Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
passworldless ssh not working
View unanswered posts
View posts from last 24 hours

Goto page 1, 2  Next  
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
Krog
Guru
Guru


Joined: 26 Jun 2007
Posts: 330
Location: Roma, Italy

PostPosted: Sun Jan 29, 2017 5:11 pm    Post subject: passworldless ssh not working Reply with quote

hi, i'm playing with a new single board computer (banana pro) and i want to share ssh keys with my main computer.
on both machines I have the same user called "krog" with different password.
on the banana pro I did:
ssh-keygen -t rsa
then I copied the public key from .ssh/id_rsa.pub of the banana pro
to .ssh/authorized_keys of the main computer
I did the opposite operations.
Now I can do ssh to the banana and the password is not asked, but from the banana to my main pc the password is still asked!

openssh was built with these use flags:
Code:
[ebuild   R    ] net-misc/openssh-7.3_p1-r7::gentoo  USE="X hpn kerberos ldap pam pie ssl -X509 -bindist -debug -ldns -libedit (-libressl) -livecd -sctp (-selinux) -skey -ssh1 -static {-test}" 0 KiB


the file /etc/ssh/ssh_config on both machines is exactly the same (excluding comments):

Code:
Host *
SendEnv LANG LC_*
HashKnownHosts yes
GSSAPIAuthentication yes
GSSAPIDelegateCredentials no


what am I missing?
Back to top
View user's profile Send private message
Hu
Moderator
Moderator


Joined: 06 Mar 2007
Posts: 13509

PostPosted: Sun Jan 29, 2017 7:09 pm    Post subject: Reply with quote

Does the server permit key-based authentication? Are the key files configured such that the server's rules will allow you to use them? OpenSSH has some builtin restrictions to prevent you from using certain very insecure configurations, such as world writable authorized_keys or world readable private keys. You can check some aspects of this by running ssh -vvv server to get very very verbose output from ssh. If you still need help, please post the output of ls -al ~/.ssh/ from both machines, cat -n ~/.ssh/config on the client, and cat -n /etc/ssh/sshd_config on the server.
Back to top
View user's profile Send private message
Krog
Guru
Guru


Joined: 26 Jun 2007
Posts: 330
Location: Roma, Italy

PostPosted: Mon Jan 30, 2017 7:50 am    Post subject: Reply with quote

ssh with password works both ways.

ssh from banana to krogpc (the one not working with the key):

Code:
krog@krogbanana:~$ ssh -vvv 192.168.1.230
OpenSSH_6.7p1 Debian-5+deb8u3, OpenSSL 1.0.1t  3 May 2016
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug2: ssh_connect: needpriv 0
debug1: Connecting to 192.168.1.230 [192.168.1.230] port 22.
debug1: Connection established.
debug1: identity file /home/krog/.ssh/id_rsa type 1
debug1: key_load_public: No such file or directory
debug1: identity file /home/krog/.ssh/id_rsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/krog/.ssh/id_dsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/krog/.ssh/id_dsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/krog/.ssh/id_ecdsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/krog/.ssh/id_ecdsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/krog/.ssh/id_ed25519 type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/krog/.ssh/id_ed25519-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.7p1 Debian-5+deb8u3
debug1: Remote protocol version 2.0, remote software version OpenSSH_7.3p1-hpn14v11
debug1: match: OpenSSH_7.3p1-hpn14v11 pat OpenSSH* compat 0x04000000
debug2: fd 3 setting O_NONBLOCK
debug3: load_hostkeys: loading entries for host "192.168.1.230" from file "/home/krog/.ssh/known_hosts"
debug3: load_hostkeys: found key type ED25519 in file /home/krog/.ssh/known_hosts:1
debug3: load_hostkeys: loaded 1 keys
debug3: order_hostkeyalgs: prefer hostkeyalgs: ssh-ed25519-cert-v01@openssh.com,ssh-ed25519
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit: curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-ed25519-cert-v01@openssh.com,ssh-ed25519,ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,ssh-dss-cert-v01@openssh.com,ssh-rsa-cert-v00@openssh.com,ssh-dss-cert-v00@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5-etm@openssh.com,hmac-ripemd160-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,hmac-md5,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5-etm@openssh.com,hmac-ripemd160-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,hmac-md5,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: kex_parse_kexinit: curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1
debug2: kex_parse_kexinit: ssh-rsa,rsa-sha2-512,rsa-sha2-256,ssh-ed25519
debug2: kex_parse_kexinit: chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes128-ctr
debug2: kex_parse_kexinit: chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes128-ctr
debug2: kex_parse_kexinit: hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,hmac-ripemd160
debug2: kex_parse_kexinit: hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,hmac-ripemd160
debug2: kex_parse_kexinit: none,zlib@openssh.com
debug2: kex_parse_kexinit: none,zlib@openssh.com
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: mac_setup: setup umac-128-etm@openssh.com
debug1: kex: server->client aes128-ctr umac-128-etm@openssh.com none
debug2: mac_setup: setup umac-128-etm@openssh.com
debug1: kex: client->server aes128-ctr umac-128-etm@openssh.com none
debug1: sending SSH2_MSG_KEX_ECDH_INIT
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ED25519 c4:2c:b7:10:0f:66:02:23:d5:f0:f0:07:fe:94:7f:f1
debug3: load_hostkeys: loading entries for host "192.168.1.230" from file "/home/krog/.ssh/known_hosts"
debug3: load_hostkeys: found key type ED25519 in file /home/krog/.ssh/known_hosts:1
debug3: load_hostkeys: loaded 1 keys
debug1: Host '192.168.1.230' is known and matches the ED25519 host key.
debug1: Found key in /home/krog/.ssh/known_hosts:1
debug2: kex_derive_keys
debug2: set_newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug2: set_newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug2: key: /home/krog/.ssh/id_rsa (0xb763f9f0),
debug2: key: /home/krog/.ssh/id_dsa ((nil)),
debug2: key: /home/krog/.ssh/id_ecdsa ((nil)),
debug2: key: /home/krog/.ssh/id_ed25519 ((nil)),
debug1: Authentications that can continue: publickey,password
debug3: start over, passed a different list publickey,password
debug3: preferred gssapi-keyex,gssapi-with-mic,publickey,keyboard-interactive,password
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /home/krog/.ssh/id_rsa
debug3: send_pubkey_test
debug2: we sent a publickey packet, wait for reply
debug1: Authentications that can continue: publickey,password
debug1: Trying private key: /home/krog/.ssh/id_dsa
debug3: no such identity: /home/krog/.ssh/id_dsa: No such file or directory
debug1: Trying private key: /home/krog/.ssh/id_ecdsa
debug3: no such identity: /home/krog/.ssh/id_ecdsa: No such file or directory
debug1: Trying private key: /home/krog/.ssh/id_ed25519
debug3: no such identity: /home/krog/.ssh/id_ed25519: No such file or directory
debug2: we did not send a packet, disable method
debug3: authmethod_lookup password
debug3: remaining preferred: ,password
debug3: authmethod_is_enabled password
debug1: Next authentication method: password
krog@192.168.1.230's password:





