前提・実現したいこと
Hostbased認証を勉強しています。そのためDocker上でOpenSSHをインストールして試しているのですが、ログインできません。(パスワード認証を要求されてしまう)
どこを勘違いしているのでしょうか?
デバッグログ中
userauth_hostbased mismatch: client sends 9fa175232c9f, but we resolve 192.168.10.20 to 192.168.10.20 # ここが怪しい
とでてるのですが、clientは自分のIPAddressを送信しないものなのでしょうか?
発生している問題・エラーメッセージ
Server
1/etc/ssh # /usr/sbin/sshd -d -D 2debug1: sshd version OpenSSH_8.0, OpenSSL 1.1.1c 28 May 2019 3debug1: private host key #0: ssh-rsa 4・・・略・・・ 5debug1: KEX done [preauth] 6debug1: userauth-request for user admin service ssh-connection method none [preauth] 7debug1: attempt 0 failures 0 [preauth] 8debug1: userauth-request for user admin service ssh-connection method hostbased [preauth] 9debug1: attempt 1 failures 0 [preauth] 10debug1: userauth_hostbased: cuser root chost 9fa175232c9f. pkalg ssh-rsa slen 399 [preauth] 11userauth_hostbased mismatch: client sends 9fa175232c9f, but we resolve 192.168.10.20 to 192.168.10.20 # ここが怪しい 12debug1: temporarily_use_uid: 1000/1000 (e=0/0) 13debug1: restore_uid: 0/0 14debug1: fd 4 clearing O_NONBLOCK 15debug1: temporarily_use_uid: 1000/1000 (e=0/0) 16debug1: restore_uid: 0/0 17Failed hostbased for admin from 192.168.10.20 port 55040 ssh2: RSA SHA256:IXkKXewxqQEuyx+D19Wu1ofyJnDyDuUFH1TraLiVIcQ, client user "root", client host "9fa175232c9f" 18debug1: userauth-request for user admin service ssh-connection method keyboard-interactive [preauth] 19debug1: attempt 2 failures 1 [preauth] 20debug1: keyboard-interactive devs [preauth] 21debug1: auth2_challenge: user=admin devs= [preauth] 22debug1: kbdint_alloc: devices '' [preauth]
client
1/ # ssh -vvv admin@192.168.10.10 2OpenSSH_8.0p1, OpenSSL 1.1.1c 28 May 2019 3debug1: Reading configuration data /etc/ssh/ssh_config 4debug2: resolve_canonicalize: hostname 192.168.10.10 is address 5debug2: ssh_connect_direct 6debug1: Connecting to 192.168.10.10 [192.168.10.10] port 22. 7debug1: Connection established. 8debug1: identity file /root/.ssh/id_rsa type -1 9・・・略・・・ 10debug1: identity file /root/.ssh/id_xmss-cert type -1 11debug1: Local version string SSH-2.0-OpenSSH_8.0 12debug1: Remote protocol version 2.0, remote software version OpenSSH_8.0 13debug1: match: OpenSSH_8.0 pat OpenSSH* compat 0x04000000 14debug2: fd 3 setting O_NONBLOCK 15debug1: Authenticating to 192.168.10.10:22 as 'admin' 16・・・略・・・ 17The authenticity of host '192.168.10.10 (192.168.10.10)' can't be established. 18RSA key fingerprint is SHA256:tCV0uu1AF49M7qi/9jdl2B76Nx5C81rUd93ZmzJci9s. 19Are you sure you want to continue connecting (yes/no/[fingerprint])? yes 20Warning: Permanently added '192.168.10.10' (RSA) to the list of known hosts. 21debug3: send packet: type 21 22debug2: set_newkeys: mode 1 23debug1: rekey out after 134217728 blocks 24debug1: SSH2_MSG_NEWKEYS sent 25debug1: expecting SSH2_MSG_NEWKEYS 26debug3: receive packet: type 21 27debug1: SSH2_MSG_NEWKEYS received 28debug2: set_newkeys: mode 0 29debug1: rekey in after 134217728 blocks 30debug1: Will attempt key: /root/.ssh/id_rsa 31・・・略・・・ 32debug1: Will attempt key: /root/.ssh/id_xmss 33debug2: pubkey_prepare: done 34debug3: send packet: type 5 35debug3: receive packet: type 7 36debug1: SSH2_MSG_EXT_INFO received 37debug1: kex_input_ext_info: server-sig-algs=<ssh-ed25519,ssh-rsa,rsa-sha2-256,rsa-sha2-512,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521> 38debug3: receive packet: type 6 39debug2: service_accept: ssh-userauth 40debug1: SSH2_MSG_SERVICE_ACCEPT received 41debug3: send packet: type 50 42debug3: receive packet: type 51 43debug1: Authentications that can continue: publickey,password,keyboard-interactive,hostbased 44debug3: start over, passed a different list publickey,password,keyboard-interactive,hostbased 45debug3: preferred hostbased,publickey,keyboard-interactive,password 46debug3: authmethod_lookup hostbased 47debug3: remaining preferred: publickey,keyboard-interactive,password 48debug3: authmethod_is_enabled hostbased 49debug1: Next authentication method: hostbased 50debug3: userauth_hostbased: trying key type ecdsa-sha2-nistp256-cert-v01@openssh.com 51debug3: userauth_hostbased: trying key type ecdsa-sha2-nistp384-cert-v01@openssh.com 52・・・略・・・ 53debug3: userauth_hostbased: trying key type rsa-sha2-256 54debug3: userauth_hostbased: trying key type ssh-rsa 