Pages : 1
#1 Le 05/05/2025, à 10:17
- JujuLand
Erreur cnconnexion ssh avec clé
Bonjour,
Je viens de refaire l'ordi de ma mère en Xubuntu 22.04.
J'ai paramétré sshd_config
eva@Pavilion-Eva:/etc/ssh$ cat sshd_config
# This is the sshd server system-wide configuration file. See
# sshd_config(5) for more information.
# This sshd was compiled with PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games
# The strategy used for options in the default sshd_config shipped with
# OpenSSH is to specify options with their default value where
# possible, but leave them commented. Uncommented options override the
# default value.
Include /etc/ssh/sshd_config.d/*.conf
Port 22461
#AddressFamily any
#ListenAddress 0.0.0.0
#ListenAddress ::
HostKey /etc/ssh/ssh_host_rsa_key
#HostKey /etc/ssh/ssh_host_ecdsa_key
#HostKey /etc/ssh/ssh_host_ed25519_key
# Ciphers and keying
#RekeyLimit default none
# Logging
#SyslogFacility AUTH
#LogLevel INFO
# Authentication:
#LoginGraceTime 2m
#PermitRootLogin prohibit-password
#StrictModes yes
#MaxAuthTries 6
#MaxSessions 10
PubkeyAuthentication yes
# Expect .ssh/authorized_keys2 to be disregarded by default in future.
AuthorizedKeysFile .ssh/authorized_keys
# .ssh/authorized_keys2
#AuthorizedPrincipalsFile none
#AuthorizedKeysCommand none
#AuthorizedKeysCommandUser nobody
# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
#HostbasedAuthentication no
# Change to yes if you don't trust ~/.ssh/known_hosts for
# HostbasedAuthentication
#IgnoreUserKnownHosts no
# Don't read the user's ~/.rhosts and ~/.shosts files
#IgnoreRhosts yes
# To disable tunneled clear text passwords, change to no here!
PasswordAuthentication no
#PermitEmptyPasswords no
# Change to yes to enable challenge-response passwords (beware issues with
# some PAM modules and threads)
KbdInteractiveAuthentication no
# Kerberos options
#KerberosAuthentication no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes
#KerberosGetAFSToken no
# GSSAPI options
#GSSAPIAuthentication no
#GSSAPICleanupCredentials yes
#GSSAPIStrictAcceptorCheck yes
#GSSAPIKeyExchange no
# Set this to 'yes' to enable PAM authentication, account processing,
# and session processing. If this is enabled, PAM authentication will
# be allowed through the KbdInteractiveAuthentication and
# PasswordAuthentication. Depending on your PAM configuration,
# PAM authentication via KbdInteractiveAuthentication may bypass
# the setting of "PermitRootLogin without-password".
# If you just want the PAM account and session checks to run without
# PAM authentication, then enable this but set PasswordAuthentication
# and KbdInteractiveAuthentication to 'no'.
UsePAM no
#AllowAgentForwarding yes
#AllowTcpForwarding yes
#GatewayPorts no
X11Forwarding yes
#X11DisplayOffset 10
#X11UseLocalhost yes
#PermitTTY yes
PrintMotd no
#PrintLastLog yes
#TCPKeepAlive yes
#PermitUserEnvironment no
#Compression delayed
#ClientAliveInterval 0
#ClientAliveCountMax 3
#UseDNS no
#PidFile /run/sshd.pid
#MaxStartups 10:30:100
#PermitTunnel no
#ChrootDirectory none
#VersionAddendum none
# no default banner path
#Banner none
# Allow client to pass locale environment variables
AcceptEnv LANG LC_*
# override default of no subsystems
Subsystem sftp /usr/lib/openssh/sftp-server
# Example of overriding settings on a per-user basis
#Match User anoncvs
# X11Forwarding no
# AllowTcpForwarding no
# PermitTTY no
# ForceCommand cvs server
eva@Pavilion-Eva:/etc/ssh$ J'ai créé la clé rsa
j'ai copié la clé publique dans authorized_keys
j'ai relancé sshd
Lorsque je me connecte, j'ai un refus
eva@Pavilion-Eva:~/.ssh$ ssh -vvv -p 22461 eva@192.168.1.35
OpenSSH_8.9p1 Ubuntu-3ubuntu0.13, OpenSSL 3.0.2 15 Mar 2022
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: include /etc/ssh/ssh_config.d/*.conf matched no files
debug1: /etc/ssh/ssh_config line 21: Applying options for *
debug2: resolve_canonicalize: hostname 192.168.1.35 is address
debug3: expanded UserKnownHostsFile '~/.ssh/known_hosts' -> '/home/eva/.ssh/known_hosts'
debug3: expanded UserKnownHostsFile '~/.ssh/known_hosts2' -> '/home/eva/.ssh/known_hosts2'
debug3: ssh_connect_direct: entering
debug1: Connecting to 192.168.1.35 [192.168.1.35] port 22461.