ssh from krogpc to banana (the one working with key):

Code:
krog@KROGPC-SKYLAKE ~ % ssh -vvv 192.168.1.82
OpenSSH_7.3p1-hpn14v11, OpenSSL 1.0.2k  26 Jan 2017
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 20: Applying options for *
debug2: resolving "192.168.1.82" port 22
debug2: ssh_connect_direct: needpriv 0
debug1: Connecting to 192.168.1.82 [192.168.1.82] port 22.
debug1: Connection established.
debug1: identity file /home/krog/.ssh/id_rsa type 1
debug1: key_load_public: No such file or directory
debug1: identity file /home/krog/.ssh/id_rsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/krog/.ssh/id_dsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/krog/.ssh/id_dsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/krog/.ssh/id_ecdsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/krog/.ssh/id_ecdsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/krog/.ssh/id_ed25519 type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/krog/.ssh/id_ed25519-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_7.3p1-hpn14v11
debug1: Remote protocol version 2.0, remote software version OpenSSH_6.7p1 Debian-5+deb8u3
debug1: match: OpenSSH_6.7p1 Debian-5+deb8u3 pat OpenSSH* compat 0x04000000
debug1: Remote is NON-HPN aware
debug2: fd 3 setting O_NONBLOCK
debug1: Authenticating to 192.168.1.82:22 as 'krog'
debug3: hostkeys_foreach: reading file "/home/krog/.ssh/known_hosts"
debug3: record_hostkey: found key type ED25519 in file /home/krog/.ssh/known_hosts:1
debug3: load_hostkeys: loaded 1 keys from 192.168.1.82
debug3: order_hostkeyalgs: prefer hostkeyalgs: ssh-ed25519-cert-v01@openssh.com,ssh-ed25519
debug3: send packet: type 20
debug1: SSH2_MSG_KEXINIT sent
debug3: receive packet: type 20
debug1: SSH2_MSG_KEXINIT received
debug1: AUTH STATE IS 0
debug2: local client KEXINIT proposal
debug2: KEX algorithms: curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c
debug2: host key algorithms: ssh-ed25519-cert-v01@openssh.com,ssh-ed25519,ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,rsa-sha2-512,rsa-sha2-256,ssh-rsa
debug2: ciphers ctos: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc,3des-cbc
debug2: ciphers stoc: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc,3des-cbc
debug2: MACs ctos: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: MACs stoc: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: compression ctos: none,zlib@openssh.com,zlib
debug2: compression stoc: none,zlib@openssh.com,zlib
debug2: languages ctos:
debug2: languages stoc:
debug2: first_kex_follows 0
debug2: reserved 0
debug2: peer server KEXINIT proposal
debug2: KEX algorithms: curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1
debug2: host key algorithms: ssh-rsa,ssh-ed25519
debug2: ciphers ctos: chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes128-ctr
debug2: ciphers stoc: chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes128-ctr
debug2: MACs ctos: hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,hmac-ripemd160
debug2: MACs stoc: hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,hmac-ripemd160
debug2: compression ctos: none,zlib@openssh.com
debug2: compression stoc: none,zlib@openssh.com
debug2: languages ctos:
debug2: languages stoc:
debug2: first_kex_follows 0
debug2: reserved 0
debug1: kex: algorithm: curve25519-sha256@libssh.org
debug1: kex: host key algorithm: ssh-ed25519
debug1: REQUESTED ENC.NAME is 'chacha20-poly1305@openssh.com'
debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: REQUESTED ENC.NAME is 'chacha20-poly1305@openssh.com'
debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug3: send packet: type 30
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug3: receive packet: type 31
debug1: Server host key: ssh-ed25519 SHA256:blabla
debug3: hostkeys_foreach: reading file "/home/krog/.ssh/known_hosts"
debug3: record_hostkey: found key type ED25519 in file /home/krog/.ssh/known_hosts:1
debug3: load_hostkeys: loaded 1 keys from 192.168.1.82
debug1: Host '192.168.1.82' is known and matches the ED25519 host key.
debug1: Found key in /home/krog/.ssh/known_hosts:1
debug3: send packet: type 21
debug2: set_newkeys: mode 1
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug3: receive packet: type 21
debug1: SSH2_MSG_NEWKEYS received
debug2: set_newkeys: mode 0
debug1: rekey after 134217728 blocks
debug2: key: /home/krog/.ssh/id_rsa (0x56237960e3c0)
debug2: key: /home/krog/.ssh/id_dsa ((nil))
debug2: key: /home/krog/.ssh/id_ecdsa ((nil))
debug2: key: /home/krog/.ssh/id_ed25519 ((nil))
debug3: send packet: type 5
debug3: receive packet: type 6
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug3: send packet: type 50
debug3: receive packet: type 51
debug1: Authentications that can continue: publickey,password
debug3: start over, passed a different list publickey,password
