Tengo claves ssh generadas, tengo autenticación de clave de publicación sin comentarios y configurada en sí en mi archivo / etc / ssh / sshd_config. ¿Alguien ve algo que me falta / no entiendo en mi configuración? Me entristece escribir mi contraseña. ._.
wsl home ssh folder - ~ / .ssh
weh@workPC:/mnt/c/Users/weh/Downloads$ ls -l ~/.ssh
total 16
-rw------- 1 weh weh 1675 Jun 2 09:27 id_rsa
-rw-r--r-- 1 weh weh 399 Jun 2 09:27 id_rsa.pub
-rw-r--r-- 1 weh weh 10832 Jul 20 10:41 known_hosts
carpeta centos sshd / etc / ssh
ls -l /etc/ssh
total 276
-rw-r--r--. 1 root root 242153 Apr 12 09:05 moduli
-rw-r--r--. 1 root root 2208 Apr 12 09:05 ssh_config
-rw-------. 1 root root 4471 Jul 27 12:18 sshd_config
-rw-r-----. 1 root ssh_keys 227 Apr 23 2016 ssh_host_ecdsa_key
-rw-r--r--. 1 root root 162 Apr 23 2016 ssh_host_ecdsa_key.pub
-rw-r-----. 1 root ssh_keys 387 Apr 23 2016 ssh_host_ed25519_key
-rw-r--r--. 1 root root 82 Apr 23 2016 ssh_host_ed25519_key.pub
-rw-r-----. 1 root ssh_keys 1679 Apr 23 2016 ssh_host_rsa_key
-rw-r--r--. 1 root root 382 Apr 23 2016 ssh_host_rsa_key.pub
archivo centos sshd_config
#$OpenBSD: sshd_config,v 1.93 2014/01/10 05:59:19 djm Exp $
# This is the sshd server system-wide configuration file. See
# sshd_config(5) for more information.
# This sshd was compiled with PATH=/usr/local/bin:/usr/bin
# The strategy used for options in the default sshd_config shipped with
# OpenSSH is to specify options with their default value where
# possible, but leave them commented. Uncommented options override the
# default value.
# If you want to change the port on a SELinux system, you have to tell
# SELinux about this change.
# semanage port -a -t ssh_port_t -p tcp #PORTNUMBER
#
#Port 22
#AddressFamily any
#ListenAddress 0.0.0.0
#ListenAddress ::
# The default requires explicit activation of protocol 1
#Protocol 2
# HostKey for protocol version 1
#HostKey /etc/ssh/ssh_host_key
# HostKeys for protocol version 2
HostKey /etc/ssh/ssh_host_rsa_key
#HostKey /etc/ssh/ssh_host_dsa_key
HostKey /etc/ssh/ssh_host_ecdsa_key
HostKey /etc/ssh/ssh_host_ed25519_key
# Lifetime and size of ephemeral version 1 server key
#KeyRegenerationInterval 1h
#ServerKeyBits 1024
# Ciphers and keying
#RekeyLimit default none
# Logging
# obsoletes QuietMode and FascistLogging
#SyslogFacility AUTH
SyslogFacility AUTHPRIV
#LogLevel INFO
LogLevel DEBUG
# Authentication:
#LoginGraceTime 2m
#PermitRootLogin yes
#StrictModes yes
#MaxAuthTries 6
MaxAuthTries 2
#MaxSessions 10
MaxSessions 6
#GSSAPIEnablek5users no
# Set this to 'yes' to enable PAM authentication, account processing,
# and session processing. If this is enabled, PAM authentication will
# be allowed through the ChallengeResponseAuthentication and
# PasswordAuthentication. Depending on your PAM configuration,
# PAM authentication via ChallengeResponseAuthentication may bypass
# the setting of "PermitRootLogin without-password".
# If you just want the PAM account and session checks to run without
# PAM authentication, then enable this but set PasswordAuthentication
# and ChallengeResponseAuthentication to 'no'.
# WARNING: 'UsePAM no' is not supported in Red Hat Enterprise Linux and may cause several
# problems.
UsePAM yes
#AllowAgentForwarding yes
#AllowTcpForwarding yes
#GatewayPorts no
X11Forwarding yes
#X11DisplayOffset 10
#X11UseLocalhost yes
#PermitTTY yes
#PrintMotd yes
#PrintLastLog yes
#TCPKeepAlive yes
#UseLogin no
UsePrivilegeSeparation sandbox # Default for new installations.
