LINUX.ORG.RU
ФорумAdmin

ssh, rsa-keys


0

1

Нужно приконнектится по ssh без ввода пасскея. rtfm делал.

На сервере, куда нужно коннектится, делаю пару ключей:
ssh-keygen -f filename -t rsa -q

Public сливаю сюда:
~/.ssh/authorized_keys

Private использую для коннекта с сервера, откуда коннект:
ssh -i rsa -p 220 hostname -l someuser

и...ничего, причем:
RSAAuthentication yes
PubkeyAuthentication yes

из логов:
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Offering public key: rsa
debug3: send_pubkey_test
debug2: we sent a publickey packet, wait for reply
debug1: Authentications that can continue: publickey,gssapi-with-mic,password
debug2: we did not send a packet, disable method
debug3: authmethod_lookup password
debug3: remaining preferred: ,password
debug3: authmethod_is_enabled password
debug1: Next authentication method: password
someuser@host password:

Смущает «Offering public key:», но использовал и .pub

В чём трабл?


плохо читал.
на хосте, откуда хотим конектиться:
1)ssh-keygen
2)scp -P 220 .ssh/id_rsa.pub someuser@hostname:
3)ssh -p 220 someuser@hostname
4)cat id_rsa.pub >> .ssh/authorized_keys
5)exit
6)ssh -p 220 someuser@hostname
7)profit!

lnx ()
Ответ на: комментарий от lnx

и всё же

debug1: Next authentication method: publickey
debug1: Offering public key: krsa
debug2: we sent a publickey packet, wait for reply
debug1: Authentications that can continue: publickey,gssapi-with-
debug2: we did not send a packet, disable method
debug1: Next authentication method: password
someuser@host password:

teacup ()
Ответ на: комментарий от geladil

source или target?

source:
Host *
RhostsRSAAuthentication yes
RSAAuthentication yes
PasswordAuthentication yes
IdentityFile ~/.ssh/autorized_keys
Port 22
Protocol 2,1
SendEnv LANG LC_*
HashKnownHosts yes
GSSAPIAuthentication yes
GSSAPIDelegateCredentials no

target:

RSAAuthentication yes
PubkeyAuthentication yes
AuthorizedKeysFile ~/.ssh/authorized_keys
#PreferredAuthentications publickey

ChallengeResponseAuthentication no

GSSAPIAuthentication yes
GSSAPICleanupCredentials yes

UsePAM no

AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
AcceptEnv LC_IDENTIFICATION LC_ALL

X11Forwarding no

Subsystem sftp /usr/libexec/openssh/sftp-server
UseLogin yes
Port 2200
Protocol 2

teacup ()
Ответ на: комментарий от lnx

Такого нет. Использую ~/krsa (ssh -i krsa -p 220 hostname -l someuser):