debug3: preferred gssapi-with-mic,publickey,keyboard-interactive,password
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /home/krog/.ssh/id_rsa
debug3: send_pubkey_test
debug3: send packet: type 50
debug2: we sent a publickey packet, wait for reply
debug3: receive packet: type 60
debug1: Server accepts key: pkalg ssh-rsa blen 279
debug2: input_userauth_pk_ok: fp SHA256:blabla
debug3: sign_and_send_pubkey: RSA SHA256:blabla
debug3: send packet: type 50
debug3: receive packet: type 52
debug1: Authentication succeeded (publickey).
Authenticated to 192.168.1.82 ([192.168.1.82]:22).
debug1: HPN to Non-HPN Connection
debug1: Final hpn_buffer_size = 2097152
debug1: HPN Disabled: 0, HPN Buffer Size: 2097152
debug1: channel 0: new [client-session]
debug1: Enabled Dynamic Window Scaling
debug3: ssh_session2_open: channel_new: 0
debug2: channel 0: send open
debug3: send packet: type 90
debug1: Requesting no-more-sessions@openssh.com
debug3: send packet: type 80
debug1: Entering interactive session.
debug1: pledge: network
debug3: receive packet: type 91
debug2: callback start
debug2: fd 3 setting TCP_NODELAY/SCTP_NODELAY
debug3: ssh_packet_set_tos: set IP_TOS 0x10
debug2: client_session2_setup: id 0
debug2: channel 0: request pty-req confirm 1
debug3: send packet: type 98
debug1: Sending environment.
debug3: Ignored env WINDOWID
debug3: Ignored env GTK2_RC_FILES
debug3: Ignored env XDG_RUNTIME_DIR
debug3: Ignored env QT_PLUGIN_PATH
debug3: Ignored env MAIL
debug3: Ignored env XDG_SESSION_DESKTOP
debug3: Ignored env MANPAGER
debug3: Ignored env LESSOPEN
debug3: Ignored env GUILE_LOAD_PATH
debug3: Ignored env GSETTINGS_BACKEND
debug3: Ignored env GTK_RC_FILES
debug3: Ignored env CONFIG_PROTECT
debug3: Ignored env UNCACHED_ERR_FD
debug3: Ignored env XDG_SEAT
debug3: Ignored env DISTCC_FALLBACK
debug3: Ignored env LOGNAME
debug3: Ignored env DISPLAY
debug3: Ignored env COLORFGBG
debug3: Ignored env PROFILEHOME
debug3: Ignored env LESS
debug3: Ignored env XDG_CURRENT_DESKTOP
debug3: Ignored env MANPATH
debug3: Ignored env XAUTHORITY
debug3: Ignored env JAVA_HOME
debug3: Ignored env VBOX_APP_HOME
debug3: Ignored env KONSOLE_DBUS_WINDOW
debug3: Ignored env DCC_EMAILLOG_WHOM_TO_BLAME
debug3: Ignored env KONSOLE_DBUS_SESSION
debug3: Ignored env KONSOLE_DBUS_SERVICE
debug1: Sending env LANG = it_IT.UTF-8
debug2: channel 0: request env confirm 0
debug3: send packet: type 98
debug3: Ignored env XDG_SESSION_TYPE
debug3: Ignored env KDE_FULL_SESSION
debug3: Ignored env XDG_VTNR
debug3: Ignored env PWD
debug3: Ignored env SESSION_MANAGER
debug3: Ignored env KDE_SESSION_VERSION
debug3: Ignored env QT_GRAPHICSSYSTEM
debug3: Ignored env DBUS_SESSION_BUS_ADDRESS
debug3: Ignored env GS_LIB
debug3: Ignored env USER
debug3: Ignored env SHLVL
debug3: Ignored env XCURSOR_SIZE
debug3: Ignored env JAVAC
debug3: Ignored env XDG_DATA_DIRS
debug3: Ignored env PAGER
debug3: Ignored env GTK_MODULES
debug3: Ignored env DISTCC_SAVE_TEMPS
debug3: Ignored env DESKTOP_SESSION
debug3: Ignored env SHELL_SESSION_ID
debug3: Ignored env XDG_SESSION_COOKIE
debug3: Ignored env SSH_ASKPASS
debug3: Ignored env XDG_SESSION_PATH
debug3: Ignored env DISTCC_VERBOSE
debug3: Ignored env KDE_MULTIHEAD
debug3: Ignored env JDK_HOME
debug3: Ignored env PAM_KWALLET5_LOGIN
debug3: Ignored env PATH
debug3: Ignored env OPENCL_PROFILE
debug3: Ignored env LANGUAGE
debug3: Ignored env DISTCC_TCP_CORK
debug3: Ignored env TERM
debug3: Ignored env DISTCC_ENABLE_DISCREPANCY_EMAIL
debug3: Ignored env MULTIOSDIRS
debug3: Ignored env QT_AUTO_SCREEN_SCALE_FACTOR
debug3: Ignored env XCURSOR_THEME
debug3: Ignored env CONFIG_PROTECT_MASK
debug3: Ignored env ANT_HOME
debug3: Ignored env OPENGL_PROFILE
debug3: Ignored env SHELL
debug3: Ignored env KONSOLE_PROFILE_NAME
debug3: Ignored env EDITOR
debug3: Ignored env DISTCC_SSH
debug3: Ignored env XDG_CONFIG_DIRS
debug3: Ignored env _
debug3: Ignored env KDE_SESSION_UID
debug3: Ignored env GCC_SPECS
debug3: Ignored env XDG_SESSION_CLASS
debug3: Ignored env HOME
debug3: Ignored env XDG_SEAT_PATH
debug3: Ignored env PAM_KWALLET_LOGIN
debug3: Ignored env INFOPATH
debug3: Ignored env OLDPWD
debug3: Ignored env LS_COLORS
debug2: channel 0: request shell confirm 1
debug3: send packet: type 98
debug2: callback done
debug2: channel 0: open confirm rwindow 0 rmax 32768
debug2: tcpwinsz: 367360 for connection: 3
debug2: tcpwinsz: 367360 for connection: 3
debug3: receive packet: type 99
debug2: channel_input_status_confirm: type 99 id 0
debug2: PTY allocation request accepted on channel 0
debug2: channel 0: rcvd adjust 2097152
debug3: receive packet: type 99
debug2: channel_input_status_confirm: type 99 id 0
debug2: shell request accepted on channel 0
debug2: tcpwinsz: 367360 for connection: 3
debug2: tcpwinsz: 367360 for connection: 3
Linux krogbanana 3.4.113-bananian #8 SMP PREEMPT Sat Nov 26 00:48:28 UTC 2016 armv7l