#PermitUserEnvironment no
#Compression delayed
#ClientAliveInterval 0
#ClientAliveCountMax 3
#ShowPatchLevel no
#UseDNS yes
#PidFile /var/run/sshd.pid
#MaxStartups 10:30:100
#PermitTunnel no
PermitTunnel yes
#ChrootDirectory none
#VersionAddendum none
# no default banner path
#Banner none
# Accept locale-related environment variables
AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE
AcceptEnv XMODIFIERS
# override default of no subsystems
Subsystem sftp /usr/libexec/openssh/sftp-server
# Example of overriding settings on a per-user basis
#Match User anoncvs
# X11Forwarding no
# AllowTcpForwarding no
# PermitTTY no
# ForceCommand cvs server
ssh de wsl a centos modo verboso
OpenSSH_6.6.1, OpenSSL 1.0.1f 6 Jan 2014
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for my.spout.com
debug1: /etc/ssh/ssh_config line 29: Applying options for *
debug1: Connecting to my.spout.com [8.8.8.8] port 22.
debug1: Connection established.
debug1: identity file /home/weh/.ssh/id_rsa type 1
debug1: identity file /home/weh/.ssh/id_rsa-cert type -1
debug1: identity file /home/weh/.ssh/id_dsa type -1
debug1: identity file /home/weh/.ssh/id_dsa-cert type -1
debug1: identity file /home/weh/.ssh/id_ecdsa type -1
debug1: identity file /home/weh/.ssh/id_ecdsa-cert type -1
debug1: identity file /home/weh/.ssh/id_ed25519 type -1
debug1: identity file /home/weh/.ssh/id_ed25519-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.6.1p1 Ubuntu-2ubuntu2.8
debug1: Remote protocol version 2.0, remote software version OpenSSH_6.6.1
debug1: match: OpenSSH_6.6.1 pat OpenSSH_6.6.1* compat 0x04000000
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr [email protected] none
debug1: kex: client->server aes128-ctr [email protected] none
debug1: sending SSH2_MSG_KEX_ECDH_INIT
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ECDSA a7:ff:43:28:6a:f7:1b:3e:25:14:93:57:d3:c9:57:4c
debug1: Host 'my.spout.com' is known and matches the ECDSA host key.
debug1: Found key in /home/weh/.ssh/known_hosts:3
debug1: ssh_ecdsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /home/weh/.ssh/id_rsa
debug1: Authentications that can continue: publickey,password
debug1: Trying private key: /home/weh/.ssh/id_dsa
debug1: Trying private key: /home/weh/.ssh/id_ecdsa
debug1: Trying private key: /home/weh/.ssh/id_ed25519
debug1: Next authentication method: password
[email protected]'s password:
debug1: Authentication succeeded (password).
Authenticated to my.spout.com ([8.8.8.8]:22).
debug1: channel 0: new [client-session]
debug1: Requesting [email protected]
debug1: Entering interactive session.
debug1: Sending environment.
debug1: Sending env LANG = en_US.UTF-8
Last login: Thu Jul 27 12:18:22 2017 from 8.8.4.4
¡¡Gracias de antemano!!
~/.ssh
¿Aparece la carpeta en el sistema centos al que se está conectando? ¿Ha verificado dos veces las claves autorizadas en el sistema remoto? ¿Qué ve en los registros en el sistema remoto cuando intenta iniciar sesión?~/.ssh/authorized_keys
y sus directorios principales.Respuestas:
Jakuje me recordó acerca de selinux. Nunca me he topado con problemas de selinux con las teclas ssh, ¡pero siempre hay una primera vez! Mis contextos ~ / .ssh / * selinux estaban unconfined_u: object_r: unlabeled_t: s0 cuando necesitaban ser unconfined_u: object_r: user_home_t: s0. Después de cambiar el tipo de contexto, pude ssh-copy-id y ssh directamente!
¡¡Gracias!!
fuente