-----BEGIN RSA PRIVATE KEY-----
MIIEoQIBAAKCAQEAxLyyaWXA2Fu+HqiF5kLlabUpAbxedcDPiEAZqzMj+s1amEnb
oYP5IYSmqnHUvBBlymI5w9+LPVWoXnOS0PFbMWoixthLXDURHFsWg/JOTyqN2mXM
y4qY/0hj5tfDbu3J4UjzZlWRBxV+k0PEo6BHivXhAoHxs9g4oYljLlbLysABOsZA
P85PESz00LxLQMHHHEE49mzzlW8CwRuLASxkPIyq5n+13eHMsw0nAmdtSynPCirt
t/5XAXN3uzSc1WFP36++jt5OzcALHUQrAx8fKsrDii1TVvZLu+gh+T6mKBz4Aeuf
IE9Aiv5sqOE2Hs+TcxoAUFYPfb/wR7hhKJDqDwIBIwKCAQAhufKy+4AlFwqmK4Sr
IWkoEG1uAwjg/HtZL49fLVagBfJF/ghk1MufWJGZj9tTcIZ6dz0aQ5Q2ZnSiejZs
9izj5k8axf5KUj1yk0WwOCqufFLU+4IxhXlQVY14B7saVKZD4J7BFfua0HwZPtFA
nyI1FDUzoT9gqLlAQ3AWkolV9LpjTJEgLRec0StOkbB3z4RC6jLycLJDnPupunoz
RxsQNeC22Oy3WHq838nXfMTqMbQ6Q9BWf0Q0LnJ3HNVTjmHRZwQjLrTz/894GcsU
82sS0hNMFmN7t5IjPi97jvCLlHV8L8RXBLzkC5wtnrEnqEVr7cW1t4eajsQzKubJ
TO27AoGBAPDijrqKlN6sCMLnGBmMS4AvIbsJzUdbv9QBYdKruq1kZmwY8oKqyygs
uj1E5niLdscQIPc5WmqyzsPYLrf74z9bCphVRVa5AIz+u4VpDsp79i9plrgZOi+J
w9q7PBTRGvByBCPq++nwVkJ0ZqFlIXj6mAI6FRl9AdQQ49d2M0v9AoGBANEU+OHO
3RFSYAqfUlb5kRi8HqoRDkcEm3K2+e9/qEOkQUqi8SOwPS3jOXr/KSK+5mymKQyG
Et5zlcLW3bMcv4CUduNsXdiFa0Ph8i+f2blrtc46FAGWt/JkjtztQMDTdVo7e4Hk
Yl4TDxtQXOCnrdrYQadyPQml0qO3BPIcHN37AoGAe+I6xlXmKV/J/dXvIxTzoQJL
3Iiytvv8QSVIQHWTNJoIyeDxv4sJZR5RJtL6L12qzMZ3WpKGRYCHl+uFvbS+A1Nk
iNtlfQ6v03uw5YZ8oqYm1o4S/5fyCdHScH2MnP3TVxYQwgPSA0hm4EWT3fl+7cK0
k25T/nrNvYUHdh+IGHMCgYEAiWWNm7PTGgLup+UKOSeofff25MlhJ1rMjTZpuqRY
oXqRTk3Rqbz1AOXGr+mBbpq0rcxG3FgbBzYDVCbMM9+xC1o/f4G6A1Bcbm/oSy6H
wv2jW6KCLO4D2c0NbJvouTqAUT0IBOaJyMqyJ+RaSnzRVUxIZrjJBlcGw1sDQAPY
dJ0CgYAWiZ1gQHibbiUSfZ8Oa0gb1+dMA9ZybfblbPYl2gSyO0mVwBsQ1DMDIap5
NMmrZEZOFd4DikZUriVuERK13MAYcRGKVX0sVbDHwqUcn1lJAxIYM29YjL4lewd8
psYLoWnHsiKLrsX6u2I0Q06pHW4SJ1XaTuYP+kaMkyMsZQkCWA==
-----END RSA PRIVATE KEY-----

krsa.pub:
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAxLyyaWXA2Fu+HqiF5kLlabUpAbxedcDPiEAZqzMj+s1amEnboYP5IYSmqnHUvBBlymI5w9+LPVWoXnOS0PFbMWoixthLXDURHFsWg/JOTyqN2mXMy4qY/0hj5tfDbu3J4UjzZlWRBxV+k0PEo6BHivXhAoHxs9g4oYljLlbLysABOsZAP85PESz00LxLQMHHHEE49mzzlW8CwRuLASxkPIyq5n+13eHMsw0nAmdtSynPCirtt/5XAXN3uzSc1WFP36++jt5OzcALHUQrAx8fKsrDii1TVvZLu+gh+T6mKBz4AeufIE9Aiv5sqOE2Hs+TcxoAUFYPfb/wR7hhKJDqDw== root@source

teacup ()
Ответ на: комментарий от lnx

geladil... remaining preferred: keyboard-interactive,password debug3: authmethod_is_enabled publickey debug1: Next authentication method: publickey debug1: Offering public key: krsa debug3: send_pubkey_test debug2: we sent a publickey packet, wait for reply debug1: Authentications that can continue: publickey,gssapi-with-mic,password debug1: Trying private key: /root/.ssh/autorized_keys debug1: read PEM private key done: type RSA debug3: sign_and_send_pubkey debug2: we sent a publickey packet, wait for reply debug1: Authentications that can continue: publickey,gssapi-with-mic,password debug1: Offering public key: /root/krsa debug3: send_pubkey_test debug2: we sent a publickey packet, wait for reply debug1: Authentications that can continue: publickey,gssapi-with-mic,password debug2: we did not send a packet, disable method debug3: authmethod_lookup password debug3: remaining preferred: ,password debug3: authmethod_is_enabled password debug1: Next authentication method: password someuser@hostname.com's password:

lnx... ssh -i krsa -p 220 hostname -l someuser:

