Navigacija
Lista poslednjih: 16, 32, 64, 128 poruka.

Ssh veza dva servera bez passworda

[es] :: Linux :: Ssh veza dva servera bez passworda

Strane: 1 2

[ Pregleda: 3585 | Odgovora: 32 ] > FB > Twit

Postavi temu Odgovori

Autor

Pretraga teme: Traži
Markiranje Štampanje RSS

marxer
Novi Sad

Član broj: 152687
Poruke: 56
*.static.isp.telekom.rs.



+1 Profil

icon Ssh veza dva servera bez passworda27.04.2019. u 20:09 - pre 52 dana i 8h
Pozdrav svima

Imam jedan Ubuntu 16.04 server (zvaću ga centralni) koji mi služi za prikupljanje podataka sa tridesetak udaljenih lokacija. Na tim malim lokacijama se nalaze Qnap-i sa nekim embeded linux-om koji na tim lokacijama rade kao serveri. Svaki dan u određeno vreme svaka udaljena lokacija uradi rsync foldera x sa Qnap-a na folder y Ubuntu servera. Da bih to postigao na svakom Qnap-u je urađen ssh-keygen i odrađeno automatsko logovanje na Ubuntu bez kucanja lozinke. Lokacije su sa dinamičkim adresama i MTS ADSL-ovima koje MTS voli da resetuje pa nikakvo podešavanje nije trajno. Zato se komunikacija inicijalizuje sa tih malih lokacija i kači se na Ubuntu koji je na statičkoj IP adresi. I sve radi OK već neko vreme ...

Onda je na jednoj lokaciji sa većim potrebama postavljen umesto Qnap-a Ubuntu 18.04 zbog potrebe za jačim serverom. Međutim, kada sam odradio ssh-keygen i generisani ključ preneo na centralni server počeli su problemi. Štagod da uradim, uvek centralni server uvek traži password. Ispratio sam savete sa raznih foruma i sve se svodilo podešavanja koja sam i sam probao. U "igru" sam ubacio i treći server za potrebe testiranja (opet Ubuntu 16.04) i problemi su se preslikali bilo da je ovaj server glumio centralnog, bilo da je glumio udaljenog servera ...

Nedelju dana ne mogu da shvatim gde grešim. Svaki savet je dobrodošao i zahvaljujem se unapred