debug2: tcpwinsz: 367360 for connection: 3
debug2: tcpwinsz: 367360 for connection: 3
------------------------------------------------------------------------
Welcome to Bananian Linux!
For news and updates check: https://www.bananian.orgdebug2: tcpwinsz: 367360 for connection: 3
debug2: tcpwinsz: 367360 for connection: 3

Any questions? Read the FAQ first: https://www.bananian.org/faq

Run 'bananian-config' to set up Bananian Linuxdebug2: tcpwinsz: 367360 for connection: 3
debug2: tcpwinsz: 367360 for connection: 3

Run 'bananian-update' to check for distribution updates
------------------------------------------------------------------------
Last login: Mon Jan 30 08:29:40 2017 from 192.168.1.230
debug2: tcpwinsz: 367360 for connection: 3
debug2: tcpwinsz: 367360 for connection: 3
krog@krogbanana:~$ debug2: tcpwinsz: 367360 for connection: 3
debug2: tcpwinsz: 367360 for connection: 3
debug2: tcpwinsz: 367360 for connection: 3
debug2: tcpwinsz: 367360 for connection: 3
^Cdebug2: tcpwinsz: 367360 for connection: 3
debug2: tcpwinsz: 367360 for connection: 3

debug2: tcpwinsz: 367360 for connection: 3
debug2: tcpwinsz: 367360 for connection: 3
krog@krogbanana:~$ debug2: tcpwinsz: 367360 for connection: 3





/home/krog/.ssh/id_rsa indeed exists and contains my private key!


on krogpc (the one that can connect with key but not be contacted with key):
Code:
krog@KROGPC-SKYLAKE ~ % ls -al ~/.ssh/
totale 44
drwx--S---   2 krog portage  4096 29 gen 09.07 .
drwxrwsr-x 283 krog portage 20480 30 gen 08.28 ..
-rw-------   1 krog portage   397 29 gen 17.59 authorized_keys
-rw-------   1 krog portage  1679 29 gen 09.06 id_rsa
-rw-r--r--   1 krog portage   401 29 gen 09.06 id_rsa.pub
-rw-r--r--   1 krog portage   142 29 gen 09.06 known_hosts


on banana (the one able to receive ssh connection with key but not connecting with key to krogpc):