55debug1: userauth_hostbased: trying hostkey ssh-rsa SHA256:IXkKXewxqQEuyx+D19Wu1ofyJnDyDuUFH1TraLiVIcQ 56debug2: userauth_hostbased: chost 9fa175232c9f. 57debug3: ssh_msg_send: type 2 58debug3: ssh_msg_recv entering 59debug3: ssh_keysign: [child] pid=11, exec /usr/lib/ssh/ssh-keysign 60debug3: send packet: type 50 61debug2: we sent a hostbased packet, wait for reply 62debug3: receive packet: type 51 63debug1: Authentications that can continue: publickey,password,keyboard-interactive,hostbased 64debug3: userauth_hostbased: trying key type ssh-rsa 65debug3: userauth_hostbased: trying key type ecdsa-sha2-nistp256-cert-v01@openssh.com 66・・・略・・・ 67debug3: userauth_hostbased: trying key type rsa-sha2-256 68debug3: userauth_hostbased: trying key type ssh-rsa 69debug1: No more client hostkeys for hostbased authentication. 70debug2: we did not send a packet, disable method 71debug3: authmethod_lookup publickey 72debug3: remaining preferred: keyboard-interactive,password 73debug3: authmethod_is_enabled publickey 74debug1: Next authentication method: publickey 75debug1: Trying private key: /root/.ssh/id_rsa 76debug3: no such identity: /root/.ssh/id_rsa: No such file or directory 77debug1: Trying private key: /root/.ssh/id_dsa 78debug3: no such identity: /root/.ssh/id_dsa: No such file or directory 79・・・略・・・ 80debug1: Trying private key: /root/.ssh/id_xmss 81debug3: no such identity: /root/.ssh/id_xmss: No such file or directory 82debug2: we did not send a packet, disable method 83debug3: authmethod_lookup keyboard-interactive 84debug3: remaining preferred: password 85debug3: authmethod_is_enabled keyboard-interactive 86debug1: Next authentication method: keyboard-interactive 87debug2: userauth_kbdint 88debug3: send packet: type 50 89debug2: we sent a keyboard-interactive packet, wait for reply 90debug3: receive packet: type 51 91debug1: Authentications that can continue: publickey,password,keyboard-interactive,hostbased 92debug3: userauth_kbdint: disable: no info_req_seen 93debug2: we did not send a packet, disable method 94debug3: authmethod_lookup password 95debug3: remaining preferred: 96debug3: authmethod_is_enabled password 97debug1: Next authentication method: password 98admin@192.168.10.10's password:
該当のソースコード
Dockerfile
1FROM alpine:latest 2 3RUN apk --no-cache update && apk --no-cache upgrade && apk --no-cache add openssh openrc openssh-keysign &&\ 4 mkdir -p ~/.ssh &&\ 5 adduser -D admin && echo 'admin:password' | chpasswd && \ 6 sed -i -e 's!#(HostbasedAuthentication).*!\1 yes!' /etc/ssh/sshd_config &&\ 7 sed -i -e 's!#(HostKey /etc/ssh/ssh_host_rsa_key)!\1!' /etc/ssh/sshd_config &&\ 8 sed -i -e 's!#(IgnoreRhosts).*!\1 yes!' /etc/ssh/sshd_config &&\ 9 sed -i -e 's!#(IgnoreUserKnownHosts).*!\1 yes!' /etc/ssh/sshd_config &&\ 10 sed -i -e 's!#(PermitRootLogin).*!\1 yes!' /etc/ssh/sshd_config &&\ 11 sed -i -e 's!#(UseDNS).*!\1 no!' /etc/ssh/sshd_config &&\ 12 sed -i -e 's!# Host *!HostbasedAuthentication yes\n&!' /etc/ssh/ssh_config &&\ 13 sed -i -e 's!# Host *!EnableSSHKeysign yes\n&!' /etc/ssh/ssh_config &&\ 14 /sbin/rc-update add sshd default
試したこと
まずdocker network create --subnet=192.168.10.0/24 mynet
でネットワークを作っておきます。
上記のDockerfileでdocker build -t sshd .
としたのち
docker run -it --name slave --net mynet --ip 192.168.10.20 sshd sh
docker run -it --name master --net myna --ip 192.168.10.10 sshd sh
でコンテナを作っておき
slaveとmasterでそれぞれ
ssh-keygen -t rsa -N '' -C '' -f /etc/ssh/ssh_host_rsa_key
をして
slaveのssh_host_rsa_key.pub
をコピーしてmaterの/etc/ssh/ssh_known_hosts
にペーストしました。
また/etc/ssh/shosts.equiv
に
192.168.10.20
192.168.10.20 +
192.168.10.20 admin
を書き込んであります。(念のため複数の記法を)
sshd_configでは
HostbasedAuthentication yes HostKey /etc/ssh/ssh_host_rsa_key IgnoreRhosts yes IgnoreUserKnownHosts yes PermitRootLogin yes UseDNS no
ssh_config
HostbasedAuthentication yes EnableSSHKeysign yes # Host *
になってるのを確認しました。
master で /usr/sbin/sshd -d -D
としたあと
slave でssh -vvv admin@192.168.10.10
で通信をはじめてます
補足情報(FW/ツールのバージョンなど)
Dockerにアタッチしてsshしているので、rootユーザになってます。rootユーザーではうまくいかないとどこかで読んだので無理やりadminユーザーを作成してログインしようともしています。
Docker for Mac 2.1.0.1
OpenSSH_8.0p1, OpenSSL 1.1.1c(デバッグログのとおりです)
Linux 200a0d20715c 4.9.184-linuxkit (Alpine Linux)
回答1件
あなたの回答
tips
プレビュー
バッドをするには、ログインかつ
こちらの条件を満たす必要があります。
2019/08/24 12:37 編集
2019/08/25 06:36