user@remote:~$ ssh -vvv user@central.server.domen.rs
OpenSSH_7.6p1 Ubuntu-4ubuntu0.3, OpenSSL 1.0.2n 7 Dec 2017
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug2: resolving "central.server.domen.rs" port 22
debug2: ssh_connect_direct: needpriv 0
debug1: Connecting to central.server.domen.rs [89.216.x.y] port 22.
debug1: Connection established.
debug1: identity file /home/user/.ssh/id_rsa type 0
debug1: key_load_public: No such file or directory
debug1: identity file /home/user/.ssh/id_rsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/user/.ssh/id_dsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/user/.ssh/id_dsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/user/.ssh/id_ecdsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/user/.ssh/id_ecdsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/user/.ssh/id_ed25519 type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/user/.ssh/id_ed25519-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_7.6p1 Ubuntu-4ubuntu0.3
debug1: Remote protocol version 2.0, remote software version OpenSSH_7.2p2 Ubuntu-4ubuntu2.8
debug1: match: OpenSSH_7.2p2 Ubuntu-4ubuntu2.8 pat OpenSSH* compat 0x04000000
debug2: fd 3 setting O_NONBLOCK
debug1: Authenticating to central.server.domen.rs:22 as 'user'
debug3: hostkeys_foreach: reading file "/home/user/.ssh/known_hosts"
debug3: send packet: type 20
debug1: SSH2_MSG_KEXINIT sent
debug3: receive packet: type 20
debug1: SSH2_MSG_KEXINIT received
debug2: local client KEXINIT proposal
debug2: KEX algorithms: curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c
debug2: host key algorithms: ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-ed25519-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2 -nistp521,ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa
debug2: ciphers ctos: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
debug2: ciphers stoc: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
debug2: MACs ctos: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: MACs stoc: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: compression ctos: none,zlib@openssh.com,zlib
debug2: compression stoc: none,zlib@openssh.com,zlib
debug2: languages ctos:
debug2: languages stoc:
debug2: first_kex_follows 0
debug2: reserved 0
debug2: peer server KEXINIT proposal
debug2: KEX algorithms: curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1
debug2: host key algorithms: ssh-rsa,rsa-sha2-512,rsa-sha2-256,ecdsa-sha2-nistp256,ssh-ed25519
debug2: ciphers ctos: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
debug2: ciphers stoc: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
debug2: MACs ctos: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: MACs stoc: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: compression ctos: none,zlib@openssh.com
debug2: compression stoc: none,zlib@openssh.com
debug2: languages ctos:
debug2: languages stoc:
debug2: first_kex_follows 0
debug2: reserved 0
debug1: kex: algorithm: curve25519-sha256@libssh.org
debug1: kex: host key algorithm: ecdsa-sha2-nistp256
debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug3: send packet: type 30
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug3: receive packet: type 31
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:QJjwe7L+6SN++snJKxyxyxyxyNwf0Ih2OAxV+cp+0o
debug3: hostkeys_foreach: reading file "/home/user/.ssh/known_hosts"
debug3: hostkeys_foreach: reading file "/home/user/.ssh/known_hosts"
debug3: record_hostkey: found key type ECDSA in file /home/user/.ssh/known_hosts:2
debug3: load_hostkeys: loaded 1 keys from 89.216.x.y
The authenticity of host 'home.markser.in.rs (89.216.x.y)' can't be established.
ECDSA key fingerprint is SHA256:QJjwe7L+6SN++snJKxyxyxyxyNwf0Ih2OAxV+cp+0o.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'central.server.domen.rs' (ECDSA) to the list of known hosts.
Warning: the ECDSA host key for 'central.server.domen.rs' differs from the key for the IP address '89.216.x.y'
Offending key for IP in /home/user/.ssh/known_hosts:2
Are you sure you want to continue connecting (yes/no)? yes
debug3: send packet: type 21
debug2: set_newkeys: mode 1
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug3: receive packet: type 21
debug1: SSH2_MSG_NEWKEYS received
debug2: set_newkeys: mode 0
debug1: rekey after 134217728 blocks
debug2: key: /home/user/.ssh/id_rsa (0x561336fbc500)
debug2: key: /home/user/.ssh/id_dsa ((nil))
debug2: key: /home/user/.ssh/id_ecdsa ((nil))
debug2: key: /home/user/.ssh/id_ed25519 ((nil))
debug3: send packet: type 5
debug3: receive packet: type 6
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug3: send packet: type 50
debug3: receive packet: type 51
debug1: Authentications that can continue: password
debug3: start over, passed a different list password
debug3: preferred gssapi-keyex,gssapi-with-mic,publickey,keyboard-interactive,password
debug3: authmethod_lookup password
debug3: remaining preferred: ,gssapi-with-mic,publickey,keyboard-interactive,password
debug3: authmethod_is_enabled password
debug1: Next authentication method: password
user@central.server.domen.rs's password:

Iskustvo je srazmerno količini uništene opreme ...
 
Odgovor na temu

Branimir Maksimovic

Član broj: 64947
Poruke: 2510
109.72.51.*



+551 Profil

icon Re: Ssh veza dva servera bez passworda27.04.2019. u 21:43 - pre 52 dana i 7h
"Warning: the ECDSA host key for 'central.server.domen.rs' differs from the key for the IP address '89.216.x.y'"

obrisi tu liniju iz known_hosts i trebalo bi da proradi.
press any key to continue or any other to quit....
 
Odgovor na temu

tuxserbia
Oleg Vučković
urandom
/dev/null
Niš

Član broj: 4094
Poruke: 812

Jabber: tuxserbia@elitesecurity.org
ICQ: 65355850
Sajt: 127.0.0.1


+89 Profil

icon Re: Ssh veza dva servera bez passworda27.04.2019. u 21:45 - pre 52 dana i 7h
Obriši ključeve, pa probaj opet.
Kako se dele racunarski programi?
Na bagovite (sa greskama) i ispravne (bez gresaka). Ovi drugi su hipoteticki.

