staging.inyokaproject.org

Hallo,

nach dem Update von Ubuntu 20.04 LTS auf 22.04 LTS habe ich Probleme mit dem SSH-Zugriff auf meinen Sat-Receiver, ein Vu+ Duo. Ich bekomme es partout nicht hin, ohne Passwortabfrage auf den Receiver zuzugreifen. Unter 20.04 war das überhaupt gar kein Problem.

Auf dem Sat-Receiver läuft als SSH-Server Dropbear v2016.74

Ubuntu läuft mit OpenSSH_8.9p1 Ubuntu-3, OpenSSL 3.0.2 15 Mar 2022

Ist es möglich, dass es hier ein Kompatibilitätsproblem gibt? Oder muss ein bestimmtes Verschlüsselungsverfahren gewählt werden? Hat jemand Erfahrungen damit?

VG Peter

Was ist denn die Meldung?

Eine konkrete Fehlermeldung gibt es nicht. Aber obwohl der public-Key in der "authorized_keys" auf dem Sat-Receiver eingetragen ist, erscheint nach wie vor die Passwort-Abfrage.

Nutze ssh mal mit -v

Danke, hier die Ausgabe:

peter@latitude:~$ ssh -v root@192.168.178.26
OpenSSH_8.9p1 Ubuntu-3, OpenSSL 3.0.2 15 Mar 2022
debug1: Reading configuration data /home/peter/.ssh/config
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: include /etc/ssh/ssh_config.d/*.conf matched no files
debug1: /etc/ssh/ssh_config line 21: Applying options for *
debug1: Connecting to 192.168.178.26 [192.168.178.26] port 22.
debug1: Connection established.
debug1: identity file /home/peter/.ssh/id_rsa type 0
debug1: identity file /home/peter/.ssh/id_rsa-cert type -1
debug1: identity file /home/peter/.ssh/id_ecdsa type -1
debug1: identity file /home/peter/.ssh/id_ecdsa-cert type -1
debug1: identity file /home/peter/.ssh/id_ecdsa_sk type -1
debug1: identity file /home/peter/.ssh/id_ecdsa_sk-cert type -1
debug1: identity file /home/peter/.ssh/id_ed25519 type 3
debug1: identity file /home/peter/.ssh/id_ed25519-cert type -1
debug1: identity file /home/peter/.ssh/id_ed25519_sk type -1
debug1: identity file /home/peter/.ssh/id_ed25519_sk-cert type -1
debug1: identity file /home/peter/.ssh/id_xmss type -1
debug1: identity file /home/peter/.ssh/id_xmss-cert type -1
debug1: identity file /home/peter/.ssh/id_dsa type -1
debug1: identity file /home/peter/.ssh/id_dsa-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_8.9p1 Ubuntu-3
debug1: Remote protocol version 2.0, remote software version dropbear_2016.74
debug1: compat_banner: no match: dropbear_2016.74
debug1: Authenticating to 192.168.178.26:22 as 'root'
debug1: load_hostkeys: fopen /home/peter/.ssh/known_hosts2: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts2: No such file or directory
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: curve25519-sha256@libssh.org
debug1: kex: host key algorithm: ssh-rsa
debug1: kex: server->client cipher: aes128-ctr MAC: hmac-sha2-256 compression: none
debug1: kex: client->server cipher: aes128-ctr MAC: hmac-sha2-256 compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: SSH2_MSG_KEX_ECDH_REPLY received
debug1: Server host key: ssh-rsa SHA256:mm9Ysui5dGO4zX+m7TOBm0SOpPDBbS/aba/MKt8CZ5o
debug1: load_hostkeys: fopen /home/peter/.ssh/known_hosts2: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts2: No such file or directory
debug1: Host '192.168.178.26' is known and matches the RSA host key.
debug1: Found key in /home/peter/.ssh/known_hosts:1
debug1: rekey out after 4294967296 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey in after 4294967296 blocks
debug1: get_agent_identities: bound agent to hostkey
debug1: get_agent_identities: agent returned 2 keys
debug1: Will attempt key: /home/peter/.ssh/id_ed25519 ED25519 SHA256:aHp+uiYdDbvftfzi/8Uah/sbHqk1NWVimmLJOl7zpOE agent
debug1: Will attempt key: /home/peter/.ssh/id_rsa RSA SHA256:Yf1s6whJKYTk1tVG+EWmAMT8P6P5LS/A81YANmxjhi8 agent
debug1: Will attempt key: /home/peter/.ssh/id_ecdsa 
debug1: Will attempt key: /home/peter/.ssh/id_ecdsa_sk 
debug1: Will attempt key: /home/peter/.ssh/id_ed25519_sk 
debug1: Will attempt key: /home/peter/.ssh/id_xmss 
debug1: Will attempt key: /home/peter/.ssh/id_dsa 
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: Offering public key: /home/peter/.ssh/id_ed25519 ED25519 SHA256:aHp+uiYdDbvftfzi/8Uah/sbHqk1NWVimmLJOl7zpOE agent
debug1: Authentications that can continue: publickey,password
debug1: Offering public key: /home/peter/.ssh/id_rsa RSA SHA256:Yf1s6whJKYTk1tVG+EWmAMT8P6P5LS/A81YANmxjhi8 agent
debug1: Authentications that can continue: publickey,password
debug1: Trying private key: /home/peter/.ssh/id_ecdsa
debug1: Trying private key: /home/peter/.ssh/id_ecdsa_sk
debug1: Trying private key: /home/peter/.ssh/id_ed25519_sk
debug1: Trying private key: /home/peter/.ssh/id_xmss
debug1: Trying private key: /home/peter/.ssh/id_dsa
debug1: Next authentication method: password
root@192.168.178.26's password: 

