SSH-Key tidak bisa dibuka kuncinya bahkan dengan ssh-add


0

Saya sangat bingung. Setiap manual yang saya baca 15 menit terakhir memberi tahu saya ini harus berhasil tetapi tidak:

$ ssh-agent -s
SSH_AUTH_SOCK=/tmp/ssh-syXn9Tk09V9P/agent.16332; export SSH_AUTH_SOCK;
SSH_AGENT_PID=16333; export SSH_AGENT_PID;
echo Agent pid 16333;
$ eval `ssh-agent -s`
Agent pid 16362
$ ssh-add -l
The agent has no identities.
$ ssh-add .ssh/user\@server.de.key
Enter passphrase for .ssh/user@server.de.key: 
Identity added: .ssh/user@server.de.key (.ssh/user@server.de.key)
$ ssh-add -l
1023 SHA256:TQ6nDwMeeP9tHf43lAG0mC5cbIPx5h7RYxMUcYKJHPI .ssh/user@server.de.key (RSA)
$ ssh server.de
Enter passphrase for key '/home/iras/.ssh/user@server.de.key':

Dalam konfigurasi ssh ada entri untuk server.de dengan pengguna identitas dan kunci ssh yang disediakan.

Output verbose:

$ ssh -vvv server.de
OpenSSH_7.2p2, OpenSSL 1.0.2h  3 May 2016
debug1: Reading configuration data /home/iras/.ssh/config
debug1: /home/iras/.ssh/config line 127: Applying options for apache4
debug1: /home/iras/.ssh/config line 177: Applying options for *
debug1: Reading configuration data /etc/ssh/ssh_config
debug2: resolving "10.0.0.42" port 22
debug2: ssh_connect_direct: needpriv 0
debug1: Connecting to 10.0.0.42 [10.0.0.42] port 22.
debug1: Connection established.
debug1: key_load_public: No such file or directory
debug1: identity file /home/iras/.ssh/user@server.de.key type -1
debug1: key_load_public: No such file or directory                                                                                                                                                                                                                                                                                                                                                                                            
debug1: identity file /home/iras/.ssh/user@server.de.key-cert type -1                                                                                                                                                                                                                                                                                                                                                   
debug1: Enabling compatibility mode for protocol 2.0                                                                                                                                                                                                                                                                                                                                                                                          
debug1: Local version string SSH-2.0-OpenSSH_7.2                                                                                                                                                                                                                                                                                                                                                                                              
debug1: Remote protocol version 2.0, remote software version OpenSSH_6.6.1p1 Ubuntu-2ubuntu2.3                                                                                                                                                                                                                                                                                                                                                
debug1: match: OpenSSH_6.6.1p1 Ubuntu-2ubuntu2.3 pat OpenSSH_6.6.1* compat 0x04000000                                                                                                                                                                                                                                                                                                                                                         
debug2: fd 3 setting O_NONBLOCK                                                                                                                                                                                                                                                                                                                                                                                                               
debug1: Authenticating to 10.0.0.42:22 as 'user'                                                                                                                                                                                                                                                                                                                                                                                       
debug3: hostkeys_foreach: reading file "/home/iras/.ssh/known_hosts"                                                                                                                                                                                                                                                                                                                                                                          
debug3: record_hostkey: found key type ECDSA in file /home/iras/.ssh/known_hosts:69                                                                                                                                                                                                                                                                                                                                                           
debug3: load_hostkeys: loaded 1 keys from 10.0.0.42                                                                                                                                                                                                                                                                                                                                                                                      
debug3: order_hostkeyalgs: prefer hostkeyalgs: ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521                                                                                                                                                                                                         
debug3: send packet: type 20                                                                                                                                                                                                                                                                                                                                                                                                                  
debug1: SSH2_MSG_KEXINIT sent                                                                                                                                                                                                                                                                                                                                                                                                                 
debug3: receive packet: type 20                                                                                                                                                                                                                                                                                                                                                                                                               
debug1: SSH2_MSG_KEXINIT received                                                                                                                                                                                                                                                                                                                                                                                                             
debug2: local client KEXINIT proposal                                                                                                                                                                                                                                                                                                                                                                                                         
debug2: KEX algorithms: curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,ext-info-c                                                                                                                                                                                                                  
debug2: host key algorithms: ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa                                                                                                               
debug2: ciphers ctos: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc,3des-cbc                                                                                                                                                                                                                                                                  
debug2: ciphers stoc: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc,3des-cbc                                                                                                                                                                                                                                                                  
debug2: MACs ctos: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1                                                                                                                                                                                                      
debug2: MACs stoc: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1                                                                                                                                                                                                      
debug2: compression ctos: none,zlib@openssh.com,zlib                                                                                                                                                                                                                                                                                                                                                                                          
debug2: compression stoc: none,zlib@openssh.com,zlib                                                                                                                                                                                                                                                                                                                                                                                          
debug2: languages ctos:                                                                                                                                                                                                                                                                                                                                                                                                                       
debug2: languages stoc:                                                                                                                                                                                                                                                                                                                                                                                                                       
debug2: first_kex_follows 0                                                                                                                                                                                                                                                                                                                                                                                                                   
debug2: reserved 0                                                                                                                                                                                                                                                                                                                                                                                                                            
debug2: peer server KEXINIT proposal                                                                                                                                                                                                                                                                                                                                                                                                          
debug2: KEX algorithms: curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1                                                                                                                                                                                                  
debug2: host key algorithms: ssh-rsa,ssh-dss,ecdsa-sha2-nistp256,ssh-ed25519                                                                                                                                                                                                                                                                                                                                                                  
debug2: ciphers ctos: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: ciphers stoc: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: MACs ctos: hmac-md5-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-ripemd160-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,hmac-md5,hmac-sha1,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: MACs stoc: hmac-md5-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-ripemd160-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,hmac-md5,hmac-sha1,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: compression ctos: none,zlib@openssh.com
debug2: compression stoc: none,zlib@openssh.com
debug2: languages ctos: 
debug2: languages stoc: 
debug2: first_kex_follows 0 
debug2: reserved 0 
debug1: kex: algorithm: curve25519-sha256@libssh.org
debug1: kex: host key algorithm: ecdsa-sha2-nistp256
debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug3: send packet: type 30
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug3: receive packet: type 31
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:KAU//7qfeZspCpZwJWB7tZdYqQkGwUHVMV+830TdTwE
debug3: hostkeys_foreach: reading file "/home/iras/.ssh/known_hosts"
debug3: record_hostkey: found key type ECDSA in file /home/iras/.ssh/known_hosts:69
debug3: load_hostkeys: loaded 1 keys from 10.0.0.42
debug1: Host '10.0.0.42' is known and matches the ECDSA host key.
debug1: Found key in /home/iras/.ssh/known_hosts:69
debug3: send packet: type 21
debug2: set_newkeys: mode 1
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug3: receive packet: type 21
debug2: set_newkeys: mode 0
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS received
debug2: key: /home/iras/.ssh/user@server.de.key ((nil)), explicit
debug3: send packet: type 5
debug3: receive packet: type 6
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug3: send packet: type 50
debug3: receive packet: type 51
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug3: start over, passed a different list publickey,password,keyboard-interactive
debug3: preferred publickey,keyboard-interactive,password
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Trying private key: /home/iras/.ssh/user@server.de.key
Enter passphrase for key '/home/iras/.ssh/user@server.de.key': 