remaining preferred: keyboard-interactive,password debug3: authmethod_is_enabled publickey debug1: Next authentication method: publickey debug1: Offering public key: krsa debug3: send_pubkey_test debug2: we sent a publickey packet, wait for reply debug1: Authentications that can continue: publickey,gssapi-with-mic,password debug2: we did not send a packet, disable method debug3: authmethod_lookup password debug3: remaining preferred: ,password debug3: authmethod_is_enabled password debug1: Next authentication method: password someuser@hostname's password:

teacup ()
Ответ на: комментарий от teacup

ssh -i krsa -p 220 hostname -l someuser:

remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Offering public key: krsa
debug3: send_pubkey_test
debug2: we sent a publickey packet, wait for reply
debug1: Authentications that can continue: publickey,gssapi-with-mic,password
debug1: Trying private key: /root/.ssh/autorized_keys
debug1: read PEM private key done: type RSA
debug3: sign_and_send_pubkey
debug2: we sent a publickey packet, wait for reply
debug1: Authentications that can continue: publickey,gssapi-with-mic,password
debug1: Offering public key: /root/krsa
debug3: send_pubkey_test
debug2: we sent a publickey packet, wait for reply
debug1: Authentications that can continue: publickey,gssapi-with-mic,password
debug2: we did not send a packet, disable method
debug3: authmethod_lookup password
debug3: remaining preferred: ,password
debug3: authmethod_is_enabled password
debug1: Next authentication method: password
someuser@hostname.com's password:

teacup ()
Ответ на: комментарий от teacup

target:/var/log/secure:

Apr 6 20:43:17 s1 sshd[1618]: Did not receive identification string from so.u.rce.ip
Apr 6 17:44:41 s1 sshd[1695]: Connection closed by so.u.rce.ip
Apr 6 18:03:01 s1 sshd[3588]: Connection closed by so.u.rce.ip
Apr 6 18:29:05 s1 sshd[5901]: Connection closed by so.u.rce.ip
Apr 6 18:29:34 s1 sshd[5907]: Connection closed by so.u.rce.ip
Apr 6 21:53:31 s1 sshd[8015]: Accepted password for someuser from so.u.rce.ip port 60527 ssh2
Apr 6 18:55:34 s1 sshd[8111]: Connection closed by so.u.rce.ip
Apr 6 19:07:40 s1 sshd[9686]: Connection closed by so.u.rce.ip
Apr 6 19:12:51 s1 sshd[9978]: Connection closed by so.u.rce.ip
Apr 6 19:18:05 s1 sshd[11275]: Connection closed by so.u.rce.ip

teacup ()
Ответ на: комментарий от teacup

А вам так уж принципиально от рута коннектиться? Советую поступить по стандарту — личный ключ ~/.ssh/id_rsa пользователя, от которого логин. И генерировать тоже от него.

geladil ()
Ответ на: комментарий от teacup

у меня парсер сломался.
ты не понял намека
у тебя:
krsa.pub: ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAxLyyaWXA2Fu+HqiF5kLlabUpAbxedcDPiEAZqzMj+s1amEnboYP5IYSmqnHUvBBlymI5w9+LPVWoXnOS0PFbMWoixthLXDURHFsWg/JOTyqN2mXMy4qY/0hj5tfDbu3J4UjzZlWRBxV+k0PEo6BHivXhAoHxs9g4oYljLlbLysABOsZAP85PESz00LxLQMHHHEE49mzzlW8CwRuLASxkPIyq5n+13eHMsw0nAmdtSynPCirtt/5XAXN3uzSc1WFP36++jt5OzcALHUQrAx8fKsrDii1TVvZLu+gh+T6mKBz4AeufIE9Aiv5sqOE2Hs+TcxoAUFYPfb/wR7hhKJDqDw== root@source
генерить ключи надо было от имени someuser

lnx ()
Ответ на: комментарий от teacup

нет
че-то у меня с мозгом стало, я тоже запутался.

lnx ()
Ответ на: комментарий от teacup

По порядку:

someuser@client $ ssh-keygen

путь по умолчанию

копируем client /home/someuser/.ssh/id_rsa.pub в server /home/someuser/.ssh/authorized_keys

someuser@client $ ssh -p220 server

geladil ()
Ответ на: комментарий от geladil

...

