Navigacija
Lista poslednjih: 16, 32, 64, 128 poruka.

Ssh veza dva servera bez passworda

[es] :: Linux :: Ssh veza dva servera bez passworda

Strane: 1 2

[ Pregleda: 4009 | Odgovora: 32 ] > FB > Twit

Postavi temu Odgovori

Autor

Pretraga teme: Traži
Markiranje Štampanje RSS

marxer
Novi Sad

Član broj: 152687
Poruke: 56
*.static.isp.telekom.rs.



+1 Profil

icon Ssh veza dva servera bez passworda27.04.2019. u 20:09 - pre 14 meseci
Pozdrav svima

Imam jedan Ubuntu 16.04 server (zvaću ga centralni) koji mi služi za prikupljanje podataka sa tridesetak udaljenih lokacija. Na tim malim lokacijama se nalaze Qnap-i sa nekim embeded linux-om koji na tim lokacijama rade kao serveri. Svaki dan u određeno vreme svaka udaljena lokacija uradi rsync foldera x sa Qnap-a na folder y Ubuntu servera. Da bih to postigao na svakom Qnap-u je urađen ssh-keygen i odrađeno automatsko logovanje na Ubuntu bez kucanja lozinke. Lokacije su sa dinamičkim adresama i MTS ADSL-ovima koje MTS voli da resetuje pa nikakvo podešavanje nije trajno. Zato se komunikacija inicijalizuje sa tih malih lokacija i kači se na Ubuntu koji je na statičkoj IP adresi. I sve radi OK već neko vreme ...

Onda je na jednoj lokaciji sa većim potrebama postavljen umesto Qnap-a Ubuntu 18.04 zbog potrebe za jačim serverom. Međutim, kada sam odradio ssh-keygen i generisani ključ preneo na centralni server počeli su problemi. Štagod da uradim, uvek centralni server uvek traži password. Ispratio sam savete sa raznih foruma i sve se svodilo podešavanja koja sam i sam probao. U "igru" sam ubacio i treći server za potrebe testiranja (opet Ubuntu 16.04) i problemi su se preslikali bilo da je ovaj server glumio centralnog, bilo da je glumio udaljenog servera ...

Nedelju dana ne mogu da shvatim gde grešim. Svaki savet je dobrodošao i zahvaljujem se unapred

