Eu gerei as chaves ssh usando ssh-keygen -t rsaum destino incorporado (imx6) e copiei a chave pública para a máquina host.
Máquina alvo IMX6: OpenSSH: IP 7.1p2: 192.168.2.31
Máquina hospedeira: OpenSSH: OpenSSH_5.9p1 IP: 192.168.2.11
Alvo A para Máquina B Tentei conectar o host do destino e funcionou bem. Encontre os registros abaixo.
mx6q:~# ssh [email protected] -vv
OpenSSH_7.1p2, OpenSSL 1.0.2g 1 Mar 2016
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 20: Applying options for *
debug2: ssh_connect: needpriv 0
debug1: Connecting to 192.168.2.11 [192.168.2.11] port 22.
debug1: Connection established.
debug1: permanently_set_uid: 0/0
debug1: identity file /home/root/.ssh/id_rsa type 1
debug1: key_load_public: No such file or directory
debug1: identity file /home/root/.ssh/id_rsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/root/.ssh/id_dsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/root/.ssh/id_dsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/root/.ssh/id_ecdsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/root/.ssh/id_ecdsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/root/.ssh/id_ed25519 type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/root/.ssh/id_ed25519-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_7.1
debug1: Remote protocol version 2.0, remote software version OpenSSH_7.1
debug1: match: OpenSSH_7.1 pat OpenSSH* compat 0x04000000
debug2: fd 4 setting O_NONBLOCK
debug1: Authenticating to 192.168.2.11:22 as 'pnallathambi'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit: [email protected],ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchan1
debug2: kex_parse_kexinit: [email protected],[email protected],[email protected],ecdsa-sha2-nistp256,ecdsa-sa
debug2: kex_parse_kexinit: [email protected],aes128-ctr,aes192-ctr,aes256-ctr,[email protected],[email protected],arcfour256,arcfour128,aes128-cbc,3des-cbce
debug2: kex_parse_kexinit: [email protected],aes128-ctr,aes192-ctr,aes256-ctr,[email protected],[email protected],arcfour256,arcfour128,aes128-cbc,3des-cbce
debug2: kex_parse_kexinit: [email protected],[email protected],[email protected],[email protected],[email protected],umac-64@openssh6
debug2: kex_parse_kexinit: [email protected],[email protected],[email protected],[email protected],[email protected],umac-64@openssh6
debug2: kex_parse_kexinit: none,[email protected],zlib
debug2: kex_parse_kexinit: none,[email protected],zlib
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: first_kex_follows 0
debug2: reserved 0
debug2: kex_parse_kexinit: gss-gex-sha1-toWM5Slw5Ew8Mqkay+al2g==,gss-group1-sha1-toWM5Slw5Ew8Mqkay+al2g==,gss-group14-sha1-toWM5Slw5Ew8Mqkay+al2g==,[email protected],1
debug2: kex_parse_kexinit: ssh-rsa,ecdsa-sha2-nistp256,ssh-ed25519
debug2: kex_parse_kexinit: [email protected],aes128-ctr,aes192-ctr,aes256-ctr
debug2: kex_parse_kexinit: [email protected],aes128-ctr,aes192-ctr,aes256-ctr
debug2: kex_parse_kexinit: [email protected],[email protected],[email protected],[email protected],[email protected],umac-64@openssh1
debug2: kex_parse_kexinit: [email protected],[email protected],[email protected],[email protected],[email protected],umac-64@openssh1
debug2: kex_parse_kexinit: none,[email protected]
debug2: kex_parse_kexinit: none,[email protected]
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: first_kex_follows 0
debug2: reserved 0
debug1: kex: server->client [email protected] <implicit> none
debug1: kex: client->server [email protected] <implicit> none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:6hGhaP5vujRRSDEE7e6unEHBXIkPgx9Q6f0U9zvXt1E
debug1: Host '192.168.2.11' is known and matches the ECDSA host key.
