ssh sur cygwin fonctionne localement mais pas à distance

0

J'essaie d'utiliser cygwin sshd pour me connecter à une machine virtuelle Windows 8. Je l'ai installé et il semble fonctionner correctement. Localement - c’est-à-dire dans un terminal cygwin sur la machine Windows - si je ssh à localhost cela fonctionne correctement. À distance - depuis une autre machine - cela échoue.

Le problème semble être lié au nom d'utilisateur. L'utilisateur est 'ingres' et est un utilisateur local de la machine (MASPA05-VM01). Cependant, la machine fait partie d'un domaine et l'entrée / etc / password ressemble à ceci:

    MASPA05-VM01+ingres:*:...

Quand je ssh localement, il me demande mon mot de passe et je le sais et ça marche. Si je le fais à distance en tant que 'ingres', c'est-à-dire que ssh ingres @ maspa05-vm01, il me demande un mot de passe mais le rejette. Si j'utilise le nom d'utilisateur complet selon / etc / passwd (ssh MASPA05-VM01 + ingres @ maspa05-vm01), il se déconnecte immédiatement.

Voici la sortie ssh -vvv:

OpenSSH_6.1p1, OpenSSL 1.0.1e 11 Feb 2013
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 20: Applying options for *
debug2: ssh_connect: needpriv 0
debug1: Connecting to maspa05-vm01 [10.100.11.139] port 22.
debug1: Connection established.
debug3: Incorrect RSA1 identifier
debug3: Could not load "/devsrc/home_ingres/.ssh/id_rsa" as a RSA1 public key
debug1: identity file /devsrc/home_ingres/.ssh/id_rsa type 1
debug1: identity file /devsrc/home_ingres/.ssh/id_rsa-cert type -1
debug1: identity file /devsrc/home_ingres/.ssh/id_dsa type -1
debug1: identity file /devsrc/home_ingres/.ssh/id_dsa-cert type -1
debug1: identity file /devsrc/home_ingres/.ssh/id_ecdsa type -1
debug1: identity file /devsrc/home_ingres/.ssh/id_ecdsa-cert type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_7.2
debug1: match: OpenSSH_7.2 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.1
debug2: fd 3 setting O_NONBLOCK
debug3: load_hostkeys: loading entries for host "maspa05-vm01" from file "/devsrc/home_ingres/.ssh/known_hosts"
debug3: load_hostkeys: found key type ECDSA in file /devsrc/home_ingres/.ssh/known_hosts:1
debug3: load_hostkeys: loaded 1 keys
debug3: order_hostkeyalgs: prefer hostkeyalgs: [email protected],[email protected],[email protected],ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit: ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: [email protected],[email protected],[email protected],ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,[email protected],[email protected],[email protected],[email protected],ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,[email protected]
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,[email protected]
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,[email protected],hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,[email protected],hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,[email protected],hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,[email protected],hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,[email protected],zlib
debug2: kex_parse_kexinit: none,[email protected],zlib
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: kex_parse_kexinit: [email protected],ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1
debug2: kex_parse_kexinit: ssh-rsa,rsa-sha2-512,rsa-sha2-256,ecdsa-sha2-nistp256,ssh-ed25519
debug2: kex_parse_kexinit: [email protected],aes128-ctr,aes192-ctr,aes256-ctr,[email protected],[email protected]
debug2: kex_parse_kexinit: [email protected],aes128-ctr,aes192-ctr,aes256-ctr,[email protected],[email protected]
debug2: kex_parse_kexinit: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: kex_parse_kexinit: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: kex_parse_kexinit: none,[email protected]
debug2: kex_parse_kexinit: none,[email protected]
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: mac_setup: found hmac-sha1
debug1: kex: server->client aes128-ctr hmac-sha1 none
debug2: mac_setup: found hmac-sha1
debug1: kex: client->server aes128-ctr hmac-sha1 none
debug1: sending SSH2_MSG_KEX_ECDH_INIT
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ECDSA 50:8d:52:92:a7:ee:8a:cc:d5:28:4d:de:27:e1:12:c9
debug3: load_hostkeys: loading entries for host "maspa05-vm01" from file "/devsrc/home_ingres/.ssh/known_hosts"
debug3: load_hostkeys: found key type ECDSA in file /devsrc/home_ingres/.ssh/known_hosts:1
debug3: load_hostkeys: loaded 1 keys
debug3: load_hostkeys: loading entries for host "10.100.11.139" from file "/devsrc/home_ingres/.ssh/known_hosts"
debug3: load_hostkeys: found key type ECDSA in file /devsrc/home_ingres/.ssh/known_hosts:2
debug3: load_hostkeys: loaded 1 keys
debug1: Host 'maspa05-vm01' is known and matches the ECDSA host key.
debug1: Found key in /devsrc/home_ingres/.ssh/known_hosts:1
debug1: ssh_ecdsa_verify: signature correct
debug2: kex_derive_keys
debug2: set_newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug2: set_newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug2: key: /devsrc/home_ingres/.ssh/id_rsa (0xb7d030b8)
debug2: key: /devsrc/home_ingres/.ssh/id_dsa ((nil))
debug2: key: /devsrc/home_ingres/.ssh/id_ecdsa ((nil))
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug3: start over, passed a different list publickey,password,keyboard-interactive
debug3: preferred publickey,keyboard-interactive,password
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /devsrc/home_ingres/.ssh/id_rsa
debug3: send_pubkey_test
debug2: we sent a publickey packet, wait for reply
Connection closed by 10.100.11.139

J'ai essayé d'utiliser une clé publique mais cela pose le même problème. Quelqu'un peut-il suggérer une voie à suivre?

UPDATE: Voici la sortie du journal sshd (observateur d'événements)

The description for Event ID 0 from source sshd cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer.

If the event originated on another computer, the display information had to be saved with the event.

The following information was included with the event: 

sshd: PID 2400: fatal: seteuid 197611: Operation not permitted

Ce qui implique que le processus sshd manque d'autorisations. Cependant, il fonctionne en tant que compte SYSTEM.

PaulM
la source
Avez-vous consulté le journal sur le serveur sshd?
matzeri

Réponses:

0

OK alors l'erreur seteuid m'a mis sur le bon chemin. J'avais essayé d'exécuter ssh-host-config plusieurs fois pour le recréer, mais il ne l'a pas fait. J'ai donc finalement supprimé le service (cygrunsrv --remove sshd) et je l'ai réexécuté. J'ai ensuite relancé ssh-host-config et créé l'utilisateur. Même s'il vous demandait un mot de passe, je devais définir le mot de passe à partir de Gestion de l'ordinateur avant le démarrage du service.

En tout cas maintenant ça marche.

PaulM
la source