[BSD] ssh publickey gond

[Laszlo Nagy]

Sziasztok,

Vagy egy Ubuntu-s gép (saturnus névvel) amibe fölvettem a 
.ssh/config-ot, ilyenek vannak benne:


host neptunus_zeusd1
hostname neptunus.msnet
identityfile /home/gandalf/.ssh/id_neptunus_zeusd1_dsa
compression yes
cipher blowfish
protocol 2


host neptunus_shopzeus
hostname neptunus.msnet
identityfile /home/gandalf/.ssh/id_neptunus_shopzeus_dsa
compression yes
cipher blowfish
protocol 2


Van egy FreeBSD gép (neptunus.msnet néven) két user-rel (zeusd1 és 
shopzeus). Az a probléma, hogy az ssh public key auth method működik az 
egyik user-re, de nem működik a másikra. A zeusd1 usernél ez van:

gandalf at saturnus:~$ ssh -l zeusd1 -v neptunus_zeusd1
OpenSSH_4.7p1 Debian-8ubuntu1.2, OpenSSL 0.9.8g 19 Oct 2007
debug1: Reading configuration data /home/gandalf/.ssh/config
debug1: Applying options for neptunus_zeusd1
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Connecting to neptunus.msnet [192.168.1.203] port 22.
debug1: Connection established.
debug1: identity file /home/gandalf/.ssh/id_neptunus_zeusd1_dsa type 2
debug1: Remote protocol version 2.0, remote software version 
OpenSSH_4.5p1 FreeBSD-20061110
debug1: match: OpenSSH_4.5p1 FreeBSD-20061110 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_4.7p1 Debian-8ubuntu1.2
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-cbc hmac-md5 zlib at openssh.com
debug1: kex: client->server aes128-cbc hmac-md5 zlib at openssh.com
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host 'neptunus.msnet' is known and matches the DSA host key.
debug1: Found key in /home/gandalf/.ssh/known_hosts:4
debug1: ssh_dss_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,keyboard-interactive
debug1: Next authentication method: publickey
debug1: Offering public key: /home/gandalf/.ssh/id_neptunus_zeusd1_dsa
debug1: Server accepts key: pkalg ssh-dss blen 433
debug1: read PEM private key done: type DSA
debug1: Enabling compression at level 6.
debug1: Authentication succeeded (publickey).
debug1: channel 0: new [client-session]
debug1: Entering interactive session.
debug1: Sending environment.
debug1: Sending env LANG = en_US.UTF-8
Last login: Tue Mar 17 11:47:29 2009 from 192.168.1.104
Copyright (c) 1980, 1983, 1986, 1988, 1990, 1991, 1993, 1994
The Regents of the University of California. All rights reserved.

FreeBSD 6.2-RELEASE-p7 (NEPTUNUS) #2: Sun Mar 23 13:46:44 CET 2008


Need to quickly empty a file? Use ": > filename".
-- Dru <genesis at istar.ca>
%

A shopzeus user-nél meg ez:

gandalf at saturnus:~$ ssh -l shopzeus -v neptunus_shopzeus
OpenSSH_4.7p1 Debian-8ubuntu1.2, OpenSSL 0.9.8g 19 Oct 2007
debug1: Reading configuration data /home/gandalf/.ssh/config
debug1: Applying options for neptunus_shopzeus
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Connecting to neptunus.msnet [192.168.1.203] port 22.
debug1: Connection established.
debug1: identity file /home/gandalf/.ssh/id_neptunus_shopzeus_dsa type 2
debug1: Remote protocol version 2.0, remote software version 
OpenSSH_4.5p1 FreeBSD-20061110
debug1: match: OpenSSH_4.5p1 FreeBSD-20061110 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_4.7p1 Debian-8ubuntu1.2
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-cbc hmac-md5 zlib at openssh.com
debug1: kex: client->server aes128-cbc hmac-md5 zlib at openssh.com
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host 'neptunus.msnet' is known and matches the DSA host key.
debug1: Found key in /home/gandalf/.ssh/known_hosts:4
debug1: ssh_dss_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,keyboard-interactive
debug1: Next authentication method: publickey
debug1: Offering public key: /home/gandalf/.ssh/id_neptunus_shopzeus_dsa
debug1: Authentications that can continue: publickey,keyboard-interactive
debug1: Next authentication method: keyboard-interactive
Password:


A FreeBSD-s gépen a kulcsok pont ugyan úgy vannak beállítva mint a 
zeusd1 -es user-nél. Illetve valami különbség biztosan van, de én nem 
veszem észre. A file jogok:

%ls -l ~/.ssh
total 6
-rw------- 1 shopzeus www 613 Mar 17 11:39 authorized_keys
-rw------- 1 shopzeus www 668 Mar 17 11:28 id_neptunus_shopzeus_dsa
-rw------- 1 shopzeus www 613 Mar 17 11:28 id_neptunus_shopzeus_dsa.pub


A kulcsokat így hoztam létre a neptunus gépen:

ssh-keygen -t dsa

Utána az authorized_keys -be bemásoltam a id_neptunus_shopzeus_dsa.pub 
tartalmát, és a privát kulcs file-t átmásoltam az Ubuntu-s (saturnus) 
gépre a ~/.ssh könyvtárba. A FreeBSD-s gépen a security log üres. A 
messages-ben nincs semmi az ssh-tól.

Kérdés: miért nem működik?

L