J'ai une machine de bureau chez moi qui s'est transformée en un serveur SSH Ubuntu (bureau 14 LTS) en utilisant OPENssh. Je peux SSH dans ma machine localement en utilisant l'authentification par clé publique (& PuTTY à partir de mon ordinateur portable win8.1) et former en dehors de mon LAN sans problèmes. J'essaie de créer un tunnel SSH (port dynamique vers l'avant) vers mon PC à la maison, mais je continue de recevoir des erreurs lors de la tentative de connexion. J'ai suivi cet article: https://help.ubuntu.com/community/SSH/OpenSSH/PortForwarding et j'ai consulté beaucoup d'autres.
Après ma connexion SSH à mon PC personnel, je m'authentifie en appelant la commande
ssh -D 1080 Dell
* Dell est le nom de mon ordinateur portable Windows 8.1 que j'utilise avec PuTTY pour me connecter à mon serveur SSH
Si je suis sur mon LAN, j'obtiens une erreur après l'expiration de la connexion qui indique
ssh: connect to Host Dell port 22: Connection timed out
Donc, lors de mes tests, j'ai essayé de me connecter en dehors de mon réseau domestique et j'ai reçu une erreur similaire
ssh: connect to Host Dell port 22: No rout to Host
J'ai aussi essayé
ssh -D 1080 [email protected]
Cela me donnera une erreur d'authentification. Si je dis "oui" pour me connecter, je reçois une "autorisation refusée (publickey)". Erreur
À ce stade, je ne sais pas si ma syntaxe est correcte dans ma commande ssh -D ou si mon problème est ailleurs. J'ai également vérifié mon fichier sshd_config et j'ai mon fichier de configuration configuré avec AllowTcpForwarding oui et X11Forwarding oui
Toute aide au diagnostic de ce problème est grandement appréciée!
EDIT: j'ai pu obtenir ma connexion au travail en utilisant ssh -D 1080 [email protected]
une fois que j'ai configuré PuTTY correctement. J'utilisais Pageant pour me connecter initialement et puisque je n'ai pas spécifié à PuTTY où ma clé publique était l'authentification pour la redirection de port dynamique échouait.
Cependant, je ne parviens toujours pas à établir une connexion en tunnel. Je continue de recevoir des erreurs: tunnel device open failed. Could not request tunnel forwarding.
Je continue de regarder mes fichiers ssh_config & sshd_config et je ne trouve aucun problème ...
Voici mon journal de ssh -vvv -D 1080 utilisateur @ IP
OpenSSH_6.6.1, OpenSSL 1.0.1f 6 Jan 2014
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug2: ssh_connect: needpriv 0
debug1: Connecting to 107.000.000.000 [107.000.000.000] port 22.
debug1: Connection established.
debug1: could not open key file '/etc/ssh/ssh_Host_key': No such file or directory
debug1: could not open key file '/etc/ssh/ssh_Host_dsa_key': Permission denied
debug1: could not open key file '/etc/ssh/ssh_Host_ecdsa_key': Permission denied
debug1: could not open key file '/etc/ssh/ssh_Host_rsa_key': Permission denied
debug1: could not open key file '/etc/ssh/ssh_Host_ed25519_key': Permission denied
debug1: could not open key file '/etc/ssh/ssh_Host_dsa_key': Permission denied
debug1: could not open key file '/etc/ssh/ssh_Host_ecdsa_key': Permission denied
debug1: could not open key file '/etc/ssh/ssh_Host_rsa_key': Permission denied
debug1: could not open key file '/etc/ssh/ssh_Host_ed25519_key': Permission denied
debug1: identity file /home/arron/.ssh/id_rsa type -1
debug1: identity file /home/arron/.ssh/id_rsa-cert type -1
debug1: identity file /home/arron/.ssh/id_dsa type -1
debug1: identity file /home/arron/.ssh/id_dsa-cert type -1
debug1: identity file /home/arron/.ssh/id_ecdsa type -1
debug1: identity file /home/arron/.ssh/id_ecdsa-cert type -1
debug1: identity file /home/arron/.ssh/id_ed25519 type -1
debug1: identity file /home/arron/.ssh/id_ed25519-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.6.1p1 Ubuntu-2ubuntu2
debug1: Remote protocol version 2.0, remote software version OpenSSH_6.6.1p1 Ubuntu-2ubuntu2
debug1: match: OpenSSH_6.6.1p1 Ubuntu-2ubuntu2 pat OpenSSH_6.6.1* compat 0x04000000
debug2: fd 3 setting O_NONBLOCK
debug3: load_hostkeys: loading entries for Host "107.000.000.000" from file "/home/arron/.ssh/known_hosts"
debug3: load_hostkeys: found key type ECDSA in file /home/arron/.ssh/known_hosts:4
debug3: load_hostkeys: loaded 1 keys
debug3: order_hostkeyalgs: prefer hostkeyalgs: [email protected],[email protected],[email protected],ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit: [email protected],ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: [email protected],[email protected],[email protected],ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,[email protected],[email protected],[email protected],[email protected],[email protected],ssh-ed25519,ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,[email protected],[email protected],[email protected],aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,[email protected]
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,[email protected],[email protected],[email protected],aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,[email protected]
debug2: kex_parse_kexinit: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-md5,hmac-sha1,[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,[email protected],hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-md5,hmac-sha1,[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,[email protected],hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,[email protected],zlib
debug2: kex_parse_kexinit: none,[email protected],zlib
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: kex_parse_kexinit: [email protected],ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss,ecdsa-sha2-nistp256,ssh-ed25519
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,[email protected],[email protected],[email protected],aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,[email protected]
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,[email protected],[email protected],[email protected],aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,[email protected]
debug2: kex_parse_kexinit: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-md5,hmac-sha1,[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,[email protected],hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-md5,hmac-sha1,[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,[email protected],hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,[email protected]
debug2: kex_parse_kexinit: none,[email protected]
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: mac_setup: setup [email protected]
debug1: kex: server->client aes128-ctr [email protected] none
debug2: mac_setup: setup [email protected]
debug1: kex: client->server aes128-ctr [email protected] none
debug1: sending SSH2_MSG_KEX_ECDH_INIT
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server Host key: ECDSA 89:59:45:3f:70:e.......................
