EXCCIÓN DE AUTENTUACIÓN DE LA CLAVE DE JSCH -- java campo con ssh campo con jsch campo con private-key camp Relacionados El problema

JSch Key authentification exception Auth fail


-1
vote

problema

Español

Recibo una excepción AUTH FALLO Cuando quiero ejecutar este bloque de código:

  String remoteHostUserName = "me"; String remoteHostName = "xx.xxx.x.xx"; int port = 22; String key = "/home/me/.ssh/id_rsa";  String deployPath = "/home/me/Schreibtisch/ssh_example"; JSch jsch=new JSch();  //creating the identity jsch.addIdentity(key); System.out.println("identity added ");  Session session=jsch.getSession(remoteHostUserName, remoteHostName, port); System.out.println("session created."); Properties config = new Properties(); config.put("StrictHostKeyChecking", "no"); session.setConfig(config); session.connect();   

No quiero establecer una frase.

Aquí el ls -l del .ssh carpeta:

  drwxrwx---  2 root    me  4096 Jul 27 16:01 .ssh   

y finalmente la lista larga dentro del .ssh carpeta:

  -rwxrw---- 1 root me  416 Jul 27 15:51 authorized_keys -rwxrw---- 1 root me 1675 Jul 27 15:49 id_rsa -rwxrw---- 1 root me  416 Jul 27 15:49 id_rsa.pub -rw-r--r-- 1 root me  222 Jul 27 16:01 known_hosts   

Copié el archivo .pub6 y renombrado authorized_keys .

También agregué un registrador aquí es el resultado:

  INFO: kex: server->client aes128-ctr hmac-sha1 none INFO: kex: client->server aes128-ctr hmac-sha1 none INFO: SSH_MSG_KEX_ECDH_INIT sent INFO: expecting SSH_MSG_KEX_ECDH_REPLY INFO: ssh_rsa_verify: signature true WARN: Permanently added 'xx.xxx.x.xx' (RSA) to the list of known hosts. INFO: SSH_MSG_NEWKEYS sent INFO: SSH_MSG_NEWKEYS received INFO: SSH_MSG_SERVICE_REQUEST sent INFO: SSH_MSG_SERVICE_ACCEPT received INFO: Authentications that can continue: publickey,keyboard-interactive,password INFO: Next authentication method: publickey INFO: Authentications that can continue: password INFO: Next authentication method: password INFO: Disconnecting from xx.xxx.x.xx port 22 Exception in thread "main" com.jcraft.jsch.JSchException: Auth fail at com.jcraft.jsch.Session.connect(Session.java:512) at com.jcraft.jsch.Session.connect(Session.java:183) at SSHTestStandAlone.testConnection(SSHTestStandAlone.java:33) at SSHTestStandAlone.main(SSHTestStandAlone.java:11)   

Pienso después de la autenticación clave JSCH ¿Quiere la contraseña normal?

Aquí la salida del comando SSH -V en la cáscara:

Aquí la salida del comando ssh -v:

  florian@florian-HP-EliteBook-8540w:~$ ssh -v florian@xx.xxx.x.xx OpenSSH_6.7p1 Ubuntu-5ubuntu1, OpenSSL 1.0.1f 6 Jan 2014 debug1: Reading configuration data /etc/ssh/ssh_config debug1: /etc/ssh/ssh_config line 19: Applying options for * debug1: Connecting to xx.xxx.x.xx [xx.xxx.x.xx] port 22. debug1: Connection established. debug1: key_load_public: No such file or directory debug1: identity file /home/florian/.ssh/identity type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/florian/.ssh/identity-cert type -1 debug1: identity file /home/florian/.ssh/id_rsa type 1 debug1: key_load_public: No such file or directory debug1: identity file /home/florian/.ssh/id_rsa-cert type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/florian/.ssh/id_dsa type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/florian/.ssh/id_dsa-cert type -1 debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_6.7p1 Ubuntu-5ubuntu1 debug1: Remote protocol version 2.0, remote software version OpenSSH_6.7p1 Ubuntu-5ubuntu1 debug1: match: OpenSSH_6.7p1 Ubuntu-5ubuntu1 pat OpenSSH* compat 0x04000000 debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug1: kex: server->client aes128-ctr umac-64-etm@openssh.com none debug1: kex: client->server aes128-ctr umac-64-etm@openssh.com none debug1: sending SSH2_MSG_KEX_ECDH_INIT debug1: expecting SSH2_MSG_KEX_ECDH_REPLY debug1: Server host key: ECDSA  xx:xx:xx:xx:xx:xx The authenticity of host 'xx.xxx.xx.x (xx.xxx.x.xx)' can't be established. ECDSA key fingerprint is  xx:xx:xx:xx:xx:xx. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added 'xx.xxx.x.xx' (ECDSA) to the list of known hosts. debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug1: SSH2_MSG_NEWKEYS received debug1: Roaming not allowed by server debug1: SSH2_MSG_SERVICE_REQUEST sent debug1: SSH2_MSG_SERVICE_ACCEPT received debug1: Authentications that can continue: publickey,password debug1: Next authentication method: publickey debug1: Trying private key: /home/florian/.ssh/identity debug1: Offering RSA public key: /home/florian/.ssh/id_rsa debug1: Authentications that can continue: publickey,password debug1: Trying private key: /home/florian/.ssh/id_dsa debug1: Next authentication method: password   

