目录
kali ssh免密登录靶机 vulnix,kali公钥信息放到靶机authorized_keys中后仍提示要输密码,在此记录解决方案。
报错信息:
Could not load host key: /etc/ssh/ssh_host_rsa_key
Could not load host key: /etc/ssh/ssh_host_dsa_key
Could not load host key: /etc/ssh/ssh_host_ecdsa_key
1.ssh
-v输出ssh过程的信息,与正常免密登录不同的是,还是要提示输入密码,结尾出现信息:
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: password
┌──(root㉿wsec)-[/home/wsec/vulnix/nmap_result]
└─# ssh [email protected] -i /root/.ssh/id_rsa -o PubkeyAcceptedKeyTypes=+ssh-rsa -v
OpenSSH_9.3p2 Debian-1, OpenSSL 3.0.9 30 May 2023
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: include /etc/ssh/ssh_config.d/*.conf matched no files
debug1: /etc/ssh/ssh_config line 21: Applying options for *
debug1: Connecting to 192.168.80.177 [192.168.80.177] port 22.
debug1: Connection established.
debug1: identity file /root/.ssh/id_rsa type 0
debug1: identity file /root/.ssh/id_rsa-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_9.3p2 Debian-1
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.9p1 Debian-5ubuntu1
debug1: compat_banner: match: OpenSSH_5.9p1 Debian-5ubuntu1 pat OpenSSH_5* compat 0x0c000002
debug1: Authenticating to 192.168.80.177:22 as 'vulnix'
debug1: load_hostkeys: fopen /root/.ssh/known_hosts2: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts2: No such file or directory
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: ecdh-sha2-nistp256
debug1: kex: host key algorithm: ecdsa-sha2-nistp256
debug1: kex: server->client cipher: aes128-ctr MAC: [email protected] compression: none
debug1: kex: client->server cipher: aes128-ctr MAC: [email protected] compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: SSH2_MSG_KEX_ECDH_REPLY received
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:IGOuLMZRTuUvY58a8TN+ef/1zyRCAHk0qYP4wMViOAg
debug1: load_hostkeys: fopen /root/.ssh/known_hosts2: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts2: No such file or directory
debug1: Host '192.168.80.177' is known and matches the ECDSA host key.
debug1: Found key in /root/.ssh/known_hosts:1
debug1: rekey out after 4294967296 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey in after 4294967296 blocks
debug1: Will attempt key: /root/.ssh/id_rsa RSA SHA256:xsePVVaUFKhoWVauGIdyxsFs9eUsit4ez2/9VzZGT8A expli
cit
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: Offering public key: /root/.ssh/id_rsa RSA SHA256:xsePVVaUFKhoWVauGIdyxsFs9eUsit4ez2/9VzZGT8A ex
plicit
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: password
[email protected]'s password:
2.尝试调试,看错误信息回显
//kali
ssh host@ip -p 4444
//靶机
/usr/sbin/sshd -d -p 4444
看到了报错信息:
Could not load host key: /etc/ssh/ssh_host_rsa_key
Could not load host key: /etc/ssh/ssh_host_dsa_key
Could not load host key: /etc/ssh/ssh_host_ecdsa_key
┌──(root㉿wsec)-[/home/wsec/vulnix/nmap_result]
└─# ssh [email protected] -i /root/.ssh/id_rsa -o PubkeyAcceptedKeyTypes=+ssh-rsa -p 4444
ssh: connect to host 192.168.80.177 port 4444: Connection refused
vulnix@vulnix:~$ /usr/sbin/sshd -d -p 4444
debug1: sshd version OpenSSH_5.9p1 Debian-5ubuntu1
debug1: could not open key file '/etc/ssh/ssh_host_rsa_key': Permission denied
Could not load host key: /etc/ssh/ssh_host_rsa_key
debug1: could not open key file '/etc/ssh/ssh_host_dsa_key': Permission denied
Could not load host key: /etc/ssh/ssh_host_dsa_key
debug1: could not open key file '/etc/ssh/ssh_host_ecdsa_key': Permission denied
Could not load host key: /etc/ssh/ssh_host_ecdsa_key
debug1: setgroups() failed: Operation not permitted
debug1: rexec_argv[0]='/usr/sbin/sshd'
debug1: rexec_argv[1]='-d'
debug1: rexec_argv[2]='-p'
debug1: rexec_argv[3]='4444'
Set /proc/self/oom_score_adj from 0 to -1000
debug1: Bind to port 4444 on 0.0.0.0.
Server listening on 0.0.0.0 port 4444.
debug1: Bind to port 4444 on ::.
