107]: debug3: monitor_read: checking request 3
Sep 30 15:49:37 server14 sshd[11107]: debug3: mm_answer_authserv: service=ssh-connection, style=
Sep 30 15:49:37 server14 sshd[11107]: debug2: monitor_read: 3 used once, disabling now
Sep 30 15:49:37 server14 sshd[11107]: debug3: mm_request_receive entering
Sep 30 15:49:37 server14 sshd[11107]: debug3: monitor_read: checking request 4
Sep 30 15:49:37 server14 sshd[11107]: debug3: mm_answer_authrole: role=
Sep 30 15:49:37 server14 sshd[11107]: debug2: monitor_read: 4 used once, disabling now
Sep 30 15:49:37 server14 sshd[11107]: debug3: mm_request_receive entering
Sep 30 15:49:37 server14 sshd[11108]: debug3: Received SSH2_MSG_IGNORE
Sep 30 15:49:37 server14 sshd[11108]: debug1: userauth-request for user SFTPUserName service ssh-connection method password
Sep 30 15:49:37 server14 sshd[11108]: debug1: attempt 1 failures 0
Sep 30 15:49:37 server14 sshd[11108]: debug2: input_userauth_request: try method password
Sep 30 15:49:37 server14 sshd[11108]: debug3: mm_auth_password entering
Sep 30 15:49:37 server14 sshd[11108]: debug3: mm_request_send entering: type 11
Sep 30 15:49:37 server14 sshd[11108]: debug3: mm_auth_password: waiting for MONITOR_ANS_AUTHPASSWORD
Sep 30 15:49:37 server14 sshd[11108]: debug3: mm_request_receive_expect entering: type 12
Sep 30 15:49:37 server14 sshd[11108]: debug3: mm_request_receive entering
Sep 30 15:49:37 server14 sshd[11107]: debug3: monitor_read: checking request 11
Sep 30 15:49:37 server14 sshd[11107]: debug3: PAM: sshpam_passwd_conv called with 1 messages
Sep 30 15:49:37 server14 sshd[11107]: debug1: PAM: password authentication accepted for SFTPUserName
Sep 30 15:49:37 server14 sshd[11107]: debug3: mm_answer_authpassword: sending result 1
Sep 30 15:49:37 server14 sshd[11107]: debug3: mm_request_send entering: type 12
Sep 30 15:49:37 server14 sshd[11107]: debug3: mm_request_receive_expect entering: type 51
Sep 30 15:49:37 server14 sshd[11107]: debug3: mm_request_receive entering
Sep 30 15:49:37 server14 sshd[11108]: debug3: mm_auth_password: user authenticated
Sep 30 15:49:37 server14 sshd[11108]: debug3: mm_do_pam_account entering
Sep 30 15:49:37 server14 sshd[11108]: debug3: mm_request_send entering: type 51
Sep 30 15:49:37 server14 sshd[11108]: debug3: mm_request_receive_expect entering: type 52
Sep 30 15:49:37 server14 sshd[11108]: debug3: mm_request_receive entering
Sep 30 15:49:37 server14 sshd[11107]: debug1: do_pam_account: called
Sep 30 15:49:37 server14 sshd[11107]: debug3: PAM: do_pam_account pam_acct_mgmt = 0 (Success)
Sep 30 15:49:37 server14 sshd[11107]: debug3: mm_request_send entering: type 52
Sep 30 15:49:37 server14 sshd[11107]: Accepted password for SFTPUserName from XXX.XXX.XXX.XXX port 4387 ssh2
Sep 30 15:49:37 server14 sshd[11108]: debug3: mm_do_pam_account returning 1
Sep 30 15:49:37 server14 sshd[11107]: debug1: monitor_child_preauth: SFTPUserName has been authenticated by privileged process
Sep 30 15:49:37 server14 sshd[11107]: debug3: mm_get_keystate: Waiting for new keys
Sep 30 15:49:37 server14 sshd[11108]: debug3: Wrote 32 bytes for a total of 1741
Sep 30 15:49:37 server14 sshd[11107]: debug3: mm_request_receive_expect entering: type 25