[email protected]:~$ ssh -vvv [email protected]
OpenSSH_7.6p1 Ubuntu-4ubuntu0.3, OpenSSL 1.0.2n 7 Dec 2017
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug2: resolving "central.server.domen.rs" port 22
debug2: ssh_connect_direct: needpriv 0
debug1: Connecting to central.server.domen.rs [89.216.x.y] port 22.
debug1: Connection established.
debug1: identity file /home/user/.ssh/id_rsa type 0
debug1: key_load_public: No such file or directory
debug1: identity file /home/user/.ssh/id_rsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/user/.ssh/id_dsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/user/.ssh/id_dsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/user/.ssh/id_ecdsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/user/.ssh/id_ecdsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/user/.ssh/id_ed25519 type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/user/.ssh/id_ed25519-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_7.6p1 Ubuntu-4ubuntu0.3
debug1: Remote protocol version 2.0, remote software version OpenSSH_7.2p2 Ubuntu-4ubuntu2.8
debug1: match: OpenSSH_7.2p2 Ubuntu-4ubuntu2.8 pat OpenSSH* compat 0x04000000
debug2: fd 3 setting O_NONBLOCK
debug1: Authenticating to central.server.domen.rs:22 as 'user'
debug3: hostkeys_foreach: reading file "/home/user/.ssh/known_hosts"
debug3: send packet: type 20
debug1: SSH2_MSG_KEXINIT sent
debug3: receive packet: type 20
debug1: SSH2_MSG_KEXINIT received
debug2: local client KEXINIT proposal
debug2: KEX algorithms: curve25519-sha256,[email protected],ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c
debug2: host key algorithms: [email protected],[email protected],[email protected],[email protected],[email protected],ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2 -nistp521,ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa
debug2: ciphers ctos: [email protected],aes128-ctr,aes192-ctr,aes256-ctr,[email protected],[email protected]
debug2: ciphers stoc: [email protected],aes128-ctr,aes192-ctr,aes256-ctr,[email protected],[email protected]
debug2: MACs ctos: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: MACs stoc: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: compression ctos: none,[email protected],zlib
debug2: compression stoc: none,[email protected],zlib
debug2: languages ctos:
debug2: languages stoc:
debug2: first_kex_follows 0
debug2: reserved 0
debug2: peer server KEXINIT proposal
debug2: KEX algorithms: [email protected],ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1
debug2: host key algorithms: ssh-rsa,rsa-sha2-512,rsa-sha2-256,ecdsa-sha2-nistp256,ssh-ed25519
debug2: ciphers ctos: [email protected],aes128-ctr,aes192-ctr,aes256-ctr,[email protected],[email protected]
debug2: ciphers stoc: [email protected],aes128-ctr,aes192-ctr,aes256-ctr,[email protected],[email protected]
debug2: MACs ctos: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: MACs stoc: [email protected],[email protected],[email protected].com,[email protected],[email protected],[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: compression ctos: none,[email protected]
debug2: compression stoc: none,[email protected]
debug2: languages ctos:
debug2: languages stoc:
debug2: first_kex_follows 0
debug2: reserved 0
debug1: kex: algorithm: [email protected]
debug1: kex: host key algorithm: ecdsa-sha2-nistp256
debug1: kex: server->client cipher: [email protected] MAC: <implicit> compression: none
debug1: kex: client->server cipher: [email protected] MAC: <implicit> compression: none
debug3: send packet: type 30
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug3: receive packet: type 31
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:QJjwe7L+6SN++snJKxyxyxyxyNwf0Ih2OAxV+cp+0o
debug3: hostkeys_foreach: reading file "/home/user/.ssh/known_hosts"
debug3: hostkeys_foreach: reading file "/home/user/.ssh/known_hosts"
debug3: record_hostkey: found key type ECDSA in file /home/user/.ssh/known_hosts:2
debug3: load_hostkeys: loaded 1 keys from 89.216.x.y
The authenticity of host 'home.markser.in.rs (89.216.x.y)' can't be established.
ECDSA key fingerprint is SHA256:QJjwe7L+6SN++snJKxyxyxyxyNwf0Ih2OAxV+cp+0o.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'central.server.domen.rs' (ECDSA) to the list of known hosts.
Warning: the ECDSA host key for 'central.server.domen.rs' differs from the key for the IP address '89.216.x.y'
Offending key for IP in /home/user/.ssh/known_hosts:2
Are you sure you want to continue connecting (yes/no)? yes
debug3: send packet: type 21
debug2: set_newkeys: mode 1
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug3: receive packet: type 21
debug1: SSH2_MSG_NEWKEYS received
debug2: set_newkeys: mode 0
debug1: rekey after 134217728 blocks
debug2: key: /home/user/.ssh/id_rsa (0x561336fbc500)
debug2: key: /home/user/.ssh/id_dsa ((nil))
debug2: key: /home/user/.ssh/id_ecdsa ((nil))
debug2: key: /home/user/.ssh/id_ed25519 ((nil))
debug3: send packet: type 5
debug3: receive packet: type 6
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug3: send packet: type 50
debug3: receive packet: type 51
debug1: Authentications that can continue: password
debug3: start over, passed a different list password
debug3: preferred gssapi-keyex,gssapi-with-mic,publickey,keyboard-interactive,password
debug3: authmethod_lookup password
debug3: remaining preferred: ,gssapi-with-mic,publickey,keyboard-interactive,password
debug3: authmethod_is_enabled password
debug1: Next authentication method: password
[email protected]'s password:

Iskustvo je srazmerno količini uništene opreme ...
 
Odgovor na temu

Branimir Maksimovic
Senior Software Engineer

Član broj: 64947
Poruke: 4440
109.72.51.*



+921 Profil

icon Re: Ssh veza dva servera bez passworda27.04.2019. u 21:43 - pre 14 meseci
"Warning: the ECDSA host key for 'central.server.domen.rs' differs from the key for the IP address '89.216.x.y'"

obrisi tu liniju iz known_hosts i trebalo bi da proradi.
press any key to continue or any other to quit....
 
