Michael_ich Posted November 2, 2020 Share Posted November 2, 2020 (edited) Здраствуйте, уважаемые форумчане. Знаю, обсуждалось, было. Читал, смотрел, искал, но успеха не добился. Подскажите как авторизоваться без пароля (по shh) на интрент центре? Поставил entware по этой инструкции. Сгенерировал ключи. Перенес на интрент центр ssh-copy-id -i /config/.ssh/id_rsa.pub root@192.168.1.1 -p 222 Без пароля не заработало ssh -i /config/.ssh/id_rsa root@192.168.1.1 -p 222 Передвинул ключи mv /opt/root/.ssh/authorized_keys /opt/etc/dropbear Снова попытался выполнить ssh -i /config/.ssh/id_rsa root@192.168.1.1 -p 222 Не срабатывает. Команды cd /opt/etc/dropbear/ chmod 600 authorized_keys выполнял. Что может быть не так? Интрент центр перезагружал. Как отдельно перезагрузить dropbear не знаю. Edited November 2, 2020 by Michael_ich 1 Quote Link to comment Share on other sites More sharing options...
vasek00 Posted November 3, 2020 Share Posted November 3, 2020 Если речь про Entware весь запуск сервисов в /opt/etc/init.d там же и S..drobear т.е. S..drobear restart Quote Link to comment Share on other sites More sharing options...
Michael_ich Posted November 9, 2020 Author Share Posted November 9, 2020 (edited) Проблема похоже оказалась в параметрах запуска dropbear. нужно указать -s в /opt/etc/init.d/SXXdropbear (где ХХ - две цифры исходя из конкретной конфигурации) нужно исправить функцию start() на $DROPBEAR -s -p $PORT -P $PIDFILE Но тогда не зайти по паролю. А мне нужно и по паролю и по ключу. UPDT Тут мне подсказали, что ключи openssh не подходят к dropbear Видимо в этом проблема Edited November 9, 2020 by Michael_ich Quote Link to comment Share on other sites More sharing options...
rustrict Posted November 10, 2020 Share Posted November 10, 2020 17 часов назад, Michael_ich сказал: UPDT Тут мне подсказали, что ключи openssh не подходят к dropbear Видимо в этом проблема Это не так: Compatible with OpenSSH ~/.ssh/authorized_keys public key authentication Я вам в другой теме предложил посмотреть лог подключения. Проверьте, например, что в ряду PreferredAuthentications publickey стоит впереди password: debug3: preferred publickey,keyboard-interactive,password Quote Link to comment Share on other sites More sharing options...
Michael_ich Posted November 10, 2020 Author Share Posted November 10, 2020 1 hour ago, rustrict said: Это не так: Compatible with OpenSSH ~/.ssh/authorized_keys public key authentication Я вам в другой теме предложил посмотреть лог подключения. Проверьте, например, что в ряду PreferredAuthentications publickey стоит впереди password: debug3: preferred publickey,keyboard-interactive,password Выдает следующее Spoiler bash-5.0# ssh -p '222' 'root@192.168.1.1' -vvv OpenSSH_8.3p1, OpenSSL 1.1.1g 21 Apr 2020 debug1: Reading configuration data /etc/ssh/ssh_config debug2: resolve_canonicalize: hostname 192.168.1.1 is address debug1: Authenticator provider $SSH_SK_PROVIDER did not resolve; disabling debug2: ssh_connect_direct debug1: Connecting to 192.168.1.1 [192.168.1.1] port 222. debug1: Connection established. debug1: identity file /root/.ssh/id_rsa type 0 debug1: identity file /root/.ssh/id_rsa-cert type -1 debug1: identity file /root/.ssh/id_dsa type -1 debug1: identity file /root/.ssh/id_dsa-cert type -1 debug1: identity file /root/.ssh/id_ecdsa type -1 debug1: identity file /root/.ssh/id_ecdsa-cert type -1 debug1: identity file /root/.ssh/id_ecdsa_sk type -1 debug1: identity file /root/.ssh/id_ecdsa_sk-cert type -1 debug1: identity file /root/.ssh/id_ed25519 type -1 debug1: identity file /root/.ssh/id_ed25519-cert type -1 debug1: identity file /root/.ssh/id_ed25519_sk type -1 debug1: identity file /root/.ssh/id_ed25519_sk-cert type -1 debug1: identity file /root/.ssh/id_xmss type -1 debug1: identity file /root/.ssh/id_xmss-cert type -1 debug1: Local version string SSH-2.0-OpenSSH_8.3 debug1: Remote protocol version 2.0, remote software version dropbear debug1: no match: dropbear debug2: fd 3 setting O_NONBLOCK debug1: Authenticating to 192.168.1.1:222 as 'root' debug3: put_host_port: [192.168.1.1]:222 debug3: hostkeys_foreach: reading file "/root/.ssh/known_hosts" debug3: record_hostkey: found key type ECDSA in file /root/.ssh/known_hosts:1 debug3: load_hostkeys: loaded 1 keys from [192.168.1.1]:222 debug3: order_hostkeyalgs: prefer hostkeyalgs: ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521 debug3: send packet: type 20 debug1: SSH2_MSG_KEXINIT sent debug3: receive packet: type 20 debug1: SSH2_MSG_KEXINIT received debug2: local client KEXINIT proposal debug2: KEX algorithms: curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,ext-info-c debug2: host key algorithms: ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,ssh-ed25519-cert-v01@openssh.com,sk-ssh-ed25519-cert-v01@openssh.com,rsa-sha2-512-cert-v01@openssh.com,rsa-sha2-256-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,sk-ecdsa-sha2-nistp256@openssh.com,ssh-ed25519,sk-ssh-ed25519@openssh.com,rsa-sha2-512,rsa-sha2-256,ssh-rsa debug2: ciphers ctos: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com debug2: ciphers stoc: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com debug2: MACs ctos: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1 debug2: MACs stoc: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1 debug2: compression ctos: none,zlib@openssh.com,zlib debug2: compression stoc: none,zlib@openssh.com,zlib debug2: languages ctos: debug2: languages stoc: debug2: first_kex_follows 0 debug2: reserved 0 debug2: peer server KEXINIT proposal debug2: KEX algorithms: curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,kexguess2@matt.ucc.asn.au debug2: host key algorithms: ssh-ed25519,ecdsa-sha2-nistp256,rsa-sha2-256,ssh-rsa debug2: ciphers ctos: chacha20-poly1305@openssh.com,aes128-ctr,aes256-ctr debug2: ciphers stoc: chacha20-poly1305@openssh.com,aes128-ctr,aes256-ctr debug2: MACs ctos: hmac-sha1,hmac-sha2-256 debug2: MACs stoc: hmac-sha1,hmac-sha2-256 debug2: compression ctos: none debug2: compression stoc: none debug2: languages ctos: debug2: languages stoc: debug2: first_kex_follows 0 debug2: reserved 0 debug1: kex: algorithm: curve25519-sha256 debug1: kex: host key algorithm: ecdsa-sha2-nistp256 debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none debug3: send packet: type 30 debug1: expecting SSH2_MSG_KEX_ECDH_REPLY debug3: receive packet: type 31 debug1: Server host key: ecdsa-sha2-nistp256 SHA256:9BWRfXLc3Nkgef3/ZH1AjLxYkPYXXGpvWSlXQnOhFHU debug3: put_host_port: [192.168.1.1]:222 debug3: put_host_port: [192.168.1.1]:222 debug3: hostkeys_foreach: reading file "/root/.ssh/known_hosts" debug3: record_hostkey: found key type ECDSA in file /root/.ssh/known_hosts:1 debug3: load_hostkeys: loaded 1 keys from [192.168.1.1]:222 debug3: hostkeys_foreach: reading