SSH Public Key Auth tidak berfungsi di bawah instal ulang bersih OS X Yosemite


2

Setelah menginstal ulang MacBook Pro saya dengan Yosemite saat ini, SSH masuk ke semua server saya menggunakan kunci Publik auth berhenti bekerja.

Menghasilkan Kunci Publik baru dari Kunci Pribadi saya dan menambahkannya ke otor_keys pada server yang disebutkan, berfungsi. Juga menggunakan kunci baru yang lengkap tidak masalah.

Tetapi pada beberapa mesin itu bukan pilihan bagi saya karena tidak ada sistem penyelamatan yang tersedia sehingga saya tidak dapat menambahkan kunci publik yang baru dihasilkan

Output dari "ssh -i .ssh / id_rsa ben @ hostname -vvv":

OpenSSH_6.6, OpenSSL 1.0.1j 15 Oct 2014
debug1: Reading configuration data /Users/ben/.ssh/config
debug1: Reading configuration data /usr/local/etc/ssh/ssh_config
debug2: ssh_connect: needpriv 0
debug1: Connecting to foobar.hostname.net [10.1.9.1] port 22.
debug1: Connection established.
debug3: Incorrect RSA1 identifier
debug3: Could not load ".ssh/id_rsa" as a RSA1 public key
debug1: identity file .ssh/id_rsa type 1
debug1: identity file .ssh/id_rsa-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.6
debug1: Remote protocol version 2.0, remote software version OpenSSH_6.0p1 Debian-4+deb7u2
debug1: match: OpenSSH_6.0p1 Debian-4+deb7u2 pat OpenSSH* compat 0x04000000
debug2: fd 3 setting O_NONBLOCK
debug3: load_hostkeys: loading entries for host "foobar.hostname.net" from file "/Users/ben/.ssh/known_hosts"
debug3: load_hostkeys: found key type ECDSA in file /Users/ben/.ssh/known_hosts:2
debug3: load_hostkeys: loaded 1 keys
debug3: order_hostkeyalgs: prefer hostkeyalgs: ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit: curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,ssh-dss-cert-v01@openssh.com,ssh-rsa-cert-v00@openssh.com,ssh-dss-cert-v00@openssh.com,ssh-ed25519,ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: hmac-md5-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-ripemd160-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,hmac-md5,hmac-sha1,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-ripemd160-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,hmac-md5,hmac-sha1,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: kex_parse_kexinit: ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss,ecdsa-sha2-nistp256
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-sha2-256,hmac-sha2-256-96,hmac-sha2-512,hmac-sha2-512-96,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-sha2-256,hmac-sha2-256-96,hmac-sha2-512,hmac-sha2-512-96,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib@openssh.com
debug2: kex_parse_kexinit: none,zlib@openssh.com
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: mac_setup: setup hmac-md5
debug1: kex: server->client aes128-ctr hmac-md5 none
debug2: mac_setup: setup hmac-md5
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: sending SSH2_MSG_KEX_ECDH_INIT
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ECDSA be:ac:a3:77:60:86:ab:e2:e3:9b:92:02:bc:55:7f:2b
debug3: load_hostkeys: loading entries for host "foobar.hostname.net" from file "/Users/ben/.ssh/known_hosts"
debug3: load_hostkeys: found key type ECDSA in file /Users/ben/.ssh/known_hosts:2
debug3: load_hostkeys: loaded 1 keys
debug3: load_hostkeys: loading entries for host "10.1.9.1" from file "/Users/ben/.ssh/known_hosts"
debug3: load_hostkeys: found key type ECDSA in file /Users/ben/.ssh/known_hosts:2
debug3: load_hostkeys: loaded 1 keys
debug1: Host 'foobar.hostname.net' is known and matches the ECDSA host key.
debug1: Found key in /Users/ben/.ssh/known_hosts:2
debug1: ssh_ecdsa_verify: signature correct
debug2: kex_derive_keys
debug2: set_newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug2: set_newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug2: key: /Users/ben/.ssh/id_rsa (0x7f9cb1c176f0),
debug2: key: .ssh/id_rsa (0x7f9cb1e000c0), explicit
debug1: Authentications that can continue: publickey
debug3: start over, passed a different list publickey
debug3: preferred publickey,keyboard-interactive,password
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /Users/ben/.ssh/id_rsa
debug3: send_pubkey_test
debug2: we sent a publickey packet, wait for reply
debug1: Authentications that can continue: publickey
debug1: Offering RSA public key: .ssh/id_rsa
debug3: send_pubkey_test
debug2: we sent a publickey packet, wait for reply
debug1: Server accepts key: pkalg ssh-rsa blen 279
debug2: input_userauth_pk_ok: fp be:5c:c8:4d:c7:f6:da:e2:82:18:0b:bb:46:56:b5:31
debug3: sign_and_send_pubkey: RSA be:5c:c8:4d:c7:f6:da:e2:82:18:0b:bb:46:56:b5:31
debug1: key_parse_private2: missing begin marker
debug1: key_parse_private_pem: PEM_read_PrivateKey failed
debug1: read PEM private key done: type <unknown>
Enter passphrase for key '.ssh/id_rsa':
debug1: key_parse_private2: missing begin marker
debug1: read PEM private key done: type RSA
debug1: Authentications that can continue: publickey
debug2: we did not send a packet, disable method
debug1: No more authentication methods to try.
Permission denied (publickey).