Sep 30 15:49:37 server14 sshd[11108]: debug3: mm_send_keystate: Sending new keys: 0x7fe361d8d950 0x7fe361d8ebf0
Sep 30 15:49:37 server14 sshd[11108]: debug3: mm_newkeys_to_blob: converting 0x7fe361d8d950
Sep 30 15:49:37 server14 sshd[11107]: debug3: mm_request_receive entering
Sep 30 15:49:37 server14 sshd[11108]: debug3: mm_newkeys_to_blob: converting 0x7fe361d8ebf0
Sep 30 15:49:37 server14 sshd[11108]: debug3: mm_send_keystate: New keys have been sent
Sep 30 15:49:37 server14 sshd[11108]: debug3: mm_send_keystate: Sending compression state
Sep 30 15:49:37 server14 sshd[11108]: debug3: mm_request_send entering: type 25
Sep 30 15:49:37 server14 sshd[11108]: debug3: mm_send_keystate: Finished sending state
Sep 30 15:49:37 server14 sshd[11108]: debug3: mm_request_send entering: type 80
Sep 30 15:49:37 server14 sshd[11108]: debug3: mm_request_receive_expect entering: type 81
Sep 30 15:49:37 server14 sshd[11108]: debug3: mm_request_receive entering
Sep 30 15:49:37 server14 sshd[11107]: debug3: mm_newkeys_from_blob: 0x7fe361da19f0(120)
Sep 30 15:49:37 server14 sshd[11107]: debug2: mac_setup: found hmac-md5
Sep 30 15:49:37 server14 sshd[11107]: debug3: mm_get_keystate: Waiting for second key
Sep 30 15:49:37 server14 sshd[11107]: debug3: mm_newkeys_from_blob: 0x7fe361da19f0(120)
Sep 30 15:49:37 server14 sshd[11107]: debug2: mac_setup: found hmac-md5
Sep 30 15:49:37 server14 sshd[11107]: debug3: mm_get_keystate: Getting compression state
Sep 30 15:49:37 server14 sshd[11107]: debug3: mm_get_keystate: Getting Network I/O buffers
Sep 30 15:49:37 server14 sshd[11107]: debug3: mm_request_receive_expect entering: type 80
Sep 30 15:49:37 server14 sshd[11107]: debug3: mm_request_receive entering
Sep 30 15:49:37 server14 sshd[11107]: debug3: mm_request_send entering: type 81
Sep 30 15:49:37 server14 sshd[11107]: debug3: mm_share_sync: Share sync
Sep 30 15:49:37 server14 sshd[11107]: debug3: mm_share_sync: Share sync end
Sep 30 15:49:37 server14 sshd[11107]: debug1: temporarily_use_uid: 504/504 (e=0/0)
Sep 30 15:49:37 server14 sshd[11107]: debug1: ssh_gssapi_storecreds: Not a GSSAPI mechanism
Sep 30 15:49:37 server14 sshd[11107]: debug1: restore_uid: 0/0
Sep 30 15:49:37 server14 sshd[11107]: debug1: SELinux support disabled
Sep 30 15:49:37 server14 sshd[11107]: debug1: PAM: establishing credentials
Sep 30 15:49:37 server14 sshd[11107]: debug3: PAM: opening session
Sep 30 15:49:37 server14 sshd[11107]: debug1: temporarily_use_uid: 504/504 (e=0/0)
Sep 30 15:49:37 server14 sshd[11107]: debug1: ssh_gssapi_storecreds: Not a GSSAPI mechanism
Sep 30 15:49:37 server14 sshd[11107]: debug1: restore_uid: 0/0
Sep 30 15:49:37 server14 sshd[11107]: User child is on pid 11109
Sep 30 15:49:37 server14 sshd[11107]: debug3: mm_request_receive entering
Sep 30 15:49:37 server14 sshd[11109]: debug1: PAM: establishing credentials
Sep 30 15:49:37 server14 sshd[11109]: debug1: permanently_set_uid: 504/504
Sep 30 15:49:37 server14 sshd[11109]: debug2: set_newkeys: mode 0
Sep 30 15:49:37 server14 sshd[11109]: debug2: set_newkeys: mode 1
Sep 30 15:49:37 server14 sshd[11109]: debug1: Entering interactive session for SSH2.