debug3: set_sock_tos: set socket 3 IP_TOS 0x10
debug1: Connection established.
debug1: identity file /home/eva/.ssh/id_rsa type 0
debug1: identity file /home/eva/.ssh/id_rsa-cert type -1
debug1: identity file /home/eva/.ssh/id_ecdsa type -1
debug1: identity file /home/eva/.ssh/id_ecdsa-cert type -1
debug1: identity file /home/eva/.ssh/id_ecdsa_sk type -1
debug1: identity file /home/eva/.ssh/id_ecdsa_sk-cert type -1
debug1: identity file /home/eva/.ssh/id_ed25519 type -1
debug1: identity file /home/eva/.ssh/id_ed25519-cert type -1
debug1: identity file /home/eva/.ssh/id_ed25519_sk type -1
debug1: identity file /home/eva/.ssh/id_ed25519_sk-cert type -1
debug1: identity file /home/eva/.ssh/id_xmss type -1
debug1: identity file /home/eva/.ssh/id_xmss-cert type -1
debug1: identity file /home/eva/.ssh/id_dsa type -1
debug1: identity file /home/eva/.ssh/id_dsa-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_8.9p1 Ubuntu-3ubuntu0.13
debug1: Remote protocol version 2.0, remote software version OpenSSH_8.9p1 Ubuntu-3ubuntu0.13
debug1: compat_banner: match: OpenSSH_8.9p1 Ubuntu-3ubuntu0.13 pat OpenSSH* compat 0x04000000
debug2: fd 3 setting O_NONBLOCK
debug1: Authenticating to 192.168.1.35:22461 as 'eva'
debug3: put_host_port: [192.168.1.35]:22461
debug3: record_hostkey: found key type RSA in file /home/eva/.ssh/known_hosts:1
debug3: load_hostkeys_file: loaded 1 keys from [192.168.1.35]:22461
debug1: load_hostkeys: fopen /home/eva/.ssh/known_hosts2: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts2: No such file or directory
debug3: order_hostkeyalgs: prefer hostkeyalgs: rsa-sha2-512-cert-v01@openssh.com,rsa-sha2-256-cert-v01@openssh.com,rsa-sha2-512,rsa-sha2-256
debug3: send packet: type 20
debug1: SSH2_MSG_KEXINIT sent
debug3: receive packet: type 20
debug1: SSH2_MSG_KEXINIT received
debug2: local client KEXINIT proposal
debug2: KEX algorithms: curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,sntrup761x25519-sha512@openssh.com,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com
debug2: host key algorithms: rsa-sha2-512-cert-v01@openssh.com,rsa-sha2-256-cert-v01@openssh.com,rsa-sha2-512,rsa-sha2-256,ssh-ed25519-cert-v01@openssh.com,ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,sk-ssh-ed25519-cert-v01@openssh.com,sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,ssh-ed25519,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,sk-ssh-ed25519@openssh.com,sk-ecdsa-sha2-nistp256@openssh.com
debug2: ciphers ctos: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
debug2: ciphers stoc: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
debug2: MACs ctos: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: MACs stoc: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: compression ctos: none,zlib@openssh.com,zlib
debug2: compression stoc: none,zlib@openssh.com,zlib
debug2: languages ctos:
debug2: languages stoc:
debug2: first_kex_follows 0
debug2: reserved 0
debug2: peer server KEXINIT proposal
debug2: KEX algorithms: curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,sntrup761x25519-sha512@openssh.com,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,kex-strict-s-v00@openssh.com
debug2: host key algorithms: rsa-sha2-512,rsa-sha2-256
debug2: ciphers ctos: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
debug2: ciphers stoc: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
debug2: MACs ctos: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: MACs stoc: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: compression ctos: none,zlib@openssh.com
debug2: compression stoc: none,zlib@openssh.com
debug2: languages ctos:
debug2: languages stoc:
debug2: first_kex_follows 0
debug2: reserved 0
debug3: kex_choose_conf: will use strict KEX ordering