Code:
krog@krogbanana:~$ ls -al ~/.ssh/
totale 24
drwx------  2 krog krog 4096 gen 29 09:36 .
drwxr-xr-x 13 krog krog 4096 gen 29 15:47 ..
-rw-------  1 krog krog  401 gen 29 09:06 authorized_keys
-rw-------  1 krog krog 1679 gen 29 09:35 id_rsa
-rw-r--r--  1 krog krog  397 gen 29 09:35 id_rsa.pub
-rw-r--r--  1 krog krog  222 gen 29 09:07 known_hosts


cat -n ~/.ssh/config does not give any result on both machines.


on both machines to try to have the same result i have:

cat -n /etc/ssh/sshd_config

Code:
KROGPC-SKYLAKE krog # cat -n /etc/ssh/sshd_config

     1  # Package generated configuration file
     2  # See the sshd_config(5) manpage for details
     3
     4  # What ports, IPs and protocols we listen for
     5  Port 22
     6  # Use these options to restrict which interfaces/protocols sshd will bind to
     7  #ListenAddress ::
     8  #ListenAddress 0.0.0.0
     9  Protocol 2
    10  # HostKeys for protocol version 2
    11  HostKey /etc/ssh/ssh_host_rsa_key
    12  HostKey /etc/ssh/ssh_host_ed25519_key
    13
    14  # https://bettercrypto.org/ 20150712
    15  #HostKey /etc/ssh/ssh_host_dsa_key
    16  #HostKey /etc/ssh/ssh_host_ecdsa_key
    17
    18  #Privilege Separation is turned on for security
    19  UsePrivilegeSeparation yes
    20
    21  # Lifetime and size of ephemeral version 1 server key
    22  KeyRegenerationInterval 3600
    23  ServerKeyBits 1024
    24
    25  # Logging
    26  SyslogFacility AUTH
    27  LogLevel INFO
    28
    29  # Authentication:
    30  LoginGraceTime 120
    31  PermitRootLogin no
    32  StrictModes yes
    33
    34  RSAAuthentication yes
    35  PubkeyAuthentication yes
    36  #AuthorizedKeysFile     %h/.ssh/authorized_keys
    37
    38  # Don't read the user's ~/.rhosts and ~/.shosts files
    39  IgnoreRhosts yes
    40  # For this to work you will also need host keys in /etc/ssh_known_hosts
    41  RhostsRSAAuthentication no
    42  # similar for protocol version 2
    43  HostbasedAuthentication no
    44  # Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication
    45  #IgnoreUserKnownHosts yes
    46
    47  # To enable empty passwords, change to yes (NOT RECOMMENDED)
    48  PermitEmptyPasswords no
    49
    50  # Change to yes to enable challenge-response passwords (beware issues with
    51  # some PAM modules and threads)
    52  ChallengeResponseAuthentication no
    53
    54  # Change to no to disable tunnelled clear text passwords
    55  #PasswordAuthentication yes
    56
    57  # Kerberos options
    58  #KerberosAuthentication no
    59  #KerberosGetAFSToken no
    60  #KerberosOrLocalPasswd yes
    61  #KerberosTicketCleanup yes
    62
    63  # GSSAPI options
    64  #GSSAPIAuthentication no
    65  #GSSAPICleanupCredentials yes
    66
    67  X11Forwarding yes
    68  X11DisplayOffset 10
    69  PrintMotd no
    70  PrintLastLog yes
    71  TCPKeepAlive yes
    72  #UseLogin no
    73
    74  #MaxStartups 10:30:60
    75  #Banner /etc/issue.net
    76
    77  # Allow client to pass locale environment variables
    78  AcceptEnv LANG LC_*
    79
    80  Subsystem sftp /usr/lib/openssh/sftp-server
    81
    82  # Set this to 'yes' to enable PAM authentication, account processing,
    83  # and session processing. If this is enabled, PAM authentication will
    84  # be allowed through the ChallengeResponseAuthentication and
    85  # PasswordAuthentication.  Depending on your PAM configuration,
    86  # PAM authentication via ChallengeResponseAuthentication may bypass
    87  # the setting of "PermitRootLogin without-password".
    88  # If you just want the PAM account and session checks to run without
    89  # PAM authentication, then enable this but set PasswordAuthentication
    90  # and ChallengeResponseAuthentication to 'no'.
    91  UsePAM yes
    92
    93  UseDNS no
    94
    95  # https://bettercrypto.org/ 20150712
    96  Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes128-ctr
    97  MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,hmac-ripemd160
    98  KexAlgorithms curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1


(i copied the one from banana to krogpc just now trying to solve the issue, restarted sshd but same result)
Back to top
View user's profile Send private message
szatox
Veteran
Veteran


Joined: 27 Aug 2013
Posts: 1717

PostPosted: Mon Jan 30, 2017 7:44 pm    Post subject: Reply with quote

Looks like damaged public key on the client (don't ask, I didn't believe it is possible until I saw it myself). Remove public key file and only leave private one there. Ssh will stop being smart and hopefully do the right thing this time.
You can also try extracting public key from private one to make sure your public keyfile is actually correct.
Back to top
View user's profile Send private message
ChrisJumper
Advocate
Advocate


Joined: 12 Mar 2005
Posts: 2207
Location: Germany

PostPosted: Mon Jan 30, 2017 9:03 pm    Post subject: Reply with quote

Hi Krog,

i think it is a bad idea to just copy private and public key on both machines. Ok if you just copied them on this two machines thats not a big deal, but if you have more then two and you use your banana public key to logon on computer 5, 6, 8... than an intruder on your krogpc could hijack all the other machines too, because you leave the private key!