GPL-ovano by @Shadowed

"Ja za email koristim outlook express u virtualnoj mašini, tako da s te strane nijedan linux nije
dorastao XP-u." - pisac
 
Odgovor na temu

marxer
Novi Sad

Član broj: 152687
Poruke: 56
*.markser.in.rs.



+1 Profil

icon Re: Ssh veza dva servera bez passworda28.04.2019. u 08:28 - pre 51 dana i 20h
Brisao known_hosts, kreirao kljuceve ... i onda pisao na forum.
Radio i kao user, i kao root. Pokusavao logovanje i kao SSH user@... i SSH root@...

Nešto previdjam, ne znam sta
Iskustvo je srazmerno količini uništene opreme ...
 
Odgovor na temu

Branimir Maksimovic

Član broj: 64947
Poruke: 2510
109.72.51.*



+551 Profil

icon Re: Ssh veza dva servera bez passworda28.04.2019. u 08:35 - pre 51 dana i 20h
Ovo sto si dao iz loga je zbog known_hosts, posalji jos jedan debag log kad si to popravio.
press any key to continue or any other to quit....
 
Odgovor na temu

marxer
Novi Sad

Član broj: 152687
Poruke: 56
*.static.isp.telekom.rs.



+1 Profil

icon Re: Ssh veza dva servera bez passworda28.04.2019. u 11:42 - pre 51 dana i 17h
OK.
1. Obrisao sam sadržaj known_hosts fajla na udaljenom klijentu i authorized_keys fajla na serveru
2. Na udaljenom samo ponovo uradio ssh-keygen kao user (ne kao sudo). Prepisao postojeći fajl. Koristim passphrase kod generisanja ključa
3. cat /home/user/.ssh/id_rsa.pub ; sadržaj iskopirao na server u /home/user/,ssh/authorized_keys
4. ssh -vvv user@central.server.domen.rs