file "/root/.ssh/known_hosts" debug3: record_hostkey: found key type ECDSA in file /root/.ssh/known_hosts:1 debug3: load_hostkeys: loaded 1 keys from [192.168.1.1]:222 debug1: Host '[192.168.1.1]:222' is known and matches the ECDSA host key. debug1: Found key in /root/.ssh/known_hosts:1 debug3: send packet: type 21 debug2: set_newkeys: mode 1 debug1: rekey out after 134217728 blocks debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug3: receive packet: type 21 debug1: SSH2_MSG_NEWKEYS received debug2: set_newkeys: mode 0 debug1: rekey in after 134217728 blocks debug1: Will attempt key: /root/.ssh/id_rsa RSA SHA256:qvRNyydFqnVmaBYZkH3+GHFpnPZt5R1YmenSJfpI2KM debug1: Will attempt key: /root/.ssh/id_dsa debug1: Will attempt key: /root/.ssh/id_ecdsa debug1: Will attempt key: /root/.ssh/id_ecdsa_sk debug1: Will attempt key: /root/.ssh/id_ed25519 debug1: Will attempt key: /root/.ssh/id_ed25519_sk debug1: Will attempt key: /root/.ssh/id_xmss debug2: pubkey_prepare: done debug3: send packet: type 5 debug3: receive packet: type 7 debug1: SSH2_MSG_EXT_INFO received debug1: kex_input_ext_info: server-sig-algs=<ssh-ed25519,ecdsa-sha2-nistp256,rsa-sha2-256,ssh-rsa> debug3: receive packet: type 6 debug2: service_accept: ssh-userauth debug1: SSH2_MSG_SERVICE_ACCEPT received debug3: send packet: type 50 debug3: receive packet: type 51 debug1: Authentications that can continue: publickey,password debug3: start over, passed a different list publickey,password debug3: preferred publickey,keyboard-interactive,password debug3: authmethod_lookup publickey debug3: remaining preferred: keyboard-interactive,password debug3: authmethod_is_enabled publickey debug1: Next authentication method: publickey debug1: Offering public key: /root/.ssh/id_rsa RSA SHA256:qvRNyydFqnVmaBYZkH3+GHFpnPZt5R1YmenSJfpI2KM debug3: send packet: type 50 debug2: we sent a publickey packet, wait for reply debug3: receive packet: type 51 debug1: Authentications that can continue: publickey,password debug1: Trying private key: /root/.ssh/id_dsa debug3: no such identity: /root/.ssh/id_dsa: No such file or directory debug1: Trying private key: /root/.ssh/id_ecdsa debug3: no such identity: /root/.ssh/id_ecdsa: No such file or directory debug1: Trying private key: /root/.ssh/id_ecdsa_sk debug3: no such identity: /root/.ssh/id_ecdsa_sk: No such file or directory debug1: Trying private key: /root/.ssh/id_ed25519 debug3: no such identity: /root/.ssh/id_ed25519: No such file or directory debug1: Trying private key: /root/.ssh/id_ed25519_sk debug3: no such identity: /root/.ssh/id_ed25519_sk: No such file or directory debug1: Trying private key: /root/.ssh/id_xmss debug3: no such identity: /root/.ssh/id_xmss: No such file or directory debug2: we did not send a packet, disable method debug3: authmethod_lookup password debug3: remaining preferred: ,password debug3: authmethod_is_enabled password debug1: Next authentication method: password root@192.168.1.1's password: Quote Link to comment Share on other sites More sharing options...
rustrict Posted November 10, 2020 Share Posted November 10, 2020 Пока я заметил, что вы переносили ключ не из той папки, которую проверяет ssh. Попробуйте: cat /root/.ssh/id_rsa.pub | ssh -p 222 root@192.168.1.1 "cat > /opt/etc/dropbear/authorized_keys && chmod 600 /opt/etc/dropbear/authorized_keys" 1 2 Quote Link to comment Share on other sites More sharing options...
