Contenu | Rechercher | Menus

Annonce

Si vous avez des soucis pour rester connecté, déconnectez-vous puis reconnectez-vous depuis ce lien en cochant la case
Me connecter automatiquement lors de mes prochaines visites.

À propos de l'équipe du forum.

Pages : 1

#1 Le 17/08/2015, à 14:41

PengouinPdt

[RESOLU] SSH Pb de connexion

Bonjour,

Après une saine lecture à-propos de SSH, et d'utiliser/générer des clés plus sécurisées, telles qu'utiliser l'algo ED25519, et le protocole PKBDF, je me retrouve avec le problème de connexion suivant :

=> une première clé RSA, fonctionnant sans aucun soucis.
=> une première clé RSA, transformée pour utiliser PKBDF,
=> une première clé ED25519, générée avec PKBDF,

Pour la première clé RSA, le  fichier de config du serveur SSH - v6.6 sous Debian -, était basiquement configuré.
Suite à ladite lecture, j'ai configuré autant le fichier sshd_config, que mon fichier personnel ~/.ssh/config, avec entres autres les déclarations suivantes :

	Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr
	KexAlgorithms curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256
	MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com

Avec la première clé RSA, je n'ai pas de soucis de connexion, et le message d'information de connexion dans le log d'auth. 

user@ptb-user:~/.ssh$ ssh -v srvr
OpenSSH_6.6.1, OpenSSL 1.0.1f 6 Jan 2014
debug1: Reading configuration data /home/user/.ssh/config
debug1: /home/user/.ssh/config line 1: Applying options for *
debug1: /home/user/.ssh/config line 13: Applying options for srvr
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug1: Hostname has changed; re-reading configuration
debug1: Reading configuration data /home/user/.ssh/config
debug1: /home/user/.ssh/config line 1: Applying options for *
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug1: Connecting to 192.168.xyz.abc [192.168.xyz.abc] port 2x.
debug1: Connection established.
debug1: identity file /home/user/.ssh/id_rsa type 1
debug1: identity file /home/user/.ssh/id_rsa-cert type -1
debug1: identity file /home/user/.ssh/id_dsa type -1
debug1: identity file /home/user/.ssh/id_dsa-cert type -1
debug1: identity file /home/user/.ssh/id_ecdsa type -1
debug1: identity file /home/user/.ssh/id_ecdsa-cert type -1
debug1: identity file /home/user/.ssh/id_ed25519 type 4
debug1: identity file /home/user/.ssh/id_ed25519-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.6.1p1 Ubuntu-2ubuntu2
debug1: Remote protocol version 2.0, remote software version OpenSSH_6.7p1
debug1: match: OpenSSH_6.7p1 pat OpenSSH* compat 0x04000000
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client chacha20-poly1305@openssh.com <implicit> none
debug1: kex: client->server chacha20-poly1305@openssh.com <implicit> none
debug1: sending SSH2_MSG_KEX_ECDH_INIT
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ED25519 10:19:49:61:3e:63:38:b0:74:62:d0:46:fd:ce:ef:c7
debug1: Host '[192.168.xyz.abc]:2x' is known and matches the ED25519 host key.
debug1: Found key in /home/user/.ssh/known_hosts:18
debug1: ssh_ed25519_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
Debian GNU/Linux 8
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /home/user/.ssh/id_rsa
debug1: Server accepts key: pkalg ssh-rsa blen 279
debug1: key_parse_private2: missing begin marker
debug1: key_parse_private_pem: PEM_read_PrivateKey failed
debug1: read PEM private key done: type <unknown>
Enter passphrase for key '/home/user/.ssh/id_rsa': 
debug1: key_parse_private2: missing begin marker
debug1: read PEM private key done: type RSA
debug1: Authentication succeeded (publickey).
Authenticated to 192.168.xyz.abc ([192.168.xyz.abc]:2x).
debug1: channel 0: new [client-session]
debug1: Requesting no-more-sessions@openssh.com
debug1: Entering interactive session.
debug1: Sending environment.
debug1: Sending env LC_PAPER = fr_FR.UTF-8
debug1: Sending env LC_ADDRESS = fr_FR.UTF-8
debug1: Sending env LC_MONETARY = fr_FR.UTF-8
debug1: Sending env LC_NUMERIC = fr_FR.UTF-8
debug1: Sending env LC_TELEPHONE = fr_FR.UTF-8
debug1: Sending env LC_IDENTIFICATION = fr_FR.UTF-8
debug1: Sending env LANG = fr_FR.UTF-8
debug1: Sending env LC_MEASUREMENT = fr_FR.UTF-8
debug1: Sending env LC_TIME = fr_FR.UTF-8
debug1: Sending env LC_NAME = fr_FR.UTF-8
Last login: Sun Aug 16 00:48:19 2015 from 192.168.47.200
user@srvr:~$ exit
déconnexion
debug1: client_input_channel_req: channel 0 rtype exit-status reply 0
debug1: client_input_channel_req: channel 0 rtype eow@openssh.com reply 0
debug1: channel 0: free: client-session, nchannels 1
Connection to 192.168.xyz.abc closed.
Transferred: sent 3172, received 1704 bytes, in 15.9 seconds
Bytes per second: sent 199.7, received 107.3
debug1: Exit status 0

Avec la clé RSA transformée, ainsi que la clé ED25519, aucune connexion possible, sans aucun message, ni de succés, ni d'échec, dans le log d'auth.

