Permiso SSH denegado (PUBLICKEY) Respuesta -- server campo con ssh camp askubuntu Relacionados El problema

SSH Permission denied (publickey) ANSWER


0
vote

problema

Español
   Hi, not able to reply to the similar questions, so creating a new public question. Sorry.  1. Create a config file ~/.ssh/config  # Hostname ip-or-domain-of-server "if you have just one, # to ignore"     Port 22     # User username "if you have just one, # to ignore"     PubKeyAuthentication yes     IdentityFile ~/.ssh/private-key  #End   2. ssh-keygen  ssh-keygen -t rsa -b 4096 -f ~/.ssh/rsa -C "comment"  ssh-keygen -t ed25519 -f ~/.ssh/ed25519 -C "comment"  ssh-keygen -t ecdsa -b 521 -f ~/.ssh/edcdsa -C "comment"   3. SSH key install and config  1. [REMOTE computer with USER ACCOUNT to create .ssh directory] ssh user@192.168.0.250 mkdir -p .ssh 2. [REMOTE computer with USER ACCOUNT for permissions] ssh user@192.168.0.250 "chmod 700 .ssh; chmod 600 .ssh/authorized_keys" 3a. [Install the key on remote computer, note ssh-copy-id command will create also the directors/file authorized_keys if does not exist] ssh-copy-id -i ~/.ssh/id_rsa.pub user@192.168.0.250 3b. [or] [LOCAL TO REMOTE] * cat ~/.ssh/id_rsa.pub | ssh user@192.168.0.250 'cat >> ~/.ssh/authorized_keys'   4. ~/.ssh (remote server .ssh folder/file permissions)  chown user:user /home/user/.ssh  chmod 700 /home/user/.ssh drwx------  2 user user  29 Feb 15 15:02 .ssh  chmod 600 /home/user/.ssh/authorized_keys -rw-------  1 user root   116 Feb 15 15:02 authorized_keys  sudo chmod 600 'private-key' -rw-------. 1 user user 484 Feb 16 16:25 'private-key'  5. /etc/ssh/sshd_config  HostKey /etc/ssh/ssh_host_rsa_key HostKey /etc/ssh/ssh_host_ecdsa_key HostKey /etc/ssh/ssh_host_ed25519_key  # Ciphers and keying # https://infosec.mozilla.org/guidelines/openssh  KexAlgorithms curve25519-sha256@libssh.org,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,diffie-hellman-group-exchange-sha256,curve25519-sha256  Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr  MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,umac-128@openssh.com  PasswordAuthentication no PermitEmptyPasswords no PermitRootLogin no PubkeyAuthentication yes AuthorizedKeysFile      .ssh/authorized_keys ChallengeResponseAuthentication no UsePAM yes  6. If you have created the config file on ~/.ssh (depending on paramenters)  # ssh user@192.168.0.250  or # ssh 192.168.0.220  or # ssh hostname  Example bellow ssh key is ED25519 and protected by passphrase  $ ssh -vT "user"@192.168.0.250 OpenSSH_8.4p1, OpenSSL 1.1.1i FIPS  8 Dec 2020 debug1: Reading configuration data /home/"user"/.ssh/config debug1: Reading configuration data /etc/ssh/ssh_config debug1: Reading configuration data /etc/ssh/ssh_config.d/50-redhat.conf debug1: Reading configuration data /etc/crypto-policies/back-ends/openssh.config debug1: configuration requests final Match pass debug1: re-parsing configuration debug1: Reading configuration data /home/"user"/.ssh/config debug1: Reading configuration data /etc/ssh/ssh_config debug1: Reading configuration data /etc/ssh/ssh_config.d/50-redhat.conf debug1: Reading configuration data /etc/crypto-policies/back-ends/openssh.config debug1: Connecting to 192.168.0.250 [192.168.0.250] port 22. debug1: Connection established. debug1: identity file /home/"user"/.ssh/ed25519 type 3 debug1: identity file /home/"user"/.ssh/ed25519-cert type -1 debug1: Local version string SSH-2.0-OpenSSH_8.4 debug1: Remote protocol version 2.0, remote software version OpenSSH_8.0 debug1: match: OpenSSH_8.0 pat OpenSSH* compat 0x04000000 debug1: Authenticating to 192.168.0.250:22 as 