vine-users ML アーカイブ

[vine-users:073396] sshのこと について

  • From: "miyao" <miyao@xxxxxxxxxxxxx>
  • Subject: [vine-users:073396] sshのこと について
  • Date: Wed, 2 Nov 2005 01:08:05 +0900
宮尾です
現在VineLinux3.2にsshを入れているのですが、WindowsXPから
tera tarmを使っても上手く接続できずに困っております
場違いかもしれませんが、ご指導のほどよろしくお願いします。
バージョンはOpenSSH_3.9p1, OpenSSL 0.9.7d 17 Mar 2004です
Linuxでうまく鍵が作れているか確かめるために作業の一番最後で
下記の様にやってみました。
[miyao@himawari miyao]$ ssh 192.168.1.2
The authenticity of host '192.168.1.2 (192.168.1.2)' can't be
established.
RSA key fingerprint is 43:e4:4b:dd:3d:e0:27:74:cb:5b:b6:c9:0a:47:a4:cb.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.1.2' (RSA) to the list of known
hosts.
Permission denied (publickey,keyboard-interactive).
これを見ると鍵は上手く出来ている様なのですが、XPからつなごうとするとはじ
かれます。
configの設定でどこか悪いところはありますか?
ちなみにサーバーのIPは192.168.1.2
WindowsXPのIPは192.168.1.11
です
pingは通っています。

[root@himawari .ssh]# more /etc/hosts.allow
#
# hosts.allow   This file describes the names of the hosts which are
#               allowed to use the local INET services, as decided
#               by the '/usr/sbin/tcpd' server.
#
ALL  : 192.168.1./255.255.255.0
sshd : ALL

[root@himawari .ssh]# more /etc/hosts.deny
#
# hosts.deny    This file describes the names of the hosts which are
#               *not* allowed to use the local INET services, as decided
#               by the '/usr/sbin/tcpd' server.
#
# The portmap line is redundant, but it is left to remind you that
# the new secure portmap uses hosts.deny and hosts.allow.  In particular
# you should know that NFS uses portmap!
ALL : ALL

[root@himawari .ssh]#cd /etc/ssh/
[root@himawari ssh]# more ssh_config
#       $OpenBSD: ssh_config,v 1.19 2003/08/13 08:46:31 markus Exp $

# This is the ssh client system-wide configuration file.  See
# ssh_config(5) for more information.  This file provides defaults for #
users, and the values can be changed in per-user configuration files #
or on the command line.

# Configuration data is parsed as follows:
#  1. command line options
#  2. user-specific file
#  3. system-wide file
# Any configuration value is only changed the first time it is set. #
Thus, host-specific definitions should be at the beginning of the #
configuration file, and defaults at the end.

# Site-wide defaults for various options

# Host *
#   ForwardAgent no
#   ForwardX11 no
#   RhostsRSAAuthentication no
#   RSAAuthentication yes
#   PasswordAuthentication yes
#   HostbasedAuthentication no
#   BatchMode no
#   CheckHostIP yes
#   AddressFamily any
#   ConnectTimeout 0
#   StrictHostKeyChecking ask
#   IdentityFile ~/.ssh/identity
#   IdentityFile ~/.ssh/id_rsa
#   IdentityFile ~/.ssh/id_dsa
   Port 22
#   Protocol 2,1
#   Cipher 3des
#   Ciphers
aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-c
bc
#   EscapeChar ~
Host *
        ForwardX11 yes
[root@himawari ssh]#
[root@himawari ssh]# more sshd_config
#       $OpenBSD: sshd_config,v 1.69 2004/05/23 23:59:53 dtucker Exp $

# This is the sshd server system-wide configuration file.  See #
sshd_config(5) for more information.

# This sshd was compiled with PATH=/bin:/usr/bin

# The strategy used for options in the default sshd_config shipped with
# OpenSSH is to specify options with their default value where #
possible, but leave them commented.  Uncommented options change a #
default value.

