Q&A
TeratermでVMware Workstation player上に構築したVM上に公開鍵認証でログインしたいのですが、ログインできません。
PW方式ではログインできるのですが、以下のようにエラーが出ます。
SSH2秘密鍵の読み込みに失敗しました
error:00000000:lib(0):func(0):reason(0)
エラーが表示されている画面です。
〇試したこと
・rootではなく、一般ユーザのホームディレクトリにも上記と同様に公開鍵を配置
・ユーザー名を空白、認証方式を「~鍵を使う」だけにチェックしOKを押下
・秘密鍵をTeratermフォルダに配置
設定ファイルやパーミッションは以下の通りです。
[root@server /]# ls -la ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ drwxr-xr-x. 4 root root 219 12月 2 17:01 root ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
[root@server ~]# ls -la ~~~~~~~~~~~~~~~~~~~~~~ drwxr-xr-x. 2 root root 29 12月 2 17:02 .ssh ~~~~~~~~~~~~~~~~~~~~~~
[root@server .ssh]# ls -la 合計 4 drwx------ 2 root root 29 12月 2 17:02 . dr-xr-x---. 4 root root 219 12月 2 17:01 .. drwxr-xr-x. 1 root root 403 12月 2 16:57 authorized_keys
[root@server /]# cat /etc/ssh/sshd_config # $OpenBSD: sshd_config,v 1.100 2016/08/15 12:32:04 naddy Exp $ # This is the sshd server system-wide configuration file. See # sshd_config(5) for more information. # This sshd was compiled with PATH=/usr/local/bin:/usr/bin # The strategy used for options in the default sshd_config shipped with # OpenSSH is to specify options with their default value where # possible, but leave them commented. Uncommented options override the # default value. # If you want to change the port on a SELinux system, you have to tell # SELinux about this change. # semanage port -a -t ssh_port_t -p tcp #PORTNUMBER # #Port 22 #AddressFamily any #ListenAddress 0.0.0.0 #ListenAddress :: HostKey /etc/ssh/ssh_host_rsa_key #HostKey /etc/ssh/ssh_host_dsa_key HostKey /etc/ssh/ssh_host_ecdsa_key HostKey /etc/ssh/ssh_host_ed25519_key # Ciphers and keying #RekeyLimit default none # Logging #SyslogFacility AUTH SyslogFacility AUTHPRIV #LogLevel INFO # Authentication: #LoginGraceTime 2m PermitRootLogin yes #StrictModes yes #MaxAuthTries 6 #MaxSessions 10 PubkeyAuthentication yes # The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2 # but this is overridden so installations will only check .ssh/authorized_keys AuthorizedKeysFile .ssh/authorized_keys #AuthorizedPrincipalsFile none #AuthorizedKeysCommand none #AuthorizedKeysCommandUser nobody # For this to work you will also need host keys in /etc/ssh/ssh_known_hosts #HostbasedAuthentication no # Change to yes if you don't trust ~/.ssh/known_hosts for # HostbasedAuthentication #IgnoreUserKnownHosts no # Don't read the user's ~/.rhosts and ~/.shosts files #IgnoreRhosts yes # To disable tunneled clear text passwords, change to no here! #PasswordAuthentication yes #PermitEmptyPasswords no PasswordAuthentication yes # Change to no to disable s/key passwords #ChallengeResponseAuthentication yes ChallengeResponseAuthentication no # Kerberos options #KerberosAuthentication no #KerberosOrLocalPasswd yes #KerberosTicketCleanup yes #KerberosGetAFSToken no #KerberosUseKuserok yes # GSSAPI options GSSAPIAuthentication yes GSSAPICleanupCredentials no #GSSAPIStrictAcceptorCheck yes #GSSAPIKeyExchange no #GSSAPIEnablek5users no # Set this to 'yes' to enable PAM authentication, account processing, # and session processing. If this is enabled, PAM authentication will # be allowed through the ChallengeResponseAuthentication and # PasswordAuthentication. Depending on your PAM configuration, # PAM authentication via ChallengeResponseAuthentication may bypass # the setting of "PermitRootLogin without-password". # If you just want the PAM account and session checks to run without # PAM authentication, then enable this but set PasswordAuthentication # and ChallengeResponseAuthentication to 'no'. # WARNING: 'UsePAM no' is not supported in Red Hat Enterprise Linux and may cause