Sep 30 15:49:37 server14 sshd[11109]: debug2: fd 5 setting O_NONBLOCK
Sep 30 15:49:37 server14 sshd[11109]: debug2: fd 6 setting O_NONBLOCK
Sep 30 15:49:37 server14 sshd[11109]: debug1: server_init_dispatch_20
Sep 30 15:49:37 server14 sshd[11109]: debug1: server_input_channel_open: ctype session rchan 0 win 100000 max 8192
Sep 30 15:49:37 server14 sshd[11109]: debug1: input_session_request
Sep 30 15:49:37 server14 sshd[11109]: debug1: channel 0: new [server-session]
Sep 30 15:49:37 server14 sshd[11109]: debug2: session_new: allocate (allocated 0 max 10)
Sep 30 15:49:37 server14 sshd[11109]: debug3: session_unused: session id 0 unused
Sep 30 15:49:37 server14 sshd[11109]: debug1: session_new: session 0
Sep 30 15:49:37 server14 sshd[11109]: debug1: session_open: channel 0
Sep 30 15:49:37 server14 sshd[11109]: debug1: session_open: session 0: link with channel 0
Sep 30 15:49:37 server14 sshd[11109]: debug1: server_input_channel_open: confirm session
Sep 30 15:49:37 server14 sshd[11109]: debug3: Wrote 48 bytes for a total of 1789
Sep 30 15:49:37 server14 sshd[11109]: debug1: server_input_channel_req: channel 0 request subsystem reply 1
Sep 30 15:49:37 server14 sshd[11109]: debug1: session_by_channel: session 0 channel 0
Sep 30 15:49:37 server14 sshd[11109]: debug1: session_input_channel_req: session 0 req subsystem
Sep 30 15:49:37 server14 sshd[11109]: subsystem request for sftp
Sep 30 15:49:37 server14 sshd[11109]: debug1: subsystem: exec() internal-sftp -l DEBUG3 -f AUTH
Sep 30 15:49:37 server14 sshd[11109]: debug1: Forced command (config) 'internal-sftp'
Sep 30 15:49:37 server14 sshd[11109]: debug3: mm_audit_run_command entering command internal-sftp
Sep 30 15:49:37 server14 sshd[11109]: debug3: mm_request_send entering: type 62
Sep 30 15:49:37 server14 sshd[11109]: debug3: mm_request_receive_expect entering: type 63
Sep 30 15:49:37 server14 sshd[11109]: debug3: mm_request_receive entering
Sep 30 15:49:37 server14 sshd[11107]: debug3: monitor_read: checking request 62
Sep 30 15:49:37 server14 sshd[11107]: debug3: mm_answer_audit_command entering
Sep 30 15:49:37 server14 sshd[11107]: debug2: session_new: allocate (allocated 0 max 10)
Sep 30 15:49:37 server14 sshd[11107]: debug3: session_unused: session id 0 unused
Sep 30 15:49:37 server14 sshd[11107]: debug1: session_new: session 0
Sep 30 15:49:37 server14 sshd[11107]: debug3: mm_request_send entering: type 63
Sep 30 15:49:37 server14 sshd[11107]: debug3: mm_request_receive entering
Sep 30 15:49:37 server14 sshd[11109]: debug2: fd 3 setting TCP_NODELAY
Sep 30 15:49:37 server14 sshd[11109]: debug2: fd 9 setting O_NONBLOCK
Sep 30 15:49:37 server14 sshd[11109]: debug2: fd 8 setting O_NONBLOCK
Sep 30 15:49:37 server14 sshd[11109]: debug2: fd 11 setting O_NONBLOCK
Sep 30 15:49:37 server14 sshd[11109]: debug3: Wrote 72 bytes for a total of 1861
Sep 30 15:49:37 server14 sshd[11109]: debug3: Wrote 136 bytes for a total of 1997