debug1: Found key in /home/root/.ssh/known_hosts:1
debug2: set_newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug2: set_newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug2: key: /home/root/.ssh/id_rsa (0x15e3c28),
debug2: key: /home/root/.ssh/id_dsa ((nil)),
debug2: key: /home/root/.ssh/id_ecdsa ((nil)),
debug2: key: /home/root/.ssh/id_ed25519 ((nil)),
Ubuntu 12.04.5 LTS vmlxhi-025 ssh-pty
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password,keyboard-interactive
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /home/root/.ssh/id_rsa
debug2: we sent a publickey packet, wait for reply
debug1: Server accepts key: pkalg ssh-rsa blen 279
debug2: input_userauth_pk_ok: fp SHA256:VaQIZBXXXq8H7m6Um+/hfEllTx3VsgygYZhwUd/i1dY
debug1: Authentication succeeded (publickey).
Authenticated to 192.168.2.11 ([192.168.2.11]:22).
debug1: channel 0: new [client-session]
debug2: channel 0: send open
debug1: Requesting [email protected]
debug1: Entering interactive session.
debug1: client_input_global_request: rtype [email protected] want_reply 0
debug2: callback start
debug1: X11 forwarding requested but DISPLAY not set
debug2: fd 4 setting TCP_NODELAY
debug2: client_session2_setup: id 0
debug2: channel 0: request pty-req confirm 1
debug2: channel 0: request shell confirm 1
debug2: callback done
debug2: channel 0: open confirm rwindow 0 rmax 32768
debug2: channel_input_status_confirm: type 99 id 0
debug2: PTY allocation request accepted on channel 0
debug2: channel 0: rcvd adjust 2097152
debug2: channel_input_status_confirm: type 99 id 0
debug2: shell request accepted on channel 0
Welcome to Ubuntu 12.04.5 LTS (GNU/Linux 3.13.0-95-generic x86_64)
* Documentation: https://help.ubuntu.com/
35 packages can be updated.
35 updates are security updates.
Your Hardware Enablement Stack (HWE) is supported until April 2017.
Last login: Fri Sep 23 15:42:05 2016 from 192.168.2.31
pnallathambi@vmlxhi-025:~$ exit
logout
debug1: client_input_channel_req: channel 0 rtype exit-status reply 0
debug1: client_input_channel_req: channel 0 rtype [email protected] reply 0
debug2: channel 0: rcvd eow
debug2: channel 0: close_read
debug2: channel 0: input open -> closed
debug2: channel 0: rcvd eof
debug2: channel 0: output open -> drain
debug2: channel 0: obuf empty
debug2: channel 0: close_write
debug2: channel 0: output drain -> closed
debug2: channel 0: rcvd close
debug2: channel 0: almost dead
debug2: channel 0: gc: notify user
debug2: channel 0: gc: user detached
debug2: channel 0: send close
debug2: channel 0: is dead
debug2: channel 0: garbage collecting
debug1: channel 0: free: client-session, nchannels 1
Connection to 192.168.2.11 closed.
Transferred: sent 3564, received 3364 bytes, in 2.7 seconds
Bytes per second: sent 1309.0, received 1235.5
debug1: Exit status 0
Alvo C para Máquina D: Copiei as mesmas chaves para outro par de máquinas, ou seja, outro destino, e adicionei a chave pública à máquina host conectada. Desta vez não funcionou e não consegui identificar o motivo.
Encontre os registros abaixo.
mx6q:/home/root# ssh [email protected] -vv
OpenSSH_7.1p2, OpenSSL 1.0.2g 1 Mar 2016
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 20: Applying options for *
debug2: ssh_connect: needpriv 0
debug1: Connecting to 192.168.2.11 [192.168.2.11] port 22.
debug1: Connection established.