user@remote:~$ ssh -vvv user@central.server.domen.rs

user@remote:~$ ssh -vvv user@central.server.domen.rs
OpenSSH_7.6p1 Ubuntu-4ubuntu0.3, OpenSSL 1.0.2n 7 Dec 2017
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug2: resolving "central.server.domen.rs" port 22
debug2: ssh_connect_direct: needpriv 0
debug1: Connecting to central.server.domen.rs [89.216.x.y] port 22.
debug1: Connection established.
debug1: identity file /home/user/.ssh/id_rsa type 0
debug1: key_load_public: No such file or directory
debug1: identity file /home/user/.ssh/id_rsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/user/.ssh/id_dsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/user/.ssh/id_dsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/user/.ssh/id_ecdsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/user/.ssh/id_ecdsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/user/.ssh/id_ed25519 type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/user/.ssh/id_ed25519-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_7.6p1 Ubuntu-4ubuntu0.3
debug1: Remote protocol version 2.0, remote software version OpenSSH_7.2p2 Ubuntu-4ubuntu2.8
debug1: match: OpenSSH_7.2p2 Ubuntu-4ubuntu2.8 pat OpenSSH* compat 0x04000000
debug2: fd 3 setting O_NONBLOCK
debug1: Authenticating to home.markser.in.rs:22 as 'user'
debug3: hostkeys_foreach: reading file "/home/user/.ssh/known_hosts"
debug3: send packet: type 20
debug1: SSH2_MSG_KEXINIT sent
debug3: receive packet: type 20
debug1: SSH2_MSG_KEXINIT received
debug2: local client KEXINIT proposal
debug2: KEX algorithms: curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c
debug2: host key algorithms: ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-ed25519-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa
debug2: ciphers ctos: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
debug2: ciphers stoc: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
debug2: MACs ctos: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: MACs stoc: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: compression ctos: none,zlib@openssh.com,zlib
debug2: compression stoc: none,zlib@openssh.com,zlib
debug2: languages ctos:
debug2: languages stoc:
debug2: first_kex_follows 0
debug2: reserved 0
debug2: peer server KEXINIT proposal
debug2: KEX algorithms: curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1
debug2: host key algorithms: ssh-rsa,rsa-sha2-512,rsa-sha2-256,ecdsa-sha2-nistp256,ssh-ed25519
debug2: ciphers ctos: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
debug2: ciphers stoc: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
debug2: MACs ctos: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: MACs stoc: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: compression ctos: none,zlib@openssh.com
debug2: compression stoc: none,zlib@openssh.com
debug2: languages ctos:
debug2: languages stoc:
debug2: first_kex_follows 0
debug2: reserved 0
debug1: kex: algorithm: curve25519-sha256@libssh.org
debug1: kex: host key algorithm: ecdsa-sha2-nistp256
debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug3: send packet: type 30
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug3: receive packet: type 31
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:XN1fO1BPo1y/xyxyxyxyxyhYq9sP0jKP10MFyc
debug3: hostkeys_foreach: reading file "/home/user/.ssh/known_hosts"
debug3: hostkeys_foreach: reading file "/home/user/.ssh/known_hosts"
The authenticity of host 'central.server.domen.rs (89.216.x.y)' can't be established.
ECDSA key fingerprint is SHA256:XN1fO1BPo1y/xyxyxyxyxyhYq9sP0jKP10MFyc.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'central.server.domen.rs,89.216.x.y' (ECDSA) to the list of known hosts.
debug3: send packet: type 21
debug2: set_newkeys: mode 1
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug3: receive packet: type 21
debug1: SSH2_MSG_NEWKEYS received
debug2: set_newkeys: mode 0
debug1: rekey after 134217728 blocks
debug2: key: /home/user/.ssh/id_rsa (0x55c8b02b6600)
debug2: key: /home/user/.ssh/id_dsa ((nil))
debug2: key: /home/user/.ssh/id_ecdsa ((nil))
debug2: key: /home/user/.ssh/id_ed25519 ((nil))
debug3: send packet: type 5
debug3: receive packet: type 6
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug3: send packet: type 50
debug3: receive packet: type 51
debug1: Authentications that can continue: password
debug3: start over, passed a different list password
debug3: preferred gssapi-keyex,gssapi-with-mic,publickey,keyboard-interactive,password
debug3: authmethod_lookup password
debug3: remaining preferred: ,gssapi-with-mic,publickey,keyboard-interactive,password
debug3: authmethod_is_enabled password
debug1: Next authentication method: password
user@central.server.domen.rs's password:

... i naravno, nakon unošenja passworda se uloguje ...a trebao bi bez passworda. Čak sam kreirao iste usere sa istim passwordom na obe strane. Potez očajnika, bez efekta ...

Iskustvo je srazmerno količini uništene opreme ...
 
Odgovor na temu

srbaja
nekada kblo 45

Član broj: 4671
Poruke: 270



+28 Profil

icon Re: Ssh veza dva servera bez passworda28.04.2019. u 12:13 - pre 51 dana i 16h
Sta kaze log na serverskoj strani?
 
Odgovor na temu

djoka_l
Beograd

Član broj: 56075
Poruke: 2587



+1079 Profil

icon Re: Ssh veza dva servera bez passworda28.04.2019. u 12:25 - pre 51 dana i 16h
Citat:
3. cat /home/user/.ssh/id_rsa.pub ; sadržaj iskopirao na server u /home/user/,ssh/authorized_keys


A zašto ne koristiš ssh-copy-id

ssh-copy-id -i id_rsa.pub user@remote-machine

On ti sredi i privilegije i sve ostalo. Možda je to problem?
 
Odgovor na temu

Branimir Maksimovic

Član broj: 64947
Poruke: 2510
109.72.51.*



+551 Profil

icon Re: Ssh veza dva servera bez passworda28.04.2019. u 12:36 - pre 51 dana i 16h
Sta kaze :
Code:

ssh -o PreferredAuthentications=publickey itd...

press any key to continue or any other to quit....
 
Odgovor na temu

marxer
Novi Sad

Član broj: 152687
Poruke: 56
*.static.isp.telekom.rs.