debug3: load_hostkeys: loading entries for Host "107.000.000.000" from file "/home/arron/.ssh/known_hosts"
debug3: load_hostkeys: found key type ECDSA in file /home/arron/.ssh/known_hosts:4
debug3: load_hostkeys: loaded 1 keys
debug1: Host '107.000.000.000' is known and matches the ECDSA Host key.
debug1: Found key in /home/arron/.ssh/known_hosts:4
debug1: ssh_ecdsa_verify: signature correct
debug2: kex_derive_keys
debug2: set_newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug2: set_newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug2: key: rsa-key-20150212 (0x7f44db1a8d40),
debug2: key: /home/arron/.ssh/id_rsa ((nil)),
debug2: key: /home/arron/.ssh/id_dsa ((nil)),
debug2: key: /home/arron/.ssh/id_ecdsa ((nil)),
debug2: key: /home/arron/.ssh/id_ed25519 ((nil)),
debug1: Authentications that can continue: publickey
debug3: start over, passed a different list publickey
debug3: preferred gssapi-keyex,gssapi-with-mic,publickey,keyboard-interactive
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Offering RSA public key: rsa-key-20150212
debug3: send_pubkey_test
debug2: we sent a publickey packet, wait for reply
debug1: Server accepts key: pkalg ssh-rsa blen 533
debug2: input_userauth_pk_ok: fp 95:3b:a0:0f:4d:b6:09:3.....................
debug3: sign_and_send_pubkey: RSA 95:3b:a0:0f:4d:b6:09:3.......................
debug1: Authentication succeeded (publickey).
Authenticated to 107.000.000.000 ([107.000.000.000]:22).
debug1: Local connections to LOCALHOST:1080 forwarded to remote address socks:0
debug3: channel_setup_fwd_listener: type 2 wildcard 0 addr NULL
debug3: sock_set_v6only: set socket 4 IPV6_V6ONLY
debug1: Local forwarding listening on ::1 port 1080.
debug2: fd 4 setting O_NONBLOCK
debug3: fd 4 is O_NONBLOCK
debug1: channel 0: new [port listener]
debug1: Local forwarding listening on 127.0.0.1 port 1080.
debug2: fd 5 setting O_NONBLOCK
debug3: fd 5 is O_NONBLOCK
debug1: channel 1: new [port listener]
debug1: Requesting tun unit 2147483647 in mode 1
debug1: sys_tun_open: failed to configure tunnel (mode 1): Operation not permitted
Tunnel device open failed.
Could not request tunnel forwarding.
debug1: channel 2: new [client-session]
debug3: ssh_session2_open: channel_new: 2
debug2: channel 2: send open
debug1: Requesting [email protected]
debug1: Entering interactive session.
debug2: callback start
debug1: Requesting authentication agent forwarding.
debug2: channel 2: request [email protected] confirm 0
debug2: fd 3 setting TCP_NODELAY
debug3: packet_set_tos: set IP_TOS 0x10
debug2: client_session2_setup: id 2
debug2: channel 2: request pty-req confirm 1
debug1: Sending environment.
debug3: Ignored env XDG_SESSION_ID
debug3: Ignored env TERM
debug3: Ignored env Shell
debug3: Ignored env SSH_CLIENT
debug3: Ignored env SSH_TTY
debug3: Ignored env USER
debug3: Ignored env LS_COLORS
debug3: Ignored env SSH_AUTH_SOCK
debug3: Ignored env MAIL
debug3: Ignored env PATH
debug3: Ignored env QT_QPA_PLATFORMTHEME
debug3: Ignored env PWD
debug1: Sending env LANG = en_US.UTF-8
debug2: channel 2: request env confirm 0
debug3: Ignored env SHLVL
debug3: Ignored env HOME
debug3: Ignored env LOGNAME
debug3: Ignored env SSH_CONNECTION
debug3: Ignored env LESSOPEN
debug3: Ignored env XDG_RUNTIME_DIR
debug3: Ignored env LESSCLOSE
debug3: Ignored env _
debug2: channel 2: request Shell confirm 1
debug2: callback done
debug2: channel 2: open confirm rwindow 0 rmax 32768
debug2: channel_input_status_confirm: type 99 id 2
debug2: PTY allocation request accepted on channel 2
debug2: channel 2: rcvd adjust 2097152
debug2: channel_input_status_confirm: type 99 id 2
debug2: Shell request accepted on channel 2