Port 22
#Protocol 2.1
#ListenAddress 0.0.0.0
#ListenAddress ::

# HostKey for protocol version 1
#HostKey /etc/ssh/ssh_host_key
# HostKeys for protocol version 2
#HostKey /etc/ssh/ssh_host_rsa_key
#HostKey /etc/ssh/ssh_host_dsa_key

# Lifetime and size of ephemeral version 1 server key
#KeyRegenerationInterval 1h #ServerKeyBits 768

# Logging
#obsoletes QuietMode and FascistLogging
#SyslogFacility AUTH
SyslogFacility AUTHPRIV
#LogLevel INFO

# Authentication:

#LoginGraceTime 2m
#PermitRootLogin yes
PermitRootLogin no
#StrictModes yes
#MaxAuthTries 6

#RSAAuthentication yes
#PubkeyAuthentication yes
#AuthorizedKeysFile     .ssh/authorized_keys

# For this to work you will also need host keys in
/etc/ssh/ssh_known_hosts
#RhostsRSAAuthentication no
# similar for protocol version 2
#HostbasedAuthentication no
# Change to yes if you don't trust ~/.ssh/known_hosts for
# RhostsRSAAuthentication and HostbasedAuthentication
#IgnoreUserKnownHosts no
# Don't read the user's ~/.rhosts and ~/.shosts files
#IgnoreRhosts yes

# To disable tunneled clear text passwords, change to no here!
PasswordAuthentication no PermitEmptyPasswords no

# Change to no to disable s/key passwords
#ChallengeResponseAuthentication yes

# Kerberos options
#KerberosAuthentication no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes
#KerberosGetAFSToken no

# GSSAPI options
#GSSAPIAuthentication no
#GSSAPICleanupCredentials yes

# Set this to 'yes' to enable PAM authentication, account processing, #
and session processing. If this is enabled, PAM authentication will # be
allowed through the ChallengeResponseAuthentication mechanism. #
Depending on your PAM configuration, this may bypass the setting of #
PasswordAuthentication, PermitEmptyPasswords, and # "PermitRootLogin
without-password". If you just want the PAM account and # session checks
to run without PAM authentication, then enable this but set
# ChallengeResponseAuthentication=no
#UsePAM no

#AllowTcpForwarding yes
#GatewayPorts no
#X11Forwarding no
X11Forwarding yes
#X11DisplayOffset 10
#X11UseLocalhost yes
#PrintMotd yes
#PrintLastLog yes
#TCPKeepAlive yes
#UseLogin no
#UsePrivilegeSeparation yes
#PermitUserEnvironment no
#Compression yes
#ClientAliveInterval 0
#ClientAliveCountMax 3
#UseDNS yes
#PidFile /var/run/sshd.pid
AllowUsers miyao
DenyUsers root admin test guest nobody
#MaxStartups 10

# no default banner path
#Banner /some/path

# override default of no subsystems
Subsystem       sftp    /usr/libexec/openssh/sftp-server
[root@himawari ssh]#cd /

[root@himawari /]# ssh -v
OpenSSH_3.9p1, OpenSSL 0.9.7d 17 Mar 2004
usage: ssh [-1246AaCfghkMNnqsTtVvXxY] [-b bind_address] [-c cipher_spec]
           [-D port] [-e escape_char] [-F configfile] [-i identity_file]
           [-L port:host:hostport] [-l login_name] [-m mac_spec] [-o
option]
           [-p port] [-R port:host:hostport] [-S ctl] [user@]hostname
[command]
[root@himawari /]#su miyao
[miyao@himawari miyao]$ ssh-keygen -t rsa1
Generating public/private rsa1 key pair. Enter file in which to save the
key (/home/miyao/.ssh/identity):
Created directory '/home/miyao/.ssh'. Enter passphrase (empty for no
passphrase):
Enter same passphrase again: Your identification has been saved in
/home/miyao/.ssh/identity. Your public key has been saved in
/home/miyao/.ssh/identity.pub. The key fingerprint is:
7a:35:b8:f0:ae:28:d2:a0:e7:e3:fc:92:ae:c2:6b:f8 miyao@himawari
[miyao@himawari miyao]$ cat /home/miyao/.ssh/identity.pub >
/home/miyao/.ssh/authorized_keys
[miyao@himawari miyao]$ ls -al /home/miyao/.ssh/
合計 20
drwx------    2 miyao    users        4096 Nov  1 11:16 ./
drwxr-xr-x    7 miyao    users        4096 Nov  1 11:16 ../
-rw-r--r--    1 miyao    users         333 Nov  1 11:16 authorized_keys
-rw-------    1 miyao    users         529 Nov  1 11:16 identity
-rw-r--r--    1 miyao    users         333 Nov  1 11:16 identity.pub
[miyao@himawari miyao]$ ssh 192.168.1.2
The authenticity of host '192.168.1.2 (192.168.1.2)' can't be
established. RSA key fingerprint is 43:e4:4b:dd:3d:e0:27:74:cb:5b:b6:c9:
0a:47:a4:cb.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.1.2' (RSA) to the list of known
hosts. Permission denied (publickey,keyboard-interactive).
[miyao@himawari miyao]$ ssh 192.168.1.2
Permission denied (publickey,keyboard-interactive).