vine-users ML アーカイブ

[vine-users:054529] SSH 2での接続

  • From: "J.Saotome" <sa0t0me@xxxxxxxxxxxxxx>
  • Subject: [vine-users:054529] SSH 2での接続
  • Date: Thu, 24 Oct 2002 03:38:01 +0900
サオトメと申します。

このMLで紹介されていた、PuTTYjpを使ってSSH2で接続しようと
しているのですが、"Server refused our key"と表示されて認証鍵
を受け取ってもらえません。

やったこと

・クライアントマシーンでputtygenを使用し、DSA 1024ビットで
パスフレーズを入力してpublic keyとprivate keyを作成。
・public keyをホストマシーンにftpでputし、ログインするユーザの
ホームディレクトリの.sshディレクトリで、
cat id_dsa.pub > authorized_keys2
chmod 600 authorized_keys2
を実行。
・クライアントマシーンからPuTTYjpで"認証のためのプライベートキーファイル"
に作成したprivate keyを指定しホストへ接続。

opensshのバージョンは
> rpm -q openssh
openssh-3.4p1-0vl2

/etc/ssh/sshd_configはこうなっています。

-----------------------------------------------
#Port 22
#Protocol 2,1
#ListenAddress 0.0.0.0
#ListenAddress ::

# HostKey for protocol version 1
#HostKey /etc/ssh/ssh_host_key
# HostKeys for protocol version 2
#HostKey /etc/ssh/ssh_host_rsa_key
#HostKey /etc/ssh/ssh_host_dsa_key

# Lifetime and size of ephemeral version 1 server key
#KeyRegenerationInterval 3600
#ServerKeyBits 768

# Logging
#obsoletes QuietMode and FascistLogging
#SyslogFacility AUTH
SyslogFacility AUTHPRIV
#LogLevel INFO
LogLevel DEBUG

# Authentication:

#LoginGraceTime 600
#PermitRootLogin yes
PermitRootLogin no
#StrictModes yes

#RSAAuthentication yes
#PubkeyAuthentication yes
#AuthorizedKeysFile     .ssh/authorized_keys

# rhosts authentication should not be used
#RhostsAuthentication no
# Don't read the user's ~/.rhosts and ~/.shosts files
#IgnoreRhosts yes
# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
#RhostsRSAAuthentication no
# similar for protocol version 2
#HostbasedAuthentication no
# Change to yes if you don't trust ~/.ssh/known_hosts for
# RhostsRSAAuthentication and HostbasedAuthentication
#IgnoreUserKnownHosts no

# To disable tunneled clear text passwords, change to no here!
#PasswordAuthentication yes
#PermitEmptyPasswords no

# Change to no to disable s/key passwords
#ChallengeResponseAuthentication yes

# Kerberos options
#KerberosAuthentication no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes

#AFSTokenPassing no

# Kerberos TGT Passing only works with the AFS kaserver
#KerberosTgtPassing no

# Set this to 'yes' to enable PAM keyboard-interactive authentication
# Warning: enabling this may bypass the setting of 'PasswordAuthentication'
#PAMAuthenticationViaKbdInt yes

#X11Forwarding no
X11Forwarding yes
#X11DisplayOffset 10
#X11UseLocalhost yes
#PrintMotd yes
#PrintLastLog yes
#KeepAlive yes
#UseLogin no
#UsePrivilegeSeparation yes
#Compression yes

#MaxStartups 10
# no default banner path
#Banner /some/path
#VerifyReverseMapping no

# override default of no subsystems
Subsystem       sftp    /usr/libexec/openssh/sftp-server
-----------------------------------------------------

