[technique] Question SSH depuis Ubuntu LTS 16.04 vers X via clé ssh

Matthieu Herrb matthieu at herrb.eu
Sam 21 Jan 11:09:17 CET 2017 

On Fri, Jan 20, 2017 at 03:05:30PM +0000, Hugo SIMANCAS via technique wrote:
> Bonjour,
> 
> J'ai installé Ubuntu lts 16.05 sur mon pc.
> J'avais l'habitude de me connecter à mes serveurs par ssh via des échanges de clés. Ça ne marche plus ... j'ai pourtant remplacé le id_rsa et id_rsa.pub que j'avais préalablement sauvegardé de mon ancient PC.
> Avez vous une idée ?

Tu as touché à ~/.ssh/authorized_keys sur le serveur ?

Il semblerait d'après ton log que le client ssh de ton nouvel Ubuntu
envoie bien la clé RSA au serveur, mais que celui-ci ne l'accepte
pas.

Si tu as accès au serveur par ailleurs, regarde dans /var/log/authlog
(ou équivalent) pour tenter de comprendre pourquoi la clé rsa est
refusée. Comme l'a suggéré tontonth, ça peut être un problème de
droits sur l'un des répertoires qui amènent à ~/.ssh/authorized_keys.

Ou alors tu as mélangé les clés  et la clé publique qui est dans
~/.ssh/authorized_keys sur le serveur ne correspond pas à la clé
privée que tu as récupérée de l'ancien PC.

> 
> Merci d'avance
> 
> hsimancas at HCKL010:~$ ssh root at 10.231.42.123 -v
> OpenSSH_7.2p2 Ubuntu-4ubuntu2.1, OpenSSL 1.0.2g  1 Mar 2016
> debug1: Reading configuration data /etc/ssh/ssh_config
> debug1: /etc/ssh/ssh_config line 19: Applying options for *
> debug1: Connecting to 10.231.42.123 [10.231.42.123] port 22.
> debug1: Connection established.
> debug1: identity file /home/hsimancas/.ssh/id_rsa type 1
> debug1: key_load_public: No such file or directory
> debug1: identity file /home/hsimancas/.ssh/id_rsa-cert type -1
> debug1: key_load_public: No such file or directory
> debug1: identity file /home/hsimancas/.ssh/id_dsa type -1
> debug1: key_load_public: No such file or directory
> debug1: identity file /home/hsimancas/.ssh/id_dsa-cert type -1
> debug1: key_load_public: No such file or directory
> debug1: identity file /home/hsimancas/.ssh/id_ecdsa type -1
> debug1: key_load_public: No such file or directory
> debug1: identity file /home/hsimancas/.ssh/id_ecdsa-cert type -1
> debug1: key_load_public: No such file or directory
> debug1: identity file /home/hsimancas/.ssh/id_ed25519 type -1
> debug1: key_load_public: No such file or directory
> debug1: identity file /home/hsimancas/.ssh/id_ed25519-cert type -1
> debug1: Enabling compatibility mode for protocol 2.0
> debug1: Local version string SSH-2.0-OpenSSH_7.2p2 Ubuntu-4ubuntu2.1
> debug1: Remote protocol version 2.0, remote software version OpenSSH_6.7p1 Debian-5+deb8u3
> debug1: match: OpenSSH_6.7p1 Debian-5+deb8u3 pat OpenSSH* compat 0x04000000
> debug1: Authenticating to 10.231.42.123:22 as 'root'
> debug1: SSH2_MSG_KEXINIT sent
> debug1: SSH2_MSG_KEXINIT received
> debug1: kex: algorithm: curve25519-sha256 at libssh.org
> debug1: kex: host key algorithm: ecdsa-sha2-nistp256
> debug1: kex: server->client cipher: chacha20-poly1305 at openssh.com MAC: <implicit> compression: none
> debug1: kex: client->server cipher: chacha20-poly1305 at openssh.com MAC: <implicit> compression: none
> debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
> debug1: Server host key: ecdsa-sha2-nistp256 SHA256:q10Dsvh0j8hvIqOemMbUHzSnHbQa6OCg342T5kUU6Is
> debug1: Host '10.231.42.123' is known and matches the ECDSA host key.
> debug1: Found key in /home/hsimancas/.ssh/known_hosts:14
> debug1: rekey after 134217728 blocks
> debug1: SSH2_MSG_NEWKEYS sent
> debug1: expecting SSH2_MSG_NEWKEYS
> debug1: rekey after 134217728 blocks
> debug1: SSH2_MSG_NEWKEYS received
> debug1: SSH2_MSG_SERVICE_ACCEPT received
> debug1: Authentications that can continue: publickey,password
> debug1: Next authentication method: publickey
> debug1: Offering RSA public key: /home/hsimancas/.ssh/id_rsa
> debug1: Authentications that can continue: publickey,password
> debug1: Trying private key: /home/hsimancas/.ssh/id_dsa
> debug1: Trying private key: /home/hsimancas/.ssh/id_ecdsa
> debug1: Trying private key: /home/hsimancas/.ssh/id_ed25519
> debug1: Next authentication method: password
> root at 10.231.42.123's password:
> 
> 
> simancas at HCKL010:~/.ssh$ ll
> total 24
> drwx------  2 hsimancas hsimancas 4096 janv. 20 16:04 ./
> drwxr-xr-x 33 hsimancas hsimancas 4096 janv. 20 14:32 ../
> -rw-rw-r--  1 hsimancas hsimancas    0 janv. 20 16:04 client
> -rw-------  1 hsimancas hsimancas 1679 janv. 20 15:46 id_rsa
> -rw-r--r--  1 hsimancas hsimancas  399 janv. 20 15:46 id_rsa.pub
> -rw-r--r--  1 hsimancas hsimancas 4430 janv. 20 15:54 known_hosts
> -rw-rw-r--  1 hsimancas hsimancas    0 janv. 20 16:04 server

> _______________________________________________
> technique mailing list
> technique at lists.tetaneutral.net
> http://lists.tetaneutral.net/listinfo/technique


-- 
Matthieu Herrb
-------------- section suivante --------------
Une pièce jointe autre que texte a été nettoyée...
Nom: signature.asc
Type: application/pgp-signature
Taille: 793 octets
Desc: non disponible
URL: <http://lists.tetaneutral.net/pipermail/technique/attachments/20170121/4a2f41f1/attachment.sig>

Plus d'informations sur la liste de diffusion technique