Comments (8)
michalvasko
commented on August 18, 2024
What authentication method do you want to use? Whatever it is, it needs to be configured on both the server and the client. It seems the server has publickey authentication configured but the client has not, use auth keys add <public_key_path> <private_key_path> to add an SSH key pair in the client.
from netopeer2.
InterNALXz
commented on August 18, 2024
What authentication method do you want to use? Whatever it is, it needs to be configured on both the server and the client. It seems the server has
publickeyauthentication configured but the client has not, useauth keys add <public_key_path> <private_key_path>to add an SSH key pair in the client.
I add a private and public key like:
auth keys add /home/crcv/.ssh/id_rsa.pub /home/crcv/.ssh/id_rsa
And verb is:
ly VERBOSE: Searching for "ietf-inet-types" in "/home/crcv/work/3redparth/sysrepo/build/tests".
ly VERBOSE: Newer revision than "ietf-inet-types@2013-07-15" not found, using this as the latest revision.
ly VERBOSE: Searching for "ietf-yang-types" in "/home/crcv/work/3redparth/sysrepo/build/tests".
ly VERBOSE: Newer revision than "ietf-yang-types@2013-07-15" not found, using this as the latest revision.
And connect show:
nc VERBOSE: Publickey athentication.
nc VERBOSE: Trying to authenticate using pair "/home/crcv/.ssh/id_rsa" "/home/crcv/.ssh/id_rsa.pub".
[2024/07/31 08:35:09.222445, 3] ssh_key_algorithm_allowed: Checking rsa-sha2-512 with list <[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],ssh-ed25519,ecdsa-sha2-nistp521,ecdsa-sha2-nistp384,ecdsa-sha2-nistp256,[email protected],[email protected],rsa-sha2-512,rsa-sha2-256>
[2024/07/31 08:35:09.222455, 3] ssh_key_algorithm_allowed: Checking rsa-sha2-512 with list <[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],ssh-ed25519,ecdsa-sha2-nistp521,ecdsa-sha2-nistp384,ecdsa-sha2-nistp256,[email protected],[email protected],rsa-sha2-512,rsa-sha2-256>
[2024/07/31 08:35:09.222484, 3] ssh_socket_unbuffered_write: Enabling POLLOUT for socket
[2024/07/31 08:35:09.222492, 3] packet_send2: packet: wrote [type=50, len=352, padding_size=11, comp=340, payload=340]
[2024/07/31 08:35:09.222872, 3] ssh_packet_socket_callback: packet: read type 51 [len=24,padding=8,comp=15,payload=15]
[2024/07/31 08:35:09.222886, 3] ssh_packet_process: Dispatching handler for packet type 51
[2024/07/31 08:35:09.222891, 1] ssh_packet_userauth_failure: Access denied for 'publickey'. Authentication that can continue: publickey
[2024/07/31 08:35:09.222895, 2] ssh_packet_userauth_failure: Access denied for 'publickey'. Authentication that can continue: publickey
nc WARNING: Authentication denied.
Server show me:
[INF]: LN: User "crcv" tried to use an unknown (unauthorized) public key.
[INF]: LN: Failed user "crcv" authentication attempt (#1).
It's my operation wrong? before I did:
cat /home/crcv/.ssh/id_rsa.pub >> /root/.ssh/authorized_keys
My server used root to start.
My client is user crcv.
from netopeer2.
michalvasko
commented on August 18, 2024
By default, on netopeer2 make install, it should add server configuration that accepts user SSH keys stored in <home>/.ssh/id_rsa but it seems you are missing this configuration. Look into the example configuration and then configure it on the server using sysrepocfg(1).
from netopeer2.
InterNALXz
commented on August 18, 2024
By default, on netopeer2
make install, it should add server configuration that accepts user SSH keys stored in<home>/.ssh/id_rsabut it seems you are missing this configuration. Look into the example configuration and then configure it on the server usingsysrepocfg(1).