Better is: Just generate another private and public key on krogpc and copy that public key (or if more then one, attach it) to your banana pc's user's .ssh/authorized_keys

I am not 100% Sure if its important, but the Key you generate on Banana have a "user@host" signature. I think its not important to match that. But its documentation friendly.

The error you have, is that i think: You have different Server Configurations (/etc/ssh/sshd_config)on both computers or forgot to restart the daemon after updating the configuration files. Hint: Line 36 on your Posted sshd_config "#AuthorizedKeysFile %h/.ssh/authorized_keys" its disabled!

Just because its complicate here are the steps that you have to take care of:

Romeo wants to login at Juliets account on juliet@capulet:

Romeo generate his ssh-keygen -t rsa keys.
He give one USB Stick with his public Key to Juliet.
Juliet log in on her Account (juliet@carpulet).
She adds Romeos public Key to her .ssh/authorized_keys File.
She had to start the sshd Daemon and allow in sshd_config:

Code:

RSAAuthentication yes
PubkeyAuthentication yes
AuthorizedKeysFile      %h/.ssh/authorized_keys


And restart the Server.

===============

But thats not all. The Client/Server Stuff could be tricky. In order to got access for some Batch-Scripts i had to set: UsePAM yes.

And as you see in your Debug-Messages: Your SSH Client and the Server negotiate the login Patter. I am not sure if your public Key not worked or it just fall back to the password Method. You could try to disable the Passwort and Keyboard Methods:

In sshd_config
Code:

KbdInteractiveAuthentication no
PasswordAuthentication no
ChallengeResponseAuthentication no


Its good to use another Port then the Standard-Port, especial on Machines that are accessible over the Net. And i am not sure if the known Hosts System is just a another Machines signature Check, and adds a second Layer of security or if its another optional authentication method. Have to read more about it sometimes.

Not sure if the known hosts bring you in truble if you changed ip Addresses (IPv4/IPv6), Hardware (NIC: Mac-Adress)..
Back to top
View user's profile Send private message
Hu
Moderator
Moderator


Joined: 06 Mar 2007
Posts: 13509

PostPosted: Tue Jan 31, 2017 3:22 am    Post subject: Reply with quote

Krog: your client output looks fine. The client tried to use the private key. There should be a server log message explaining why it declined to use the private key.

Your home directory permissions on krogpc look very strange. You should not be in the Portage group at all. It is unusual to have a setgid home directory. As I read the source, sshd will refuse to use any key file which is writable by group or world, as well as any key file in a directory that is group or world writable, recursively up to the root. Remove group write on your home directory and try again.

ChrisJumper wrote:
Hi Krog,

i think it is a bad idea to just copy private and public key on both machines. Ok if you just copied them on this two machines thats not a big deal, but if you have more then two and you use your banana public key to logon on computer 5, 6, 8... than an intruder on your krogpc could hijack all the other machines too, because you leave the private key!

Better is: Just generate another private and public key on krogpc and copy that public key (or if more then one, attach it) to your banana pc's user's .ssh/authorized_keys
As I read the opening post, Krog performed the steps you advocate here.
ChrisJumper wrote:
The error you have, is that i think: You have different Server Configurations (/etc/ssh/sshd_config)on both computers or forgot to restart the daemon after updating the configuration files. Hint: Line 36 on your Posted sshd_config "#AuthorizedKeysFile %h/.ssh/authorized_keys" its disabled!
If unset, an internal default is used. That default should be appropriate here. The OpenSSH team traditionally include commented out lines reiterating the default values.
Back to top
View user's profile Send private message
Krog
Guru
Guru


Joined: 26 Jun 2007
Posts: 330
Location: Roma, Italy

PostPosted: Tue Jan 31, 2017 7:23 am    Post subject: Reply with quote

first of all: thanks for every hint.
I commented out that line of sshd_config
i now have:
Code:
krog@KROGPC-SKYLAKE ~ % ls /home/krog/.ssh -l
totale 16
-rw------- 1 krog krog  397 29 gen 17.59 authorized_keys
-rw------- 1 krog krog 1679 29 gen 09.06 id_rsa
-rw------- 1 krog krog  401 29 gen 09.06 id_rsa.pub
-rw------- 1 krog krog  142 29 gen 09.06 known_hosts
krog@KROGPC-SKYLAKE ~ %


in both my sshd_config there is:

Code:
RSAAuthentication yes
PubkeyAuthentication yes
AuthorizedKeysFile      %h/.ssh/authorized_keys


but still... nothing works :-(
i NEED to be able to ssh with key from banana to krogpc in order to use some scripts from my phone (phone ssh to banana via tasker and launches some scripts that ssh to krogpc and do stuff like sync)
Back to top
View user's profile Send private message
bbgermany
Veteran
Veteran


Joined: 21 Feb 2005
Posts: 1785
Location: Oranienburg/Germany

PostPosted: Tue Jan 31, 2017 8:51 am    Post subject: Reply with quote

Hi,

how did you copy the public keys from one host to another?

