API tools faq
paste
Guest User

Untitled

a guest
Apr 23rd, 2018
126
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 11.12 KB | None | 0 0
raw download clone embed print report
  1. ssh-keygen -t rsa # generate ssh key
  2.  
  3. cat /etc/ssh/sshd_config
  4.  
  5. # Package generated configuration file
  6. # See the sshd_config(5) manpage for details
  7.  
  8. # What ports, IPs and protocols we listen for
  9. Port 22
  10. # Use these options to restrict which interfaces/protocols sshd will bind to
  11. #ListenAddress ::
  12. #ListenAddress 0.0.0.0
  13. Protocol 2
  14. # HostKeys for protocol version 2
  15. HostKey /etc/ssh/ssh_host_rsa_key
  16. HostKey /etc/ssh/ssh_host_dsa_key
  17. HostKey /etc/ssh/ssh_host_ecdsa_key
  18. HostKey /etc/ssh/ssh_host_ed25519_key
  19. #Privilege Separation is turned on for security
  20. UsePrivilegeSeparation yes
  21.  
  22. # Lifetime and size of ephemeral version 1 server key
  23. KeyRegenerationInterval 3600
  24. ServerKeyBits 1024
  25.  
  26.  
  27. # Logging
  28. SyslogFacility AUTH
  29. LogLevel DEBUG3
  30.  
  31. # Authentication:
  32. LoginGraceTime 120
  33. PermitRootLogin yes
  34. StrictModes yes
  35.  
  36. RSAAuthentication yes
  37. PubkeyAuthentication yes
  38. AuthorizedKeysFile /etc/ssh/keys/%u/autherized_keys2
  39.  
  40. # Don't read the user's ~/.rhosts and ~/.shosts files
  41. IgnoreRhosts yes
  42. # For this to work you will also need host keys in /etc/ssh_known_hosts
  43. RhostsRSAAuthentication no
  44. # similar for protocol version 2
  45. HostbasedAuthentication no
  46. # Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication
  47. #IgnoreUserKnownHosts yes
  48.  
  49. # To enable empty passwords, change to yes (NOT RECOMMENDED)
  50. PermitEmptyPasswords no
  51.  
  52. # Change to yes to enable challenge-response passwords (beware issues with
  53. # some PAM modules and threads)
  54. ChallengeResponseAuthentication no
  55.  
  56. # Change to no to disable tunnelled clear text passwords
  57. PasswordAuthentication yes
  58.  
  59. # Kerberos options
  60. #KerberosAuthentication no
  61. #KerberosGetAFSToken no
  62. #KerberosOrLocalPasswd yes
  63. #KerberosTicketCleanup yes
  64.  
  65. # GSSAPI options
  66. #GSSAPIAuthentication no
  67. #GSSAPICleanupCredentials yes
  68.  
  69. X11Forwarding yes
  70. X11DisplayOffset 10
  71. PrintMotd no
  72. PrintLastLog yes
  73. TCPKeepAlive yes
  74. #UseLogin no
  75.  
  76. #MaxStartups 10:30:60
  77. #Banner /etc/issue.net
  78.  
  79. # Allow client to pass locale environment variables
  80. AcceptEnv LANG LC_*
  81.  
  82. Subsystem sftp /usr/lib/openssh/sftp-server
  83.  
  84. # Set this to 'yes' to enable PAM authentication, account processing,
  85. # and session processing. If this is enabled, PAM authentication will
  86. # be allowed through the ChallengeResponseAuthentication and
  87. # PasswordAuthentication. Depending on your PAM configuration,
  88. # PAM authentication via ChallengeResponseAuthentication may bypass
  89. # the setting of "PermitRootLogin without-password".
  90. # If you just want the PAM account and session checks to run without
  91. # PAM authentication, then enable this but set PasswordAuthentication
  92. # and ChallengeResponseAuthentication to 'no'.
  93. UsePAM yes
  94.  
  95. Match User MyUser
  96. PasswordAuthentication no
  97. Match all
  98.  