Michael_ich Posted November 10, 2020 Author Share Posted November 10, 2020 (edited) 13 minutes ago, rustrict said: Пока я заметил, что вы переносили ключ не из той папки, которую проверяет ssh. Попробуйте: cat /root/.ssh/id_rsa.pub | ssh -p 222 root@192.168.1.1 "cat > /opt/etc/dropbear/authorized_keys && chmod 600 /opt/etc/dropbear/authorized_keys" Решил переключится и попробовать по новой на малинкеssh -i /root/.ssh/id_rsa.pub -p '22' 'michael@192.168.1.11' -vvv Spoiler bash-5.0# ssh -i /root/.ssh/id_rsa.pub -p '22' 'michael@192.168.1.11' -vvv OpenSSH_8.3p1, OpenSSL 1.1.1g 21 Apr 2020 debug1: Reading configuration data /etc/ssh/ssh_config debug2: resolve_canonicalize: hostname 192.168.1.11 is address debug1: Authenticator provider $SSH_SK_PROVIDER did not resolve; disabling debug2: ssh_connect_direct debug1: Connecting to 192.168.1.11 [192.168.1.11] port 22. debug1: Connection established. debug1: identity file /root/.ssh/id_rsa.pub type 0 debug1: identity file /root/.ssh/id_rsa.pub-cert type -1 debug1: Local version string SSH-2.0-OpenSSH_8.3 debug1: Remote protocol version 2.0, remote software version OpenSSH_7.9p1 Raspbian-10+deb10u2 debug1: match: OpenSSH_7.9p1 Raspbian-10+deb10u2 pat OpenSSH* compat 0x04000000 debug2: fd 3 setting O_NONBLOCK debug1: Authenticating to 192.168.1.11:22 as 'michael' debug3: hostkeys_foreach: reading file "/root/.ssh/known_hosts" debug3: record_hostkey: found key type ECDSA in file /root/.ssh/known_hosts:1 debug3: load_hostkeys: loaded 1 keys from 192.168.1.11 debug3: order_hostkeyalgs: prefer hostkeyalgs: ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521 debug3: send packet: type 20 debug1: SSH2_MSG_KEXINIT sent debug3: receive packet: type 20 debug1: SSH2_MSG_KEXINIT received debug2: local client KEXINIT proposal debug2: KEX algorithms: curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,ext-info-c debug2: host key algorithms: ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,ssh-ed25519-cert-v01@openssh.com,sk-ssh-ed25519-cert-v01@openssh.com,rsa-sha2-512-cert-v01@openssh.com,rsa-sha2-256-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,sk-ecdsa-sha2-nistp256@openssh.com,ssh-ed25519,sk-ssh-ed25519@openssh.com,rsa-sha2-512,rsa-sha2-256,ssh-rsa debug2: ciphers ctos: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com debug2: ciphers stoc: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com debug2: MACs ctos: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1 debug2: MACs stoc: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1 debug2: compression ctos: none,zlib@openssh.com,zlib debug2: compression stoc: none,zlib@openssh.com,zlib debug2: languages ctos: debug2: languages stoc: debug2: first_kex_follows 0 debug2: reserved 0 debug2: peer server KEXINIT proposal debug2: KEX algorithms: curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1 debug2: host key algorithms: rsa-sha2-512,rsa-sha2-256,ssh-rsa,ecdsa-sha2-nistp256,ssh-ed25519 debug2: ciphers ctos: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com debug2: ciphers stoc: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com debug2: MACs ctos: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1 debug2: MACs stoc: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1 debug2: compression ctos: none,zlib@openssh.com debug2: compression stoc: none,zlib@openssh.com debug2: languages ctos: debug2: languages stoc: debug2: first_kex_follows 0 debug2: reserved 0 debug1: kex: algorithm: curve25519-sha256 debug1: kex: host key algorithm: ecdsa-sha2-nistp256 debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none debug3: send packet: type 30 debug1: expecting SSH2_MSG_KEX_ECDH_REPLY debug3: receive packet: type 31 debug1: Server host key: ecdsa-sha2-nistp256 SHA256:sJS7Q7IEyA1G/1atSR5dklAFo7aGfcpUE3dtQwS1Yc4 debug3: hostkeys_foreach: reading file "/root/.ssh/known_hosts" debug3: record_hostkey: found key type ECDSA in file /root/.ssh/known_hosts:1 debug3: load_hostkeys: loaded 1 keys from 192.168.1.11 debug1: Host '192.168.1.11' is known and matches the ECDSA host key. debug1: Found key in /root/.ssh/known_hosts:1 debug3: send packet: type 21 debug2: set_newkeys: mode 1 debug1: rekey out after 134217728 blocks debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug3: receive packet: type 21 debug1: SSH2_MSG_NEWKEYS received debug2: set_newkeys: mode 0 debug1: rekey in after 134217728 blocks debug1: Will attempt key: /root/.ssh/id_rsa.pub RSA SHA256:am2b3n+E46I/+9MBE1qRgbJJAL1NH3AKZ3P0EvTDS4k explicit debug2: pubkey_prepare: done debug3: send packet: type 5 debug3: receive packet: type 7 debug1: SSH2_MSG_EXT_INFO received debug1: kex_input_ext_info: server-sig-algs=<ssh-ed25519,ssh-rsa,rsa-sha2-256,rsa-sha2-512,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521> debug3: receive packet: type 6 debug2: service_accept: ssh-userauth debug1: SSH2_MSG_SERVICE_ACCEPT received debug3: send packet: type 50 debug3: receive packet: type 51 debug1: Authentications that can continue: publickey,password debug3: start over, passed a different list publickey,password debug3: preferred publickey,keyboard-interactive,password debug3: authmethod_lookup publickey debug3: remaining preferred: keyboard-interactive,password debug3: authmethod_is_enabled publickey debug1: Next authentication method: publickey debug1: Offering public key: /root/.ssh/id_rsa.pub RSA SHA256:am2b3n+E46I/+9MBE1qRgbJJAL1NH3AKZ3P0EvTDS4k explicit debug3: send packet: type 50 debug2: we sent a publickey packet, wait for reply debug3: receive packet: type 60 debug1: Server accepts key: /root/.ssh/id_rsa.pub RSA SHA256:am2b3n+E46I/+9MBE1qRgbJJAL1NH3AKZ3P0EvTDS4k explicit debug3: sign_and_send_pubkey: RSA SHA256:am2b3n+E46I/+9MBE1qRgbJJAL1NH3AKZ3P0EvTDS4k debug3: sign_and_send_pubkey: signing using rsa-sha2-512 SHA256:am2b3n+E46I/+9MBE1qRgbJJAL1NH3AKZ3P0EvTDS4kLoad key "/root/.ssh/id_rsa.pub": invalid format debug2: we did not send a packet, disable method debug3: authmethod_lookup password debug3: remaining preferred: ,password debug3: authmethod_is_enabled password debug1: Next authentication method: password michael@192.168.1.11's password: Что может быть с форматом не знаю Генерил просто ssh-keygen без параметров bash-5.0# cat id_rsa.pub ssh-rsa AA.............................0= root@homeassistant Edited November 10, 2020 by Michael_ich Quote Link to comment Share on other sites More sharing options...
Michael_ich Posted November 10, 2020 Author Share Posted November 10, 2020 (edited) Вот так на малинке заработало bash-5.0# ssh -p '22' 'michael@192.168.1.11' pwd /home/michael bash-5.0# А на интернет центре нет bash-5.0# ssh -p '222' 'root@192.168.1.1' pwd root@192.168.1.1's password: Edited November 10, 2020 by Michael_ich Quote Link to comment Share on other sites More sharing options...
rustrict Posted November 10, 2020 Share Posted November 10, 2020 3 минуты назад, Michael_ich сказал: ssh -i /root/.ssh/id_rsa.pub -p '22' 'michael@192.168.1.11' -vvv Здесь надо или без -i вообще, или -i /root/.ssh/id_rsa. Давайте все-таки вернемся к Entware. Появился ли доступ по ключу после моей команды выше? Если нет, то покажите еще права на папки: На клиентском устройстве ls -la /root/.ssh На роутере ls -la /opt/etc/dropbear 1 Quote Link to comment Share on other sites More sharing options...
Michael_ich Posted November 10, 2020 Author Share Posted November 10, 2020 (edited) 17 minutes ago, rustrict said: Здесь надо или без -i вообще, или -i /root/.ssh/id_rsa. Давайте все-таки вернемся к Entware. Появился ли доступ по ключу после моей команды выше? Если нет, то покажите еще права на папки: На клиентском устройстве ls -la /root/.ssh На роутере ls -la /opt/etc/dropbear После команды выше не появился. Spoiler bash-5.0# ls -la /root/.ssh total 24 drwx------ 2 root root 4096 Nov 10 15:02 . drwx------ 1 root root 4096 Nov 10 15:02 .. -rw------- 1 root root 2602 Nov 10 15:02 id_rsa -rw------- 