debug1: permanently_set_uid: 0/0
debug1: identity file /home/root/.ssh/id_rsa type 1
debug1: key_load_public: No such file or directory
debug1: identity file /home/root/.ssh/id_rsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/root/.ssh/id_dsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/root/.ssh/id_dsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/root/.ssh/id_ecdsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/root/.ssh/id_ecdsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/root/.ssh/id_ed25519 type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/root/.ssh/id_ed25519-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_7.1
debug1: Remote protocol version 2.0, remote software version OpenSSH_7.1
debug1: match: OpenSSH_7.1 pat OpenSSH* compat 0x04000000
debug2: fd 4 setting O_NONBLOCK
debug1: Authenticating to 192.168.2.11:22 as 'brinda.mc'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit: [email protected],ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchan1
debug2: kex_parse_kexinit: [email protected],[email protected],[email protected],ecdsa-sha2-nistp256,ecdsa-sa
debug2: kex_parse_kexinit: [email protected],aes128-ctr,aes192-ctr,aes256-ctr,[email protected],[email protected],arcfour256,arcfour128,aes128-cbc,3des-cbce
debug2: kex_parse_kexinit: [email protected],aes128-ctr,aes192-ctr,aes256-ctr,[email protected],[email protected],arcfour256,arcfour128,aes128-cbc,3des-cbce
debug2: kex_parse_kexinit: [email protected],[email protected],[email protected],[email protected],[email protected],umac-64@openssh6
debug2: kex_parse_kexinit: [email protected],[email protected],[email protected],[email protected],[email protected],umac-64@openssh6
debug2: kex_parse_kexinit: none,[email protected],zlib
debug2: kex_parse_kexinit: none,[email protected],zlib
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: first_kex_follows 0
debug2: reserved 0
debug2: kex_parse_kexinit: gss-gex-sha1-toWM5Slw5Ew8Mqkay+al2g==,gss-group1-sha1-toWM5Slw5Ew8Mqkay+al2g==,gss-group14-sha1-toWM5Slw5Ew8Mqkay+al2g==,[email protected],1
debug2: kex_parse_kexinit: ssh-rsa,ecdsa-sha2-nistp256,ssh-ed25519
debug2: kex_parse_kexinit: [email protected],aes128-ctr,aes192-ctr,aes256-ctr
debug2: kex_parse_kexinit: [email protected],aes128-ctr,aes192-ctr,aes256-ctr
debug2: kex_parse_kexinit: [email protected],[email protected],[email protected],[email protected],[email protected],umac-64@openssh1
debug2: kex_parse_kexinit: [email protected],[email protected],[email protected],[email protected],[email protected],umac-64@openssh1
debug2: kex_parse_kexinit: none,[email protected]
debug2: kex_parse_kexinit: none,[email protected]
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: first_kex_follows 0
debug2: reserved 0
debug1: kex: server->client [email protected] <implicit> none
debug1: kex: client->server [email protected] <implicit> none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:GAh4JM8Gft7dIgC7nqT+8k5LCpTFJ1hy6t20xQ+hcbc
debug1: Host '192.168.2.11' is known and matches the ECDSA host key.
debug1: Found key in /home/root/.ssh/known_hosts:1
debug2: set_newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug2: set_newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug2: key: /home/root/.ssh/id_rsa (0x12e5c18),
debug2: key: /home/root/.ssh/id_dsa ((nil)),
debug2: key: /home/root/.ssh/id_ecdsa ((nil)),
debug2: key: /home/root/.ssh/id_ed25519 ((nil)),
Ubuntu 12.04.5 LTS vmlxhi-079 ssh-pty
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password,keyboard-interactive
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /home/root/.ssh/id_rsa
debug2: we sent a publickey packet, wait for reply
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password,keyboard-interactive
debug1: Trying private key: /home/root/.ssh/id_dsa
debug1: Trying private key: /home/root/.ssh/id_ecdsa
debug1: Trying private key: /home/root/.ssh/id_ed25519
debug2: we did not send a packet, disable method
debug1: Next authentication method: keyboard-interactive
debug2: userauth_kbdint
debug2: we sent a keyboard-interactive packet, wait for reply
debug2: input_userauth_info_req
debug2: input_userauth_info_req: num_prompts 1
Password:
Responder1
você terá que construir suas chaves de maneira diferente se quiser que uma chave funcione em vários hosts.
pela maneira como você construiu as chaves, elas são válidas apenas para essa combinação de usuário/host. você poderá ir de A para B, A para C, A para D, se quiser, mas não poderá copiar o id_rsa de A, colocá-lo em C e esperar fazer ssh de C para D .
eles não são construídos assim. é por isso que eles estão seguros.
leia a página de manual novamente, especialmente a parte sobre certificados.