greets, bb
_________________
1st: i5-4570, 16GB, 1.75TB
2nd: i5-4570, 16GB, 620GB
3rd: i5-4570, 16GB, 10,5TB
4th: Asus N61VN, 8GB, 240GB
5th: C2D T7200, 2GB, 16GB USB + NFS
Back to top
View user's profile Send private message
Krog
Guru
Guru


Joined: 26 Jun 2007
Posts: 330
Location: Roma, Italy

PostPosted: Tue Jan 31, 2017 9:15 am    Post subject: Reply with quote

i tried every way, from the copy-paste to the ssh-copy-id -i ~/.ssh/id_rsa.pub $remote_user@$remote_host
in both ways it works from krogc to banana but not from banana to krogpc...
Back to top
View user's profile Send private message
bbgermany
Veteran
Veteran


Joined: 21 Feb 2005
Posts: 1785
Location: Oranienburg/Germany

PostPosted: Tue Jan 31, 2017 9:27 am    Post subject: Reply with quote

Can you please try out my sshd_config files?

Code:
PermitRootLogin yes
PasswordAuthentication no
UsePAM yes
X11Forwarding yes
PrintMotd no
PrintLastLog no
Subsystem       sftp    /usr/lib64/misc/sftp-server
AcceptEnv LANG LC_*


Thats all I have in my config and it works.

greets, bb
_________________
1st: i5-4570, 16GB, 1.75TB
2nd: i5-4570, 16GB, 620GB
3rd: i5-4570, 16GB, 10,5TB
4th: Asus N61VN, 8GB, 240GB
5th: C2D T7200, 2GB, 16GB USB + NFS
Back to top
View user's profile Send private message
Krog
Guru
Guru


Joined: 26 Jun 2007
Posts: 330
Location: Roma, Italy

PostPosted: Tue Jan 31, 2017 9:29 am    Post subject: Reply with quote

with passwordautentication no i will not be able to log in via password? that is now the only working way and i need that :-)
Back to top
View user's profile Send private message
bbgermany
Veteran
Veteran


Joined: 21 Feb 2005
Posts: 1785
Location: Oranienburg/Germany

PostPosted: Tue Jan 31, 2017 9:34 am    Post subject: Reply with quote

Krog wrote:
with passwordautentication no i will not be able to log in via password? that is now the only working way and i need that :-)


Thats ok, you can leave your yes in there :) I should have checked that first ;)

EDIT: Did you set a password when creating the keyfiles with ssh-keygen?
_________________
1st: i5-4570, 16GB, 1.75TB
2nd: i5-4570, 16GB, 620GB
3rd: i5-4570, 16GB, 10,5TB
4th: Asus N61VN, 8GB, 240GB
5th: C2D T7200, 2GB, 16GB USB + NFS
Back to top
View user's profile Send private message
Krog
Guru
Guru


Joined: 26 Jun 2007
Posts: 330
Location: Roma, Italy

PostPosted: Tue Jan 31, 2017 10:27 am    Post subject: Reply with quote

no, no password... the needing is to create scripts on banana that does ssh and stuff on krogpc without asking for a password
Back to top
View user's profile Send private message
bbgermany
Veteran
Veteran


Joined: 21 Feb 2005
Posts: 1785
Location: Oranienburg/Germany

PostPosted: Tue Jan 31, 2017 10:29 am    Post subject: Reply with quote

Ok, have you tried the config now with the modification?

Code:
PermitRootLogin yes
PasswordAuthentication yes
UsePAM yes
X11Forwarding yes
PrintMotd no
PrintLastLog no
Subsystem       sftp    /usr/lib64/misc/sftp-server
AcceptEnv LANG LC_*


greets, bb
_________________
1st: i5-4570, 16GB, 1.75TB
2nd: i5-4570, 16GB, 620GB
3rd: i5-4570, 16GB, 10,5TB
4th: Asus N61VN, 8GB, 240GB
5th: C2D T7200, 2GB, 16GB USB + NFS
Back to top
View user's profile Send private message
Krog
Guru
Guru


Joined: 26 Jun 2007
Posts: 330
Location: Roma, Italy

PostPosted: Tue Jan 31, 2017 10:39 am    Post subject: Reply with quote

just now, still the same :-(
Back to top
View user's profile Send private message
krinn
Watchman
Watchman


Joined: 02 May 2003
Posts: 6968

PostPosted: Tue Jan 31, 2017 11:08 am    Post subject: Reply with quote

listen to Hu, fix your /home permission
Back to top
View user's profile Send private message
bbgermany
Veteran
Veteran


Joined: 21 Feb 2005
Posts: 1785
Location: Oranienburg/Germany

PostPosted: Tue Jan 31, 2017 11:23 am    Post subject: Reply with quote

Hi,

the permissions are the same on my servers/clients (they are correctly working here) but the group membership is quite strange as Hu already told you.

Can you show the output of
Code:
cat /etc/ssh/ssh_config

for both sides as well please.

greets, bb
_________________
1st: i5-4570, 16GB, 1.75TB
2nd: i5-4570, 16GB, 620GB
3rd: i5-4570, 16GB, 10,5TB
4th: Asus N61VN, 8GB, 240GB
5th: C2D T7200, 2GB, 16GB USB + NFS
Back to top
View user's profile Send private message
Krog
Guru
Guru


Joined: 26 Jun 2007
Posts: 330
Location: Roma, Italy

PostPosted: Tue Jan 31, 2017 11:32 am    Post subject: Reply with quote

bbgermany wrote:
Hi,

the permissions are the same on my servers/clients (they are correctly working here) but the group membership is quite strange as Hu already told you.

