1

Итак, у меня есть следующие настройки:

Давайте дадим следующие обозначения:

  • M1 = Debian
  • M2 = Windows
  • M3 = арка

Куда:

  • M1 = nemexis@192.168.2.1 aka nemexis @ ServerVM
  • M3 = pi@192.168.2.101 aka pi @ R1

Если я ssh от M2 до M3 и затем пытаюсь ssh к M1 оттуда и дать ему правильный пароль, то он дает мне:

pi@R1 ~ $ sudo ssh -v 
nemexis@192.168.2.1 OpenSSH_6.0p1 Debian-4, OpenSSL 1.0.1e 11 Feb 2013 
debug1: Reading configuration data /etc/ssh/ssh_config 
debug1: /etc/ssh/ssh_config line 19: Applying options for * 
debug1: Connecting to 192.168.2.1 [192.168.2.1] port 22. 
debug1: Connection established. 
debug1: permanently_set_uid: 0/0 
debug1: identity file /root/.ssh/id_rsa type -1 
debug1: identity file /root/.ssh/id_rsa-cert type -1 
debug1: identity file /root/.ssh/id_dsa type -1 
debug1: identity file /root/.ssh/id_dsa-cert type -1 
debug1: identity file /root/.ssh/id_ecdsa type -1 
debug1: identity file /root/.ssh/id_ecdsa-cert type -1 
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.3 
debug1: match: OpenSSH_5.3 pat OpenSSH_5* 
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.0p1 Debian-4 
debug1: SSH2_MSG_KEXINIT sent 
debug1: SSH2_MSG_KEXINIT received 
debug1: kex: server->client aes128-ctr hmac-md5 none 
debug1: kex: client->server aes128-ctr hmac-md5 none 
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent 
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP 
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent 
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY 
debug1: Server host key: RSA 62:4d:da:1c:e8:86:f0:de:f9:1c:4c:ca:90:51:d9:7b 
debug1: Host '192.168.2.1' is known and matches the RSA host key. 
debug1: Found key in /root/.ssh/known_hosts:1 
debug1: ssh_rsa_verify: signature correct 
debug1: SSH2_MSG_NEWKEYS sent 
debug1: expecting SSH2_MSG_NEWKEYS 
debug1: SSH2_MSG_NEWKEYS received 
debug1: Roaming not allowed by server 
debug1: SSH2_MSG_SERVICE_REQUEST sent 
debug1: SSH2_MSG_SERVICE_ACCEPT received 
debug1: Authentications that can continue: publickey,password,keyboard-interactive 
debug1: Next authentication method: publickey 
debug1: Trying private key: /root/.ssh/id_rsa 
debug1: Trying private key: /root/.ssh/id_dsa 
debug1: Trying private key: /root/.ssh/id_ecdsa 
debug1: Next authentication method: keyboard-interactive 
debug1: Authentications that can continue: publickey,password,keyboard-interactive 
debug1: Next authentication method: password 
nemexis@192.168.2.1's password: 
debug1: Authentications that can continue: publickey,password,keyboard-interactive   
Permission denied, please try again. 
nemexis@192.168.2.1's password:

Но если я попытаюсь выполнить ssh из M1 в M3, а затем попытаться выполнить ssh обратно в M1, тогда я получу:

nemexis@ServerVM:~$ sudo ssh -v pi@192.168.2.101

pi@R1 ~ $ ssh -v nemexis@192.168.2.1
OpenSSH_6.0p1 Debian-4, OpenSSL 1.0.1e 11 Feb 2013
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug1: Connecting to 192.168.2.1 [192.168.2.1] port 22.
debug1: connect to address 192.168.2.1 port 22: Connection refused
ssh: connect to host 192.168.2.1 port 22: Connection refused

Файл конфигурации /etc/pam.d/sshd :