Odgovor na temu

tuxserbia
Oleg Vučković
urandom
/dev/null
Niš

Član broj: 4094
Poruke: 867

Jabber: tuxserbia@elitesecurity.org
ICQ: 65355850
Sajt: 127.0.0.1


+110 Profil

icon Re: Ssh veza dva servera bez passworda27.04.2019. u 21:45 - pre 14 meseci
Obriši ključeve, pa probaj opet.
Kako se dele racunarski programi?
Na bagovite (sa greskama) i ispravne (bez gresaka). Ovi drugi su hipoteticki.
***GPL-ovano by @Shadowed

"Ja za email koristim outlook express u virtualnoj mašini, tako da s te strane nijedan linux nije
dorastao XP-u." - pisac
 
Odgovor na temu

marxer
Novi Sad

Član broj: 152687
Poruke: 56
*.markser.in.rs.



+1 Profil

icon Re: Ssh veza dva servera bez passworda28.04.2019. u 08:28 - pre 14 meseci
Brisao known_hosts, kreirao kljuceve ... i onda pisao na forum.
Radio i kao user, i kao root. Pokusavao logovanje i kao SSH [email protected] i SSH [email protected]

Nešto previdjam, ne znam sta
Iskustvo je srazmerno količini uništene opreme ...
 
Odgovor na temu

Branimir Maksimovic
Senior Software Engineer

Član broj: 64947
Poruke: 4440
109.72.51.*



+921 Profil

icon Re: Ssh veza dva servera bez passworda28.04.2019. u 08:35 - pre 14 meseci
Ovo sto si dao iz loga je zbog known_hosts, posalji jos jedan debag log kad si to popravio.
press any key to continue or any other to quit....
 
Odgovor na temu

marxer
Novi Sad

Član broj: 152687
Poruke: 56
*.static.isp.telekom.rs.



+1 Profil

icon Re: Ssh veza dva servera bez passworda28.04.2019. u 11:42 - pre 14 meseci
OK.
1. Obrisao sam sadržaj known_hosts fajla na udaljenom klijentu i authorized_keys fajla na serveru
2. Na udaljenom samo ponovo uradio ssh-keygen kao user (ne kao sudo). Prepisao postojeći fajl. Koristim passphrase kod generisanja ključa
3. cat /home/user/.ssh/id_rsa.pub ; sadržaj iskopirao na server u /home/user/,ssh/authorized_keys
4. ssh -vvv [email protected]

[email protected]:~$ ssh -vvv [email protected]