root@fusions:/client# su client
sh-3.2$ ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/client/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /client/.ssh/id_rsa.
Your public key has been saved in /client/.ssh/id_rsa.pub.
The key fingerprint is:
41:a4:e8:f4:e3:6c:c8:28:22:23:98:9b:f2:b6:1d:81 client@source
The key's randomart image is:
+--[ RSA 2048]----+
| .o |
| . o |
| o . . |
| o . . |
| . o S |
|.o o + . |
|E o + + |
|==.o o |
|+oo.. |
+-----------------+

sh-3.2$ scp -P 2200 id_rsa.pub someuser@dest:

[root@dest]# cat /someuser/id_rsa.pub > /someuser/.ssht/autorized_keys

ssh -p 220 dest -vv

debug1: Found key in /client/.ssh/known_hosts:1
debug2: bits set: 506/1024
debug1: ssh_rsa_verify: signature correct
debug2: kex_derive_keys
debug2: set_newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug2: set_newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug2: key: /client/.ssh/identity ((nil))
debug2: key: /client/.ssh/id_rsa (0xb87199b0)
debug2: key: /client/.ssh/id_dsa ((nil))
debug1: Authentications that can continue: publickey,gssapi-with-mic,password
debug1: Next authentication method: publickey
debug1: Trying private key: /client/.ssh/identity
debug1: Offering public key: /client/.ssh/id_rsa
debug2: we sent a publickey packet, wait for reply
debug1: Authentications that can continue: publickey,gssapi-with-mic,password
debug1: Trying private key: /client/.ssh/id_dsa
debug2: we did not send a packet, disable method
debug1: Next authentication method: password
client@dest's password:

teacup ()
Ответ на: комментарий от teacup

на source:
генерим ключ
ssh-keygen -f krsa -t rsa -q
копируем полученный krsa.pub на сервер
scp -P 220 krsa.pub someuser@server:

логинимся на сервер
ssh -p 220 someuser@server
находясь на сервере в домашней директории someuser, заносим скопированный с клиента krsa.pub в .ssh/authorized_keys
cat krsa.pub >> ~/.ssh/authorized_keys
выходим с сервера
exit

должно работать.

lnx ()
Ответ на: ... от teacup

Вы меня не поняли.

someuser@client — это пользователь на source, от имени которого предполагается вход, притом предполагается, что someuser и на клиенте, и на сервере — один и тот же.

geladil ()
Ответ на: комментарий от lnx

Да...отсутствие сна сказывается, наверное

Впрочем:
Source:
sh-3.2$ ssh-keygen -f krsa -t rsa -q
Enter passphrase (empty for no passphrase):
Enter same passphrase again:

sh-3.2$ scp -P 2200 krsa.pub someuser@dest:
someuser@dest's password:
krsa.pub 100% 396 0.4KB/s 00:00

sh-3.2$ ssh -p 2200 someuser@dest
someuser@dest's password:
-sh-3.2$ cat krsa.pub >> ~/.ssh/authorized_keys

sh-3.2$ ssh -p 2200 someuser@dest -vv
OpenSSH_5.1p1 Debian-5, OpenSSL 0.9.8g 19 Oct 2007
...
...
debug1: Found key in /client/.ssh/known_hosts:1
debug2: bits set: 504/1024
debug1: ssh_rsa_verify: signature correct
debug2: kex_derive_keys
debug2: set_newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug2: set_newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug2: key: /client/.ssh/identity ((nil))
debug2: key: /client/.ssh/id_rsa (0xb959b9d0)
debug2: key: /client/.ssh/id_dsa ((nil))
debug1: Authentications that can continue: publickey,gssapi-with-mic,password
debug1: Next authentication method: publickey
debug1: Trying private key: /client/.ssh/identity
debug1: Offering public key: /client/.ssh/id_rsa
debug2: we sent a publickey packet, wait for reply
debug1: Authentications that can continue: publickey,gssapi-with-mic,password
debug1: Trying private key: /client/.ssh/id_dsa
debug2: we did not send a packet, disable method
debug1: Next authentication method: password
someuser@dest's password:

Пока ничего, после сна поворошу трабл. Чуствую глупую ошибку, но не вижу её.

teacup ()
Ответ на: комментарий от teacup

Кстати, а покажите

ls -la ~/.ssh/

сервера и клиента. У меня как-то была проблема из-за прав.

geladil ()
Ответ на: комментарий от teacup

еще одна возможная фигня - права, попробуй выставить 600 на все ключи.

lnx ()
Ответ на: комментарий от teacup

1) и на клиенте и на сервере ВСЁ надо делать от юзера.