以下にログイン失敗時の/var/log/secureの内容をペーストします。

Oct 24 03:24:45 foo sshd[32244]: debug1: Forked child 2863.
Oct 24 03:24:45 foo sshd[2863]: Connection from 192.168.1.50 port 3315
Oct 24 03:24:45 foo sshd[2863]: debug1: Client protocol version 2.0; client software version PuTTY-Release-0.53-jp20021010 
Oct 24 03:24:45 foo sshd[2863]: debug1: no match: PuTTY-Release-0.53-jp20021010
Oct 24 03:24:45 foo sshd[2863]: Enabling compatibility mode for protocol 2.0
Oct 24 03:24:45 foo sshd[2863]: debug1: Local version string SSH-1.99-OpenSSH_3.4p1 
Oct 24 03:24:47 foo sshd[2863]: debug1: Starting up PAM with username "hoge"
Oct 24 03:24:47 foo sshd[2863]: debug1: PAM setting rhost to "titan"
Oct 24 03:24:47 foo sshd[2863]: Failed none for hoge from 192.168.1.50 port 3315 ssh2 
Oct 24 03:24:47 foo sshd[2863]: debug1: temporarily_use_uid: 500/500 (e=0)
Oct 24 03:24:47 foo sshd[2863]: debug1: trying public key file /home/hoge/.ssh/authorized_keys 
Oct 24 03:24:47 foo sshd[2863]: debug1: restore_uid
Oct 24 03:24:47 foo sshd[2863]: debug1: temporarily_use_uid: 500/500 (e=0)
Oct 24 03:24:47 foo sshd[2863]: debug1: trying public key file /home/hoge/.ssh/authorized_keys2 
Oct 24 03:24:47 foo sshd[2863]: debug1: restore_uid
Oct 24 03:25:08 foo sshd[2863]: debug1: PAM Password authentication accepted for user "hoge" Oct 24 03:25:08 foo sshd[2863]: Accepted password for hoge from 192.168.1.50 port 3315 ssh2 Oct 24 03:25:08 foo sshd[2863]: debug1: monitor_child_preauth: hoge has been authenticated by privileged process 
Oct 24 03:25:08 foo sshd[2876]: debug1: PAM establishing creds
Oct 24 03:25:08 foo sshd[2876]: debug1: newkeys: mode 0
Oct 24 03:25:08 foo sshd[2876]: debug1: newkeys: mode 1
Oct 24 03:25:08 foo sshd[2876]: debug1: Entering interactive session for SSH2.
Oct 24 03:25:08 foo sshd[2876]: debug1: fd 5 setting O_NONBLOCK
Oct 24 03:25:08 foo sshd[2876]: debug1: fd 6 setting O_NONBLOCK
Oct 24 03:25:08 foo sshd[2876]: debug1: server_init_dispatch_20
Oct 24 03:25:08 foo sshd[2876]: debug1: server_input_channel_open: ctype session rchan 256 win 16384 max 16384 
Oct 24 03:25:08 foo sshd[2876]: debug1: input_session_request
Oct 24 03:25:08 foo sshd[2876]: debug1: channel 0: new [server-session]
Oct 24 03:25:08 foo sshd[2876]: debug1: session_new: init
Oct 24 03:25:08 foo sshd[2876]: debug1: session_new: session 0
Oct 24 03:25:08 foo sshd[2876]: debug1: session_open: channel 0
Oct 24 03:25:08 foo sshd[2876]: debug1: session_open: session 0: link with channel 0 Oct 24 03:25:08 foo sshd[2876]: debug1: server_input_channel_open: confirm session Oct 24 03:25:08 foo sshd[2876]: debug1: server_input_channel_req: channel 0 request pty-req reply 1 
Oct 24 03:25:08 foo sshd[2876]: debug1: session_by_channel: session 0 channel 0
Oct 24 03:25:08 foo sshd[2876]: debug1: session_input_channel_req: session 0 req pty-req 
Oct 24 03:25:08 foo sshd[2876]: debug1: Allocating pty.
Oct 24 03:25:08 foo sshd[2863]: debug1: session_new: init
Oct 24 03:25:08 foo sshd[2863]: debug1: session_new: session 0
Oct 24 03:25:08 foo sshd[2876]: debug1: session_pty_req: session 0 alloc /dev/pts/1 Oct 24 03:25:08 foo sshd[2876]: debug1: server_input_channel_req: channel 0 request shell reply 1 
Oct 24 03:25:08 foo sshd[2876]: debug1: session_by_channel: session 0 channel 0
Oct 24 03:25:08 foo sshd[2876]: debug1: session_input_channel_req: session 0 req shell 
Oct 24 03:25:08 foo sshd[2876]: debug1: PAM setting tty to "/dev/pts/1"
Oct 24 03:25:08 foo sshd[2876]: debug1: PAM establishing creds
Oct 24 03:25:08 foo sshd[2876]: debug1: fd 4 setting TCP_NODELAY
Oct 24 03:25:08 foo sshd[2877]: debug1: Setting controlling tty using TIOCSCTTY.
Oct 24 03:25:08 foo sshd[2876]: debug1: channel 0: rfd 8 isatty
Oct 24 03:25:08 foo sshd[2876]: debug1: fd 8 setting O_NONBLOCK
以上、長文になって申し訳ありませんが、どうすればうまく行くのか教えて下さい。