1 root root 572 Nov 10 15:02 id_rsa.pub -rw-r--r-- 1 root root 353 Nov 10 15:17 known_hosts Spoiler ~ # ls -la /opt/etc/dropbear drwxrwxr-x 1 root HA 4096 Nov 10 15:21 . drwxrwxr-x 1 root HA 4096 Nov 9 17:25 .. -rw------- 1 root HA 572 Nov 10 15:21 authorized_keys -rwxrwxr-x 1 root HA 140 Oct 12 18:16 dropbear_ecdsa_host_key -rwxrwxr-x 1 root HA 83 Oct 12 18:16 dropbear_ed25519_host_key -rwxrwxr-x 1 root HA 805 Oct 12 18:16 dropbear_rsa_host_key log Spoiler bash-5.0# ssh -p '222' 'root@192.168.1.1' -vvv OpenSSH_8.3p1, OpenSSL 1.1.1g 21 Apr 2020 debug1: Reading configuration data /etc/ssh/ssh_config debug2: resolve_canonicalize: hostname 192.168.1.1 is address debug1: Authenticator provider $SSH_SK_PROVIDER did not resolve; disabling debug2: ssh_connect_direct debug1: Connecting to 192.168.1.1 [192.168.1.1] port 222. debug1: Connection established. debug1: identity file /root/.ssh/id_rsa type 0 debug1: identity file /root/.ssh/id_rsa-cert type -1 debug1: identity file /root/.ssh/id_dsa type -1 debug1: identity file /root/.ssh/id_dsa-cert type -1 debug1: identity file /root/.ssh/id_ecdsa type -1 debug1: identity file /root/.ssh/id_ecdsa-cert type -1 debug1: identity file /root/.ssh/id_ecdsa_sk type -1 debug1: identity file /root/.ssh/id_ecdsa_sk-cert type -1 debug1: identity file /root/.ssh/id_ed25519 type -1 debug1: identity file /root/.ssh/id_ed25519-cert type -1 debug1: identity file /root/.ssh/id_ed25519_sk type -1 debug1: identity file /root/.ssh/id_ed25519_sk-cert type -1 debug1: identity file /root/.ssh/id_xmss type -1 debug1: identity file /root/.ssh/id_xmss-cert type -1 debug1: Local version string SSH-2.0-OpenSSH_8.3 debug1: Remote protocol version 2.0, remote software version dropbear debug1: no match: dropbear debug2: fd 3 setting O_NONBLOCK debug1: Authenticating to 192.168.1.1:222 as 'root' debug3: put_host_port: [192.168.1.1]:222 debug3: hostkeys_foreach: reading file "/root/.ssh/known_hosts" debug3: record_hostkey: found key type ECDSA in file /root/.ssh/known_hosts:2 debug3: load_hostkeys: loaded 1 keys from [192.168.1.1]:222 debug3: order_hostkeyalgs: prefer hostkeyalgs: ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521 debug3: send packet: type 20 debug1: SSH2_MSG_KEXINIT sent debug3: receive packet: type 20 debug1: SSH2_MSG_KEXINIT received debug2: local client KEXINIT proposal debug2: KEX algorithms: curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,ext-info-c debug2: host key algorithms: ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,ssh-ed25519-cert-v01@openssh.com,sk-ssh-ed25519-cert-v01@openssh.com,rsa-sha2-512-cert-v01@openssh.com,rsa-sha2-256-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,sk-ecdsa-sha2-nistp256@openssh.com,ssh-ed25519,sk-ssh-ed25519@openssh.com,rsa-sha2-512,rsa-sha2-256,ssh-rsa debug2: ciphers ctos: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com debug2: ciphers stoc: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com debug2: MACs ctos: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1 debug2: MACs stoc: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1 debug2: compression ctos: none,zlib@openssh.com,zlib debug2: compression stoc: none,zlib@openssh.com,zlib debug2: languages ctos: debug2: languages stoc: debug2: first_kex_follows 0 debug2: reserved 0 debug2: peer server KEXINIT proposal debug2: KEX algorithms: curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,kexguess2@matt.ucc.asn.au debug2: host key algorithms: ssh-ed25519,ecdsa-sha2-nistp256,rsa-sha2-256,ssh-rsa debug2: ciphers ctos: chacha20-poly1305@openssh.com,aes128-ctr,aes256-ctr debug2: ciphers stoc: chacha20-poly1305@openssh.com,aes128-ctr,aes256-ctr debug2: MACs ctos: hmac-sha1,hmac-sha2-256 debug2: MACs stoc: hmac-sha1,hmac-sha2-256 debug2: compression ctos: none debug2: compression stoc: none debug2: languages ctos: debug2: languages stoc: debug2: first_kex_follows 0 debug2: reserved 0 debug1: kex: algorithm: curve25519-sha256 