Muchas gracias y saludos, Sirsandmann

Original en ingles

I get an exception Auth fail when I want to run this code block:

String remoteHostUserName = "me"; String remoteHostName = "xx.xxx.x.xx"; int port = 22; String key = "/home/me/.ssh/id_rsa";  String deployPath = "/home/me/Schreibtisch/ssh_example"; JSch jsch=new JSch();  //creating the identity jsch.addIdentity(key); System.out.println("identity added ");  Session session=jsch.getSession(remoteHostUserName, remoteHostName, port); System.out.println("session created."); Properties config = new Properties(); config.put("StrictHostKeyChecking", "no"); session.setConfig(config); session.connect(); 

I don't want to set a phrase.

Here the ls -l of the .ssh folder:

drwxrwx---  2 root    me  4096 Jul 27 16:01 .ssh 

and finally the long list within the .ssh folder:

-rwxrw---- 1 root me  416 Jul 27 15:51 authorized_keys -rwxrw---- 1 root me 1675 Jul 27 15:49 id_rsa -rwxrw---- 1 root me  416 Jul 27 15:49 id_rsa.pub -rw-r--r-- 1 root me  222 Jul 27 16:01 known_hosts 

I copied the .pub file and renamed it authorized_keys.

I also added a logger here is the result:

INFO: kex: server->client aes128-ctr hmac-sha1 none INFO: kex: client->server aes128-ctr hmac-sha1 none INFO: SSH_MSG_KEX_ECDH_INIT sent INFO: expecting SSH_MSG_KEX_ECDH_REPLY INFO: ssh_rsa_verify: signature true WARN: Permanently added 'xx.xxx.x.xx' (RSA) to the list of known hosts. INFO: SSH_MSG_NEWKEYS sent INFO: SSH_MSG_NEWKEYS received INFO: SSH_MSG_SERVICE_REQUEST sent INFO: SSH_MSG_SERVICE_ACCEPT received INFO: Authentications that can continue: publickey,keyboard-interactive,password INFO: Next authentication method: publickey INFO: Authentications that can continue: password INFO: Next authentication method: password INFO: Disconnecting from xx.xxx.x.xx port 22 Exception in thread "main" com.jcraft.jsch.JSchException: Auth fail at com.jcraft.jsch.Session.connect(Session.java:512) at com.jcraft.jsch.Session.connect(Session.java:183) at SSHTestStandAlone.testConnection(SSHTestStandAlone.java:33) at SSHTestStandAlone.main(SSHTestStandAlone.java:11) 

I think after the key authentication JSch want the normal password?

Here the output of the ssh -v command in the shell:

Here the output of the ssh -v command:

florian@florian-HP-EliteBook-8540w:~$ ssh -v florian@xx.xxx.x.xx OpenSSH_6.7p1 Ubuntu-5ubuntu1, OpenSSL 1.0.1f 6 Jan 2014 debug1: Reading configuration data /etc/ssh/ssh_config debug1: /etc/ssh/ssh_config line 19: Applying options for * debug1: Connecting to xx.xxx.x.xx [xx.xxx.x.xx] port 22. debug1: Connection established. debug1: key_load_public: No such file or directory debug1: identity file /home/florian/.ssh/identity type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/florian/.ssh/identity-cert type -1 debug1: identity file /home/florian/.ssh/id_rsa type 1 debug1: key_load_public: No such file or directory debug1: identity file /home/florian/.ssh/id_rsa-cert type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/florian/.ssh/id_dsa type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/florian/.ssh/id_dsa-cert type -1 debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_6.7p1 Ubuntu-5ubuntu1 debug1: Remote protocol version 2.0, remote software version OpenSSH_6.7p1 Ubuntu-5ubuntu1 debug1: match: OpenSSH_6.7p1 Ubuntu-5ubuntu1 pat OpenSSH* compat 0x04000000 debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug1: kex: server->client aes128-ctr umac-64-etm@openssh.com none debug1: kex: client->server aes128-ctr umac-64-etm@openssh.com none debug1: sending SSH2_MSG_KEX_ECDH_INIT debug1: expecting SSH2_MSG_KEX_ECDH_REPLY debug1: Server host key: ECDSA  xx:xx:xx:xx:xx:xx The authenticity of host 'xx.xxx.xx.x (xx.xxx.x.xx)' can't be established. ECDSA key fingerprint is  xx:xx:xx:xx:xx:xx. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added 'xx.xxx.x.xx' (ECDSA) to the list of known hosts. debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug1: SSH2_MSG_NEWKEYS received debug1: Roaming not allowed by server debug1: SSH2_MSG_SERVICE_REQUEST sent debug1: SSH2_MSG_SERVICE_ACCEPT received debug1: Authentications that can continue: publickey,password debug1: Next authentication method: publickey debug1: Trying private key: /home/florian/.ssh/identity debug1: Offering RSA public key: /home/florian/.ssh/id_rsa debug1: Authentications that can continue: publickey,password debug1: Trying private key: /home/florian/.ssh/id_dsa debug1: Next authentication method: password 