[email protected]:~$ ssh -vvv [email protected]
OpenSSH_7.6p1 Ubuntu-4ubuntu0.3, OpenSSL 1.0.2n 7 Dec 2017
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug2: resolving "central.server.domen.rs" port 22
debug2: ssh_connect_direct: needpriv 0
debug1: Connecting to central.server.domen.rs [89.216.x.y] port 22.
debug1: Connection established.
debug1: identity file /home/user/.ssh/id_rsa type 0
debug1: key_load_public: No such file or directory
debug1: identity file /home/user/.ssh/id_rsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/user/.ssh/id_dsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/user/.ssh/id_dsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/user/.ssh/id_ecdsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/user/.ssh/id_ecdsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/user/.ssh/id_ed25519 type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/user/.ssh/id_ed25519-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_7.6p1 Ubuntu-4ubuntu0.3
debug1: Remote protocol version 2.0, remote software version OpenSSH_7.2p2 Ubuntu-4ubuntu2.8
debug1: match: OpenSSH_7.2p2 Ubuntu-4ubuntu2.8 pat OpenSSH* compat 0x04000000
debug2: fd 3 setting O_NONBLOCK
debug1: Authenticating to home.markser.in.rs:22 as 'user'
debug3: hostkeys_foreach: reading file "/home/user/.ssh/known_hosts"
debug3: send packet: type 20
debug1: SSH2_MSG_KEXINIT sent
debug3: receive packet: type 20
debug1: SSH2_MSG_KEXINIT received
debug2: local client KEXINIT proposal
debug2: KEX algorithms: curve25519-sha256,[email protected],ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c
debug2: host key algorithms: [email protected],[email protected],[email protected],[email protected],[email protected],ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa
debug2: ciphers ctos: [email protected],aes128-ctr,aes192-ctr,aes256-ctr,[email protected],[email protected]
debug2: ciphers stoc: [email protected],aes128-ctr,aes192-ctr,aes256-ctr,[email protected],[email protected]
debug2: MACs ctos: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: MACs stoc: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: compression ctos: none,[email protected],zlib
debug2: compression stoc: none,[email protected],zlib
debug2: languages ctos:
debug2: languages stoc:
debug2: first_kex_follows 0
debug2: reserved 0
debug2: peer server KEXINIT proposal
debug2: KEX algorithms: [email protected],ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1
debug2: host key algorithms: ssh-rsa,rsa-sha2-512,rsa-sha2-256,ecdsa-sha2-nistp256,ssh-ed25519
debug2: ciphers ctos: [email protected],aes128-ctr,aes192-ctr,aes256-ctr,[email protected],[email protected]
debug2: ciphers stoc: [email protected],aes128-ctr,aes192-ctr,aes256-ctr,[email protected],[email protected]
debug2: MACs ctos: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: MACs stoc: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: compression ctos: none,[email protected]
debug2: compression stoc: none,[email protected]
debug2: languages ctos:
debug2: languages stoc:
debug2: first_kex_follows 0
debug2: reserved 0
debug1: kex: algorithm: [email protected]
debug1: kex: host key algorithm: ecdsa-sha2-nistp256
debug1: kex: server->client cipher: [email protected] MAC: <implicit> compression: none
debug1: kex: client->server cipher: [email protected] MAC: <implicit> compression: none
debug3: send packet: type 30
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug3: receive packet: type 31
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:XN1fO1BPo1y/xyxyxyxyxyhYq9sP0jKP10MFyc
debug3: hostkeys_foreach: reading file "/home/user/.ssh/known_hosts"
debug3: hostkeys_foreach: reading file "/home/user/.ssh/known_hosts"
The authenticity of host 'central.server.domen.rs (89.216.x.y)' can't be established.
ECDSA key fingerprint is SHA256:XN1fO1BPo1y/xyxyxyxyxyhYq9sP0jKP10MFyc.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'central.server.domen.rs,89.216.x.y' (ECDSA) to the list of known hosts.
debug3: send packet: type 21
debug2: set_newkeys: mode 1
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug3: receive packet: type 21
debug1: SSH2_MSG_NEWKEYS received
debug2: set_newkeys: mode 0
debug1: rekey after 134217728 blocks
debug2: key: /home/user/.ssh/id_rsa (0x55c8b02b6600)
debug2: key: /home/user/.ssh/id_dsa ((nil))
debug2: key: /home/user/.ssh/id_ecdsa ((nil))
debug2: key: /home/user/.ssh/id_ed25519 ((nil))
debug3: send packet: type 5
debug3: receive packet: type 6
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug3: send packet: type 50
debug3: receive packet: type 51
debug1: Authentications that can continue: password
debug3: start over, passed a different list password
debug3: preferred gssapi-keyex,gssapi-with-mic,publickey,keyboard-interactive,password
debug3: authmethod_lookup password
debug3: remaining preferred: ,gssapi-with-mic,publickey,keyboard-interactive,password
debug3: authmethod_is_enabled password
debug1: Next authentication method: password
[email protected]'s password:

... i naravno, nakon unošenja passworda se uloguje ...a trebao bi bez passworda. Čak sam kreirao iste usere sa istim passwordom na obe strane. Potez očajnika, bez efekta ...

Iskustvo je srazmerno količini uništene opreme ...
 
Odgovor na temu

srbaja
nekada kblo 45

Član broj: 4671
Poruke: 271



+28 Profil

icon Re: Ssh veza dva servera bez passworda28.04.2019. u 12:13 - pre 14 meseci
Sta kaze log na serverskoj strani?
 
Odgovor na temu

djoka_l
Beograd

Član broj: 56075
Poruke: 2861



+1162 Profil

icon Re: Ssh veza dva servera bez passworda28.04.2019. u 12:25 - pre 14 meseci
Citat:
3. cat /home/user/.ssh/id_rsa.pub ; sadržaj iskopirao na server u /home/user/,ssh/authorized_keys


A zašto ne koristiš ssh-copy-id

ssh-copy-id -i id_rsa.pub [email protected]

On ti sredi i privilegije i sve ostalo. Možda je to problem?
 