several # problems. UsePAM yes #AllowAgentForwarding yes #AllowTcpForwarding yes #GatewayPorts no X11Forwarding yes #X11DisplayOffset 10 #X11UseLocalhost yes #PermitTTY yes #PrintMotd yes #PrintLastLog yes #TCPKeepAlive yes #UseLogin no #UsePrivilegeSeparation sandbox #PermitUserEnvironment no #Compression delayed #ClientAliveInterval 0 #ClientAliveCountMax 3 #ShowPatchLevel no #UseDNS yes #PidFile /var/run/sshd.pid #MaxStartups 10:30:100 #PermitTunnel no #ChrootDirectory none #VersionAddendum none # no default banner path #Banner none # Accept locale-related environment variables AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE AcceptEnv XMODIFIERS # override default of no subsystems Subsystem sftp /usr/libexec/openssh/sftp-server # Example of overriding settings on a per-user basis #Match User anoncvs # X11Forwarding no # AllowTcpForwarding no # PermitTTY no # ForceCommand cvs server
[root@server .ssh]# cat authorized_keys ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAynMEGrI0vrJ0wxjHPjAn8yCx/ArusbixN0CjmkbeerX5tBisZssm+m3MU0vOXUtWu0YHl9env4eNGbEnXu5fzeXi/c1nQSIBEolh3KhLj6br3pwFQtqzfd6+v0kDTdTUC8KIjUtcI3xJrVLcxHbxe1gMW+XgM14nctbZ3DCIL+oDxm+Awcm/kMnGglXae5bq0/hNWEqFecOVPSVqF6WakYQ2Soneew5vTou0FP79v/E/xVUyaKwUhyayypie08jPtqXm9ke6VBKK1zJeX4YA4XXEiy9wJBocz6CxRjoOTPgSOrPeThwgm5rB89T594TKxjZxJAZezzdR9dSTaebxJw== [ユーザ名]@[パソコン名]
※秘密鍵の中身 -----BEGIN OPENSSH PRIVATE KEY----- b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jYmMAAAAGYmNyeXB0AAAAGAAAABAgkrS1Gi 3eM3YcutlB/5oUAAAAEAAAAAEAAAEVAAAAB3NzaC1yc2EAAAABIwAAAQEAynMEGrI0vrJ0 wxjHPjAn8yCx/ArusbixN0CjmkbeerX5tBisZssm+m3MU0vOXUtWu0YHl9env4eNGbEnXu 5fzeXi/c1nQSIBEolh3KhLj6br3pwFQtqzfd6+v0kDTdTUC8KIjUtcI3xJrVLcxHbxe1gM W+XgM14nctbZ3DCIL+oDxm+Awcm/kMnGglXae5bq0/hNWEqFecOVPSVqF6WakYQ2Soneew 5vTou0FP79v/E/xVUyaKwUhyayypie08jPtqXm9ke6VBKK1zJeX4YA4XXEiy9wJBocz6Cx RjoOTPgSOrPeThwgm5rB89T594TKxjZxJAZezzdR9dSTaebxJwAAA9APn8la2t9PcVTMua AVOJcMZ8hO8qOueTL06krD7rdHMZoiAUztcMit1GCB1tmsB6MqAdVC+koVysUQSLA7qj8P Gk42heBIfavStrOguIFSNXLCeTkI3LggnJRMmNZS44t/1jlkfM1hTHp798wOVY5DmmfnP9 xRTXOOasV6bYHaxli5dhsgCYjchmKI2lMbMnaO3s3XgVJxLuyy+dHRGwrmNXY/aTn8FQ7d 9LobfRfGJjmzTwBP0vKXbo1wCoNELd3uAZncgGk4ISLaVDoGfKvpXDyUzm870/5SKunD2f 4qMnmAMgOVpnNZvCp4GP/TMFQPKcAZ6KyXHrGEkatLRfpcA6O55FC48LUKNMkbaPZZowjU AG9qXCvpZQuQOLJHNTtS0pI07y43afsebZNcUhfbTzOk29TFvukJ5qYqKxN7CtkzfPtTW5 i9BpWaSufTu6hf+gIsnE9/Kacrw5iX1IbIgEaT6L5FncFz6V1V2RaNO7gmnIAbDfVXuiY2 ssTLXz4R7pASiAfMjvBvu56+jHUIDOcvCa8E42TlkHE5ZxN6wF1UOQjGkpEHoO5UQ1sxyK cQtAOcTpdH4y3gma6J7eVRlPdVeVXvoZ+150p49wgr5W3K6ETaHAgyCJ4qmG9OZBMg7jbZ uXvpgzu83F2ZVzfByiS3QDZtodWRDgvuGStYtxm10DiSMMxYbB4eabgRw67rw5CauFMTL2 +RLXHBQar6DHeviQOJjAJwAK1JwFCN+vCNiKN0f84UBazOUBqEY8alaQt0/YrwsVpEkkZr qmz60pdB7DtTMvuNqLhvIHZluOCQxVs0Nhqyzkto+BMZLKtd1qXPd4pNlpeIRfOqDpbl84 o7XNaS6xs7PKeJXl95/K1b92G4yaJ7NXJsPlgT2uZPHxE1Yzvz8A7zVXAT/jbrCnGt79M3 faL22YN1sqBgBUYeHCSnBJtHUfHJaYwCvcegt9U+ZHFcmMU6bCg9kUTBCDOy2z8U+8AggH f61NgQySR/2+LuUR8+sLl2DE7TZRZMLJubVczDkiDjf4CE5wo1GqGrzEthiicDk1pKoaeR szrGDG16sQq+3rgb47i+5Fy3SfNc6xlkOwzWdi2jLjMJfNpaNR6UUbC2vtHcxUM69JQ/lF CZqC0aK5bBBJhe+wU4E2k5mAI6VtB5p4I6TipROlXdNzuJeVlgfwNkKqxswgsQiW/dq5VC GUQxHhX2tKfVE4U3hhCUzZUPAlNRDd2oO7+oWfshg/OZD+xSpeezafPdHYnOKf/dfdzqBw zxAnglF0ah0f7jzOYcqMuBoVdg -----END OPENSSH PRIVATE KEY-----
お手数ですが、ご教示お願い致します。
回答1件
0
ベストアンサー
秘密鍵の読み込みに失敗しているので、その段階で、公開鍵やサーバー側設定について調べるのは無意味です。
秘密鍵にパスフレーズが付いているのでは?
あと、サーバー側の.sshディレクトリ以下のパーミッションが変です。公開鍵しか置いてないのでとりあえずは多分大丈夫なはずですが、秘密鍵を置く場合は自分自身以外から読み書きできないようにする必要があります。
投稿2021/12/02 10:27
編集2021/12/02 12:29
総合スコア85901
あなたの回答
tips
プレビュー
バッドをするには、ログインかつ
こちらの条件を満たす必要があります。
2021/12/02 10:59
2021/12/02 11:04
2021/12/02 11:59 編集
2021/12/02 12:28