  99. cat /etc/ssh/keys/MyUser/autherized_keys2
  100. ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDRcr3RQzythTCGfICWqMMGlPRLCBzZi9Wq/1+3+lhQofhcvj6p93/pXNR/SfeDYAnRa51MgU3nwa90CcJuNsZkUIY8PFStu0Uw3fkGkitpBJ10ACRyg4yMT0OGtDe5zOVJlkmZNNn5rAjYZ4xiTdZIZ55/UgMwTL2u7w+p0ET/ankajaW5KwuRdZLI4+PSZHJ94ZtvwyY8DEIDVYoIpp5j2m7QJCmrEc4PBWbxTExSQlD6ONwGlBECwCbxXE2jRBxu4Ox7m6XzKtlLytVOFX8g+K2tnyurYo0Nvi14GXweOdiYQtcbJYsh7QsfzH230yzxXT1MaOWaMzgXTO5WgusZ MyUser@Infra-L-Omer-a-Ubuntu
  101.  
  102. sudo ssh -vvv -2 -o StrictHostKeyChecking=no -i /home/MyUser/.ssh/id_rsa MyUser@***.**.**.** -p 555 # the command to log in [** is my IP]
  103.  
  104. OpenSSH_7.2p2 Ubuntu-4ubuntu2.1, OpenSSL 1.0.2g 1 Mar 2016
  105. debug1: Reading configuration data /etc/ssh/ssh_config
  106. debug1: /etc/ssh/ssh_config line 19: Applying options for *
  107. debug2: resolving "**.**.**.**" port 555
  108. debug2: ssh_connect_direct: needpriv 0
  109. debug1: Connecting to **.**.**.** [**.**.**.**] port 555.
  110. debug1: Connection established.
  111. debug1: identity file /home/MyUser/.ssh/id_rsa type 1
  112. debug1: key_load_public: No such file or directory
  113. debug1: identity file /home/MyUser/.ssh/id_rsa-cert type -1
  114. debug1: identity file /home/MyUser/.ssh/id_rsa type 1
  115. debug1: key_load_public: No such file or directory
  116. debug1: identity file /home/MyUser/.ssh/id_rsa-cert type -1
  117. debug1: Enabling compatibility mode for protocol 2.0
  118. debug1: Local version string SSH-2.0-OpenSSH_7.2p2 Ubuntu-4ubuntu2.1
  119. debug1: Remote protocol version 2.0, remote software version OpenSSH_7.2p2 Ubuntu-4ubuntu2.4
  120. debug1: match: OpenSSH_7.2p2 Ubuntu-4ubuntu2.4 pat OpenSSH* compat 0x04000000
  121. debug2: fd 3 setting O_NONBLOCK
  122. debug1: Authenticating to **.**.**.**:555 as 'MyUser'
  123. debug3: put_host_port: [**.**.**.**]:555
  124. debug3: hostkeys_foreach: reading file "/home/MyUser/.ssh/known_hosts"
  125. debug3: record_hostkey: found key type ECDSA in file /home/MyUser/.ssh/known_hosts:7
  126. debug3: load_hostkeys: loaded 1 keys from [**.**.**.**]:555
  127. debug3: order_hostkeyalgs: prefer hostkeyalgs: ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521
  128. debug3: send packet: type 20
  129. debug1: SSH2_MSG_KEXINIT sent
  130. debug3: receive packet: type 20
  131. debug1: SSH2_MSG_KEXINIT received
  132. debug2: local client KEXINIT proposal
  133. debug2: KEX algorithms: curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,ext-info-c
  134. debug2: host key algorithms: ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa
  135. debug2: ciphers ctos: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc,3des-cbc
  136. debug2: ciphers stoc: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc,3des-cbc
  137. debug2: MACs ctos: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
  138. debug2: MACs stoc: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
  139. debug2: compression ctos: none,zlib@openssh.com,zlib
  140. debug2: compression stoc: none,zlib@openssh.com,zlib
  141. debug2: languages ctos:
  142. debug2: languages stoc:
  143. debug2: first_kex_follows 0
  144. debug2: reserved 0
  145. debug2: peer server KEXINIT proposal
  146. debug2: KEX algorithms: curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1
  147. debug2: host key algorithms: ssh-rsa,rsa-sha2-512,rsa-sha2-256,ecdsa-sha2-nistp256,ssh-ed25519
  148. debug2: ciphers ctos: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
  149. debug2: ciphers stoc: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
  150. debug2: MACs ctos: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
  151. debug2: MACs stoc: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
  152. debug2: compression ctos: none,zlib@openssh.com
  153. debug2: compression stoc: none,zlib@openssh.com
  154. debug2: languages ctos:
  155. debug2: languages stoc:
  156. debug2: first_kex_follows 0
  157. debug2: reserved 0
  158. debug1: kex: algorithm: curve25519-sha256@libssh.org
  159. debug1: kex: host key algorithm: ecdsa-sha2-nistp256
  160. debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
  161. debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
  162. debug3: send packet: type 30
  163. debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
  164. debug3: receive packet: type 31
  165. debug1: Server host key: ecdsa-sha2-nistp256 SHA256:WOX/Lg+OQsBxFeIEh7jOZ/2005b4uVe+Ox/39/6MfCA
  166. debug3: put_host_port: [**.**.**.**]:555
  167. debug3: put_host_port: [**.**.**.**]:555
  168. debug3: hostkeys_foreach: reading file "/home/MyUser/.ssh/known_hosts"
  169. debug3: record_hostkey: found key type ECDSA in file /home/MyUser/.ssh/known_hosts:7
  170. debug3: load_hostkeys: loaded 1 keys from [**.**.**.**]:555
  171. debug3: hostkeys_foreach: reading file "/home/MyUser/.ssh/known_hosts"
  172. debug3: record_hostkey: found key type ECDSA in file /home/MyUser/.ssh/known_hosts:7
