Autorisation refusée (publickey, clavier interactif)

Question

J'ai essayé de me connecter au noeud Planetlab en utilisant ssh. Cela me renvoie une erreur comme Permission denied (publickey, keyboard-interactive). Qu'est-ce que ça veut dire? Voici le verbose de l'exception.

> OpenSSH_5.1p1 Debian-5ubuntu1, OpenSSL > 0.9.8g 19 Oct 2007 debug1: Reading configuration data /etc/ssh/ssh_config > debug1: Applying options for * debug2: > ssh_connect: needpriv 0 debug1: > Connecting to planetlab1.csee.usf.edu > [131.247.2.241] port 22. debug1: > Connection established. debug1: > permanently_set_uid: 0/0 debug3: Not a > RSA1 key file /home/keven/.ssh/id_rsa. > debug2: key_type_from_name: unknown > key type '-----BEGIN' debug3: > key_read: missing keytype debug2: > key_type_from_name: unknown key type > 'Proc-Type:' debug3: key_read: missing > keytype debug2: key_type_from_name: > unknown key type 'DEK-Info:' debug3: > key_read: missing keytype debug3: > key_read: missing whitespace debug3: > key_read: missing whitespace debug3: > key_read: missing whitespace debug3: > key_read: missing whitespace debug3: > key_read: missing whitespace debug3: > key_read: missing whitespace debug3: > key_read: missing whitespace debug3: > key_read: missing whitespace debug3: > key_read: missing whitespace debug3: > key_read: missing whitespace debug3: > key_read: missing whitespace debug3: > key_read: missing whitespace debug3: > key_read: missing whitespace debug3: > key_read: missing whitespace debug3: > key_read: missing whitespace debug3: > key_read: missing whitespace debug3: > key_read: missing whitespace debug3: > key_read: missing whitespace debug3: > key_read: missing whitespace debug3: > key_read: missing whitespace debug3: > key_read: missing whitespace debug3: > key_read: missing whitespace debug3: > key_read: missing whitespace debug3: > key_read: missing whitespace debug3: > key_read: missing whitespace debug2: > key_type_from_name: unknown key type > '-----END' debug3: key_read: missing > keytype debug1: identity file > /home/keven/.ssh/id_rsa type 1 debug1: > Checking blacklist file > /usr/share/ssh/blacklist.RSA-2048 > debug1: Checking blacklist file > /etc/ssh/blacklist.RSA-2048 debug1: > Remote protocol version 2.0, remote > software version OpenSSH_4.7 debug1: > match: OpenSSH_4.7 pat OpenSSH_4* > debug1: Enabling compatibility mode > for protocol 2.0 debug1: Local version > string SSH-2.0-OpenSSH_5.1p1 > Debian-5ubuntu1 debug2: fd 3 setting > O_NONBLOCK debug1: SSH2_MSG_KEXINIT > sent debug1: SSH2_MSG_KEXINIT received > debug2: kex_parse_kexinit: > diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1 > debug2: kex_parse_kexinit: > ssh-rsa,ssh-dss debug2: > kex_parse_kexinit: > aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr > debug2: kex_parse_kexinit: > aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr > debug2: kex_parse_kexinit: > hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96 > debug2: kex_parse_kexinit: > hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96 > debug2: kex_parse_kexinit: > none,zlib@openssh.com,zlib debug2: > kex_parse_kexinit: > none,zlib@openssh.com,zlib debug2: > kex_parse_kexinit: debug2: > kex_parse_kexinit: debug2: > kex_parse_kexinit: first_kex_follows 0 > debug2: kex_parse_kexinit: reserved 0 > debug2: kex_parse_kexinit: > diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1 > debug2: kex_parse_kexinit: > ssh-rsa,ssh-dss debug2: > kex_parse_kexinit: > aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr > debug2: kex_parse_kexinit: > aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr > debug2: kex_parse_kexinit: > hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96 > debug2: kex_parse_kexinit: > hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96 > debug2: kex_parse_kexinit: > none,zlib@openssh.com debug2: > kex_parse_kexinit: > none,zlib@openssh.com debug2: > kex_parse_kexinit: debug2: > kex_parse_kexinit: debug2: > kex_parse_kexinit: first_kex_follows 0 > debug2: kex_parse_kexinit: reserved 0 > debug2: mac_setup: found hmac-md5 > debug1: kex: server->client aes128-cbc > hmac-md5 none debug2: mac_setup: found > hmac-md5 debug1: kex: client->server > aes128-cbc hmac-md5 none debug1: > SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) > sent debug1: expecting > SSH2_MSG_KEX_DH_GEX_GROUP debug2: > dh_gen_key: priv key bits set: 128/256 > debug2: bits set: 508/1024 debug1: > SSH2_MSG_KEX_DH_GEX_INIT sent debug1: > expecting SSH2_MSG_KEX_DH_GEX_REPLY > debug3: check_Host_in_hostfile: > filename /root/.ssh/known_hosts > debug3: check_Host_in_hostfile: match > line 1 debug3: check_Host_in_hostfile: > filename /root/.ssh/known_hosts > debug3: check_Host_in_hostfile: match > line 2 debug1: Host > 'planetlab1.csee.usf.edu' is known and > matches the RSA Host key. debug1: > Found key in /root/.ssh/known_hosts:1 > debug2: bits set: 535/1024 debug1: > ssh_rsa_verify: signature correct > debug2: kex_derive_keys debug2: > set_newkeys: mode 1 debug1: > SSH2_MSG_NEWKEYS sent debug1: > expecting SSH2_MSG_NEWKEYS debug2: > set_newkeys: mode 0 debug1: > SSH2_MSG_NEWKEYS received debug1: > SSH2_MSG_SERVICE_REQUEST sent debug2: > service_accept: ssh-userauth debug1: > SSH2_MSG_SERVICE_ACCEPT received > debug2: key: /home/keven/.ssh/id_rsa > (0xb80c9878) debug1: Authentications > that can continue: > publickey,keyboard-interactive debug3: > start over, passed a different list > publickey,keyboard-interactive debug3: > preferred > gssapi-keyex,gssapi-with-mic,gssapi,publickey,keyboard-interactive,password > debug3: authmethod_lookup publickey > debug3: remaining preferred: > keyboard-interactive,password debug3: > authmethod_is_enabled publickey > debug1: Next authentication method: > publickey debug1: Offering public key: > /home/keven/.ssh/id_rsa debug3: > send_pubkey_test debug2: we sent a > publickey packet, wait for reply > debug1: Authentications that can > continue: > publickey,keyboard-interactive debug2: > we did not send a packet, disable > method debug3: authmethod_lookup > keyboard-interactive debug3: remaining > preferred: password debug3: > authmethod_is_enabled > keyboard-interactive debug1: Next > authentication method: > keyboard-interactive debug2: > userauth_kbdint debug2: we sent a > keyboard-interactive packet, wait for > reply debug1: Authentications that can > continue: > publickey,keyboard-interactive debug3: > userauth_kbdint: disable: no > info_req_seen debug2: we did not send > a packet, disable method debug1: No > more authentication methods to try. > Permission denied > (publickey,keyboard-interactive).

d&#233;o · Answer

Vous voudrez peut-être vérifier deux fois les autorisations du fichier allowed_keys:

$ chmod 600 ~/.ssh/authorized_keys

Les versions les plus récentes du serveur SSH sont très pointilleuses à cet égard.

Geir Freysson · Answer

Vous devez changer le sshd_config fichier dans le serveur distant (probablement dans /etc/ssh/sshd_config).

Changement

PasswordAuthentication no

à

PasswordAuthentication yes

Et puis redémarrez le démon sshd.

ire_and_curses · Answer

Le serveur essaie d'abord de vous authentifier avec une clé publique. Cela ne fonctionne pas (je suppose que vous n'en avez pas encore créé un), alors il revient alors à "clavier interactif". Il devrait ensuite vous demander un mot de passe, ce qui, vraisemblablement, ne vous convient pas. Avez-vous vu une invite de mot de passe?