LINUX.ORG.RU

Кривые в dropbear

 


0

1

Наткнулся тут на и захотелось себе такое заиметь. Сгенерировал ключ, закинул на роутер, захожу

ssh root@192.168.1.1 -v  
OpenSSH_8.2p1, OpenSSL 1.1.1g  21 Apr 2020
debug1: Reading configuration data /home/Tomasz/.ssh/config
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Connecting to 192.168.1.1 [192.168.1.1] port 22.
debug1: Connection established.
debug1: identity file /home/Tomasz/.ssh/id_rsa type -1
debug1: identity file /home/Tomasz/.ssh/id_rsa-cert type -1
debug1: identity file /home/Tomasz/.ssh/id_dsa type -1
debug1: identity file /home/Tomasz/.ssh/id_dsa-cert type -1
debug1: identity file /home/Tomasz/.ssh/id_ecdsa type -1
debug1: identity file /home/Tomasz/.ssh/id_ecdsa-cert type -1
debug1: identity file /home/Tomasz/.ssh/id_ecdsa_sk type -1
debug1: identity file /home/Tomasz/.ssh/id_ecdsa_sk-cert type -1
debug1: identity file /home/Tomasz/.ssh/id_ed25519 type -1
debug1: identity file /home/Tomasz/.ssh/id_ed25519-cert type -1
debug1: identity file /home/Tomasz/.ssh/id_ed25519_sk type -1
debug1: identity file /home/Tomasz/.ssh/id_ed25519_sk-cert type -1
debug1: identity file /home/Tomasz/.ssh/id_xmss type -1
debug1: identity file /home/Tomasz/.ssh/id_xmss-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_8.2
debug1: Remote protocol version 2.0, remote software version dropbear
debug1: no match: dropbear
debug1: Authenticating to 192.168.1.1:22 as 'root'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: curve25519-sha256
debug1: kex: host key algorithm: ssh-rsa
debug1: kex: server->client cipher: aes128-ctr MAC: hmac-sha2-256 compression: none
debug1: kex: client->server cipher: aes128-ctr MAC: hmac-sha2-256 compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ssh-rsa SHA256:8+KHWwJ8PwRyioFz/rNA9VZe/vjKMinLRYpkifBHBe8
The authenticity of host '192.168.1.1 (192.168.1.1)' can't be established.
RSA key fingerprint is SHA256:8+KHWwJ8PwRyioFz/rNA9VZe/vjKMinLRYpkifBHBe8.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added '192.168.1.1' (RSA) to the list of known hosts.
debug1: rekey out after 4294967296 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey in after 4294967296 blocks
debug1: Will attempt key: Tomasz@Asus RSA SHA256:zuZIy1ma0Kjz6otovKSlZvqSABmT23uIgffojW8H5Lk agent
debug1: Will attempt key: Tomasz@Asus ED25519 SHA256:5tLqBHoBPIQKUegAOMY37XQvYVwjam4cDT5fhAGFf3Y agent
debug1: Will attempt key: /home/Tomasz/.ssh/id_rsa 
debug1: Will attempt key: /home/Tomasz/.ssh/id_dsa 
debug1: Will attempt key: /home/Tomasz/.ssh/id_ecdsa 
debug1: Will attempt key: /home/Tomasz/.ssh/id_ecdsa_sk 
debug1: Will attempt key: /home/Tomasz/.ssh/id_ed25519 
debug1: Will attempt key: /home/Tomasz/.ssh/id_ed25519_sk 
debug1: Will attempt key: /home/Tomasz/.ssh/id_xmss 
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Offering public key: Tomasz@Asus RSA SHA256:zuZIy1ma0Kjz6otovKSlZvqSABmT23uIgffojW8H5Lk agent
debug1: Authentications that can continue: publickey
debug1: Offering public key: Tomasz@Asus ED25519 SHA256:5tLqBHoBPIQKUegAOMY37XQvYVwjam4cDT5fhAGFf3Y agent
debug1: Authentications that can continue: publickey
debug1: Trying private key: /home/Tomasz/.ssh/id_rsa
debug1: Authentications that can continue: publickey
debug1: Trying private key: /home/Tomasz/.ssh/id_dsa
debug1: Trying private key: /home/Tomasz/.ssh/id_ecdsa
debug1: Trying private key: /home/Tomasz/.ssh/id_ecdsa_sk
debug1: Trying private key: /home/Tomasz/.ssh/id_ed25519
debug1: Trying private key: /home/Tomasz/.ssh/id_ed25519_sk
debug1: Trying private key: /home/Tomasz/.ssh/id_xmss
debug1: No more authentication methods to try.
root@192.168.1.1: Permission denied (publickey).

Тогда самим дропбиром создаю ключ

dropbearkey -t ed25519 -f dropbear_ed25519_host_key
Unknown key type 'ed25519'
Usage: dropbearkey -t <type> -f <filename> [-s bits]
-t type	Type of key to generate. One of:
		rsa
-f filename    Use filename for the secret key.
               ~/.ssh/id_dropbear is recommended for client keys.
-s bits	Key size in bits, should be a multiple of 8 (optional)
-y		Just print the publickey and fingerprint for the
		private key in <filename>.

Или

dropbearkey -t ecdsa -f dropbear_ecdsa_host_key
Unknown key type 'ecdsa'
Usage: dropbearkey -t <type> -f <filename> [-s bits]
-t type	Type of key to generate. One of:
		rsa
-f filename    Use filename for the secret key.
               ~/.ssh/id_dropbear is recommended for client keys.
-s bits	Key size in bits, should be a multiple of 8 (optional)
-y		Just print the publickey and fingerprint for the
		private key in <filename>.

Что мне нужно сделать чтобы использовать для авторизации ed25519 или ecdsa?

Перекомпилировать его, чтобы была поддержка ecdsa. А ED25519 в стабильном релизе еще нет, это вообще только в git.

Сейчас вкомпилен только rsa.

whoami
()
Последнее исправление: whoami (всего исправлений: 1)
Ответ на: комментарий от whoami

Какой/ие файл/ы править для включения ecdsa?

Prosto_user ★★★
() автор топика
Вы не можете добавлять комментарии в эту тему. Тема перемещена в архив.