# PAM configuration for the Secure Shell service

# Read environment variables from /etc/environment and
# /etc/security/pam_env.conf.
auth required pam_env.so # [1]
# In Debian 4.0 (etch), locale-related environment variables were moved to
# /etc/default/locale, so read that as well.
auth required pam_env.so envfile=/etc/default/locale

# Standard Un*x authentication.
@include common-auth

# Disallow non-root logins when /etc/nologin exists.
#account required pam_nologin.so

# Uncomment and edit /etc/security/access.conf if you need to set complex
# access limits that are hard to express in sshd_config.
# account required pam_access.so

# Standard Un*x authorization.
@include common-account

#Standard Un*x session setup and teardown.
@include common-session

# Print the message of the day upon successful login.
# This includes a dynamically generated part from /run/motd.dynamic
# and a static (admin-editable) part from /etc/motd.
session optional pam_motd.so motd=/run/motd.dynamic noupdate
session optional pam_motd.so # [1]

# Print the status of the user's mailbox upon successful login.
session optional pam_mail.so standard noenv # [1]

# Set up user limits from /etc/security/limits.conf.
session required pam_limits.so

# Set up SELinux capabilities (need modified pam)
# session required pam_selinux.so multiple

# Standard Un*x password updating.
@include common-password

auth sufficient pam_permit.so

и /var/log/auth.log гласит:

Nov 23 10:32:25 ServerVM gdm3][3937]: pam_unix(gdm3:session): session opened for user nemexis by (uid=0)
Nov 23 10:32:25 ServerVM gdm3][3937]: pam_ck_connector(gdm3:session): nox11 mode, ignoring PAM_TTY :0
Nov 23 10:32:25 ServerVM gdm-welcome][2916]: pam_unix(gdm-welcome:session): session closed for user Debian-gdm
Nov 23 10:32:25 ServerVM polkitd(authority=local): Unregistered Authentication Agent for unix-session:/org/freedesktop/ConsoleKit/Session1 (system bus name :1.29, object path /org/gnome/PolicyKit1/AuthenticationAgent, locale en_US.UTF-8) (disconnected from bus)
Nov 23 10:32:37 ServerVM sshd[4537]: Server listening on 0.0.0.0 port 22.
Nov 23 10:32:37 ServerVM sshd[4537]: Server listening on :: port 22.
Nov 23 10:32:49 ServerVM polkitd(authority=local): Registered Authentication Agent for unix-session:/org/freedesktop/ConsoleKit/Session2 (system bus name :1.50 [/usr/lib/policykit-1-gnome/polkit-gnome-authentication-agent-1], object path /org/gnome/PolicyKit1/AuthenticationAgent, locale en_US.UTF-8)
Nov 23 10:33:02 ServerVM CRON[4800]: pam_unix(cron:session): session opened for user Debian-exim by (uid=0)
Nov 23 10:33:04 ServerVM CRON[4800]: pam_unix(cron:session): session closed for user Debian-exim
Nov 23 10:33:50 ServerVM sudo: nemexis : TTY=pts/0 ; PWD=/home/nemexis ; USER=root ; COMMAND=/usr/bin/ssh -v pi@192.168.2.101
Nov 23 10:33:50 ServerVM sudo: pam_unix(sudo:session): session opened for user root by nemexis(uid=0)
Nov 23 10:35:01 ServerVM CRON[4918]: pam_unix(cron:session): session opened for user root by (uid=0)
Nov 23 10:35:01 ServerVM CRON[4918]: pam_unix(cron:session): session closed for user root
Nov 23 10:36:37 ServerVM sudo: nemexis : TTY=pts/1 ; PWD=/var/log ; USER=root ; COMMAND=/usr/bin/gedit auth.log
Nov 23 10:36:37 ServerVM sudo: pam_unix(sudo:session): session opened for user root by nemexis(uid=0)

То, что я когда-либо пробовал, кажется, я не могу ssh к M1 от M3. У меня есть смутное предчувствие, что в этом виновата М3, но я не уверен.

0