宮尾です 現在VineLinux3.2にsshを入れているのですが、WindowsXPから tera tarmを使っても上手く接続できずに困っております 場違いかもしれませんが、ご指導のほどよろしくお願いします。 バージョンはOpenSSH_3.9p1, OpenSSL 0.9.7d 17 Mar 2004です Linuxでうまく鍵が作れているか確かめるために作業の一番最後で 下記の様にやってみました。 [miyao@himawari miyao]$ ssh 192.168.1.2 The authenticity of host '192.168.1.2 (192.168.1.2)' can't be established. RSA key fingerprint is 43:e4:4b:dd:3d:e0:27:74:cb:5b:b6:c9:0a:47:a4:cb. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added '192.168.1.2' (RSA) to the list of known hosts. Permission denied (publickey,keyboard-interactive). これを見ると鍵は上手く出来ている様なのですが、XPからつなごうとするとはじ かれます。 configの設定でどこか悪いところはありますか? ちなみにサーバーのIPは192.168.1.2 WindowsXPのIPは192.168.1.11 です pingは通っています。 [root@himawari .ssh]# more /etc/hosts.allow # # hosts.allow This file describes the names of the hosts which are # allowed to use the local INET services, as decided # by the '/usr/sbin/tcpd' server. # ALL : 192.168.1./255.255.255.0 sshd : ALL [root@himawari .ssh]# more /etc/hosts.deny # # hosts.deny This file describes the names of the hosts which are # *not* allowed to use the local INET services, as decided # by the '/usr/sbin/tcpd' server. # # The portmap line is redundant, but it is left to remind you that # the new secure portmap uses hosts.deny and hosts.allow. In particular # you should know that NFS uses portmap! ALL : ALL [root@himawari .ssh]#cd /etc/ssh/ [root@himawari ssh]# more ssh_config # $OpenBSD: ssh_config,v 1.19 2003/08/13 08:46:31 markus Exp $ # This is the ssh client system-wide configuration file. See # ssh_config(5) for more information. This file provides defaults for # users, and the values can be changed in per-user configuration files # or on the command line. # Configuration data is parsed as follows: # 1. command line options # 2. user-specific file # 3. system-wide file # Any configuration value is only changed the first time it is set. # Thus, host-specific definitions should be at the beginning of the # configuration file, and defaults at the end. # Site-wide defaults for various options # Host * # ForwardAgent no # ForwardX11 no # RhostsRSAAuthentication no # RSAAuthentication yes # PasswordAuthentication yes # HostbasedAuthentication no # BatchMode no # CheckHostIP yes # AddressFamily any # ConnectTimeout 0 # StrictHostKeyChecking ask # IdentityFile ~/.ssh/identity # IdentityFile ~/.ssh/id_rsa # IdentityFile ~/.ssh/id_dsa Port 22 # Protocol 2,1 # Cipher 3des # Ciphers aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-c bc # EscapeChar ~ Host * ForwardX11 yes [root@himawari ssh]# [root@himawari ssh]# more sshd_config # $OpenBSD: sshd_config,v 1.69 2004/05/23 23:59:53 dtucker Exp $ # This is the sshd server system-wide configuration file. See # sshd_config(5) for more information. # This sshd was compiled with PATH=/bin:/usr/bin # The strategy used for options in the default sshd_config shipped with # OpenSSH is to specify options with their default value where # possible, but leave them commented. Uncommented options change a # default value. Port 22 #Protocol 2.1 #ListenAddress 0.0.0.0 #ListenAddress :: # HostKey for protocol version 1 #HostKey /etc/ssh/ssh_host_key # HostKeys for protocol version 2 #HostKey /etc/ssh/ssh_host_rsa_key #HostKey /etc/ssh/ssh_host_dsa_key # Lifetime and size of ephemeral version 1 server key #KeyRegenerationInterval 1h #ServerKeyBits 768 # Logging #obsoletes QuietMode and FascistLogging #SyslogFacility AUTH SyslogFacility AUTHPRIV #LogLevel INFO # Authentication: #LoginGraceTime 2m #PermitRootLogin yes PermitRootLogin no #StrictModes yes #MaxAuthTries 6 #RSAAuthentication yes #PubkeyAuthentication yes #AuthorizedKeysFile .ssh/authorized_keys # For this to work you will also need host keys in /etc/ssh/ssh_known_hosts #RhostsRSAAuthentication no # similar for protocol version 2 #HostbasedAuthentication no # Change to yes if you don't trust ~/.ssh/known_hosts for # RhostsRSAAuthentication and HostbasedAuthentication #IgnoreUserKnownHosts no # Don't read the user's ~/.rhosts and ~/.shosts files #IgnoreRhosts yes # To disable tunneled clear text passwords, change to no here! PasswordAuthentication no PermitEmptyPasswords no # Change to no to disable s/key passwords #ChallengeResponseAuthentication yes # Kerberos options #KerberosAuthentication no #KerberosOrLocalPasswd yes #KerberosTicketCleanup yes #KerberosGetAFSToken no # GSSAPI options #GSSAPIAuthentication no #GSSAPICleanupCredentials yes # Set this to 'yes' to enable PAM authentication, account processing, # and session processing. If this is enabled, PAM authentication will # be allowed through the ChallengeResponseAuthentication mechanism. # Depending on your PAM configuration, this may bypass the setting of # PasswordAuthentication, PermitEmptyPasswords, and # "PermitRootLogin without-password". If you just want the PAM account and # session checks to run without PAM authentication, then enable this but set # ChallengeResponseAuthentication=no #UsePAM no #AllowTcpForwarding yes #GatewayPorts no #X11Forwarding no X11Forwarding yes #X11DisplayOffset 10 #X11UseLocalhost yes #PrintMotd yes #PrintLastLog yes #TCPKeepAlive yes #UseLogin no #UsePrivilegeSeparation yes #PermitUserEnvironment no #Compression yes #ClientAliveInterval 0 #ClientAliveCountMax 3 #UseDNS yes #PidFile /var/run/sshd.pid AllowUsers miyao DenyUsers root admin test guest nobody #MaxStartups 10 # no default banner path #Banner /some/path # override default of no subsystems Subsystem sftp /usr/libexec/openssh/sftp-server [root@himawari ssh]#cd / [root@himawari /]# ssh -v OpenSSH_3.9p1, OpenSSL 0.9.7d 17 Mar 2004 usage: ssh [-1246AaCfghkMNnqsTtVvXxY] [-b bind_address] [-c cipher_spec] [-D port] [-e escape_char] [-F configfile] [-i identity_file] [-L port:host:hostport] [-l login_name] [-m mac_spec] [-o option] [-p port] [-R port:host:hostport] [-S ctl] [user@]hostname [command] [root@himawari /]#su miyao [miyao@himawari miyao]$ ssh-keygen -t rsa1 Generating public/private rsa1 key pair. Enter file in which to save the key (/home/miyao/.ssh/identity): Created directory '/home/miyao/.ssh'. Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /home/miyao/.ssh/identity. Your public key has been saved in /home/miyao/.ssh/identity.pub. The key fingerprint is: 7a:35:b8:f0:ae:28:d2:a0:e7:e3:fc:92:ae:c2:6b:f8 miyao@himawari [miyao@himawari miyao]$ cat /home/miyao/.ssh/identity.pub > /home/miyao/.ssh/authorized_keys [miyao@himawari miyao]$ ls -al /home/miyao/.ssh/ 合計 20 drwx------ 2 miyao users 4096 Nov 1 11:16 ./ drwxr-xr-x 7 miyao users 4096 Nov 1 11:16 ../ -rw-r--r-- 1 miyao users 333 Nov 1 11:16 authorized_keys -rw------- 1 miyao users 529 Nov 1 11:16 identity -rw-r--r-- 1 miyao users 333 Nov 1 11:16 identity.pub [miyao@himawari miyao]$ ssh 192.168.1.2 The authenticity of host '192.168.1.2 (192.168.1.2)' can't be established. RSA key fingerprint is 43:e4:4b:dd:3d:e0:27:74:cb:5b:b6:c9: 0a:47:a4:cb. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added '192.168.1.2' (RSA) to the list of known hosts. Permission denied (publickey,keyboard-interactive). [miyao@himawari miyao]$ ssh 192.168.1.2 Permission denied (publickey,keyboard-interactive).