Thank you very much and kind regards, SirSandmann

           

Lista de respuestas

2
 
vote

La carpeta .ssh y el archivo authorized_keys no puede ser enviado por nadie, excepto usted.

asegúrate de hacer

  chmod 700 .ssh chmod 600 .ssh/authorized_keys   

Nota lateral (no relacionada con el problema):

Su clave privada no puede ser legible por nadie más, pero usted. Usted compromete su seguridad de esta manera.

También tenga en cuenta que no necesita su clave privada, con la que se conecta con el servidor, en la carpeta 99887776664 ~/.ssh4 del servidor.


La próxima vez, pruebe la autenticación utilizando primero un cliente GUI, para verificar si lo tiene la configuración correctamente.

 

The .ssh folder and the authorized_keys file cannot be writtable by anyone except you.

Make sure you do

chmod 700 .ssh chmod 600 .ssh/authorized_keys 

Side note (unrelated to the problem):

Your private key cannot be readable by anyone else, but you. You compromise your security this way.

Also note that you do not need your private key, that you connect with to the server, in the server's ~/.ssh folder.


Next time, test the authentication using a GUI client first, to check if your have it setup correctly.

 
 

Relacionados problema

10  Encriptando con la clave privada RSA en Java  ( Encrypting with rsa private key in java ) 
Estoy tratando de encriptar algún contenido con una clave privada RSA. Estoy siguiendo este ejemplo: http://www.junkheap.net/content/public_key_encryption_...

2  AWS EC2 userdata cifrado  ( Aws ec2 userdata encryption ) 
Nosotros hemos sido usecase de tomar la entrada que incluye la contraseña del usuario y pasarla a la instancia de EC2. Desde la instancia de EC2, llegamos a l...

0  Cómo obtener la clave privada como byte [] de una PFX protegida por contraseña Fetched desde Azure Key Vault  ( How to get private key as byte of a password protected pfx fetched from azure ) 
Estoy recuperando mi certificado de Azure Key Vault usando el método GETECRETASYNC () y luego estoy esperando obtener el byte [] de la clave privada y el cert...

0  Llavero OS X: Extraer llaves privadas - ¿Posible?  ( Os x keychain extracting private keys possible ) 
Estoy intentando extraer los bytes crudos de una llave privada almacenada en un SecKeyRef en OS X. ¿Cómo voy a hacer esto? He leído este ~ 7 años de eda...

18  El terminal MAC sigue solicitando contraseña al usar PPK con SSH  ( Mac terminal keeps asking for password when using ppk with ssh ) 
Estoy intentando conectarme a un servidor de Amazon EC2 a través de Mac Terminal. Tengo un archivo PPK que no tiene una contraseña adjunta a ella, pero cuando...

3  Tienda de llave privada en microservicios  ( Store private key in microservices ) 
Hay algunos microservicio que se comunican entre sí con mensajes cifrados RSA. Las claves privadas están en archivos actualmente, ¿cuál es la mejor práctica p...

2  Múltiples teclas vs VS Claves y exportaciones / importaciones de claves  ( Multiple keystores vs multiple keys and export import of keys ) 
Estoy desarrollando múltiples aplicaciones de Android para varios clientes. Gestiono el ciclo de vida completo de desarrollo para mis clientes que incluye el ...

7  Decrypt con Certificado Certificado X.509  ( Decrypt with privatekey x 509 certificate ) 
Tengo un problema para descifrar un mensaje usgin de certificados X.509. GENERAR MI CERTIFICADO CON MAKECERT CON ESTAS OPCIONES: makecert -r -pe -n "CN=M...

-1  Cómo solucionar esta excepción: excepción en el hilo "principal" java.lang.classcastException  ( How to fix this exception exception in thread main java lang classcastexcepti ) 
La excepción es: excepción en el hilo "principal" java.lang.classcastException: [ljava.security.cert.certificate; no se puede emitir a [ljava.security.cert.x5...

1  Cómo iniciar sesión en el servidor SSH sin dar contraseña usando la clave privada / de claves públicas-openssh-openssh  ( How to login ssh server without giving password using private public key import ) 
Actualmente, FileZilla se está utilizando para copiar desde Remote Sever. Exige que la operación manual requiere copiar y completar otra tarea adicional despu...




© 2022 respuesta.top Reservados todos los derechos. Centro de preguntas y respuestas reservados todos los derechos