2) сначала на клиенте создаём ключи

3) посылаем ключ юзера-клиента юзеру-на-сервере

4) добавляем на сервере этот ключ >>autorized_keys

5) выставляем и там и там chmod 0700 ~/.ssh, и chmod 0600 ~/.ssh/*

6) ??????

7) RPOFIT

на клиенте можно создать ещё и файлик ~/.ssh/config, что-бы не гемороится с ключами/хостами/именами...

drBatty ★★ ()

You are doing it wrong

> На сервере, куда нужно коннектится, делаю пару ключей:

Они там не нужны. Ключи нужно генерить на клиенте.

На клиенте генерим пару ключей, и публичный ключ дописываем на серверах в ~/.ssh/authorized_keys.

ЗЫ:

клиент — откуда конектимся сервер — куда конектимся

ЗЫЫ: выкладывать на форум приватный ключ — это безумие.

redixin ★★★★ ()
Ответ на: You are doing it wrong от redixin

we got a trouble

root@source:~# su client
sh-3.2$ cd
sh-3.2$ pwd
/client
sh-3.2$ ls
sh-3.2$ ls -la
total 28
drwxr-xr-x 3 client client 4096 Apr 6 23:51 .
drwxr-xr-x 23 root root 4096 Apr 7 11:55 ..
-rw------- 1 client client 722 Apr 7 00:28 .bash_history
-rw-r--r-- 1 client client 220 May 12 2008 .bash_logout
-rw-r--r-- 1 client client 3116 May 12 2008 .bashrc
-rw-r--r-- 1 client client 675 May 12 2008 .profile
drwxr-xr-x 2 client client 4096 Apr 7 00:12 .ssh

sh-3.2$ ssh-keygen -t rsa -f krsa -q
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
sh-3.2$ ls
krsa krsa.pub
sh-3.2$ scp -P 2200 krsa.pub someuser@destination:
someuser@destination's password:
krsa.pub 100% 396 0.4KB/s 00:00
100% 396 0.4KB/s 00:00

sh-3.2$ ssh -p 2200 someuser@destination
someuser@destination's password:
-sh-3.2$ ls
krsa.pub
-sh-3.2$ cat krsa.pub >> .ssh/authorized_keys && chmod 0700 .ssh && chmod 0600 .ssh/authorized_keys
-sh-3.2$ ls -laR
.:
total 32
drwx------ 3 someuser someuser 4096 Apr 7 11:23 .
drwxr-xr-x 21 root root 4096 Apr 6 17:52 ..
-rw------- 1 someuser someuser 1059 Apr 6 23:28 .bash_history
-rw-r--r-- 1 someuser someuser 33 Apr 6 17:52 .bash_logout
-rw-r--r-- 1 someuser someuser 176 Apr 6 17:52 .bash_profile
-rw-r--r-- 1 someuser someuser 124 Apr 6 17:52 .bashrc
-rw-r--r-- 1 someuser someuser 396 Apr 7 11:23 krsa.pub
drwx------ 2 someuser someuser 4096 Apr 6 23:22 .ssh

./.ssh:
total 24
drwx------ 2 someuser someuser 4096 Apr 6 23:22 .
drwx------ 3 someuser someuser 4096 Apr 7 11:23 ..
-rw------- 1 someuser someuser 2863 Apr 7 11:25 authorized_keys
-rw-r--r-- 1 someuser someuser 395 Apr 6 18:45 known_hosts
-sh-3.2$ logout
Connection to destination closed.

sh-3.2$ ssh -i krsa -p 2200 someuser@destination
someuser@destination's password:

sh-3.2$ ssh -i krsa -p 2200 someuser@destination -vv
OpenSSH_5.1p1 Debian-5, OpenSSL 0.9.8g 19 Oct 2007
...
...
debug2: key: krsa (0xb9aa69c0)
debug1: Authentications that can continue: publickey,gssapi-with-mic,password
debug1: Next authentication method: publickey
debug1: Offering public key: krsa
debug2: we sent a publickey packet, wait for reply
debug1: Authentications that can continue: publickey,gssapi-with-mic,password
debug2: we did not send a packet, disable method
debug1: Next authentication method: password
someuser@destination's password:

sh-3.2$ pwd
/client
sh-3.2$ ls -laR
.:
total 36
drwxr-xr-x 3 client client 4096 Apr 7 12:21 .
drwxr-xr-x 23 root root 4096 Apr 7 11:55 ..
-rw------- 1 client client 1133 Apr 7 12:20 .bash_history
-rw-r--r-- 1 client client 220 May 12 2008 .bash_logout
-rw-r--r-- 1 client client 3116 May 12 2008 .bashrc
-rw-r--r-- 1 client client 675 May 12 2008 .profile
drwxr-xr-x 2 client client 4096 Apr 7 00:12 .ssh
-rw------- 1 client client 1675 Apr 7 12:21 krsa
-rw-r--r-- 1 client client 396 Apr 7 12:21 krsa.pub