+1 Profil

icon Re: Ssh veza dva servera bez passworda28.04.2019. u 13:00 - pre 51 dana i 15h
Citat:
djoka_l:
Citat:
3. cat /home/user/.ssh/id_rsa.pub ; sadržaj iskopirao na server u /home/user/,ssh/authorized_keys


A zašto ne koristiš ssh-copy-id

ssh-copy-id -i id_rsa.pub user@remote-machine

On ti sredi i privilegije i sve ostalo. Možda je to problem?


Možda ... probaću.
Iskustvo je srazmerno količini uništene opreme ...
 
Odgovor na temu

CoyoteKG

Član broj: 70939
Poruke: 2544



+6745 Profil

icon Re: Ssh veza dva servera bez passworda28.04.2019. u 13:02 - pre 51 dana i 15h
Citat:
1. Obrisao sam sadržaj known_hosts fajla na udaljenom klijentu

To treba da uradis na klijentu sa kojeg se konektujes.

Pogledaj permisije nad folderima.
.ssh folder recimo 750, a fajlovi unutar njega 600, mada moze i 400.

Ali kao sto ti djoka kaze, kreiraj kljuc na racunaru sa ssk-keygen pa kopiraj kljuc na udaljeni racunar sa ssh-copy-id
 
Odgovor na temu

marxer
Novi Sad

Član broj: 152687
Poruke: 56
*.static.isp.telekom.rs.



+1 Profil

icon Re: Ssh veza dva servera bez passworda28.04.2019. u 13:08 - pre 51 dana i 15h
Citat:
srbaja:
Sta kaze log na serverskoj strani?


auth.log
Apr 28 13:58:30 central sshd[27070]: Accepted password for user from 93.87.x.y port 44590 ssh2
Apr 28 13:58:30 central sshd[27070]: pam_unix(sshd:session): session opened for user user by (uid=0)
Apr 28 13:58:30 central systemd-logind[730]: New session 2127 of user user.


syslog
Apr 28 14:07:48 central systemd[1]: Started Session 2148 of user user.
Iskustvo je srazmerno količini uništene opreme ...
 
Odgovor na temu

marxer
Novi Sad

Član broj: 152687
Poruke: 56
*.markser.in.rs.



+1 Profil

icon Re: Ssh veza dva servera bez passworda28.04.2019. u 15:00 - pre 51 dana i 13h
Na racunaru SA koga se logujem sam i obrisao. Mislim da sam između ostalog probao i SSH-copy-id ali pokusacu opet pa javljam.

Da li neko može da mi objasni u teoriji: (možda je tu negde uzrok)

Kada se sa embeded linuxa, tj sa neke od onih 30 lokacija koje rade ok povezujem na Ubuntu, logujem se sa root@central.server.domen.rs. Public kez ubacim u ~/.ssh/autorized_keys koji je u stvari u folderu /root

Kada se kačim sa udaljenog Ubuntu servera, povezujem se sa user@central.server.domen.rs a key sam snimio u /home/user/.ssh/authorized_keys

Da li je TO ispravno/pogrešno i u čemu je u stvari razlika? Činjenica je da se kopiranje radi u folder za koji su potrebna root prava

Iskustvo je srazmerno količini uništene opreme ...
 
Odgovor na temu

CoyoteKG

Član broj: 70939
Poruke: 2544



+6745 Profil

icon Re: Ssh veza dva servera bez passworda28.04.2019. u 15:12 - pre 51 dana i 13h
U authorized_keys ti se nalazi public deo ključa i treba da se nalazi u home folderu usera sa kojim se loguješ.
Ako se konektuješ sa
# ssh user@imeremoteservera
Public key treba da dodaš u /home/user/.ssh/authorized_keys
A ako sa konektuješ sa
# ssh root@imeremoteservera
Onda u /root/.ssh/authorized_keys.

To ti sve završava komanda

# ssh-copy-id user@imeremoteservera

Citat:
3. cat /home/user/.ssh/id_rsa.pub ; sadržaj iskopirao na server u /home/user/,ssh/authorized_keys

Je ,l ovo typo na forumu ili stvarno imaš zarez u imenu ,ssh foldera? :)

Izlistaj fajlove sa ls -la da vidimo permisije nad fajlovima i sa jedne i sa druge strane.
 
