Re: f23 beta: SSH Access with certificate do not work

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 09/23/15 15:41, Dario Lesca wrote:
> I have install a f23 beta1 (fedora23)
>
> Login it from console and enable and start sshd
>
> then from my client (dodo) I have do a ssh-copy-id to new f23 beta1 and
> then I have try ssh to it, but I get a password request.
>
> For previous version a ssh-copy-id was sufficient to access without
> password request.
>
> What is change into f23?
> What I have to do for enable ssh via key? 

Worked for me....

[egreshko@meimei ~]$ ssh-copy-id 192.168.1.237
The authenticity of host '192.168.1.237 (192.168.1.237)' can't be established.
ECDSA key fingerprint is SHA256:2UolRcJw9ppwBsZ1cEOUJeCmvADdqw5mLj1Z28uqa7E.
ECDSA key fingerprint is MD5:c6:94:70:fe:85:c2:9a:36:b5:56:2b:a2:a3:02:9e:84.
Are you sure you want to continue connecting (yes/no)? yes
/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
egreshko@192.168.1.237's password:

Number of key(s) added: 1

Now try logging into the machine, with:   "ssh '192.168.1.237'"
and check to make sure that only the key(s) you wanted were added.

[egreshko@meimei ~]$ ssh 192.168.1.237
[egreshko@f23rc1 ~]$

>
> This is the ssh client log:
>
>> [lesca@dodo ~]$ ssh -v 10.11.12.149
>> OpenSSH_6.9p1, OpenSSL 1.0.1k-fips 8 Jan 2015
>> debug1: Reading configuration data /home/lesca/.ssh/config
>> debug1: /home/lesca/.ssh/config line 29: Applying options for *
>> debug1: Reading configuration data /etc/ssh/ssh_config
>> debug1: /etc/ssh/ssh_config line 56: Applying options for *
>> debug1: Connecting to 10.11.12.149 [10.11.12.149] port 22.
>> debug1: Connection established.
>> debug1: identity file /home/lesca/.ssh/id_rsa type 1
>> debug1: key_load_public: No such file or directory
>> debug1: identity file /home/lesca/.ssh/id_rsa-cert type -1
>> debug1: identity file /home/lesca/.ssh/id_dsa type 2
>> debug1: key_load_public: No such file or directory
>> debug1: identity file /home/lesca/.ssh/id_dsa-cert type -1
>> debug1: key_load_public: No such file or directory
>> debug1: identity file /home/lesca/.ssh/id_ecdsa type -1
>> debug1: key_load_public: No such file or directory
>> debug1: identity file /home/lesca/.ssh/id_ecdsa-cert type -1
>> debug1: key_load_public: No such file or directory
>> debug1: identity file /home/lesca/.ssh/id_ed25519 type -1
>> debug1: key_load_public: No such file or directory
>> debug1: identity file /home/lesca/.ssh/id_ed25519-cert type -1
>> debug1: Enabling compatibility mode for protocol 2.0
>> debug1: Local version string SSH-2.0-OpenSSH_6.9
>> debug1: Remote protocol version 2.0, remote software version OpenSSH_7.1
>> debug1: match: OpenSSH_7.1 pat OpenSSH* compat 0x04000000
>> debug1: Authenticating to 10.11.12.149:22 as 'lesca'
>> debug1: SSH2_MSG_KEXINIT sent
>> debug1: SSH2_MSG_KEXINIT received
>> debug1: kex: server->client chacha20-poly1305@xxxxxxxxxxx <implicit> none
>> debug1: kex: client->server chacha20-poly1305@xxxxxxxxxxx <implicit> none
>> debug1: kex: curve25519-sha256@xxxxxxxxxx need=64 dh_need=64
>> debug1: kex: curve25519-sha256@xxxxxxxxxx need=64 dh_need=64
>> debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
>> debug1: Server host key: ecdsa-sha2-nistp256 SHA256:EDX7H75jqo5WNMWRXavjwADCxWqKJ3hxXME9uP0aJrk
>> debug1: Host '10.11.12.149' is known and matches the ECDSA host key.
>> debug1: Found key in /home/lesca/.ssh/known_hosts:1897
>> debug1: SSH2_MSG_NEWKEYS sent
>> debug1: expecting SSH2_MSG_NEWKEYS
>> debug1: SSH2_MSG_NEWKEYS received
>> debug1: Roaming not allowed by server
>> debug1: SSH2_MSG_SERVICE_REQUEST sent
>> debug1: SSH2_MSG_SERVICE_ACCEPT received
>> debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
>> debug1: Next authentication method: gssapi-keyex
>> debug1: No valid Key exchange context
>> debug1: Next authentication method: gssapi-with-mic
>> debug1: Unspecified GSS failure.  Minor code may provide more information
>> No Kerberos credentials available
>>
>> debug1: Unspecified GSS failure.  Minor code may provide more information
>> No Kerberos credentials available