Sep 30 15:49:47 server14 sshd[11109]: Connection closed by XXX.XXX.XXX.XXX
Sep 30 15:49:47 server14 sshd[11109]: debug1: channel 0: free: server-session, nchannels 1
Sep 30 15:49:47 server14 sshd[11109]: debug3: channel 0: status: The following connections are open:\r\n #0 server-session (t4 r0 i0/0 o0/0 fd 9/8 cc -1)\r\n
Sep 30 15:49:47 server14 sshd[11109]: debug3: channel 0: close_fds r 9 w 8 e 11
Sep 30 15:49:47 server14 sshd[11109]: debug1: session_close: session 0 pid 11110
Sep 30 15:49:47 server14 sshd[11109]: debug3: mm_audit_end_command entering command internal-sftp
Sep 30 15:49:47 server14 sshd[11109]: debug3: mm_request_send entering: type 64
Sep 30 15:49:47 server14 sshd[11109]: debug3: session_unused: session id 0 unused
Sep 30 15:49:47 server14 sshd[11109]: debug1: do_cleanup
Sep 30 15:49:47 server14 sshd[11109]: debug3: PAM: sshpam_thread_cleanup entering
Sep 30 15:49:47 server14 sshd[11109]: debug3: mm_request_send entering: type 80
Sep 30 15:49:47 server14 sshd[11109]: debug3: mm_request_receive_expect entering: type 81
Sep 30 15:49:47 server14 sshd[11109]: debug3: mm_request_receive entering
Sep 30 15:49:47 server14 sshd[11107]: debug3: monitor_read: checking request 64
Sep 30 15:49:47 server14 sshd[11107]: debug3: mm_answer_audit_end_command entering
Sep 30 15:49:47 server14 sshd[11107]: debug3: mm_session_close: session 0 pid 0
Sep 30 15:49:47 server14 sshd[11107]: debug3: mm_session_close: command 0
Sep 30 15:49:47 server14 sshd[11107]: debug3: session_unused: session id 0 unused
Sep 30 15:49:47 server14 sshd[11107]: debug3: mm_request_receive entering
Sep 30 15:49:47 server14 sshd[11107]: debug3: monitor_read: checking request 80
Sep 30 15:49:47 server14 sshd[11107]: debug3: mm_request_send entering: type 81
Sep 30 15:49:47 server14 sshd[11107]: debug3: mm_request_receive entering
Sep 30 15:49:47 server14 sshd[11109]: Transferred: sent 1864, received 2744 bytes
Sep 30 15:49:47 server14 sshd[11109]: Closing connection to XXX.XXX.XXX.XXX port 4387
Sep 30 15:49:47 server14 sshd[11109]: debug3: mm_audit_event entering
Sep 30 15:49:47 server14 sshd[11109]: debug3: mm_request_send entering: type 61
Sep 30 15:49:47 server14 sshd[11107]: debug3: monitor_read: checking request 61
Sep 30 15:49:47 server14 sshd[11109]: debug3: mm_request_send entering: type 65
Sep 30 15:49:47 server14 sshd[11107]: debug3: mm_answer_audit_event entering
Sep 30 15:49:47 server14 sshd[11107]: debug3: mm_request_receive entering
Sep 30 15:49:47 server14 sshd[11107]: debug3: monitor_read: checking request 65
Sep 30 15:49:47 server14 sshd[11107]: debug3: mm_answer_term: tearing down sessions
Sep 30 15:49:47 server14 sshd[11107]: debug1: PAM: cleanup
Sep 30 15:49:47 server14 sshd[11107]: debug1: PAM: closing session
Sep 30 15:49:47 server14 sshd[11107]: debug1: PAM: deleting credentials
최근에 CentOS6에서 7로 서버를 업그레이드했고 CentOS6에서 작동하는 데 사용된 연결을 추가해야 합니다. 제가 아는 한 구성은 동일합니다.
다음은 현재 우리가 사용하고 있는 sshd_config 파일입니다.