'adm-cz' debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug1: kex: algorithm: curve25519-sha256 debug1: kex: host key algorithm: ecdsa-sha2-nistp256 debug1: kex: server->client cipher: aes256-gcm@openssh.com MAC: <implicit> compression: none debug1: kex: client->server cipher: aes256-gcm@openssh.com MAC: <implicit> compression: none debug1: kex: curve25519-sha256 need=32 dh_need=32 debug1: kex: curve25519-sha256 need=32 dh_need=32 debug1: expecting SSH2_MSG_KEX_ECDH_REPLY debug1: Server host key: ecdsa-sha2-nistp256 SHA256:xxxxxxxx debug1: Host '192.168.0.250' is known and matches the ECDSA host key. debug1: Found key in /home/"user"/.ssh/known_hosts:2 debug1: rekey out after 4294967296 blocks debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug1: SSH2_MSG_NEWKEYS received debug1: rekey in after 4294967296 blocks debug1: Will attempt key: /home/"user"/.ssh/ed25519 ED25519 SHA256:xxxxxxxx/am40k explicit debug1: SSH2_MSG_EXT_INFO received debug1: kex_input_ext_info: server-sig-algs=<ssh-ed25519,ssh-rsa,rsa-sha2-256,rsa-sha2-512,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521> debug1: SSH2_MSG_SERVICE_ACCEPT received # banner # debug1: Authentications that can continue: publickey debug1: Next authentication method: publickey debug1: Offering public key: /home/"user"/.ssh/ed25519_ ED25519 SHA256:XXxxxXX/am40k explicit debug1: Server accepts key: /home/"user"/.ssh/ed25519_ ED25519 SHA256:XXxxxxXX/am40k explicit  Enter passphrase for key '/home/"user"/.ssh/ed25519_':   7. If you HAVE NOT created the config file ssh -i ~/.ssh/id_rsa user@192.168.0.250 ssh -p 2222 -i ~/.ssh/id_rsa user@192.168.0.250 for port  8. Adding the passphrase to the ssh "session" so you can connect to servers (that have the public key) without passphrase requests  [LOCAL to REMOTE] $ eval $(ssh-agent) $ ssh-add ~/.ssh/ed25519 Enter passphrase for key '/home/"user"/.ssh/ed25519':    
Original en ingles
 Hi, not able to reply to the similar questions, so creating a new public question. Sorry.  1. Create a config file ~/.ssh/config  # Hostname ip-or-domain-of-server "if you have just one, # to ignore"     Port 22     # User username "if you have just one, # to ignore"     PubKeyAuthentication yes     IdentityFile ~/.ssh/private-key  #End   2. ssh-keygen  ssh-keygen -t rsa -b 4096 -f ~/.ssh/rsa -C "comment"  ssh-keygen -t ed25519 -f ~/.ssh/ed25519 -C "comment"  ssh-keygen -t ecdsa -b 521 -f ~/.ssh/edcdsa -C "comment"   3. SSH key install and config  1. [REMOTE computer with USER ACCOUNT to create .ssh directory] ssh user@192.168.0.250 mkdir -p .ssh 2. [REMOTE computer with USER ACCOUNT for permissions] ssh user@192.168.0.250 "chmod 700 .ssh; chmod 600 .ssh/authorized_keys" 3a. [Install the key on remote computer, note ssh-copy-id command will create also the directors/file authorized_keys if does not exist] ssh-copy-id -i ~/.ssh/id_rsa.pub user@192.168.0.250 3b. [or] [LOCAL TO REMOTE] * cat ~/.ssh/id_rsa.pub | ssh user@192.168.0.250 'cat >> ~/.ssh/authorized_keys'   4. ~/.ssh (remote server .ssh folder/file permissions)  chown user:user /home/user/.ssh  chmod 700 /home/user/.ssh drwx------  2 user user  29 Feb 15 15:02 .ssh  chmod 600 /home/user/.ssh/authorized_keys -rw-------  1 user root   116 Feb 15 15:02 authorized_keys  sudo chmod 600 'private-key' -rw-------. 