Odgovor na temu

Branimir Maksimovic
Senior Software Engineer

Član broj: 64947
Poruke: 4440
109.72.51.*



+921 Profil

icon Re: Ssh veza dva servera bez passworda28.04.2019. u 12:36 - pre 14 meseci
Sta kaze :
Code:

ssh -o PreferredAuthentications=publickey itd...

press any key to continue or any other to quit....
 
Odgovor na temu

marxer
Novi Sad

Član broj: 152687
Poruke: 56
*.static.isp.telekom.rs.



+1 Profil

icon Re: Ssh veza dva servera bez passworda28.04.2019. u 13:00 - pre 14 meseci
Citat:
djoka_l:
Citat:
3. cat /home/user/.ssh/id_rsa.pub ; sadržaj iskopirao na server u /home/user/,ssh/authorized_keys


A zašto ne koristiš ssh-copy-id

ssh-copy-id -i id_rsa.pub [email protected]

On ti sredi i privilegije i sve ostalo. Možda je to problem?


Možda ... probaću.
Iskustvo je srazmerno količini uništene opreme ...
 
Odgovor na temu

CoyoteKG

Član broj: 70939
Poruke: 2750



+6806 Profil

icon Re: Ssh veza dva servera bez passworda28.04.2019. u 13:02 - pre 14 meseci
Citat:
1. Obrisao sam sadržaj known_hosts fajla na udaljenom klijentu

To treba da uradis na klijentu sa kojeg se konektujes.

Pogledaj permisije nad folderima.
.ssh folder recimo 750, a fajlovi unutar njega 600, mada moze i 400.

Ali kao sto ti djoka kaze, kreiraj kljuc na racunaru sa ssk-keygen pa kopiraj kljuc na udaljeni racunar sa ssh-copy-id
 
Odgovor na temu

marxer
Novi Sad

Član broj: 152687
Poruke: 56
*.static.isp.telekom.rs.



+1 Profil

icon Re: Ssh veza dva servera bez passworda28.04.2019. u 13:08 - pre 14 meseci
Citat:
srbaja:
Sta kaze log na serverskoj strani?


auth.log
Apr 28 13:58:30 central sshd[27070]: Accepted password for user from 93.87.x.y port 44590 ssh2
Apr 28 13:58:30 central sshd[27070]: pam_unix(sshd:session): session opened for user user by (uid=0)
Apr 28 13:58:30 central systemd-logind[730]: New session 2127 of user user.


syslog
Apr 28 14:07:48 central systemd[1]: Started Session 2148 of user user.
Iskustvo je srazmerno količini uništene opreme ...
 
Odgovor na temu

marxer
Novi Sad

Član broj: 152687
Poruke: 56
*.markser.in.rs.



+1 Profil

icon Re: Ssh veza dva servera bez passworda28.04.2019. u 15:00 - pre 14 meseci
Na racunaru SA koga se logujem sam i obrisao. Mislim da sam između ostalog probao i SSH-copy-id ali pokusacu opet pa javljam.

Da li neko može da mi objasni u teoriji: (možda je tu negde uzrok)

Kada se sa embeded linuxa, tj sa neke od onih 30 lokacija koje rade ok povezujem na Ubuntu, logujem se sa [email protected] Public kez ubacim u ~/.ssh/autorized_keys koji je u stvari u folderu /root

Kada se kačim sa udaljenog Ubuntu servera, povezujem se sa [email protected] a key sam snimio u /home/user/.ssh/authorized_keys

Da li je TO ispravno/pogrešno i u čemu je u stvari razlika? Činjenica je da se kopiranje radi u folder za koji su potrebna root prava

Iskustvo je srazmerno količini uništene opreme ...
 
Odgovor na temu

CoyoteKG

Član broj: 70939
Poruke: 2750



+6806 Profil

icon Re: Ssh veza dva servera bez passworda28.04.2019. u 15:12 - pre 14 meseci
U authorized_keys ti se nalazi public deo ključa i treba da se nalazi u home folderu usera sa kojim se loguješ.
Ako se konektuješ sa
# ssh [email protected]
Public key treba da dodaš u /home/user/.ssh/authorized_keys
A ako sa konektuješ sa
# ssh [email protected]
Onda u /root/.ssh/authorized_keys.