>>
>> debug1: Unspecified GSS failure.  Minor code may provide more information
>>
>>
>> debug1: Unspecified GSS failure.  Minor code may provide more information
>> No Kerberos credentials available
>>
>> debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
>> debug1: Next authentication method: publickey
>> debug1: Offering DSA public key: /home/lesca/.ssh/id_dsa
>> debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
>> debug1: Offering RSA public key: /home/lesca/.ssh/id_rsa
>> debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
>> debug1: Trying private key: /home/lesca/.ssh/id_ecdsa
>> debug1: Trying private key: /home/lesca/.ssh/id_ed25519
>> debug1: Next authentication method: password
>> lesca@10.11.12.149's password: 
>> debug1: Authentication succeeded (password).
>> Authenticated to 10.11.12.149 ([10.11.12.149]:22).
>> debug1: channel 0: new [client-session]
>> debug1: Requesting no-more-sessions@xxxxxxxxxxx
>> debug1: Entering interactive session.
>> debug1: client_input_global_request: rtype hostkeys-00@xxxxxxxxxxx want_reply 0
>> debug1: Requesting X11 forwarding with authentication spoofing.
>> debug1: Requesting authentication agent forwarding.
>> debug1: Sending environment.
>> debug1: Sending env XMODIFIERS = @im=ibus
>> debug1: Sending env LANG = it_IT.utf8
>> Last login: Wed Sep 23 09:20:37 2015 from 10.11.12.1
>> [lesca@fedora23 ~]$ 
>> [lesca@fedora23 ~]$ 
>> [lesca@fedora23 ~]$ ll .ssh/
>> totale 4
>> -rw-------. 1 lesca lesca 617 23 set 09.20 authorized_keys
>> [lesca@fedora23 ~]$ ll .ssh/ -d
>> drwx------. 2 lesca lesca 4096 23 set 09.20 .ssh/
>> [lesca@fedora23 ~]$ 
> This is fedora 23 log:
>
>> set 23 09:34:41 fedora23.localdomain audit[5050]: CRYPTO_KEY_USER pid=5050 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:be:59:ff:9f:f4:7b:d4:92:26:b2:cf:b6:66:32:fc:d6:1e:c9:50:75:8d:f3:a4:8f:df:10:54:7f:51:26:bc:9f direction=? spid=5050 suid=0  exe="/usr/sbin/sshd" hostname=? addr=10.11.12.1 terminal=? res=success'
>> set 23 09:34:41 fedora23.localdomain audit[5050]: CRYPTO_KEY_USER pid=5050 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:10:35:fb:1f:be:63:aa:8e:56:34:c5:91:5d:ab:e3:c0:00:c2:c5:6a:8a:27:78:71:5c:c1:3d:b8:fd:1a:26:b9 direction=? spid=5050 suid=0  exe="/usr/sbin/sshd" hostname=? addr=10.11.12.1 terminal=? res=success'
>> set 23 09:34:41 fedora23.localdomain audit[5050]: CRYPTO_KEY_USER pid=5050 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:08:bd:b3:18:ee:52:cd:64:74:46:21:48:2a:29:35:cf:35:0c:41:e9:87:64:f3:71:28:c1:03:85:4b:6a:a2:fe direction=? spid=5050 suid=0  exe="/usr/sbin/sshd" hostname=? addr=10.11.12.1 terminal=? res=success'
>> set 23 09:34:41 fedora23.localdomain audit[5049]: CRYPTO_SESSION pid=5049 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-server cipher=chacha20-poly1305@xxxxxxxxxxx ksize=512 mac= pfs=curve25519-sha256@xxxxxxxxxx spid=5050 suid=74 rport=60698 laddr=10.11.12.149 lport=22  exe="/usr/sbin/sshd" hostname=? addr=10.11.12.1 terminal=? res=success'
>> set 23 09:34:41 fedora23.localdomain audit[5049]: CRYPTO_SESSION pid=5049 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-client cipher=chacha20-poly1305@xxxxxxxxxxx ksize=512 mac= pfs=curve25519-sha256@xxxxxxxxxx spid=5050 suid=74 rport=60698 laddr=10.11.12.149 lport=22  exe="/usr/sbin/sshd" hostname=? addr=10.11.12.1 terminal=? res=success'
>> set 23 09:34:41 fedora23.localdomain sshd[5049]: userauth_pubkey: key type ssh-dss not in PubkeyAcceptedKeyTypes [preauth]
>> set 23 09:34:41 fedora23.localdomain audit[5049]: USER_AUTH pid=5049 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=pubkey acct="lesca" exe="/usr/sbin/sshd" hostname=? addr=10.11.12.1 terminal=ssh res=failed'
>


-- 
In reality, some people should stick to running Windows and others should stay away from computers altogether.
-- 
test mailing list
test@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe:
https://admin.fedoraproject.org/mailman/listinfo/test




[Index of Archives]     [Fedora Desktop]     [Fedora SELinux]     [Photo Sharing]     [Yosemite Forum]     [KDE Users]

  Powered by Linux