  173. debug3: load_hostkeys: loaded 1 keys from [**.**.**.**]:555
  174. @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
  175. @ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
  176. @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
  177. IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
  178. Someone could be eavesdropping on you right now (man-in-the-middle attack)!
  179. It is also possible that a host key has just been changed.
  180. The fingerprint for the ECDSA key sent by the remote host is
  181. SHA256:WOX/Lg+OQsBxFeIEh7jOZ/2005b4uVe+Ox/39/6MfCA.
  182. Please contact your system administrator.
  183. Add correct host key in /home/MyUser/.ssh/known_hosts to get rid of this message.
  184. Offending ECDSA key in /home/MyUser/.ssh/known_hosts:7
  185. remove with:
  186. ssh-keygen -f "/home/MyUser/.ssh/known_hosts" -R [**.**.**.**]:555
  187. Password authentication is disabled to avoid man-in-the-middle attacks.
  188. Keyboard-interactive authentication is disabled to avoid man-in-the-middle attacks.
  189. debug3: send packet: type 21
  190. debug2: set_newkeys: mode 1
  191. debug1: rekey after 134217728 blocks
  192. debug1: SSH2_MSG_NEWKEYS sent
  193. debug1: expecting SSH2_MSG_NEWKEYS
  194. debug3: receive packet: type 21
  195. debug2: set_newkeys: mode 0
  196. debug1: rekey after 134217728 blocks
  197. debug1: SSH2_MSG_NEWKEYS received
  198. debug2: key: /home/MyUser/.ssh/id_rsa (0x556c348b7200), explicit
  199. debug2: key: /home/MyUser/.ssh/id_rsa (0x556c34904110)
  200. debug3: send packet: type 5
  201. debug3: receive packet: type 7
  202. debug1: SSH2_MSG_EXT_INFO received
  203. debug1: kex_input_ext_info: server-sig-algs=<rsa-sha2-256,rsa-sha2-512>
  204. debug3: receive packet: type 6
  205. debug2: service_accept: ssh-userauth
  206. debug1: SSH2_MSG_SERVICE_ACCEPT received
  207. debug3: send packet: type 50
  208. debug3: receive packet: type 51
  209. debug1: Authentications that can continue: publickey
  210. debug3: start over, passed a different list publickey
  211. debug3: preferred gssapi-keyex,gssapi-with-mic,publickey
  212. debug3: authmethod_lookup publickey
  213. debug3: remaining preferred: ,gssapi-with-mic,publickey
  214. debug3: authmethod_is_enabled publickey
  215. debug1: Next authentication method: publickey
  216. debug1: Offering RSA public key: /home/MyUser/.ssh/id_rsa
  217. debug3: send_pubkey_test
  218. debug3: send packet: type 50
  219. debug2: we sent a publickey packet, wait for reply
  220. debug3: receive packet: type 51
  221. debug1: Authentications that can continue: publickey
  222. debug1: Offering RSA public key: /home/MyUser/.ssh/id_rsa
  223. debug3: send_pubkey_test
  224. debug3: send packet: type 50
  225. debug2: we sent a publickey packet, wait for reply
  226. debug3: receive packet: type 51
  227. debug1: Authentications that can continue: publickey
  228. debug2: we did not send a packet, disable method
  229. debug1: No more authentication methods to try.
  230. Permission denied (publickey).
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!