Output dari dalam mode debug3 menjalankan SSHd:

Dec 31 10:13:02 hostname sshd[23283]: debug1: userauth-request for user ben service ssh-connection method publickey [preauth]
Dec 31 10:13:02 hostname sshd[23283]: debug1: attempt 2 failures 0 [preauth]
Dec 31 10:13:02 hostname sshd[23283]: debug2: input_userauth_request: try method publickey [preauth]
Dec 31 10:13:02 hostname sshd[23283]: debug3: mm_key_allowed entering [preauth]
Dec 31 10:13:02 hostname sshd[23283]: debug3: mm_request_send entering: type 22 [preauth]
Dec 31 10:13:02 hostname sshd[23283]: debug3: mm_key_allowed: waiting for MONITOR_ANS_KEYALLOWED [preauth]
Dec 31 10:13:02 hostname sshd[23283]: debug3: mm_request_receive_expect entering: type 23 [preauth]
Dec 31 10:13:02 hostname sshd[23283]: debug3: mm_request_receive entering [preauth]
Dec 31 10:13:02 hostname sshd[23283]: debug3: mm_request_receive entering
Dec 31 10:13:02 hostname sshd[23283]: debug3: monitor_read: checking request 22
Dec 31 10:13:02 hostname sshd[23283]: debug3: mm_answer_keyallowed entering
Dec 31 10:13:02 hostname sshd[23283]: debug3: mm_answer_keyallowed: key_from_blob: 0x7f7218149b50
Dec 31 10:13:02 hostname sshd[23283]: debug1: Checking blacklist file /usr/share/ssh/blacklist.RSA-2048
Dec 31 10:13:02 hostname sshd[23283]: debug1: Checking blacklist file /etc/ssh/blacklist.RSA-2048
Dec 31 10:13:02 hostname sshd[23283]: debug1: temporarily_use_uid: 1000/1000 (e=0/0)
Dec 31 10:13:02 hostname sshd[23283]: debug1: trying public key file /home/ben/.ssh/authorized_keys
Dec 31 10:13:02 hostname sshd[23283]: debug1: fd 4 clearing O_NONBLOCK
Dec 31 10:13:02 hostname sshd[23283]: debug1: matching key found: file /home/ben/.ssh/authorized_keys, line 1
Dec 31 10:13:02 hostname sshd[23283]: Found matching RSA key: be:5c:c8:4d:c7:f6:da:e2:82:18:0b:bb:46:56:b5:31
Dec 31 10:13:02 hostname sshd[23283]: debug1: restore_uid: 0/0
Dec 31 10:13:02 hostname sshd[23283]: debug3: mm_answer_keyallowed: key 0x7f7218149b50 is allowed
Dec 31 10:13:02 hostname sshd[23283]: debug3: mm_request_send entering: type 23
Dec 31 10:13:02 hostname sshd[23283]: debug3: mm_key_verify entering [preauth]
Dec 31 10:13:02 hostname sshd[23283]: debug3: mm_request_send entering: type 24 [preauth]
Dec 31 10:13:02 hostname sshd[23283]: debug3: mm_key_verify: waiting for MONITOR_ANS_KEYVERIFY [preauth]