debug1: kex: host key algorithm: ecdsa-sha2-nistp256 debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none debug3: send packet: type 30 debug1: expecting SSH2_MSG_KEX_ECDH_REPLY debug3: receive packet: type 31 debug1: Server host key: ecdsa-sha2-nistp256 SHA256:9BWRfXLc3Nkgef3/ZH1AjLxYkPYXXGpvWSlXQnOhFHU debug3: put_host_port: [192.168.1.1]:222 debug3: put_host_port: [192.168.1.1]:222 debug3: hostkeys_foreach: reading file "/root/.ssh/known_hosts" debug3: record_hostkey: found key type ECDSA in file /root/.ssh/known_hosts:2 debug3: load_hostkeys: loaded 1 keys from [192.168.1.1]:222 debug3: hostkeys_foreach: reading file "/root/.ssh/known_hosts" debug3: record_hostkey: found key type ECDSA in file /root/.ssh/known_hosts:2 debug3: load_hostkeys: loaded 1 keys from [192.168.1.1]:222 debug1: Host '[192.168.1.1]:222' is known and matches the ECDSA host key. debug1: Found key in /root/.ssh/known_hosts:2 debug3: send packet: type 21 debug2: set_newkeys: mode 1 debug1: rekey out after 134217728 blocks debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug3: receive packet: type 21 debug1: SSH2_MSG_NEWKEYS received debug2: set_newkeys: mode 0 debug1: rekey in after 134217728 blocks debug1: Will attempt key: /root/.ssh/id_rsa RSA SHA256:am2b3n+E46I/+9MBE1qRgbJJAL1NH3AKZ3P0EvTDS4k debug1: Will attempt key: /root/.ssh/id_dsa debug1: Will attempt key: /root/.ssh/id_ecdsa debug1: Will attempt key: /root/.ssh/id_ecdsa_sk debug1: Will attempt key: /root/.ssh/id_ed25519 debug1: Will attempt key: /root/.ssh/id_ed25519_sk debug1: Will attempt key: /root/.ssh/id_xmss debug2: pubkey_prepare: done debug3: send packet: type 5 debug3: receive packet: type 7 debug1: SSH2_MSG_EXT_INFO received debug1: kex_input_ext_info: server-sig-algs=<ssh-ed25519,ecdsa-sha2-nistp256,rsa-sha2-256,ssh-rsa> debug3: receive packet: type 6 debug2: service_accept: ssh-userauth debug1: SSH2_MSG_SERVICE_ACCEPT received debug3: send packet: type 50 debug3: receive packet: type 51 debug1: Authentications that can continue: publickey,password debug3: start over, passed a different list publickey,password debug3: preferred publickey,keyboard-interactive,password debug3: authmethod_lookup publickey debug3: remaining preferred: keyboard-interactive,password debug3: authmethod_is_enabled publickey debug1: Next authentication method: publickey debug1: Offering public key: /root/.ssh/id_rsa RSA SHA256:am2b3n+E46I/+9MBE1qRgbJJAL1NH3AKZ3P0EvTDS4k debug3: send packet: type 50 debug2: we sent a publickey packet, wait for reply debug3: receive packet: type 51 debug1: Authentications that can continue: publickey,password debug1: Trying private key: /root/.ssh/id_dsa debug3: no such identity: /root/.ssh/id_dsa: No such file or directory debug1: Trying private key: /root/.ssh/id_ecdsa debug3: no such identity: /root/.ssh/id_ecdsa: No such file or directory debug1: Trying private key: /root/.ssh/id_ecdsa_sk debug3: no such identity: /root/.ssh/id_ecdsa_sk: No such file or directory debug1: Trying private key: /root/.ssh/id_ed25519 debug3: no such identity: /root/.ssh/id_ed25519: No such file or directory debug1: Trying private key: /root/.ssh/id_ed25519_sk debug3: no such identity: /root/.ssh/id_ed25519_sk: No such file or directory debug1: Trying private key: /root/.ssh/id_xmss debug3: no such identity: /root/.ssh/id_xmss: No such file or directory debug2: we did not send a packet, disable method debug3: authmethod_lookup password debug3: remaining preferred: ,password debug3: authmethod_is_enabled password debug1: Next authentication method: password root@192.168.1.1's password: Edited November 10, 2020 by Michael_ich Quote Link to comment Share on other sites More sharing options...
Rage Steel Posted May 10 Share Posted May 10 Вчера взялся за настройку свежекупленного Keenetic — у меня всё сработало после того как файл authorized_keys передвинул из ~/.ssh/ в /opt/etc/dropbear 1 Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.