# $OpenBSD: sshd_config,v 1.80 2008/07/02 02:24:18 djm Exp $
# This is the sshd server system-wide configuration file. See
# sshd_config(5) for more information.
# This sshd was compiled with PATH=/usr/local/bin:/bin:/usr/bin
# The strategy used for options in the default sshd_config shipped with
# OpenSSH is to specify options with their default value where
# possible, but leave them commented. Uncommented options change a
# default value.
#Port 22
#AddressFamily any
#ListenAddress 0.0.0.0
#ListenAddress ::
# Disable legacy (protocol version 1) support in the server for new
# installations. In future the default will change to require explicit
# activation of protocol 1
Protocol 2
# HostKey for protocol version 1
#HostKey /etc/ssh/ssh_host_key
# HostKeys for protocol version 2
#HostKey /etc/ssh/ssh_host_rsa_key
#HostKey /etc/ssh/ssh_host_dsa_key
# Lifetime and size of ephemeral version 1 server key
#KeyRegenerationInterval 1h
#ServerKeyBits 1024
# Logging
# obsoletes QuietMode and FascistLogging
SyslogFacility AUTH
SyslogFacility AUTHPRIV
LogLevel DEBUG3
# Authentication:
#LoginGraceTime 2m
#PermitRootLogin yes
#StrictModes yes
#MaxAuthTries 6
#MaxSessions 10
RSAAuthentication yes
PubkeyAuthentication yes
AuthorizedKeysFile %h/.ssh/authorized_keys
#AuthorizedKeysCommand none
#AuthorizedKeysCommandRunAs nobody
# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
#RhostsRSAAuthentication no
# similar for protocol version 2
#HostbasedAuthentication no
# Change to yes if you don't trust ~/.ssh/known_hosts for
# RhostsRSAAuthentication and HostbasedAuthentication
#IgnoreUserKnownHosts no
# Don't read the user's ~/.rhosts and ~/.shosts files
#IgnoreRhosts yes
# To disable tunneled clear text passwords, change to no here!
PasswordAuthentication yes
#PermitEmptyPasswords no
# Change to no to disable s/key passwords
ChallengeResponseAuthentication no
# Kerberos options
#KerberosAuthentication no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes
#KerberosGetAFSToken no
#KerberosUseKuserok yes
# GSSAPI options
#GSSAPIAuthentication no
GSSAPIAuthentication yes
#GSSAPICleanupCredentials yes
GSSAPICleanupCredentials yes
#GSSAPIStrictAcceptorCheck yes
#GSSAPIKeyExchange no
# Set this to 'yes' to enable PAM authentication, account processing,
# and session processing. If this is enabled, PAM authentication will
# be allowed through the ChallengeResponseAuthentication and
# PasswordAuthentication. Depending on your PAM configuration,
# PAM authentication via ChallengeResponseAuthentication may bypass
# the setting of "PermitRootLogin without-password".
# If you just want the PAM account and session checks to run without
# PAM authentication, then enable this but set PasswordAuthentication
# and ChallengeResponseAuthentication to 'no'.
#UsePAM no
UsePAM yes
# Accept locale-related environment variables
AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE
AcceptEnv XMODIFIERS
#AllowAgentForwarding yes
#AllowTcpForwarding yes
#GatewayPorts no
#X11Forwarding no
X11Forwarding yes
#X11DisplayOffset 10
#X11UseLocalhost yes
#PrintMotd yes
#PrintLastLog yes
#TCPKeepAlive yes
#UseLogin no
#UsePrivilegeSeparation yes
#PermitUserEnvironment no
#Compression delayed
#ClientAliveInterval 0
ClientAliveCountMax 10
#ShowPatchLevel no
#UseDNS yes
#PidFile /var/run/sshd.pid
#MaxStartups 10:30:100
PermitTunnel yes
#ChrootDirectory none
# no default banner path
#Banner none
# override default of no subsystems
Subsystem sftp internal-sftp -l VERBOSE -f AUTH
# Example of overriding settings on a per-user basis
#Match User anoncvs
# X11Forwarding no
# AllowTcpForwarding no
# ForceCommand cvs server
# tail /etc/ssh/sshd_config
Match User SFTPUserName
ForceCommand internal-sftp
AllowTCPForwarding no
답변1
서버 로그에는 인증 방법이 사용되지 않으므로 pubkey클라이언트가 키를 보내지 않는다고 비난하고 싶습니다.
클라이언트가 이전에 들어본 적이 없는 일부 비표준 소프트웨어를 사용하고 있기 때문에 centos6 릴리스 이후 한쪽 또는 다른 쪽에서 약간의 비호환성이 나타날 수 있습니다.
업데이트 중최신 버전의 클라이언트가 도움이 될 것입니다. EFT 5.1은 8년이 되었습니다!