1 user user 484 Feb 16 16:25 'private-key'  5. /etc/ssh/sshd_config  HostKey /etc/ssh/ssh_host_rsa_key HostKey /etc/ssh/ssh_host_ecdsa_key HostKey /etc/ssh/ssh_host_ed25519_key  # Ciphers and keying # https://infosec.mozilla.org/guidelines/openssh  KexAlgorithms curve25519-sha256@libssh.org,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,diffie-hellman-group-exchange-sha256,curve25519-sha256  Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr  MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,umac-128@openssh.com  PasswordAuthentication no PermitEmptyPasswords no PermitRootLogin no PubkeyAuthentication yes AuthorizedKeysFile      .ssh/authorized_keys ChallengeResponseAuthentication no UsePAM yes  6. If you have created the config file on ~/.ssh (depending on paramenters)  # ssh user@192.168.0.250  or # ssh 192.168.0.220  or # ssh hostname  Example bellow ssh key is ED25519 and protected by passphrase  $ ssh -vT "user"@192.168.0.250 OpenSSH_8.4p1, OpenSSL 1.1.1i FIPS  8 Dec 2020 debug1: Reading configuration data /home/"user"/.ssh/config debug1: Reading configuration data /etc/ssh/ssh_config debug1: Reading configuration data /etc/ssh/ssh_config.d/50-redhat.conf debug1: Reading configuration data /etc/crypto-policies/back-ends/openssh.config debug1: configuration requests final Match pass debug1: re-parsing configuration debug1: Reading configuration data /home/"user"/.ssh/config debug1: Reading configuration data /etc/ssh/ssh_config debug1: Reading configuration data /etc/ssh/ssh_config.d/50-redhat.conf debug1: Reading configuration data /etc/crypto-policies/back-ends/openssh.config debug1: Connecting to 192.168.0.250 [192.168.0.250] port 22. debug1: Connection established. debug1: identity file /home/"user"/.ssh/ed25519 type 3 debug1: identity file /home/"user"/.ssh/ed25519-cert type -1 debug1: Local version string SSH-2.0-OpenSSH_8.4 debug1: Remote protocol version 2.0, remote software version OpenSSH_8.0 debug1: match: OpenSSH_8.0 pat OpenSSH* compat 0x04000000 debug1: Authenticating to 192.168.0.250:22 as 'adm-cz' debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug1: kex: algorithm: curve25519-sha256 debug1: kex: host key algorithm: ecdsa-sha2-nistp256 debug1: kex: server->client cipher: aes256-gcm@openssh.com MAC: <implicit> compression: none debug1: kex: client->server cipher: aes256-gcm@openssh.com MAC: <implicit> compression: none debug1: kex: curve25519-sha256 need=32 dh_need=32 debug1: kex: curve25519-sha256 need=32 dh_need=32 debug1: expecting SSH2_MSG_KEX_ECDH_REPLY debug1: Server host key: ecdsa-sha2-nistp256 SHA256:xxxxxxxx debug1: Host '192.168.0.250' is known and matches the ECDSA host key. debug1: Found key in /home/"user"/.ssh/known_hosts:2 debug1: rekey out after 4294967296 blocks debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug1: SSH2_MSG_NEWKEYS received debug1: rekey in after 4294967296 blocks debug1: Will attempt key: /home/"user"/.ssh/ed25519 ED25519 SHA256:xxxxxxxx/am40k explicit debug1: SSH2_MSG_EXT_INFO received debug1: kex_input_ext_info: server-sig-algs=<ssh-ed25519,ssh-rsa,rsa-sha2-256,rsa-sha2-512,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521> debug1: SSH2_MSG_SERVICE_ACCEPT received # banner # debug1: Authentications that can continue: publickey debug1: Next authentication method: publickey debug1: Offering public key: /home/"user"/.ssh/ed25519_ ED25519 SHA256:XXxxxXX/am40k explicit debug1: Server accepts key: /home/"user"/.ssh/ed25519_ ED25519 SHA256:XXxxxxXX/am40k explicit  Enter passphrase for key '/home/"user"/.ssh/ed25519_':   7. If you HAVE NOT created the config file ssh -i ~/.ssh/id_rsa user@192.168.0.250 ssh -p 2222 -i ~/.ssh/id_rsa user@192.168.0.250 for port  8. Adding the passphrase to the ssh "session" so you can connect to servers (that have the public key) without passphrase requests  [LOCAL to REMOTE] $ eval $(ssh-agent) $ ssh-add ~/.ssh/ed25519 Enter passphrase for key '/home/"user"/.ssh/ed25519':  
     