Can you show the output of
Code:
cat /etc/ssh/ssh_config

for both sides as well please.

greets, bb


i fixed the permissions of every file giving 600 permission and chgrp to that user... the cat of ssh_config is the first thing i posted in the beginning of the post!
Back to top
View user's profile Send private message
bbgermany
Veteran
Veteran


Joined: 21 Feb 2005
Posts: 1785
Location: Oranienburg/Germany

PostPosted: Tue Jan 31, 2017 11:38 am    Post subject: Reply with quote

Thats in my ssh_config only. Try it please:

Code:
SendEnv LANG LC_*


oh and not every file needs 600 as permissions. you should have it more like this:

Code:

-rw-------  1 root root 1575 31. Jan 12:21 authorized_keys
-rw-------  1 root root 1679 31. Jan 09:49 id_rsa
-rw-r--r--  1 root root  392 31. Jan 09:49 id_rsa.pub
-rw-------  1 root root 1816 30. Mai 2016  known_hosts


greets, bb
_________________
1st: i5-4570, 16GB, 1.75TB
2nd: i5-4570, 16GB, 620GB
3rd: i5-4570, 16GB, 10,5TB
4th: Asus N61VN, 8GB, 240GB
5th: C2D T7200, 2GB, 16GB USB + NFS
Back to top
View user's profile Send private message
Krog
Guru
Guru


Joined: 26 Jun 2007
Posts: 330
Location: Roma, Italy

PostPosted: Tue Jan 31, 2017 11:41 am    Post subject: Reply with quote

bbgermany wrote:
Thats in my ssh_config only. Try it please:

Code:
SendEnv LANG LC_*



bbgermany
i thank you for your help, I know that you are dedicating your time to me and this is really appreciated, i'm sincere... but that option is already present in my ssh_config as you can see from the top of this thread
Back to top
View user's profile Send private message
bbgermany
Veteran
Veteran


Joined: 21 Feb 2005
Posts: 1785
Location: Oranienburg/Germany

PostPosted: Tue Jan 31, 2017 11:43 am    Post subject: Reply with quote

Thats ok, it looks like a problem that really needs fixing :D although it is demanding ;)

i meant, can you remove all the other lines from the config, just to make sure that this isnt the issue.

greets bb

EDIT: btw, have you checked the serverside logfile for the message when you try to access it? maybe you need to turn up debugging on the server as well for this to get more information.
_________________
1st: i5-4570, 16GB, 1.75TB
2nd: i5-4570, 16GB, 620GB
3rd: i5-4570, 16GB, 10,5TB
4th: Asus N61VN, 8GB, 240GB
5th: C2D T7200, 2GB, 16GB USB + NFS
Back to top
View user's profile Send private message
Krog
Guru
Guru


Joined: 26 Jun 2007
Posts: 330
Location: Roma, Italy

PostPosted: Tue Jan 31, 2017 12:44 pm    Post subject: Reply with quote

yeah i want to try that... how to turn to the maximum every possible debug output and where to look for the log?
Back to top
View user's profile Send private message
bbgermany
Veteran
Veteran


Joined: 21 Feb 2005
Posts: 1785
Location: Oranienburg/Germany

PostPosted: Tue Jan 31, 2017 12:58 pm    Post subject: Reply with quote

Just check for "LogLevel" in your sshd_config and change it to DEBUG (everywhere I see it in uppercase, maybe its required this way). then you will see all the debug output after restarting the sshd in /var/log/auth.log

greets, bb
_________________
1st: i5-4570, 16GB, 1.75TB
2nd: i5-4570, 16GB, 620GB
3rd: i5-4570, 16GB, 10,5TB
4th: Asus N61VN, 8GB, 240GB
5th: C2D T7200, 2GB, 16GB USB + NFS
Back to top
View user's profile Send private message
cboldt
l33t
l33t


Joined: 24 Aug 2005
Posts: 829

PostPosted: Tue Jan 31, 2017 1:11 pm    Post subject: Reply with quote

from `man sshd_config` ...

Code:
     LogLevel
             Gives the verbosity level that is used when logging messages from sshd(8).  The possi‐
             ble values are: QUIET, FATAL, ERROR, INFO, VERBOSE, DEBUG, DEBUG1, DEBUG2, and DEBUG3.
             The default is INFO.  DEBUG and DEBUG1 are equivalent.  DEBUG2 and DEBUG3 each specify
             higher levels of debugging output.  Logging with a DEBUG level violates the privacy of
             users and is not recommended.


... just in case "DEBUG" doesn't give enough information. I'm curious about the resolution of this.
Back to top
View user's profile Send private message
Krog
Guru
Guru


Joined: 26 Jun 2007
Posts: 330
Location: Roma, Italy

PostPosted: Tue Jan 31, 2017 1:20 pm    Post subject: Reply with quote

just to be safe, can i post logs obtained with this debug level?
i saw by accident that posting ssh -vvv leads to post here my key and i deleted from the paste...
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Goto page 1, 2  Next
Page 1 of 2

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum