サオトメと申します。
このMLで紹介されていた、PuTTYjpを使ってSSH2で接続しようと
しているのですが、"Server refused our key"と表示されて認証鍵
を受け取ってもらえません。
やったこと
・クライアントマシーンでputtygenを使用し、DSA 1024ビットで
パスフレーズを入力してpublic keyとprivate keyを作成。
・public keyをホストマシーンにftpでputし、ログインするユーザの
ホームディレクトリの.sshディレクトリで、
cat id_dsa.pub > authorized_keys2
chmod 600 authorized_keys2
を実行。
・クライアントマシーンからPuTTYjpで"認証のためのプライベートキーファイル"
に作成したprivate keyを指定しホストへ接続。
opensshのバージョンは
> rpm -q openssh
openssh-3.4p1-0vl2
/etc/ssh/sshd_configはこうなっています。
-----------------------------------------------
#Port 22
#Protocol 2,1
#ListenAddress 0.0.0.0
#ListenAddress ::
# HostKey for protocol version 1
#HostKey /etc/ssh/ssh_host_key
# HostKeys for protocol version 2
#HostKey /etc/ssh/ssh_host_rsa_key
#HostKey /etc/ssh/ssh_host_dsa_key
# Lifetime and size of ephemeral version 1 server key
#KeyRegenerationInterval 3600
#ServerKeyBits 768
# Logging
#obsoletes QuietMode and FascistLogging
#SyslogFacility AUTH
SyslogFacility AUTHPRIV
#LogLevel INFO
LogLevel DEBUG
# Authentication:
#LoginGraceTime 600
#PermitRootLogin yes
PermitRootLogin no
#StrictModes yes
#RSAAuthentication yes
#PubkeyAuthentication yes
#AuthorizedKeysFile .ssh/authorized_keys
# rhosts authentication should not be used
#RhostsAuthentication no
# Don't read the user's ~/.rhosts and ~/.shosts files
#IgnoreRhosts yes
# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
#RhostsRSAAuthentication no
# similar for protocol version 2
#HostbasedAuthentication no
# Change to yes if you don't trust ~/.ssh/known_hosts for
# RhostsRSAAuthentication and HostbasedAuthentication
#IgnoreUserKnownHosts no
# To disable tunneled clear text passwords, change to no here!
#PasswordAuthentication yes
#PermitEmptyPasswords no
# Change to no to disable s/key passwords
#ChallengeResponseAuthentication yes
# Kerberos options
#KerberosAuthentication no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes
#AFSTokenPassing no
# Kerberos TGT Passing only works with the AFS kaserver
#KerberosTgtPassing no
# Set this to 'yes' to enable PAM keyboard-interactive authentication
# Warning: enabling this may bypass the setting of 'PasswordAuthentication'
#PAMAuthenticationViaKbdInt yes
#X11Forwarding no
X11Forwarding yes
#X11DisplayOffset 10
#X11UseLocalhost yes
#PrintMotd yes
#PrintLastLog yes
#KeepAlive yes
#UseLogin no
#UsePrivilegeSeparation yes
#Compression yes
#MaxStartups 10
# no default banner path
#Banner /some/path
#VerifyReverseMapping no
# override default of no subsystems
Subsystem sftp /usr/libexec/openssh/sftp-server
-----------------------------------------------------
以下にログイン失敗時の/var/log/secureの内容をペーストします。
Oct 24 03:24:45 foo sshd[32244]: debug1: Forked child 2863.
Oct 24 03:24:45 foo sshd[2863]: Connection from 192.168.1.50 port 3315
Oct 24 03:24:45 foo sshd[2863]: debug1: Client protocol version 2.0; client
software version PuTTY-Release-0.53-jp20021010
Oct 24 03:24:45 foo sshd[2863]: debug1: no match: PuTTY-Release-0.53-jp20021010
Oct 24 03:24:45 foo sshd[2863]: Enabling compatibility mode for protocol 2.0
Oct 24 03:24:45 foo sshd[2863]: debug1: Local version string
SSH-1.99-OpenSSH_3.4p1
Oct 24 03:24:47 foo sshd[2863]: debug1: Starting up PAM with username "hoge"
Oct 24 03:24:47 foo sshd[2863]: debug1: PAM setting rhost to "titan"
Oct 24 03:24:47 foo sshd[2863]: Failed none for hoge from 192.168.1.50 port
3315 ssh2
Oct 24 03:24:47 foo sshd[2863]: debug1: temporarily_use_uid: 500/500 (e=0)
Oct 24 03:24:47 foo sshd[2863]: debug1: trying public key file
/home/hoge/.ssh/authorized_keys
Oct 24 03:24:47 foo sshd[2863]: debug1: restore_uid
Oct 24 03:24:47 foo sshd[2863]: debug1: temporarily_use_uid: 500/500 (e=0)
Oct 24 03:24:47 foo sshd[2863]: debug1: trying public key file
/home/hoge/.ssh/authorized_keys2
Oct 24 03:24:47 foo sshd[2863]: debug1: restore_uid
Oct 24 03:25:08 foo sshd[2863]: debug1: PAM Password authentication
accepted for user "hoge"
Oct 24 03:25:08 foo sshd[2863]: Accepted password for hoge from
192.168.1.50 port 3315 ssh2
Oct 24 03:25:08 foo sshd[2863]: debug1: monitor_child_preauth: hoge has
been authenticated by privileged process
Oct 24 03:25:08 foo sshd[2876]: debug1: PAM establishing creds
Oct 24 03:25:08 foo sshd[2876]: debug1: newkeys: mode 0
Oct 24 03:25:08 foo sshd[2876]: debug1: newkeys: mode 1
Oct 24 03:25:08 foo sshd[2876]: debug1: Entering interactive session for SSH2.
Oct 24 03:25:08 foo sshd[2876]: debug1: fd 5 setting O_NONBLOCK
Oct 24 03:25:08 foo sshd[2876]: debug1: fd 6 setting O_NONBLOCK
Oct 24 03:25:08 foo sshd[2876]: debug1: server_init_dispatch_20
Oct 24 03:25:08 foo sshd[2876]: debug1: server_input_channel_open: ctype
session rchan 256 win 16384 max 16384
Oct 24 03:25:08 foo sshd[2876]: debug1: input_session_request
Oct 24 03:25:08 foo sshd[2876]: debug1: channel 0: new [server-session]
Oct 24 03:25:08 foo sshd[2876]: debug1: session_new: init
Oct 24 03:25:08 foo sshd[2876]: debug1: session_new: session 0
Oct 24 03:25:08 foo sshd[2876]: debug1: session_open: channel 0
Oct 24 03:25:08 foo sshd[2876]: debug1: session_open: session 0: link with
channel 0
Oct 24 03:25:08 foo sshd[2876]: debug1: server_input_channel_open: confirm
session
Oct 24 03:25:08 foo sshd[2876]: debug1: server_input_channel_req: channel 0
request pty-req reply 1
Oct 24 03:25:08 foo sshd[2876]: debug1: session_by_channel: session 0 channel 0
Oct 24 03:25:08 foo sshd[2876]: debug1: session_input_channel_req: session
0 req pty-req
Oct 24 03:25:08 foo sshd[2876]: debug1: Allocating pty.
Oct 24 03:25:08 foo sshd[2863]: debug1: session_new: init
Oct 24 03:25:08 foo sshd[2863]: debug1: session_new: session 0
Oct 24 03:25:08 foo sshd[2876]: debug1: session_pty_req: session 0 alloc
/dev/pts/1
Oct 24 03:25:08 foo sshd[2876]: debug1: server_input_channel_req: channel 0
request shell reply 1
Oct 24 03:25:08 foo sshd[2876]: debug1: session_by_channel: session 0 channel 0
Oct 24 03:25:08 foo sshd[2876]: debug1: session_input_channel_req: session
0 req shell
Oct 24 03:25:08 foo sshd[2876]: debug1: PAM setting tty to "/dev/pts/1"
Oct 24 03:25:08 foo sshd[2876]: debug1: PAM establishing creds
Oct 24 03:25:08 foo sshd[2876]: debug1: fd 4 setting TCP_NODELAY
Oct 24 03:25:08 foo sshd[2877]: debug1: Setting controlling tty using TIOCSCTTY.
Oct 24 03:25:08 foo sshd[2876]: debug1: channel 0: rfd 8 isatty
Oct 24 03:25:08 foo sshd[2876]: debug1: fd 8 setting O_NONBLOCK
以上、長文になって申し訳ありませんが、どうすればうまく行くのか教えて下さい。