To ti sve završava komanda

# ssh-copy-id [email protected]

Citat:
3. cat /home/user/.ssh/id_rsa.pub ; sadržaj iskopirao na server u /home/user/,ssh/authorized_keys

Je ,l ovo typo na forumu ili stvarno imaš zarez u imenu ,ssh foldera? :)

Izlistaj fajlove sa ls -la da vidimo permisije nad fajlovima i sa jedne i sa druge strane.
 
Odgovor na temu

B3R1
Berislav Todorovic
NL

Član broj: 224915
Poruke: 355



+184 Profil

icon Re: Ssh veza dva servera bez passworda28.04.2019. u 16:07 - pre 14 meseci
Procesljaj sve iz pocetka, verovatno je neki banalan problem u pitanju i to na strani tog novog, udaljenog Ubuntu klijenta (posto komunikacije Qnap => Ubuntu lepo rade).

Najpre na tom novom Ubuntu proveri vlasnike i permisije na /root/.ssh, /home/user/.ssh i svim njihovim parent direktorijumima:

# ls -ald / /root /root/.ssh /home /home/user /home/user/.ssh
dr-xr-xr-x 24 root root 4096 Nov 28 19:51 /
drwxr-xr-x 8 root root 4096 Apr 21 11:19 /home
drwx------ 7 user other 4096 Apr 22 16:57 /home/user
drwx------ 7 user other 4096 Apr 22 16:57 /home/user/.ssh
dr-xr-x--- 5 root root 4096 Dec 24 20:50 /root
drwx------ 2 root root 4096 Apr 15 2018 /root/.ssh

Ono sto je bitno je da /home/user/.ssh bude vlanistvo usera 'user', da /root bude vlasnistvo 'root' i da ti direktorijumi nisu otvoreni za pisanje za bilo koga osim njihovih vlasnika. Homedir moze da bude 755, ali .ssh obavezno 700. Proveri vlasnistva fajlova u ~/.ssh direktorijumu - root mora da bude vlasnik svih fajlova u /root/.ssh, dok 'user' mora da bude vlasnik svega u /home/user/.ssh. Na kraju proveri da li je authorized_keys zatvoren za citanje i pisanje za sve osim vlasnika (permisije 600 ili 400). Proveri to na strani servera i klijenta:

# find /root /home -name authorized_keys -exec ls -ald {} \;
-r-------- 1 user other 230 Apr 15 2018 /home/user/.ssh/authorized_keys
-r-------- 1 root root 230 Nov 26 12:19 /root/.ssh/authorized_keys

Sledeca stvar je fajl /etc/ssh/ssh_config:

# grep -v ^# /etc/ssh/ssh_config

Moguce je da tu imas nesto sto forsira PasswordAuthentication ili iskljucuje PubkeyAuthentication? U svakom slucaju, taj fajl mozes da ignorises ako kreiras ~/.ssh/config (makar i prazan). A krajnje je pozeljno da kreiras ~/.ssh/config fajl sledece sadrzine:

Host central.server.domen.rs central
Hostname central.server.domen.rs
IdentityFile /home/user/.ssh/id_rsa
UserKnownHostsFile /dev/null
StrictHostKeyChecking no
ForwardAgent no
User user


Ako radis kao 'user', vlasnik tog fajla mora da bude 'user' i taj fajl mora da bude /home/user/.ssh/config ...
Ako radis kao 'root' tada je vlasnik 'root', svude gde u fajlu pise 'user' stavi 'root' i moras da ga upises u /root/.ssh/config ...
 
Odgovor na temu

marxer
Novi Sad

Član broj: 152687
Poruke: 56
*.static.isp.telekom.rs.



+1 Profil

icon Re: Ssh veza dva servera bez passworda28.04.2019. u 19:39 - pre 14 meseci
Citat:
djoka_l:
Citat:
3. cat /home/user/.ssh/id_rsa.pub ; sadržaj iskopirao na server u /home/user/,ssh/authorized_keys


A zašto ne koristiš ssh-copy-id

ssh-copy-id -i id_rsa.pub [email protected]

On ti sredi i privilegije i sve ostalo. Možda je to problem?


