2012/12/22

/home/mikio にホームを設定してるのではなく、 c:/Users/mikio にHOMEを設定し てる場合でssh接続すると、下記のように /home/mikio ディレクトリが作成でき ないと怒られてしまう。

$ ssh -v 192.168.10.2 -p 30890 -i ~/.ssh/id_rsa.whitebase
OpenSSH_6.1p1, OpenSSL 1.0.1c 10 May 2012
debug1: Connecting to 192.168.10.2 [192.168.10.2] port 30890.
debug1: Connection established.
Could not create directory '/home/mikio/.ssh'.

この場合は、 /etc/passwd/home/mikio となってるところを、 /cygdrive/c/Users/mikio に書き換えれば良い。

しかし今度はpublickeyがパーミッションエラー。

debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Trying private key: /cygdrive/c/Users/miki/.ssh/id_rsa.whitabase
debug1: No more authentication methods to try.
Permission denied (publickey).

下記よるとホスト側で /etc/ssh/sshd_config の設定でユーザを許可してな いのが原因とあったので調べたところドンピシャでした。

早速編集して再起動したところ、まだ駄目。

# AllowUsersにユーザを追加
$ sudo vi /etc/ssh/sshd_config

# 再起動 
$ sudo /etc/init.d/ssh restart
 :
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Trying private key: /cygdrive/c/Users/miki/.ssh/id_rsa.whitabase
debug1: No more authentication methods to try.
Permission denied (publickey).

接続ホスト側でログを確認してみる。

/etc/ssh/sshd_config を編集

SyslogFacility AUTH
LogLevel VERBOSE
$ sudo tail -f /var/log/auth.log
 :
Dec  1 21:54:00 whitebase sshd[20701]: Set /proc/self/oom_score_adj to 0
Dec  1 21:54:00 whitebase sshd[20701]: Connection from 192.168.10.229 port 64522
Dec  1 21:54:01 whitebase sshd[20701]: Connection closed by 192.168.10.229 [preauth]
 :

...ログをみてもよくわからなかった。

今度は、サーバー側でもデバッグモードにして接続してみる。

mikio@whitebase:~/.ssh$ whereis sshd
sshd: /usr/sbin/sshd /usr/share/man/man8/sshd.8.gz
mikio@whitebase:~/.ssh$ sudo /usr/sbin/sshd -d
debug1: sshd version OpenSSH_5.9p1 Debian-5ubuntu1
debug1: read PEM private key done: type RSA
debug1: Checking blacklist file /usr/share/ssh/blacklist.RSA-2048
debug1: Checking blacklist file /etc/ssh/blacklist.RSA-2048
debug1: private host key: #0 type 1 RSA
debug1: read PEM private key done: type DSA
debug1: Checking blacklist file /usr/share/ssh/blacklist.DSA-1024
debug1: Checking blacklist file /etc/ssh/blacklist.DSA-1024
debug1: private host key: #1 type 2 DSA
debug1: read PEM private key done: type ECDSA
debug1: Checking blacklist file /usr/share/ssh/blacklist.ECDSA-256
debug1: Checking blacklist file /etc/ssh/blacklist.ECDSA-256
debug1: private host key: #2 type 3 ECDSA
debug1: rexec_argv[0]='/usr/sbin/sshd'
debug1: rexec_argv[1]='-d'
Set /proc/self/oom_score_adj from 0 to -1000
debug1: Bind to port 30890 on 0.0.0.0.
Server listening on 0.0.0.0 port 30890.
debug1: Bind to port 30890 on ::.
Server listening on :: port 30890.
debug1: Server will not fork when running in debugging mode.
debug1: rexec start in 5 out 5 newsock 5 pipe -1 sock 8
debug1: inetd sockets after dupping: 3, 3
Connection from 192.168.10.229 port 64488
debug1: Client protocol version 2.0; client software version OpenSSH_6.1
debug1: match: OpenSSH_6.1 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.9p1 Debian-5ubuntu1
debug1: permanently_set_uid: 105/65534 [preauth]
debug1: list_hostkey_types: ssh-rsa,ssh-dss,ecdsa-sha2-nistp256 [preauth]
debug1: SSH2_MSG_KEXINIT sent [preauth]
debug1: SSH2_MSG_KEXINIT received [preauth]
debug1: kex: client->server aes128-ctr hmac-md5 none [preauth]
debug1: kex: server->client aes128-ctr hmac-md5 none [preauth]
debug1: expecting SSH2_MSG_KEX_ECDH_INIT [preauth]
debug1: SSH2_MSG_NEWKEYS sent [preauth]
debug1: expecting SSH2_MSG_NEWKEYS [preauth]
debug1: SSH2_MSG_NEWKEYS received [preauth]
debug1: KEX done [preauth]
debug1: userauth-request for user mikio service ssh-connection method none [preauth]
debug1: attempt 0 failures 0 [preauth]
debug1: PAM: initializing for "mikio"
debug1: PAM: setting PAM_RHOST to "miki-pc.lan"
debug1: PAM: setting PAM_TTY to "ssh"
Connection closed by 192.168.10.229 [preauth]
debug1: do_cleanup [preauth]
debug1: monitor_read_log: child log fd closed
debug1: do_cleanup
debug1: PAM: cleanup

うーん、よくわからん。

今度は、クライアント側のデバッグログの出力レベルをあげて試す。 (vの数がレベルになる。知らなかった。)

$ ssh -vvv whitebase
  :
  :
debug1: Next authentication method: publickey
debug1: Trying private key: /cygdrive/c/Users/miki/.ssh/id_rsa.whitabase
debug3: no such identity: /cygdrive/c/Users/miki/.ssh/id_rsa.whitabase
debug2: we did not send a packet, disable method
debug1: No more authentication methods to try.
Permission denied (publickey).

おおおお!、なんという初歩的ミス!。 .ssh/config の秘密鍵の名前をタイポ。

- IdentityFile ~/.ssh/id_rsa.whitabase
+ IdentityFile ~/.ssh/id_rsa.whitebase

これで無事接続できました。

1 まとめ

  • パーミッションを疑え!
    • $HOME -> 700
    • $HOME/.ssh -> 700
    • $HOME/.ssh/id_rsa -> 644
    • サーバ側の $HOME/.ssh/authorized_keys -> 644
  • ログイン許可してるユーザを確認しろ!
    • サーバ側の /etc/ssh/sshd_configAllowUsers
  • クライアント側のログを確認しろ!
    • ssh -v HOSTNAME
    • vオプションの数でデバッグレベルを調節できる!
      • ssh -v HOSTNAME
      • ssh -vv HOSTNAME
      • ssh -vvv HOSTNAME
  • サーバ側のログを確認しろ!
    • サーバ側の /etc/ssh/sshd_config
      • SyslogFacility AUTH
      • LogLevel VERBOSE
    • sudo tail -f /var/log/auth.log
    • /usr/sbin/sshd -d
  • $HOME/.ssh/config のタイポを確認しろ!

以上で大体解決すると思います。

blog comments powered by Disqus