./.ssh:
total 28
drwxr-xr-x 2 client client 4096 Apr 7 00:12 .
drwxr-xr-x 3 client client 4096 Apr 7 12:21 ..
-rw------- 1 client client 1675 Apr 6 23:57 id_rsa
-rw-r--r-- 1 client client 396 Apr 6 23:57 id_rsa.pub
-rw-r--r-- 1 client client 423 Apr 7 00:02 known_hosts
-rw------- 1 client client 1675 Apr 7 00:12 krsa
-rw-r--r-- 1 client client 396 Apr 7 00:12 krsa.pub
sh-3.2$ cat krsa.pub > .ssh/id_rsa

sh-3.2$ ssh -i krsa -p 2200 someuser@destination -vv
OpenSSH_5.1p1 Debian-5, OpenSSL 0.9.8g 19 Oct 2007
debug2: ssh_connect: needpriv 0
...
...
debug1: Found key in /client/.ssh/known_hosts:1
debug2: bits set: 512/1024
debug1: ssh_rsa_verify: signature correct
debug2: kex_derive_keys
debug2: set_newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug2: set_newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug2: key: krsa (0xb9f419c0)
debug1: Authentications that can continue: publickey,gssapi-with-mic,password
debug1: Next authentication method: publickey
debug1: Offering public key: krsa
debug2: we sent a publickey packet, wait for reply
debug1: Authentications that can continue: publickey,gssapi-with-mic,password
debug2: we did not send a packet, disable method
debug1: Next authentication method: password
someuser@destination's password:

sh-3.2$ ssh -i krsa.pub -p 2200 someuser@destination -vv
OpenSSH_5.1p1 Debian-5, OpenSSL 0.9.8g 19 Oct 2007
debug2: ssh_connect: needpriv 0
...
...
debug1: Found key in /client/.ssh/known_hosts:1
debug2: bits set: 525/1024
debug1: ssh_rsa_verify: signature correct
debug2: kex_derive_keys
debug2: set_newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug2: set_newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug2: key: krsa.pub (0xb95779c0)
debug1: Authentications that can continue: publickey,gssapi-with-mic,password
debug1: Next authentication method: publickey
debug1: Offering public key: krsa.pub
debug2: we sent a publickey packet, wait for reply
debug1: Authentications that can continue: publickey,gssapi-with-mic,password
debug2: we did not send a packet, disable method
debug1: Next authentication method: password
someuser@destination's password:

sh-3.2$ FUUU!
sh: FUUU!: command not found

teacup ()
Ответ на: You are doing it wrong от redixin

pss: ключ правленый.

Спасибо всем за ответы, но тут колдунство какое-то. Не представляю куда можно идти.

destination: tail /var/log/secure:
Apr 7 11:23:49 destination login: pam_unix(remote:session): session opened for user someuser by (uid=0)
Apr 7 11:23:49 destination login: LOGIN ON pts/1 BY someuser FROM [source]
Apr 7 11:26:15 destination login: pam_unix(remote:session): session closed for user someuser
Apr 7 08:26:49 destination sshd[5596]: Connection closed by [source]
Apr 7 08:27:03 destination sshd[5600]: Connection closed by [source]
Apr 7 08:28:39 destination sshd[5670]: Connection closed by [source]
Apr 7 08:29:27 destination sshd[5690]: Connection closed by [source]

teacup ()
Ответ на: we got a trouble от teacup

Вроде все правильно.

Остается перелопатить sshd_config на сервере. С дефолтным дебиановским 100% работает.

redixin ★★★★ ()
Ответ на: комментарий от redixin

Да. Получилось приконнектится к третьему серваку. Не понимал, правда, где трабл в конфиге destination..

Всем спасибо.

teacup ()
Вы не можете добавлять комментарии в эту тему. Тема перемещена в архив.