Un servidor de backuppc puede iniciar sesión en máquinas remotas como root y hacer una copia de seguridad de ellas, pero si inicio sesión como usuario de backuppc e intento ingresar a estas máquinas con la misma clave, la clave se rechaza con el siguiente resultado de depuración:
OpenSSH_5.3p1, OpenSSL 1.0.1e-fips 11 Feb 2013
debug1: Reading configuration data /var/lib/BackupPC/.ssh/config
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug2: ssh_connect: needpriv 0
debug1: Connecting to XXX.XXXXXX.com [XX.XXX.XX.XX] port 222.
debug1: Connection established.
debug1: identity file /var/lib/BackupPC/.ssh/identity type -1
debug1: identity file /var/lib/BackupPC/.ssh/identity-cert type -1
debug3: Not a RSA1 key file /var/lib/BackupPC/.ssh/id_rsa.
debug2: key_type_from_name: unknown key type '-----BEGIN'
debug3: key_read: missing keytype
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug2: key_type_from_name: unknown key type '-----END'
debug3: key_read: missing keytype
debug1: identity file /var/lib/BackupPC/.ssh/id_rsa type 1
debug1: identity file /var/lib/BackupPC/.ssh/id_rsa-cert type -1
debug1: identity file /var/lib/BackupPC/.ssh/id_dsa type -1
debug1: identity file /var/lib/BackupPC/.ssh/id_dsa-cert type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_6.1
debug1: match: OpenSSH_6.1 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.3
debug2: fd 3 setting O_NONBLOCK
debug1: SSH2_MSG_KEXINIT sent
debug3: Wrote 960 bytes for a total of 981
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa-cert-v01@openssh.com,ssh-dss-cert-v01@openssh.com,ssh-rsa-cert-v00@openssh.com,ssh-dss-cert-v00@openssh.com,ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: kex_parse_kexinit: ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib@openssh.com
debug2: kex_parse_kexinit: none,zlib@openssh.com
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: mac_setup: found hmac-md5
debug1: kex: server->client aes128-ctr hmac-md5 none
debug2: mac_setup: found hmac-md5
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug3: Wrote 24 bytes for a total of 1005
debug2: dh_gen_key: priv key bits set: 126/256
debug2: bits set: 1007/2048
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug3: Wrote 272 bytes for a total of 1277
debug3: put_host_port: [XX.XXX.XX.XX]:222
debug3: put_host_port: [XXX.XXXXX.com]:222
debug3: check_host_in_hostfile: host [XXX.XXXXX.com]:222 filename /var/lib/BackupPC/.ssh/known_hosts
debug3: check_host_in_hostfile: host [XXX.XXXXX.com]:222 filename /var/lib/BackupPC/.ssh/known_hosts
debug3: check_host_in_hostfile: match line 69
debug3: check_host_in_hostfile: host [XX.XXX.XXX.XXX]:222 filename /var/lib/BackupPC/.ssh/known_hosts
debug3: check_host_in_hostfile: host [XX.XXX.XXX.XXX]:222 filename /var/lib/BackupPC/.ssh/known_hosts
debug3: check_host_in_hostfile: match line 69
debug1: Host '[XXX.XXXXX.com]:222' is known and matches the RSA host key.
debug1: Found key in /var/lib/BackupPC/.ssh/known_hosts:69
debug2: bits set: 1045/2048
debug1: ssh_rsa_verify: signature correct
debug2: kex_derive_keys
debug2: set_newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug3: Wrote 16 bytes for a total of 1293
debug2: set_newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug3: Wrote 48 bytes for a total of 1341
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug2: key: /var/lib/BackupPC/.ssh/identity ((nil))
debug2: key: /var/lib/BackupPC/.ssh/id_rsa (0x7fdc6b7a4330)
debug2: key: /var/lib/BackupPC/.ssh/id_dsa ((nil))
debug3: Wrote 64 bytes for a total of 1405
Connection closed by XX.XXX.XXX.XXX
Sé que es una buena idea verificar los permisos de ~/.ssh
la máquina en la que estoy iniciando sesión, pero mi problema es que no puedo acceder a ella. En la máquina que estoy tratando de iniciar sesión en la remota, aquí están los permisos en el .ssh
directorio configurado 600
.
drwx------ 2 backuppc backuppc 115 Jul 18 09:50 .
drwxr-x--- 9 backuppc root 125 May 12 19:23 ..
-rw------- 1 backuppc backuppc 0 Jul 17 14:24 authorized_keys
-rw-r--r-- 1 backuppc backuppc 199 May 12 18:30 config
-rw------- 1 backuppc backuppc 1.7K Oct 7 2012 id_rsa
-rw------- 1 backuppc backuppc 413 Oct 7 2012 id_rsa.pub
-rw-r--r-- 1 backuppc backuppc 28K Jul 17 14:18 known_hosts
/etc/hosts.allow
y /etc/hosts.deny
no han sido alterados.
La clave tampoco debería haber cambiado desde que se creó y no se almacenó en el formato incorrecto, ya que esta máquina la ha utilizado durante años sin problemas. Hasta ahora, he reiniciado el sistema con la esperanza de ayudar a solucionarlo, pero no sé qué hacer, ya que generar una nueva clave no es realmente una opción, ya que estas máquinas están muy lejos. ¿Alguien sabe lo que debo hacer?
Cualquier consejo sería muy apreciado. Gracias por adelantado.