debug1: kex: algorithm: curve25519-sha256
debug1: kex: host key algorithm: rsa-sha2-512
debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug3: send packet: type 30
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug3: receive packet: type 31
debug1: SSH2_MSG_KEX_ECDH_REPLY received
debug1: Server host key: ssh-rsa SHA256:brDjpAJ6MVXgvZ2Cdf7J1yl7lDmIW3+itWKdvUpn/Mc
debug3: put_host_port: [192.168.1.35]:22461
debug3: put_host_port: [192.168.1.35]:22461
debug3: record_hostkey: found key type RSA in file /home/eva/.ssh/known_hosts:1
debug3: load_hostkeys_file: loaded 1 keys from [192.168.1.35]:22461
debug1: load_hostkeys: fopen /home/eva/.ssh/known_hosts2: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts2: No such file or directory
debug1: Host '[192.168.1.35]:22461' is known and matches the RSA host key.
debug1: Found key in /home/eva/.ssh/known_hosts:1
debug3: send packet: type 21
debug1: ssh_packet_send2_wrapped: resetting send seqnr 3
debug2: ssh_set_newkeys: mode 1
debug1: rekey out after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug3: receive packet: type 21
debug1: ssh_packet_read_poll2: resetting read seqnr 3
debug1: SSH2_MSG_NEWKEYS received
debug2: ssh_set_newkeys: mode 0
debug1: rekey in after 134217728 blocks
debug1: get_agent_identities: bound agent to hostkey
debug1: get_agent_identities: agent returned 1 keys
debug1: Will attempt key: /home/eva/.ssh/id_rsa RSA SHA256:1dCmpxJJTAEx5BA4BZ4UJuSeczUXP3rL7fvRVyS8OrY agent
debug1: Will attempt key: /home/eva/.ssh/id_ecdsa
debug1: Will attempt key: /home/eva/.ssh/id_ecdsa_sk
debug1: Will attempt key: /home/eva/.ssh/id_ed25519
debug1: Will attempt key: /home/eva/.ssh/id_ed25519_sk
debug1: Will attempt key: /home/eva/.ssh/id_xmss
debug1: Will attempt key: /home/eva/.ssh/id_dsa
debug2: pubkey_prepare: done
debug3: send packet: type 5
debug3: receive packet: type 7
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<ssh-ed25519,sk-ssh-ed25519@openssh.com,ssh-rsa,rsa-sha2-256,rsa-sha2-512,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,sk-ecdsa-sha2-nistp256@openssh.com,webauthn-sk-ecdsa-sha2-nistp256@openssh.com>
debug1: kex_input_ext_info: publickey-hostbound@openssh.com=<0>
debug3: receive packet: type 6
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug3: send packet: type 50
debug3: receive packet: type 51
debug1: Authentications that can continue: publickey
debug3: start over, passed a different list publickey
debug3: preferred gssapi-with-mic,publickey,keyboard-interactive,password
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Offering public key: /home/eva/.ssh/id_rsa RSA SHA256:1dCmpxJJTAEx5BA4BZ4UJuSeczUXP3rL7fvRVyS8OrY agent
debug3: send packet: type 50
debug2: we sent a publickey packet, wait for reply
debug3: receive packet: type 51
debug1: Authentications that can continue: publickey
debug1: Trying private key: /home/eva/.ssh/id_ecdsa
debug3: no such identity: /home/eva/.ssh/id_ecdsa: No such file or directory
debug1: Trying private key: /home/eva/.ssh/id_ecdsa_sk
debug3: no such identity: /home/eva/.ssh/id_ecdsa_sk: No such file or directory
debug1: Trying private key: /home/eva/.ssh/id_ed25519
debug3: no such identity: /home/eva/.ssh/id_ed25519: No such file or directory
debug1: Trying private key: /home/eva/.ssh/id_ed25519_sk
debug3: no such identity: /home/eva/.ssh/id_ed25519_sk: No such file or directory
debug1: Trying private key: /home/eva/.ssh/id_xmss
debug3: no such identity: /home/eva/.ssh/id_xmss: No such file or directory
debug1: Trying private key: /home/eva/.ssh/id_dsa
debug3: no such identity: /home/eva/.ssh/id_dsa: No such file or directory
debug2: we did not send a packet, disable method
debug1: No more authentication methods to try.
eva@192.168.1.35: Permission denied (publickey).Une idée ?