Kannst du das ganze denn mal im Live-System testen?

pesobs schrieb:

nach dem Update von Ubuntu 20.04 LTS auf 22.04 LTS habe ich Probleme mit dem SSH-Zugriff auf meinen Sat-Receiver, ein Vu+ Duo. Ich bekomme es partout nicht hin, ohne Passwortabfrage auf den Receiver zuzugreifen.

Was passiert wenn Du den ssh-Client, mit der Option "PasswordAuthentication no" benutzt?

Hier die Ausgabe im Live-System

ubuntu@ubuntu:~$ ssh -v root@192.168.178.26
OpenSSH_8.9p1 Ubuntu-3, OpenSSL 3.0.2 15 Mar 2022
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: include /etc/ssh/ssh_config.d/*.conf matched no files
debug1: /etc/ssh/ssh_config line 21: Applying options for *
debug1: Connecting to 192.168.178.26 [192.168.178.26] port 22.
debug1: Connection established.
debug1: identity file /home/ubuntu/.ssh/id_rsa type -1
debug1: identity file /home/ubuntu/.ssh/id_rsa-cert type -1
debug1: identity file /home/ubuntu/.ssh/id_ecdsa type -1
debug1: identity file /home/ubuntu/.ssh/id_ecdsa-cert type -1
debug1: identity file /home/ubuntu/.ssh/id_ecdsa_sk type -1
debug1: identity file /home/ubuntu/.ssh/id_ecdsa_sk-cert type -1
debug1: identity file /home/ubuntu/.ssh/id_ed25519 type -1
debug1: identity file /home/ubuntu/.ssh/id_ed25519-cert type -1
debug1: identity file /home/ubuntu/.ssh/id_ed25519_sk type -1
debug1: identity file /home/ubuntu/.ssh/id_ed25519_sk-cert type -1
debug1: identity file /home/ubuntu/.ssh/id_xmss type -1
debug1: identity file /home/ubuntu/.ssh/id_xmss-cert type -1
debug1: identity file /home/ubuntu/.ssh/id_dsa type -1
debug1: identity file /home/ubuntu/.ssh/id_dsa-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_8.9p1 Ubuntu-3
debug1: Remote protocol version 2.0, remote software version dropbear_2016.74
debug1: compat_banner: no match: dropbear_2016.74
debug1: Authenticating to 192.168.178.26:22 as 'root'
debug1: load_hostkeys: fopen /home/ubuntu/.ssh/known_hosts: No such file or directory
debug1: load_hostkeys: fopen /home/ubuntu/.ssh/known_hosts2: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts2: No such file or directory
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: curve25519-sha256@libssh.org
debug1: kex: host key algorithm: (no match)
Unable to negotiate with 192.168.178.26 port 22: no matching host key type found. Their offer: ssh-rsa
ubuntu@ubuntu:~$ 

und hier die Ausgabe mit der Option "PasswordAuthentication no"