Server listening on :: port 4444.
debug1: Server will not fork when running in debugging mode.
debug1: rexec start in 5 out 5 newsock 5 pipe -1 sock 8
debug1: inetd sockets after dupping: 3, 3
Connection from 192.168.80.148 port 53916
debug1: Client protocol version 2.0; client software version OpenSSH_9.3p2 Debian-1
debug1: match: OpenSSH_9.3p2 Debian-1 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.9p1 Debian-5ubuntu1
debug1: list_hostkey_types: [preauth]
No supported key exchange algorithms [preauth]
debug1: do_cleanup [preauth]
debug1: do_cleanup
3.解决方法
kali重新生成密钥文件,重启sshd服务
ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key
ssh-keygen -t dsa -f /etc/ssh/ssh_host_dsa_key
ssh-keygen -t ecdsa -f /etc/ssh/ssh_host_ecdsa_key
ssh-keygen -t ed25519 -f /etc/ssh/ssh_host_ed25519_key
y 回车
systemctl restart sshd
4.成功
-v -vvv 查看一些调试信息
┌──(root㉿wsec)-[/home/wsec/vulnix/nmap_result]
└─# ssh [email protected] -i /root/.ssh/id_rsa -o PubkeyAcceptedKeyTypes=+ssh-rsa -v
OpenSSH_9.3p2 Debian-1, OpenSSL 3.0.9 30 May 2023
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: include /etc/ssh/ssh_config.d/*.conf matched no files
debug1: /etc/ssh/ssh_config line 21: Applying options for *
debug1: Connecting to 192.168.80.177 [192.168.80.177] port 22.
debug1: Connection established.
debug1: identity file /root/.ssh/id_rsa type 0
debug1: identity file /root/.ssh/id_rsa-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_9.3p2 Debian-1
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.9p1 Debian-5ubuntu1
debug1: compat_banner: match: OpenSSH_5.9p1 Debian-5ubuntu1 pat OpenSSH_5* compat 0x0c000002
debug1: Authenticating to 192.168.80.177:22 as 'vulnix'
debug1: load_hostkeys: fopen /root/.ssh/known_hosts2: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts2: No such file or directory
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: ecdh-sha2-nistp256
debug1: kex: host key algorithm: ecdsa-sha2-nistp256
debug1: kex: server->client cipher: aes128-ctr MAC: [email protected] compression: none
debug1: kex: client->server cipher: aes128-ctr MAC: [email protected] compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: SSH2_MSG_KEX_ECDH_REPLY received
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:IGOuLMZRTuUvY58a8TN+ef/1zyRCAHk0qYP4wMViOAg
debug1: load_hostkeys: fopen /root/.ssh/known_hosts2: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts2: No such file or directory
debug1: Host '192.168.80.177' is known and matches the ECDSA host key.
debug1: Found key in /root/.ssh/known_hosts:1
debug1: rekey out after 4294967296 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey in after 4294967296 blocks
debug1: Will attempt key: /root/.ssh/id_rsa RSA SHA256:xsePVVaUFKhoWVauGIdyxsFs9eUsit4ez2/9VzZGT8A explicit
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: Offering public key: /root/.ssh/id_rsa RSA SHA256:xsePVVaUFKhoWVauGIdyxsFs9eUsit4ez2/9VzZGT8A explicit
debug1: Server accepts key: /root/.ssh/id_rsa RSA SHA256:xsePVVaUFKhoWVauGIdyxsFs9eUsit4ez2/9VzZGT8A explicit
Authenticated to 192.168.80.177 ([192.168.80.177]:22) using "publickey".
debug1: channel 0: new session [client-session] (inactive timeout: 0)
debug1: Requesting [email protected]
debug1: Entering interactive session.
debug1: pledge: filesystem
debug1: Sending environment.
debug1: channel 0: setting env LANG = "zh_CN.UTF-8"
Welcome to Ubuntu 12.04.1 LTS (GNU/Linux 3.2.0-29-generic-pae i686)
* Documentation: https://help.ubuntu.com/
System information as of Sun Aug 13 14:43:16 BST 2023
System load: 0.0 Processes: 97
Usage of /: 85.4% of 773MB Users logged in: 2
Memory usage: 12% IP address for eth0: 192.168.80.177
Swap usage: 0%
=> / is using 85.4% of 773MB
Graph this data and manage this system at https://landscape.canonical.com/
Your Ubuntu release is not supported anymore.
For upgrade information, please visit:
http://www.ubuntu.com/releaseendoflife
New release '14.04.6 LTS' available.
Run 'do-release-upgrade' to upgrade to it.
Last login: Sun Aug 13 14:03:40 2023 from 192.168.80.148
vulnix@vulnix:~$
4.其他
chmod 700 /root/.ssh (或尝试755)
chmod 700 /root/.ssh/authorized_keys
chmod 600 /root/.ssh/id_rsa
chmod 600 /root/.ssh/id_rsa.pub
-o IdentitiesOnly=yes
-o HostKeyAlgorithms=+ssh-rsa
-o PubkeyAcceptedKeyTypes=+ssh-rsa
-o PubkeyAcceptedAlgorithms=+ssh-rsa
-o HostkeyAlgorithms=+ssh-rsa
标签:debug1,免密,排错,rsa,etc,host,ssh,key
From: https://www.cnblogs.com/wsec/p/17635994.html