Lista de respuestas


Relacionados problema

4  SSHD: Usuario <nombre de usuario> no permitido porque Shell ZSH no existe  ( Sshd user username not allowed because shell zsh does not exist ) 
Estoy tratando de iniciar sesión en mi PC con SSH, pero cada vez que SSH dice Permission denied (publickey). y /var/log/auth.log contiene entradas que dic...

65  ¿Cuál es la mejor manera de ssh a las máquinas en la red local?  ( Whats the best way to ssh to machines on the local network ) 
Tengo 2 computadoras, una que yo uso y otra para los niños. Quiero poder ssh en su computadora para controlarlo (como cerrarlo, etc.), pero tengo curiosidad l...

42  ¿Cómo interfire gráficamente con un servidor sin cabeza?  ( How to graphically interface with a headless server ) 
Tengo un servidor de desarrollo de Ubuntu en el trabajo. Es un viejo servidor de rack que se encuentra en algún lugar de la mazmorra de la compañía, donde nad...

11  Ejecute scripts automáticamente en el servidor después de la conexión SSH  ( Run scripts automatically in server after ssh connection ) 
Cómo ejecutar un script automáticamente en el servidor Poco después de que el sistema del cliente establezca la conexión SSH con el servidor para ex: Supong...

0  Obtenga permiso denegado error  ( Getting permission denied error ) 
He escrito un script bash y se ejecuta en segundo plano, dentro de este script, he usado el siguiente comando: sshpass -p prakash123 ssh -t -p $1 prakash@l...

1  Configuración de Ubuntu 13.04 Home Server  ( Setting up ubuntu 13 04 home server ) 
Actualmente estoy intentando configurar un servidor de casa usando Ubuntu 13.04. Estoy siguiendo las instrucciones de http://linuxhomeserverguide.com/server-...

4  Mantenga los procesos de funcionamiento vivos cuando desconectan la conexión remota  ( Keep the running processes alive when disconneting the remote connection ) 
Tengo un montón de procesos en un servidor iniciado por SSH desde mi propia máquina. Ahora se trata de tres horas que el Ubuntu de mi máquina se ha colgado y ...

2  Restrinja el inicio de sesión SSH con la clave pública solo para los usuarios seleccionados  ( Restrict ssh login with public key only to selected users ) 
USO ABCDEFGHIJKLMNABCDEFGHIJKLMN0 , he habilitado el inicio de sesión en My Ubuntu 18.04 Machine, llámalo Remote y mi cuenta de usuario en abcdefghijklmn2...

6  Ubuntu 12.04 - Puedo ssh en el servidor, pero SSHD es un servicio no reconocido  ( Ubuntu 12 04 i can ssh into the server but sshd is an unrecognized service ) 
Estoy tratando de configurar la autenticación basada en clave para SSH en mi servidor Ubuntu 12.04 después de este tutorial y que . No está funcionando r...

2  ¿Cómo puedo agregar un mensaje después del "último inicio de sesión" que se muestra al iniciar la conexión de San SSH?  ( How can i add a message after the last login shown when starting san ssh conne ) 
No puedo encontrar cómo agregar un mensaje después de la línea "Última sesión de inicio de sesión ..." en mi Ubuntu 14.04. Puedo editar todo antes de usar los...




© 2022 respuesta.top Reservados todos los derechos. Centro de preguntas y respuestas reservados todos los derechos