peter@latitude:~$ ssh -v -o "PasswordAuthentication no" root@192.168.178.26
OpenSSH_8.9p1 Ubuntu-3, OpenSSL 3.0.2 15 Mar 2022
debug1: Reading configuration data /home/peter/.ssh/config
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: include /etc/ssh/ssh_config.d/*.conf matched no files
debug1: /etc/ssh/ssh_config line 21: Applying options for *
debug1: Connecting to 192.168.178.26 [192.168.178.26] port 22.
debug1: Connection established.
debug1: identity file /home/peter/.ssh/id_rsa type 0
debug1: identity file /home/peter/.ssh/id_rsa-cert type -1
debug1: identity file /home/peter/.ssh/id_ecdsa type -1
debug1: identity file /home/peter/.ssh/id_ecdsa-cert type -1
debug1: identity file /home/peter/.ssh/id_ecdsa_sk type -1
debug1: identity file /home/peter/.ssh/id_ecdsa_sk-cert type -1
debug1: identity file /home/peter/.ssh/id_ed25519 type 3
debug1: identity file /home/peter/.ssh/id_ed25519-cert type -1
debug1: identity file /home/peter/.ssh/id_ed25519_sk type -1
debug1: identity file /home/peter/.ssh/id_ed25519_sk-cert type -1
debug1: identity file /home/peter/.ssh/id_xmss type -1
debug1: identity file /home/peter/.ssh/id_xmss-cert type -1
debug1: identity file /home/peter/.ssh/id_dsa type -1
debug1: identity file /home/peter/.ssh/id_dsa-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_8.9p1 Ubuntu-3
debug1: Remote protocol version 2.0, remote software version dropbear_2016.74
debug1: compat_banner: no match: dropbear_2016.74
debug1: Authenticating to 192.168.178.26:22 as 'root'
debug1: load_hostkeys: fopen /home/peter/.ssh/known_hosts2: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts2: No such file or directory
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: curve25519-sha256@libssh.org
debug1: kex: host key algorithm: ssh-rsa
debug1: kex: server->client cipher: aes128-ctr MAC: hmac-sha2-256 compression: none
debug1: kex: client->server cipher: aes128-ctr MAC: hmac-sha2-256 compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: SSH2_MSG_KEX_ECDH_REPLY received
debug1: Server host key: ssh-rsa SHA256:mm9Ysui5dGO4zX+m7TOBm0SOpPDBbS/aba/MKt8CZ5o
debug1: load_hostkeys: fopen /home/peter/.ssh/known_hosts2: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts2: No such file or directory
debug1: Host '192.168.178.26' is known and matches the RSA host key.
debug1: Found key in /home/peter/.ssh/known_hosts:1
debug1: rekey out after 4294967296 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey in after 4294967296 blocks
debug1: get_agent_identities: bound agent to hostkey
debug1: get_agent_identities: agent returned 2 keys
debug1: Will attempt key: /home/peter/.ssh/id_rsa RSA SHA256:Yf1s6whJKYTk1tVG+EWmAMT8P6P5LS/A81YANmxjhi8 agent
debug1: Will attempt key: /home/peter/.ssh/id_ed25519 ED25519 SHA256:aHp+uiYdDbvftfzi/8Uah/sbHqk1NWVimmLJOl7zpOE agent
debug1: Will attempt key: /home/peter/.ssh/id_ecdsa 
debug1: Will attempt key: /home/peter/.ssh/id_ecdsa_sk 
debug1: Will attempt key: /home/peter/.ssh/id_ed25519_sk 
debug1: Will attempt key: /home/peter/.ssh/id_xmss 
debug1: Will attempt key: /home/peter/.ssh/id_dsa 
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: Offering public key: /home/peter/.ssh/id_rsa RSA SHA256:Yf1s6whJKYTk1tVG+EWmAMT8P6P5LS/A81YANmxjhi8 agent
debug1: Authentications that can continue: publickey,password
debug1: Offering public key: /home/peter/.ssh/id_ed25519 ED25519 SHA256:aHp+uiYdDbvftfzi/8Uah/sbHqk1NWVimmLJOl7zpOE agent
debug1: Authentications that can continue: publickey,password
debug1: Trying private key: /home/peter/.ssh/id_ecdsa
debug1: Trying private key: /home/peter/.ssh/id_ecdsa_sk
debug1: Trying private key: /home/peter/.ssh/id_ed25519_sk
debug1: Trying private key: /home/peter/.ssh/id_xmss
debug1: Trying private key: /home/peter/.ssh/id_dsa
debug1: No more authentication methods to try.
root@192.168.178.26: Permission denied (publickey,password).
peter@latitude:~$ 

pesobs schrieb:

Hier die Ausgabe im Live-System

debug1: kex: algorithm: curve25519-sha256@libssh.org
debug1: kex: host key algorithm: (no match)
Unable to negotiate with 192.168.178.26 port 22: no matching host key type found. Their offer: ssh-rsa

Welches Live-System hast Du benutzt? Wie sind auf dem Live-System und auf dem updateten System, die Ausgaben von:

ssh -Q key
ssh -Q kex
ssh -Q cipher-auth
ls -la .ssh
sudo ls -la /root/.ssh

?

Moin,

du bist aber sicher, dass der öffentliche Schlüssel nach wie vor auf dem Server liegt? Vergleiche mal auf dem Server .ssh/authorized_keys und lokal .ssh/MEINE_ID.pub und ob MEINE_ID (also der passende private Schlüssel) vorhanden ist.