Bagaimana dengan log verbose? ssh -vvv server.de. Apa ssh-add -Lcetakan setelah kunci ditambahkan ke agen?
Jakuje

@Jakuje menambahkan output yang diminta
iRaS

Jawaban:


1

Masalahnya adalah bahwa Anda telah secara eksplisit menentukan kunci Anda di ~/.ssh/configdan Anda tidak menyimpan kunci publik tambahan (tidak terenkripsi). Oleh karena itu klien mencoba kunci yang tercantum dalam file konfigurasi terlebih dahulu dan kunci agen kemudian (tidak dapat mencocokkannya, karena kunci eksplisit dienkripsi).

Jika teori saya benar, itu akan bekerja untuk Anda, jika Anda menghapus garis IdentityFile ~.ssh/user@server.de.keydari Anda ~/.ssh/config, atau mengekspor kunci publik ke.ssh/user@server.de.key.pub

ssh-keygen -yf .ssh/user@server.de.key > .ssh/user@server.de.key.pub

Bagus! Terima kasih banyak. Solusi kedua yang saya suka lebih
iRaS
Dengan menggunakan situs kami, Anda mengakui telah membaca dan memahami Kebijakan Cookie dan Kebijakan Privasi kami.
Licensed under cc by-sa 3.0 with attribution required.