Odgovor na temu

B3R1
Berislav Todorovic
NL

Član broj: 224915
Poruke: 279



+163 Profil

icon Re: Ssh veza dva servera bez passworda28.04.2019. u 16:07 - pre 51 dana i 12h
Procesljaj sve iz pocetka, verovatno je neki banalan problem u pitanju i to na strani tog novog, udaljenog Ubuntu klijenta (posto komunikacije Qnap => Ubuntu lepo rade).

Najpre na tom novom Ubuntu proveri vlasnike i permisije na /root/.ssh, /home/user/.ssh i svim njihovim parent direktorijumima:

# ls -ald / /root /root/.ssh /home /home/user /home/user/.ssh
dr-xr-xr-x 24 root root 4096 Nov 28 19:51 /
drwxr-xr-x 8 root root 4096 Apr 21 11:19 /home
drwx------ 7 user other 4096 Apr 22 16:57 /home/user
drwx------ 7 user other 4096 Apr 22 16:57 /home/user/.ssh
dr-xr-x--- 5 root root 4096 Dec 24 20:50 /root
drwx------ 2 root root 4096 Apr 15 2018 /root/.ssh

Ono sto je bitno je da /home/user/.ssh bude vlanistvo usera 'user', da /root bude vlasnistvo 'root' i da ti direktorijumi nisu otvoreni za pisanje za bilo koga osim njihovih vlasnika. Homedir moze da bude 755, ali .ssh obavezno 700. Proveri vlasnistva fajlova u ~/.ssh direktorijumu - root mora da bude vlasnik svih fajlova u /root/.ssh, dok 'user' mora da bude vlasnik svega u /home/user/.ssh. Na kraju proveri da li je authorized_keys zatvoren za citanje i pisanje za sve osim vlasnika (permisije 600 ili 400). Proveri to na strani servera i klijenta:

# find /root /home -name authorized_keys -exec ls -ald {} \;
-r-------- 1 user other 230 Apr 15 2018 /home/user/.ssh/authorized_keys
-r-------- 1 root root 230 Nov 26 12:19 /root/.ssh/authorized_keys

Sledeca stvar je fajl /etc/ssh/ssh_config:

# grep -v ^# /etc/ssh/ssh_config

Moguce je da tu imas nesto sto forsira PasswordAuthentication ili iskljucuje PubkeyAuthentication? U svakom slucaju, taj fajl mozes da ignorises ako kreiras ~/.ssh/config (makar i prazan). A krajnje je pozeljno da kreiras ~/.ssh/config fajl sledece sadrzine:

Host central.server.domen.rs central
Hostname central.server.domen.rs
IdentityFile /home/user/.ssh/id_rsa
UserKnownHostsFile /dev/null
StrictHostKeyChecking no
ForwardAgent no
User user


Ako radis kao 'user', vlasnik tog fajla mora da bude 'user' i taj fajl mora da bude /home/user/.ssh/config ...
Ako radis kao 'root' tada je vlasnik 'root', svude gde u fajlu pise 'user' stavi 'root' i moras da ga upises u /root/.ssh/config ...
 
Odgovor na temu

marxer
Novi Sad

Član broj: 152687
Poruke: 56
*.static.isp.telekom.rs.



+1 Profil

icon Re: Ssh veza dva servera bez passworda28.04.2019. u 19:39 - pre 51 dana i 9h
Citat:
djoka_l:
Citat:
3. cat /home/user/.ssh/id_rsa.pub ; sadržaj iskopirao na server u /home/user/,ssh/authorized_keys


A zašto ne koristiš ssh-copy-id

ssh-copy-id -i id_rsa.pub user@remote-machine

On ti sredi i privilegije i sve ostalo. Možda je to problem?


Na žalost nije rešilo problem.
Iskustvo je srazmerno količini uništene opreme ...
 
Odgovor na temu

marxer
Novi Sad

Član broj: 152687
Poruke: 56
*.static.isp.telekom.rs.



+1 Profil

icon Re: Ssh veza dva servera bez passworda28.04.2019. u 19:41 - pre 51 dana i 9h
Citat:
Branimir Maksimovic:
Sta kaze :
Code:

ssh -o PreferredAuthentications=publickey itd...


ssh konfiguracija sa serverske strane bi trebala da je OK pošto se 30 drugih uređaja povezuje bez ikakvih problema. Problem mi je samo sa Ubuntu-to-Ubuntu kombinacijom
Iskustvo je srazmerno količini uništene opreme ...
 
Odgovor na temu

marxer
Novi Sad

Član broj: 152687
Poruke: 56
*.static.isp.telekom.rs.



+1 Profil

icon Re: Ssh veza dva servera bez passworda28.04.2019. u 19:51 - pre 51 dana i 9h
Citat:
CoyoteKG:
U authorized_keys ti se nalazi public deo ključa i treba da se nalazi u home folderu usera sa kojim se loguješ.
Ako se konektuješ sa
# ssh user@imeremoteservera
Public key treba da dodaš u /home/user/.ssh/authorized_keys
A ako sa konektuješ sa
# ssh root@imeremoteservera
Onda u /root/.ssh/authorized_keys.

To ti sve završava komanda

# ssh-copy-id user@imeremoteservera

Citat:
3. cat /home/user/.ssh/id_rsa.pub ; sadržaj iskopirao na server u /home/user/,ssh/authorized_keys

Je ,l ovo typo na forumu ili stvarno imaš zarez u imenu ,ssh foldera? :)

Izlistaj fajlove sa ls -la da vidimo permisije nad fajlovima i sa jedne i sa druge strane.


Naravno, greška u kucanju. Nisam primetio.

Remote (/home/user/):
drwx------ 2 user user 4096 Apr 28 20:36 .ssh

Remote (/home/user/.ssh/):
drwx------ 2 user user 4096 Apr 28 20:36 .
drwxr-xr-x 7 user user 4096 Apr 27 14:44 ..
-rw------- 1 user user 1766 Apr 28 11:51 id_rsa
-rw-r--r-- 1 user user 393 Apr 28 11:51 id_rsa.pub
-rw------- 1 user user 444 Apr 28 20:35 known_hosts
-rw------- 1 user user 444 Apr 28 20:34 known_hosts.old

Central (/home/user/):
drwx------ 2 user user 4096 Apr 28 20:31 .ssh

Central (/home/user/.ssh/):
drwx------ 2 user user 4096 Apr 28 20:31 .
drwxr-xr-x 7 user user 4096 Apr 27 19:14 ..
-rw-rw-r-- 1 user user 393 Apr 28 20:36 authorized_keys




Iskustvo je srazmerno količini uništene opreme ...
 
Odgovor na temu

marxer
Novi Sad

Član broj: 152687
Poruke: 56
*.static.isp.telekom.rs.



+1 Profil

icon Re: Ssh veza dva servera bez passworda28.04.2019. u 20:14 - pre 51 dana i 8h
Citat:
B3R1:
Procesljaj sve iz pocetka, verovatno je neki banalan problem u pitanju i to na strani tog novog, udaljenog Ubuntu klijenta (posto komunikacije Qnap => Ubuntu lepo rade).

Najpre na tom novom Ubuntu proveri vlasnike i permisije na /root/.ssh, /home/user/.ssh i svim njihovim parent direktorijumima:

# ls -ald / /root /root/.ssh /home /home/user /home/user/.ssh
dr-xr-xr-x 24 root root 4096 Nov 28 19:51 /
drwxr-xr-x 8 root root 4096 Apr 21 11:19 /home
drwx------ 7 user other 4096 Apr 22 16:57 /home/user
drwx------ 7 user other 4096 Apr 22 16:57 /home/user/.ssh
dr-xr-x--- 5 root root 4096 Dec 24 20:50 /root
drwx------ 2 root root 4096 Apr 15 2018 /root/.ssh

