Mon serveur YunoHost
Matériel: Tinkerboard à la maison
Version de YunoHost: 3.6.4
J’ai accès à mon serveur : En direct avec un clavier/écran
Êtes-vous dans un contexte particulier ou avez-vous effectué des modificiations particulières sur votre instance ? : non
Description du problème
Salutations, chers aides divins et tout gloire au Aleks puissant !
Oh, grand Aleks puissant et cher aides,
Dans mon humilité et mon ignorance, j’annonce dans cette langue magnifique, appelle le français, que je ne suis pas capable de essaie de me connecter en utilisant une clé id_ed25519.
La clé publique est présente dans /home/admin/.ssh/authorized_keys
J’ai plusieurs Raspberry Pi’s où ça fonctionne.
Je ne comprends pas pourquoi ça ne fonctionne pas avec ce serveur.
[folaht@Pjehrsohmehj ~]$ ssh -v admin@Yropeehn
OpenSSH_8.0p1, OpenSSL 1.1.1c 28 May 2019
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Connecting to yropeehn [192.168.178.24] port 22.
debug1: Connection established.
debug1: identity file /home/folaht/.ssh/id_rsa type -1
debug1: identity file /home/folaht/.ssh/id_rsa-cert type -1
debug1: identity file /home/folaht/.ssh/id_dsa type -1
debug1: identity file /home/folaht/.ssh/id_dsa-cert type -1
debug1: identity file /home/folaht/.ssh/id_ecdsa type -1
debug1: identity file /home/folaht/.ssh/id_ecdsa-cert type -1
debug1: identity file /home/folaht/.ssh/id_ed25519 type 3
debug1: identity file /home/folaht/.ssh/id_ed25519-cert type -1
debug1: identity file /home/folaht/.ssh/id_xmss type -1
debug1: identity file /home/folaht/.ssh/id_xmss-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_8.0
debug1: Remote protocol version 2.0, remote software version OpenSSH_7.4p1 Debian-10+deb9u6
debug1: match: OpenSSH_7.4p1 Debian-10+deb9u6 pat OpenSSH_7.0*,OpenSSH_7.1*,OpenSSH_7.2*,OpenSSH_7.3*,OpenSSH_7.4*,OpenSSH_7.5*,OpenSSH_7.6*,OpenSSH_7.7* compat 0x04000002
debug1: Authenticating to yropeehn:22 as 'admin'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: curve25519-sha256
debug1: kex: host key algorithm: ecdsa-sha2-nistp256
debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:zmeHMN/qXwXICPTWJrJ2Zuf8ej8q+iFeG6hfTTmKmZU
debug1: Host 'yropeehn' is known and matches the ECDSA host key.
debug1: Found key in /home/folaht/.ssh/known_hosts:8
debug1: rekey out after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey in after 134217728 blocks
debug1: Will attempt key: /home/folaht/.ssh/id_rsa
debug1: Will attempt key: /home/folaht/.ssh/id_dsa
debug1: Will attempt key: /home/folaht/.ssh/id_ecdsa
debug1: Will attempt key: /home/folaht/.ssh/id_ed25519 ED25519 SHA256:XOHJ5HAEr+AF/ruPpxu5UhpM6XIN/3ZSKeOiMgFdb+s
debug1: Will attempt key: /home/folaht/.ssh/id_xmss
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<ssh-ed25519,ssh-rsa,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521>
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Trying private key: /home/folaht/.ssh/id_rsa
debug1: Trying private key: /home/folaht/.ssh/id_dsa
debug1: Trying private key: /home/folaht/.ssh/id_ecdsa
debug1: Offering public key: /home/folaht/.ssh/id_ed25519 ED25519 SHA256:XOHJ5HAEr+AF/ruPpxu5UhpM6XIN/3ZSKeOiMgFdb+s
debug1: Authentications that can continue: publickey
debug1: Trying private key: /home/folaht/.ssh/id_xmss
debug1: No more authentication methods to try.
admin@yropeehn: Permission denied (publickey).
/etc/ssh/sshd_config
$ cat /etc/ssh/sshd_config
# Package generated configuration file
# See the sshd_config(5) manpage for details
# What ports, IPs and protocols we listen for
Port 22
# Use these options to restrict which interfaces/protocols sshd will bind to
#ListenAddress ::
#ListenAddress 0.0.0.0
#ListenAddress 192.168.1.4
Protocol 2
# HostKeys for protocol version 2
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_dsa_key
HostKey /etc/ssh/ssh_host_ecdsa_key
HostKey /etc/ssh/ssh_host_ed25519_key
#Privilege Separation is turned on for security
UsePrivilegeSeparation yes
# Lifetime and size of ephemeral version 1 server key
KeyRegenerationInterval 3600
ServerKeyBits 1024
# Logging
SyslogFacility AUTH
LogLevel INFO
# Authentication:
LoginGraceTime 120
PermitRootLogin no
StrictModes yes
RSAAuthentication yes
PubkeyAuthentication yes
#AuthorizedKeysFile %h/.ssh/authorized_keys
# Don't read the user's ~/.rhosts and ~/.shosts files
IgnoreRhosts yes
# For this to work you will also need host keys in /etc/ssh_known_hosts
RhostsRSAAuthentication no
# similar for protocol version 2
HostbasedAuthentication no
# Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication
#IgnoreUserKnownHosts yes
# To enable empty passwords, change to yes (NOT RECOMMENDED)
PermitEmptyPasswords no
# Change to yes to enable challenge-response passwords (beware issues with
# some PAM modules and threads)
ChallengeResponseAuthentication no
# Change to no to disable tunnelled clear text passwords
PasswordAuthentication no
# Kerberos options
#KerberosAuthentication no
#KerberosGetAFSToken no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes
# GSSAPI options
#GSSAPIAuthentication no
#GSSAPICleanupCredentials yes
X11Forwarding yes
X11DisplayOffset 10
PrintMotd no
PrintLastLog yes
TCPKeepAlive yes
#UseLogin no
#MaxStartups 10:30:60
#Banner /etc/issue.net
# Allow client to pass locale environment variables
AcceptEnv LANG LC_*
Subsystem sftp /usr/lib/openssh/sftp-server
# Set this to 'yes' to enable PAM authentication, account processing,
# and session processing. If this is enabled, PAM authentication will
# be allowed through the ChallengeResponseAuthentication and
# PasswordAuthentication. Depending on your PAM configuration,
# PAM authentication via ChallengeResponseAuthentication may bypass
# the setting of "PermitRootLogin without-password".
# If you just want the PAM account and session checks to run without
# PAM authentication, then enable this but set PasswordAuthentication
# and ChallengeResponseAuthentication to 'no'.
UsePAM yes
AllowUsers folaht admin
[maj #1]
Aujourd’hui, ça marche soudainement.
Cependant, cela s’est déjà produit auparavant.
Si cela continue de fonctionner pendant les trois prochaines semaines, je vais clore ce fil de discussion.
[maj #2]
Et aujourd’hui, ça ne marche plus.