user@ptb-user:~/.ssh$ ssh -v srvr
OpenSSH_6.6.1, OpenSSL 1.0.1f 6 Jan 2014
debug1: Reading configuration data /home/user/.ssh/config
debug1: /home/user/.ssh/config line 1: Applying options for *
debug1: /home/user/.ssh/config line 13: Applying options for srvr
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug1: Hostname has changed; re-reading configuration
debug1: Reading configuration data /home/user/.ssh/config
debug1: /home/user/.ssh/config line 1: Applying options for *
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug1: Connecting to 192.168.xyz.abc [192.168.xyz.abc] port 2x.
debug1: Connection established.
debug1: identity file /home/user/.ssh/id_rsa type 1
debug1: identity file /home/user/.ssh/id_rsa-cert type -1
debug1: identity file /home/user/.ssh/id_dsa type -1
debug1: identity file /home/user/.ssh/id_dsa-cert type -1
debug1: identity file /home/user/.ssh/id_ecdsa type -1
debug1: identity file /home/user/.ssh/id_ecdsa-cert type -1
debug1: identity file /home/user/.ssh/id_ed25519 type 4
debug1: identity file /home/user/.ssh/id_ed25519-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.6.1p1 Ubuntu-2ubuntu2
debug1: Remote protocol version 2.0, remote software version OpenSSH_6.7p1
debug1: match: OpenSSH_6.7p1 pat OpenSSH* compat 0x04000000
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client chacha20-poly1305@openssh.com <implicit> none
debug1: kex: client->server chacha20-poly1305@openssh.com <implicit> none
debug1: sending SSH2_MSG_KEX_ECDH_INIT
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ED25519 10:19:49:61:3e:63:38:b0:74:62:d0:46:fd:ce:ef:c7
debug1: Host '[192.168.xyz.abc]:2x' is known and matches the ED25519 host key.
debug1: Found key in /home/user/.ssh/known_hosts:18
debug1: ssh_ed25519_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
Debian GNU/Linux 8
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /home/user/.ssh/id_rsa
debug1: Server accepts key: pkalg ssh-rsa blen 279
debug1: key_parse_private_pem: PEM_read_PrivateKey failed
debug1: read PEM private key done: type <unknown>
Enter passphrase for key '/home/user/.ssh/id_rsa': 
Connection closed by 192.168.xyz.abc

user@ptb-user:~/.ssh$ ssh -v srvr
OpenSSH_6.6.1, OpenSSL 1.0.1f 6 Jan 2014
debug1: Reading configuration data /home/user/.ssh/config
debug1: /home/user/.ssh/config line 1: Applying options for *
debug1: /home/user/.ssh/config line 13: Applying options for srvr
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug1: Hostname has changed; re-reading configuration
debug1: Reading configuration data /home/user/.ssh/config
debug1: /home/user/.ssh/config line 1: Applying options for *
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug1: Connecting to 192.168.xyz.abc [192.168.xyz.abc] port 2x.
debug1: Connection established.
debug1: identity file /home/user/.ssh/id_rsa type 1
debug1: identity file /home/user/.ssh/id_rsa-cert type -1
debug1: identity file /home/user/.ssh/id_dsa type -1
debug1: identity file /home/user/.ssh/id_dsa-cert type -1
debug1: identity file /home/user/.ssh/id_ecdsa type -1
debug1: identity file /home/user/.ssh/id_ecdsa-cert type -1
debug1: identity file /home/user/.ssh/id_ed25519 type 4
debug1: identity file /home/user/.ssh/id_ed25519-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.6.1p1 Ubuntu-2ubuntu2
debug1: Remote protocol version 2.0, remote software version OpenSSH_6.7p1
debug1: match: OpenSSH_6.7p1 pat OpenSSH* compat 0x04000000
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client chacha20-poly1305@openssh.com <implicit> none
debug1: kex: client->server chacha20-poly1305@openssh.com <implicit> none
debug1: sending SSH2_MSG_KEX_ECDH_INIT
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ED25519 10:19:49:61:3e:63:38:b0:74:62:d0:46:fd:ce:ef:c7
debug1: Host '[192.168.xyz.abc]:2x' is known and matches the ED25519 host key.
debug1: Found key in /home/user/.ssh/known_hosts:18
debug1: ssh_ed25519_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
Debian GNU/Linux 8
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /home/user/.ssh/id_rsa
debug1: Server accepts key: pkalg ssh-rsa blen 279
debug1: Trying private key: /home/user/.ssh/id_dsa
debug1: Trying private key: /home/user/.ssh/id_ecdsa
debug1: Offering ED25519 public key: /home/user/.ssh/id_ed25519
debug1: Server accepts key: pkalg ssh-ed25519 blen 51
debug1: key_parse_private_pem: PEM_read_PrivateKey failed
debug1: read PEM private key done: type <unknown>
Enter passphrase for key '/home/user/.ssh/id_ed25519': 
Connection closed by 192.168.xyz.abc

À côté de quoi, est-ce que je  passe ?

Oui, dans chacun des cas, les clés publiques correspondantes ont été copiées dans le fichier authorized_keys, sur le serveur !


Modération : merci à l'avenir d'utiliser les balises code (explications ici).

Dernière modification par PengouinPdt (Le 18/08/2015, à 18:43)

Ego ~
YUP.py :: Yet Uploader Pixxie.py :: script python : post d'images sur forum !

Hors ligne

#2 Le 18/08/2015, à 18:42

PengouinPdt

Re : [RESOLU] SSH Pb de connexion

J'ai résolu mon problème !

C'était causé par la déclaration de LoginGraceTime trop court, pour le déchiffrement et la réponse.
Elle était à 10s, je l'ai doublé.
Ça fonctionne !

Ego ~
YUP.py :: Yet Uploader Pixxie.py :: script python : post d'images sur forum !

Hors ligne

Pages : 1