Dec 31 10:13:02 hostname sshd[23283]: debug3: mm_request_receive_expect entering: type 25 [preauth]
Dec 31 10:13:02 hostname sshd[23283]: debug3: mm_request_receive entering [preauth]
Dec 31 10:13:02 hostname sshd[23283]: debug3: mm_request_receive entering
Dec 31 10:13:02 hostname sshd[23283]: debug3: monitor_read: checking request 24
Dec 31 10:13:02 hostname sshd[23283]: error: RSA_public_decrypt failed: error:0407006A:lib(4):func(112):reason(106)
Dec 31 10:13:02 hostname sshd[23283]: debug1: ssh_rsa_verify: signature incorrect
Dec 31 10:13:02 hostname sshd[23283]: debug3: mm_answer_keyverify: key 0x7f7218149af0 signature unverified
Dec 31 10:13:02 hostname sshd[23283]: debug3: mm_request_send entering: type 25
Dec 31 10:13:02 hostname sshd[23283]: Failed publickey for ben from 10.1.2.1 port 51104 ssh2
Dec 31 10:13:02 hostname sshd[23283]: debug2: userauth_pubkey: authenticated 0 pkalg ssh-rsa [preauth]
Dec 31 10:13:02 hostname sshd[23283]: debug3: userauth_finish: failure partial=0 next methods="publickey" [preauth]
Dec 31 10:13:02 hostname sshd[23283]: Connection closed by 10.1.2.1 [preauth]
Dec 31 10:13:02 hostname sshd[23283]: debug1: do_cleanup [preauth]
Dec 31 10:13:02 hostname sshd[23283]: debug3: PAM: sshpam_thread_cleanup entering [preauth]
Dec 31 10:13:02 hostname sshd[23283]: debug1: monitor_read_log: child log fd closed
Dec 31 10:13:02 hostname sshd[23283]: debug3: mm_request_receive entering
Dec 31 10:13:02 hostname sshd[23283]: debug1: do_cleanup
Dec 31 10:13:02 hostname sshd[23283]: debug1: PAM: cleanup
Dec 31 10:13:02 hostname sshd[23283]: debug3: PAM: sshpam_thread_cleanup entering
Dec 31 10:13:02 hostname sshd[23283]: debug1: Killing privsep child 23284

Adakah yang tahu apa yang bisa saya lakukan untuk mengatasi masalah ini?


Mencoba chmod 600 pada kunci pribadi.

Pulihkan kunci lama Anda dari cadangan Anda?
Michael Hampton

@MichaelHampton Masalahnya bukan, bahwa saya tidak memiliki kunci pribadi dan publik lagi. Mereka ada dan valid.
cham_eleon

@ AndréDaniel Saya sudah mencobanya, tanpa hasil.
cham_eleon

Ini adalah masalah persis yang saya alami setelah menginstal bersih Yosemite. Sayang sekali sepertinya tidak ada yang menjawab pertanyaan ini.
chhantyal
Dengan menggunakan situs kami, Anda mengakui telah membaca dan memahami Kebijakan Cookie dan Kebijakan Privasi kami.
Licensed under cc by-sa 3.0 with attribution required.