Merci
Dernière modification par Ayral (Le 06/05/2025, à 17:05)
Xubuntu 16.04 > Dell DM061 (2007) + Dell Inspiron 531 (2008)
Xubuntu 16.04 > Asus X51L (2009) + MSI GX723 (2009)
Xubuntu 22.04 > HP 15BA048NF (2018)
Hors ligne
#2 Le 05/05/2025, à 11:00
- iznobe
Re : Erreur cnconnexion ssh avec clé
Bonjour , il s' agit d' une erreur de permissions de clé puisque :
eva@192.168.1.35: Permission denied (publickey).
à la 1ere connexion il faut configuré avec mot de passe et accepté la connexion . Ensuite seulement , il faut proceder à la connexion uniquement par clé .
Dernière modification par iznobe (Le 05/05/2025, à 11:01)
retour COMPLET et utilisable de commande | script montage partitions
MSI Z490A-pro , i7 10700 , 32 GB RAM .
Hors ligne
#3 Le 05/05/2025, à 11:17
- JujuLand
Re : Erreur cnconnexion ssh avec clé
C'est ce que j'avais fait.
J'ai refait la manip en autorisant la connexion par mot de passe, et ç'est ok.
Puis j'ai interdit la connexion par mot de passe, et ça coince ...
J'ai copié ma propre clé dans authorized_keys, et depuis mon ordi, çà passe.
C'est bien, somme toute, ce que je veux pour pouvoir prendre la main à distance, mais je ne m'explique pas le problème pour une connexion depuis le mêm ordi. J'ai toujours fait ça sur tout les ordis que j'ai montés, et ça avait toujours fonctionné ... mais il est vrai que c'était souvent pour des machines en 16.04, voire en 18.04, et il semblerait que openssh-server ait subi quelques modifications ou améliorations ...
Mais je suis toujours preneur de la solution, s'il en existe une.
Merci
A+
Xubuntu 16.04 > Dell DM061 (2007) + Dell Inspiron 531 (2008)
Xubuntu 16.04 > Asus X51L (2009) + MSI GX723 (2009)
Xubuntu 22.04 > HP 15BA048NF (2018)
Hors ligne
#4 Le 05/05/2025, à 11:26
- iznobe
Re : Erreur cnconnexion ssh avec clé
d' utre part , maintenant , la bonne pratique , c' est de ne pas toucher au fichier de config par defaut : sshd_config , mais plutot de creer un fichier specifique dans le dossier sshd_config.d . c' est pour cela que cette ligne est presente dans le fichier de config par défaut :
Include /etc/ssh/sshd_config.d/*.confje t ' invite à reprendre la procedure en suivant ce qui est indiqué dans la doc a propos des clés : https://doc.ubuntu-fr.org/ssh#mise_en_place_des_cles .
tu as du " loupé " quelquechose .
retour COMPLET et utilisable de commande | script montage partitions
MSI Z490A-pro , i7 10700 , 32 GB RAM .
Hors ligne
#5 Le 06/05/2025, à 12:09
- JujuLand
Re : Erreur cnconnexion ssh avec clé
Bonjour,
J'avais simplement pas executé ssh-add
J'ai procédé comme indiqué dans la doc que tu m'indiquais, et ce n'est toujours pas bon.
A+
Dernière modification par JujuLand (Hier à 10:47)
Xubuntu 16.04 > Dell DM061 (2007) + Dell Inspiron 531 (2008)
Xubuntu 16.04 > Asus X51L (2009) + MSI GX723 (2009)
Xubuntu 22.04 > HP 15BA048NF (2018)
Hors ligne
Pages : 1