Na žalost nije rešilo problem.
Iskustvo je srazmerno količini uništene opreme ...
 
Odgovor na temu

marxer
Novi Sad

Član broj: 152687
Poruke: 56
*.static.isp.telekom.rs.



+1 Profil

icon Re: Ssh veza dva servera bez passworda28.04.2019. u 19:41 - pre 14 meseci
Citat:
Branimir Maksimovic:
Sta kaze :
Code:

ssh -o PreferredAuthentications=publickey itd...


ssh konfiguracija sa serverske strane bi trebala da je OK pošto se 30 drugih uređaja povezuje bez ikakvih problema. Problem mi je samo sa Ubuntu-to-Ubuntu kombinacijom
Iskustvo je srazmerno količini uništene opreme ...
 
Odgovor na temu

marxer
Novi Sad

Član broj: 152687
Poruke: 56
*.static.isp.telekom.rs.



+1 Profil

icon Re: Ssh veza dva servera bez passworda28.04.2019. u 19:51 - pre 14 meseci
Citat:
CoyoteKG:
U authorized_keys ti se nalazi public deo ključa i treba da se nalazi u home folderu usera sa kojim se loguješ.
Ako se konektuješ sa
# ssh [email protected]
Public key treba da dodaš u /home/user/.ssh/authorized_keys
A ako sa konektuješ sa
# ssh [email protected]
Onda u /root/.ssh/authorized_keys.

To ti sve završava komanda

# ssh-copy-id [email protected]

Citat:
3. cat /home/user/.ssh/id_rsa.pub ; sadržaj iskopirao na server u /home/user/,ssh/authorized_keys

Je ,l ovo typo na forumu ili stvarno imaš zarez u imenu ,ssh foldera? :)

Izlistaj fajlove sa ls -la da vidimo permisije nad fajlovima i sa jedne i sa druge strane.


Naravno, greška u kucanju. Nisam primetio.

Remote (/home/user/):
drwx------ 2 user user 4096 Apr 28 20:36 .ssh

Remote (/home/user/.ssh/):
drwx------ 2 user user 4096 Apr 28 20:36 .
drwxr-xr-x 7 user user 4096 Apr 27 14:44 ..
-rw------- 1 user user 1766 Apr 28 11:51 id_rsa
-rw-r--r-- 1 user user 393 Apr 28 11:51 id_rsa.pub
-rw------- 1 user user 444 Apr 28 20:35 known_hosts
-rw------- 1 user user 444 Apr 28 20:34 known_hosts.old

Central (/home/user/):
drwx------ 2 user user 4096 Apr 28 20:31 .ssh

Central (/home/user/.ssh/):
drwx------ 2 user user 4096 Apr 28 20:31 .
drwxr-xr-x 7 user user 4096 Apr 27 19:14 ..
-rw-rw-r-- 1 user user 393 Apr 28 20:36 authorized_keys




Iskustvo je srazmerno količini uništene opreme ...
 
Odgovor na temu

marxer
Novi Sad

Član broj: 152687
Poruke: 56
*.static.isp.telekom.rs.



+1 Profil

icon Re: Ssh veza dva servera bez passworda28.04.2019. u 20:14 - pre 14 meseci
Citat:
B3R1:
Procesljaj sve iz pocetka, verovatno je neki banalan problem u pitanju i to na strani tog novog, udaljenog Ubuntu klijenta (posto komunikacije Qnap => Ubuntu lepo rade).

Najpre na tom novom Ubuntu proveri vlasnike i permisije na /root/.ssh, /home/user/.ssh i svim njihovim parent direktorijumima:

# ls -ald / /root /root/.ssh /home /home/user /home/user/.ssh
dr-xr-xr-x 24 root root 4096 Nov 28 19:51 /
drwxr-xr-x 8 root root 4096 Apr 21 11:19 /home
drwx------ 7 user other 4096 Apr 22 16:57 /home/user
drwx------ 7 user other 4096 Apr 22 16:57 /home/user/.ssh
dr-xr-x--- 5 root root 4096 Dec 24 20:50 /root
drwx------ 2 root root 4096 Apr 15 2018 /root/.ssh