Ono sto je bitno je da /home/user/.ssh bude vlanistvo usera 'user', da /root bude vlasnistvo 'root' i da ti direktorijumi nisu otvoreni za pisanje za bilo koga osim njihovih vlasnika. Homedir moze da bude 755, ali .ssh obavezno 700. Proveri vlasnistva fajlova u ~/.ssh direktorijumu - root mora da bude vlasnik svih fajlova u /root/.ssh, dok 'user' mora da bude vlasnik svega u /home/user/.ssh. Na kraju proveri da li je authorized_keys zatvoren za citanje i pisanje za sve osim vlasnika (permisije 600 ili 400). Proveri to na strani servera i klijenta:



Izgleda ovako:

Klijent:
drwxr-xr-x 23 root root 4096 Apr 25 13:18 /
drwxr-xr-x 5 root root 4096 Apr 27 09:49 /home
drwxr-xr-x 7 user user 4096 Apr 27 14:44 /home/user
drwx------ 2 user user 4096 Apr 28 20:36 /home/user/.ssh
drwx------ 7 root root 4096 Apr 27 09:32 /root
drwx------ 2 root root 4096 Apr 27 18:59 /root/.ssh


Server:
drwxr-xr-x 23 root root 4096 Apr 27 10:47 /
drwxr-xr-x 3 root root 4096 Apr 1 17:55 /home
drwxr-xr-x 7 user user 4096 Apr 27 19:14 /home/user
drwx------ 2 user user 4096 Apr 28 20:31 /home/user/.ssh
drwx------ 8 root root 4096 Apr 27 19:26 /root
drwx------ 2 root root 4096 Apr 28 20:31 /root/.ssh





# find /root /home -name authorized_keys -exec ls -ald {} \;
-r-------- 1 user other 230 Apr 15 2018 /home/user/.ssh/authorized_keys
-r-------- 1 root root 230 Nov 26 12:19 /root/.ssh/authorized_keys




Authorized_keys:
-rw-r--r-- 1 root root 0 Apr 28 11:48 /root/.ssh/authorized_keys
-rw-rw-r-- 1 user user 393 Apr 28 20:36 /home/user/.ssh/authorized_keys


Sve u svemu, deluje mi kao višak, a ne manjak prava ...




Sledeca stvar je fajl /etc/ssh/ssh_config:

# grep -v ^# /etc/ssh/ssh_config

Moguce je da tu imas nesto sto forsira PasswordAuthentication ili iskljucuje PubkeyAuthentication? U svakom slucaju, taj fajl mozes da ignorises ako kreiras ~/.ssh/config (makar i prazan). A krajnje je pozeljno da kreiras ~/.ssh/config fajl sledece sadrzine:

Host central.server.domen.rs central
Hostname central.server.domen.rs
IdentityFile /home/user/.ssh/id_rsa
UserKnownHostsFile /dev/null
StrictHostKeyChecking no
ForwardAgent no
User user





Evo i šta kaže za ssh_config fajl:

Host *
SendEnv LANG LC_*
HashKnownHosts yes
GSSAPIAuthentication yes
GSSAPIDelegateCredentials no


Ako radis kao 'user', vlasnik tog fajla mora da bude 'user' i taj fajl mora da bude /home/user/.ssh/config ...

E to nije! Evo nove stvari za probu :-)


Ako radis kao 'root' tada je vlasnik 'root', svude gde u fajlu pise 'user' stavi 'root' i moras da ga upises u /root/.ssh/config ...


Iskustvo je srazmerno količini uništene opreme ...
 
Odgovor na temu

srbaja
nekada kblo 45

Član broj: 4671
Poruke: 270



+28 Profil

icon Re: Ssh veza dva servera bez passworda28.04.2019. u 22:42 - pre 51 dana i 6h
U pravu si, imas višak a ne manjak prava :)

Citat:
B3R1:
Na kraju proveri da li je authorized_keys zatvoren za citanje i pisanje za sve osim vlasnika (permisije 600 ili 400)
 
Odgovor na temu

[es] :: Linux :: Ssh veza dva servera bez passworda

Strane: 1 2

[ Pregleda: 3585 | Odgovora: 32 ] > FB > Twit

Postavi temu Odgovori

Navigacija
Lista poslednjih: 16, 32, 64, 128 poruka.