Блог

У меня проблема с подключением с аутентификацией по SSH PubKey. Я Использую CentOS 8, сервер OpenSSH. Я могу подключиться, используя пароль. Селинукс выключен. Ранее я сделал ключи rsa из ssh-keygen, затем поместил их в ~/.ssh/ и загрузил id_rsa.pub на хост сервера как: /home/nAdmin/.ssh/авторизованные ключи. Два дня читал похожие проблемы и руководство ssh_config, но их решения для меня не работают.

SSHD_CONFIG:

 Port 22  HostKey /etc/ssh/ssh_host_rsa_key HostKey /etc/ssh/ssh_host_ecdsa_key HostKey /etc/ssh/ssh_host_ed25519_key  SyslogFacility local6 SyslogFacility AUTHPRIV  PermitRootLogin no  AuthorizedKeysFile ~/.ssh/authorized_keys  GSSAPIAuthentication yes GSSAPICleanupCredentials no  UsePAM yes  X11Forwarding yes  AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE AcceptEnv XMODIFIERS  Subsystem sftp /usr/libexec/openssh/sftp-server  Match User nAdmin  X11Forwarding no   AllowTcpForwarding no   AllowAgentForwarding no  PermitTunnel no   ForceCommand /usr/libexec/openssh/sftp-server  PasswordAuthentication no  PubKeyAuthentication yes  RSAAuthentication yes  

разрешения:

 $ sudo ls -a -l /home/nAdmin/ total 16 drwxr-xr-x 6 root nAdmin 142 Nov 23 22:39 . drwxr-xr-x. 6 root root 59 Jun 22 08:06 .. -rwxrwxr-x 1 nAdmin named 18 May 27 18:09 .bash_logout -rwxrwxr-x 1 nAdmin named 141 May 27 18:09 .bash_profile -rwxrwxr-x 1 nAdmin named 376 May 27 18:09 .bashrc drwxrwxr-x 3 nAdmin named 18 Nov 23 11:52 .config drwxrwxr-x 3 nAdmin named 19 Nov 23 11:52 .local drwxrwxr-x 2 nAdmin named 6 Nov 23 12:17 ntest -rw-r--r-- 1 nAdmin named 0 Nov 23 16:36 rest drw------- 2 root nAdmin 29 Nov 23 22:39 .ssh -rwxrwxr-x 1 nAdmin named 658 Mar 20 2020 .zshrc  $ sudo ls -a -l /home/nAdmin/.ssh/ total 4 drw------- 2 root nAdmin 29 Nov 23 22:39 . drwxr-xr-x 6 root nAdmin 142 Nov 23 22:39 .. -rwx------ 1 root nAdmin 568 Nov 24 11:32 authorized_keys  

ПЫТАЮСЬ ПОДКЛЮЧИТЬСЯ:

 $ sftp -v nAdmin@tinirog.ru OpenSSH_8.0p1, OpenSSL 1.1.1k FIPS 25 Mar 2021 debug1: Reading configuration data /etc/ssh/ssh_config debug1: Reading configuration data /etc/ssh/ssh_config.d/05-redhat.conf debug1: Reading configuration data /etc/crypto-policies/back-ends/openssh.config debug1: configuration requests final Match pass debug1: re-parsing configuration debug1: Reading configuration data /etc/ssh/ssh_config debug1: Reading configuration data /etc/ssh/ssh_config.d/05-redhat.conf debug1: Reading configuration data /etc/crypto-policies/back-ends/openssh.config debug1: Connecting to tinirog.ru [95.165.134.11] port 22. debug1: Connection established. debug1: identity file /home/vic/.ssh/id_rsa type 0 debug1: identity file /home/vic/.ssh/id_rsa-cert type -1 debug1: identity file /home/vic/.ssh/id_dsa type -1 debug1: identity file /home/vic/.ssh/id_dsa-cert type -1 debug1: identity file /home/vic/.ssh/id_ecdsa type -1 debug1: identity file /home/vic/.ssh/id_ecdsa-cert type -1 debug1: identity file /home/vic/.ssh/id_ed25519 type -1 debug1: identity file /home/vic/.ssh/id_ed25519-cert type -1 debug1: identity file /home/vic/.ssh/id_xmss type -1 debug1: identity file /home/vic/.ssh/id_xmss-cert type -1 debug1: Local version string SSH-2.0-OpenSSH_8.0 debug1: Remote protocol version 2.0, remote software version OpenSSH_8.0 debug1: match: OpenSSH_8.0 pat OpenSSH* compat 0x04000000 debug1: Authenticating to tinirog.ru:22 as 'nAdmin' debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug1: kex: algorithm: curve25519-sha256 debug1: kex: host key algorithm: ecdsa-sha2-nistp256 debug1: kex: server-gt;client cipher: aes256-gcm@openssh.com MAC: lt;implicitgt; compression: none debug1: kex: client-gt;server cipher: aes256-gcm@openssh.com MAC: lt;implicitgt; compression: none debug1: kex: curve25519-sha256 need=32 dh_need=32 debug1: kex: curve25519-sha256 need=32 dh_need=32 debug1: expecting SSH2_MSG_KEX_ECDH_REPLY debug1: Server host key: ecdsa-sha2-nistp256 SHA256:KVRpLjmIfwAZfS2EjndRJsPiWHfVR4hkVwha1c8nE2Y debug1: Host 'tinirog.ru' is known and matches the ECDSA host key. debug1: Found key in /home/vic/.ssh/known_hosts:1 debug1: rekey out after 4294967296 blocks debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug1: SSH2_MSG_NEWKEYS received debug1: rekey in after 4294967296 blocks debug1: Will attempt key: /home/vic/.ssh/id_rsa RSA SHA256:AUx6BHMFLmhC8Fi 0WB1ljG 546I/rnJoW59woaRYqU agent debug1: Will attempt key: /home/vic/.ssh/id_dsa debug1: Will attempt key: /home/vic/.ssh/id_ecdsa debug1: Will attempt key: /home/vic/.ssh/id_ed25519 debug1: Will attempt key: /home/vic/.ssh/id_xmss debug1: SSH2_MSG_EXT_INFO received debug1: kex_input_ext_info: server-sig-algs=lt;ssh-ed25519,ssh-rsa,rsa-sha2-256,rsa-sha2-512,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521gt; debug1: SSH2_MSG_SERVICE_ACCEPT received debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic debug1: Next authentication method: gssapi-with-mic debug1: Unspecified GSS failure. Minor code may provide more information No Kerberos credentials available (default cache: KCM:)   debug1: Unspecified GSS failure. Minor code may provide more information No Kerberos credentials available (default cache: KCM:)   debug1: Next authentication method: publickey debug1: Offering public key: /home/vic/.ssh/id_rsa RSA SHA256:AUx6BHMFLmhC8Fi 0WB1ljG 546I/rnJoW59woaRYqU agent debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic debug1: Trying private key: /home/vic/.ssh/id_dsa debug1: Trying private key: /home/vic/.ssh/id_ecdsa debug1: Trying private key: /home/vic/.ssh/id_ed25519 debug1: Trying private key: /home/vic/.ssh/id_xmss debug1: No more authentication methods to try. nAdmin@tinirog.ru: Permission denied (publickey,gssapi-keyex,gssapi-with-mic). Connection closed. Connection closed  

ЖУРНАЛ SSHD:

 $ sudo tail /var/log/sshd.log Nov 24 11:56:52 tinirog sshd[21187]: reprocess config line 169: Deprecated option RSAAuthentication Nov 24 11:56:52 tinirog sshd[21187]: Connection closed by authenticating user nAdmin 95.165.134.11 port 38030 [preauth]