Scheint so, als würde er den passenden privaten Key nicht finden... Vielleicht auch mal in der .ssh/config explizit angeben:

Host Servername
    HostName 192.168.178.26
    User root
    IdentityFile ~/.ssh/MEINE_ID
    Preferredauthentications publickey
    PasswordAuthentication no

dann:

ssh -v Servername

@lubux Hier die Ausgaben auf dem aktualisierten System:

peter@latitude:~$ ssh -Q key
ssh-ed25519
ssh-ed25519-cert-v01@openssh.com
sk-ssh-ed25519@openssh.com
sk-ssh-ed25519-cert-v01@openssh.com
ssh-rsa
ssh-dss
ecdsa-sha2-nistp256
ecdsa-sha2-nistp384
ecdsa-sha2-nistp521
sk-ecdsa-sha2-nistp256@openssh.com
ssh-rsa-cert-v01@openssh.com
ssh-dss-cert-v01@openssh.com
ecdsa-sha2-nistp256-cert-v01@openssh.com
ecdsa-sha2-nistp384-cert-v01@openssh.com
ecdsa-sha2-nistp521-cert-v01@openssh.com
sk-ecdsa-sha2-nistp256-cert-v01@openssh.com

–-

peter@latitude:~$ ssh -Q kex
diffie-hellman-group1-sha1
diffie-hellman-group14-sha1
diffie-hellman-group14-sha256
diffie-hellman-group16-sha512
diffie-hellman-group18-sha512
diffie-hellman-group-exchange-sha1
diffie-hellman-group-exchange-sha256
ecdh-sha2-nistp256
ecdh-sha2-nistp384
ecdh-sha2-nistp521
curve25519-sha256
curve25519-sha256@libssh.org
sntrup761x25519-sha512@openssh.com

–-

peter@latitude:~$ ssh -Q cipher-auth
aes128-gcm@openssh.com
aes256-gcm@openssh.com
chacha20-poly1305@openssh.com

–-

peter@latitude:~$ ls -la .ssh
insgesamt 32
drwx------  2 peter peter 4096 Mai 15 17:10 .
drwxr-xr-x 47 peter peter 4096 Mai 16 06:58 ..
-rw-rw-r--  1 peter peter   70 Mai 14 06:49 config
-rw-------  1 peter peter  411 Mai 15 12:03 id_ed25519
-rw-r--r--  1 peter peter   96 Mai 15 12:03 id_ed25519.pub
-rw-------  1 peter peter 3381 Mai 15 14:30 id_rsa
-rw-r--r--  1 peter peter  740 Mai 15 14:30 id_rsa.pub
-rw-r--r--  1 peter peter  584 Mai 15 17:09 known_hosts

–-

peter@latitude:~$ sudo ls -la /root/.ssh
[sudo] Passwort für peter: 
insgesamt 28
drwx------  2 root root 4096 Mai 15 12:18 .
drwxr-xr-x 11 root root 4096 Mai  8 14:51 ..
-rw-------  1 root root  399 Mai 15 12:18 id_ed25519
-rw-r--r--  1 root root   95 Mai 15 12:18 id_ed25519.pub
-rw-------  1 root root 3381 Mai 15 14:35 id_rsa
-rw-r--r--  1 root root  739 Mai 15 14:35 id_rsa.pub
-rw-r--r--  1 root root  666 Mär  4  2020 known_hosts
peter@latitude:~$ 

pesobs schrieb:

peter@latitude:~$ ls -la .ssh
-rw-------  1 peter peter 3381 Mai 15 14:30 id_rsa
-rw-r--r--  1 peter peter  740 Mai 15 14:30 id_rsa.pub

peter@latitude:~$ sudo ls -la /root/.ssh
-rw-------  1 root root 3381 Mai 15 14:35 id_rsa
-rw-r--r--  1 root root  739 Mai 15 14:35 id_rsa.pub

Ist das der Schlüssel, den Du erfolgreich vor deinem Update, mit Ubuntu 20.04 LTS benutzt hast? Oder hast Du nach dem Update, neue Schlüssel generiert?

Auf dem Host-Rechner läuft Dropbear als SSH-Server.

in der Datei /etc/dropbear/authorized_keys finden sich 4 öffentliche Schlüssel, die mit denen auf dem Client-Rechner vorhandenen identisch sind. Ich hatte die Schlüssel ja auch händisch dort hinein kopiert.

Ich hatte mit dem rsa-Schlüssel anfangs auch Probleme mit dem HiDrive von Strato; erst nachdem ich einen ed25519-Schlüssel generiert hatte, konnte ich die Verbindung hier herstellen. Mein Problem scheint also mit dem rsa-Schlüssel in irgendeiner Weise zu tun zu haben.

Der Dropbear Server scheint die ed25519-Verschlüsselung aber noch nicht zu implementiert zu haben, 2016-er Version. Den SSH-Server kann ich allerdings nicht aktualisieren auf eine neuere Version.

ich habe neue Schlüssel generiert...