scp mit RSA-Zertifikat

16/10/2016 - 23:40 von Joachim Hartmann | Report spam
Ich bekomme es einfach nicht wieder zum laufen!
scp mit Kennwort funktioniert problemlos! Für die RSA-Variante bin ich
auf dem Rechner raspberrypi-hzg wie folgt vorgegangen:

#~# ssh-keygen -t rsa
#~# su pi
#~# ssh-keygen -t rsa
#~# exit

mit dem Ergebnis:

#~# dir /root/.ssh/
insgesamt 20
drwx 2 root root 4096 2016-10-16 18:52 .
drwx 12 root root 4096 2016-10-14 10:38 ..
-rw- 1 root root 1766 2016-10-16 18:48 id_rsa
-rw-r--r-- 1 root root 402 2016-10-16 18:48 id_rsa.pub
-rw-r--r-- 1 root root 222 2016-10-16 18:52 known_hosts
#~# dir /home/pi/.ssh/
insgesamt 20
drwxr-xr-x 2 pi pi 4096 2016-10-16 18:54 .
drwxr-xr-x 5 pi pi 4096 2016-10-14 22:51 ..
-rw- 1 pi pi 1766 2016-10-16 18:49 id_rsa
-rw-r--r-- 1 pi pi 400 2016-10-16 18:49 id_rsa.pub
-rw-r--r-- 1 pi pi 222 2016-10-16 18:54 known_hosts

soweit so gut weiter ging es mit

#~# cat ~/.ssh/*.pub | ssh -p 123 pi@192.168.0.113 'umask 077; cat


.ssh/authorized_keys'




#~#su pi
#~# cat ~/.ssh/*.pub | ssh -p 123 pi@192.168.0.113 'umask 077; cat


.ssh/authorized_keys'




#~#exit

was auf dem Rechner ...113 folgendes Ergebnis zeigt

#~# dir /home/pi/.ssh/
insgesamt 16
drwx 2 pi pi 4096 2016-10-16 19:51 .
drwxrwxrwx 3 pi pi 4096 2016-10-16 19:04 ..
-rw- 1 pi pi 802 2016-10-16 18:55 authorized_keys

#~# nano /home/pi/.ssh/authorized_keys
ssh-rsa ... root@raspberrypi-hzg
ssh-rsa ... pi@raspberrypi-hzg

aus meiner Sicht immer noch logisch, als müsste jetzt scp ohne
Kennworteingabe funktionieren, tut es aber nicht!

root@19:46:02#~# scp -P123 -pv /home/pi/heizung.xlm.bz2
pi@192.168.0.113:/home/pi/
Executing: program /usr/bin/ssh host 192.168.0.113, user pi, command
scp -v -p -t /home/pi/
OpenSSH_6.7p1 Debian-5+deb8u3, OpenSSL 1.0.1t 3 May 2016
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug1: Connecting to 192.168.0.113 [192.168.0.113] port 123.
debug1: Connection established.
debug1: permanently_set_uid: 0/0
debug1: key_load_public: No such file or directory
debug1: identity file /root/.ssh/id_rsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /root/.ssh/id_rsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /root/.ssh/id_dsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /root/.ssh/id_dsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /root/.ssh/id_ecdsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /root/.ssh/id_ecdsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /root/.ssh/id_ed25519 type -1
debug1: key_load_public: No such file or directory
debug1: identity file /root/.ssh/id_ed25519-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.7p1 Debian-5+deb8u3
debug1: Remote protocol version 2.0, remote software version
OpenSSH_6.7p1 Debian-5+deb8u3
debug1: match: OpenSSH_6.7p1 Debian-5+deb8u3 pat OpenSSH* compat
0x04000000
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr umac-64-etm@openssh.com none
debug1: kex: client->server aes128-ctr umac-64-etm@openssh.com none
debug1: sending SSH2_MSG_KEX_ECDH_INIT
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ECDSA
0d:eb:ab:6b:89:56:0c:aa:b4:3f:b0:89:0a:9f:50:57
debug1: Host '[192.168.0.113]:123' is known and matches the ECDSA
host key.
debug1: Found key in /root/.ssh/known_hosts:1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: Trying private key: /root/.ssh/id_rsa
debug1: Trying private key: /root/.ssh/id_dsa
debug1: Trying private key: /root/.ssh/id_ecdsa
debug1: Trying private key: /root/.ssh/id_ed25519
debug1: Next authentication method: password
pi@192.168.0.113's password:
debug1: Authentication succeeded (password).
Authenticated to 192.168.0.113 ([192.168.0.113]:123).
debug1: channel 0: new [client-session]
debug1: Requesting no-more-sessions@openssh.com
debug1: Entering interactive session.
debug1: Sending environment.
debug1: Sending env LANG = de_DE.UTF-8
debug1: Sending command: scp -v -p -t /home/pi/
File mtime 1476477419 atime 1476477387
Sending file timestamps: T1476477419 0 1476477387 0
Sink: T1476477419 0 1476477387 0
Sending file modes: C0644 2605749 heizung.xlm.bz2
Sink: C0644 2605749 heizung.xlm.bz2 100% 2545KB 2.5MB/s 00:00
debug1: client_input_channel_req: channel 0 rtype exit-status reply 0
debug1: channel 0: free: client-session, nchannels 1
debug1: fd 0 clearing O_NONBLOCK
debug1: fd 1 clearing O_NONBLOCK
Transferred: sent 2611600, received 2384 bytes, in 0.1 seconds
Bytes per second: sent 47558827.8, received 43414.1
debug1: Exit status 0

Das kopieren klappt als, aber nicht ohne Kennwort, wo mache ich den
(Denk-)Fehler?

Gruß aus der Stadt der CeBIT
Jochen
 

Lesen sie die antworten

#1 Heiko Schlittermann
17/10/2016 - 00:10 | Warnen spam

Joachim Hartmann (So 16 Okt 2016 23:33:01 CEST):
Ich bekomme es einfach nicht wieder zum laufen!
scp mit Kennwort funktioniert problemlos! Fà¼r die RSA-Variante bin ich auf
dem Rechner raspberrypi-hzg wie folgt vorgegangen:



…
was auf dem Rechner ...113 folgendes Ergebnis zeigt

#~# dir /home/pi/.ssh/
insgesamt 16
drwx 2 pi pi 4096 2016-10-16 19:51 .
drwxrwxrwx 3 pi pi 4096 2016-10-16 19:04 ..


**********
Vermutlich missfallen dem SSH-Server auf der .113 diese doch
recht groàŸzà¼gigen Permissions.

Das kopieren klappt als, aber nicht ohne Kennwort, wo mache ich den
(Denk-)Fehler?



Best regards from Dresden/Germany
Viele Grà¼àŸe aus Dresden
Heiko Schlittermann
SCHLITTERMANN.de - internet & unix support -
Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1,3} -
gnupg encrypted messages are welcome key ID: F69376CE -
! key id 7CBF764A and 972EAC9F are revoked since 2015-01 -



Ähnliche fragen