Ono sto je bitno je da /home/user/.ssh bude vlanistvo usera 'user', da /root bude vlasnistvo 'root' i da ti direktorijumi nisu otvoreni za pisanje za bilo koga osim njihovih vlasnika. Homedir moze da bude 755, ali .ssh obavezno 700. Proveri vlasnistva fajlova u ~/.ssh direktorijumu - root mora da bude vlasnik svih fajlova u /root/.ssh, dok 'user' mora da bude vlasnik svega u /home/user/.ssh. Na kraju proveri da li je authorized_keys zatvoren za citanje i pisanje za sve osim vlasnika (permisije 600 ili 400). Proveri to na strani servera i klijenta:



Izgleda ovako:

Klijent:
drwxr-xr-x 23 root root 4096 Apr 25 13:18 /
drwxr-xr-x 5 root root 4096 Apr 27 09:49 /home
drwxr-xr-x 7 user user 4096 Apr 27 14:44 /home/user
drwx------ 2 user user 4096 Apr 28 20:36 /home/user/.ssh
drwx------ 7 root root 4096 Apr 27 09:32 /root
drwx------ 2 root root 4096 Apr 27 18:59 /root/.ssh


Server:
drwxr-xr-x 23 root root 4096 Apr 27 10:47 /
drwxr-xr-x 3 root root 4096 Apr 1 17:55 /home
drwxr-xr-x 7 user user 4096 Apr 27 19:14 /home/user
drwx------ 2 user user 4096 Apr 28 20:31 /home/user/.ssh
drwx------ 8 root root 4096 Apr 27 19:26 /root
drwx------ 2 root root 4096 Apr 28 20:31 /root/.ssh





# find /root /home -name authorized_keys -exec ls -ald {} \;
-r-------- 1 user other 230 Apr 15 2018 /home/user/.ssh/authorized_keys
-r-------- 1 root root 230 Nov 26 12:19 /root/.ssh/authorized_keys




Authorized_keys:
-rw-r--r-- 1 root root 0 Apr 28 11:48 /root/.ssh/authorized_keys
-rw-rw-r-- 1 user user 393 Apr 28 20:36 /home/user/.ssh/authorized_keys


Sve u svemu, deluje mi kao višak, a ne manjak prava ...




Sledeca stvar je fajl /etc/ssh/ssh_config:

# grep -v ^# /etc/ssh/ssh_config

Moguce je da tu imas nesto sto forsira PasswordAuthentication ili iskljucuje PubkeyAuthentication? U svakom slucaju, taj fajl mozes da ignorises ako kreiras ~/.ssh/config (makar i prazan). A krajnje je pozeljno da kreiras ~/.ssh/config fajl sledece sadrzine:

Host central.server.domen.rs central
Hostname central.server.domen.rs
IdentityFile /home/user/.ssh/id_rsa
UserKnownHostsFile /dev/null
StrictHostKeyChecking no
ForwardAgent no
User user





Evo i šta kaže za ssh_config fajl:

Host *
SendEnv LANG LC_*
HashKnownHosts yes
GSSAPIAuthentication yes
GSSAPIDelegateCredentials no


Ako radis kao 'user', vlasnik tog fajla mora da bude 'user' i taj fajl mora da bude /home/user/.ssh/config ...

E to nije! Evo nove stvari za probu :-)


Ako radis kao 'root' tada je vlasnik 'root', svude gde u fajlu pise 'user' stavi 'root' i moras da ga upises u /root/.ssh/config ...


Iskustvo je srazmerno količini uništene opreme ...
 
Odgovor na temu

srbaja
nekada kblo 45

Član broj: 4671
Poruke: 271



+28 Profil

icon Re: Ssh veza dva servera bez passworda28.04.2019. u 22:42 - pre 14 meseci
U pravu si, imas višak a ne manjak prava :)

Citat:
B3R1:
Na kraju proveri da li je authorized_keys zatvoren za citanje i pisanje za sve osim vlasnika (permisije 600 ili 400)
 
Odgovor na temu

[es] :: Linux :: Ssh veza dva servera bez passworda

Strane: 1 2

[ Pregleda: 4009 | Odgovora: 32 ] > FB > Twit

Postavi temu Odgovori

Navigacija
Lista poslednjih: 16, 32, 64, 128 poruka.