When I use sysrepocfg --edit=vim, res is:
<keystore xmlns="urn:ietf:params:xml:ns:yang:ietf-keystore">
<asymmetric-keys>
<asymmetric-key>
<name>genkey</name>
<public-key-format xmlns:ct="urn:ietf:params:xml:ns:yang:ietf-crypto-types">ct:ssh-public-key-format</public-key-format>
<private-key-format xmlns:ct="urn:ietf:params:xml:ns:yang:ietf-crypto-types">ct:rsa-private-key-format</private-key-format>
<cleartext-private-key>************************</cleartext-private-key>
</asymmetric-key>
</asymmetric-keys>
</keystore>
<netconf-server xmlns="urn:ietf:params:xml:ns:yang:ietf-netconf-server">
<listen>
<endpoints>
<endpoint>
<name>default-ssh</name>
<ssh>
<tcp-server-parameters>
<local-address>0.0.0.0</local-address>
</tcp-server-parameters>
<ssh-server-parameters>
<server-identity>
<host-key>
<name>default-key</name>
<public-key>
<central-keystore-reference>genkey</central-keystore-reference>
</public-key>
</host-key>
</server-identity>
<client-authentication>
<users>
<user>
<name>crcv</name>
<public-keys>
<use-system-keys xmlns="urn:cesnet:libnetconf2-netconf-server"/>
</public-keys>
</user>
</users>
</client-authentication>
</ssh-server-parameters>
</ssh>
</endpoint>
</endpoints>
</listen>
</netconf-server>It seem like ssh_listen.xml, should I replace it?
from netopeer2.
michalvasko
commented on August 18, 2024
That seems fine but what I said before is not true, all the authorized keys of the user are used (this is how OpenSSH tools work, too). So you have to create /home/crcv/.ssh/authorized_keys file (if it does not exist) and put id_rsa.pub there. Then it should work.
from netopeer2.
InterNALXz
commented on August 18, 2024
That seems fine but what I said before is not true, all the authorized keys of the user are used (this is how OpenSSH tools work, too). So you have to create
/home/crcv/.ssh/authorized_keysfile (if it does not exist) and putid_rsa.pubthere. Then it should work.
I did :
sudo cat /root/.ssh/id_rsa.pub >> /home/crcv/.ssh/authorized_keys
and it dosen't work:
nc ERROR: Unable to authenticate to the remote server (all attempts via supported authentication methods failed).
server:
User "crcv" tried to use an unknown (unauthorized) public key.
from netopeer2.
michalvasko
commented on August 18, 2024
Why not?
sudo cat /home/crcv/.ssh/id_rsa.pub >> /home/crcv/.ssh/authorized_keys
This is correct if you are using this SSH key to authenticate as crcv.
from netopeer2.
InterNALXz
commented on August 18, 2024
sudo cat /home/crcv/.ssh/id_rsa.pub >> /home/crcv/.ssh/authorized_keys
It work!Thank you!!!
from netopeer2.
Related Issues (20)
- netopeer2.conf and pam_nologin.so does not exist in Yocto Scarthgap HOT 3
- netopeer2-server: /home/ubuntn/libyang-2.0.112/src/parser_xml.c:696: lydxml_subtree_r: Assertion `xmlctx->status == LYXML_ELEM_CLOSE' failed. Aborted (core dumped) HOT 1
- TLS server cipher regarding HOT 7
- Complete example for callback mechanism e.g when changing/reading some field via netopeer2-server HOT 2
- NOT support password customization authentication function in new version HOT 7
- Call home to loopback IP is failing HOT 4
- Netopeer2-cli does not detect connection breakage in the background HOT 3
- A potential mistake need to be tested and verified HOT 1
- Does netopeer-cli support public key based authentication HOT 4
- Query on listing existing subscriptions HOT 15
- Query: any API to terminate the particular client's netconf session with particular user from application HOT 5
- New SSH server key added every time I trigger a call-home, not checking the known_host file. HOT 1
- Failed changing permissions of directory "/usr/lib64/netopeer2-server" (Read-only file system) HOT 2
- Unable to receive callback when trying to subscribe custom yang model using sr_oper_get_subscribe() HOT 1
- Delete subinterface and network-instance not working with netopeer2 HOT 5
- Error with TLS Call Home connection using netopeer2-cli HOT 2
- netopeer2-server dont open port in openwrt HOT 6
- Example configuration xml tags are not aligned with yang modules HOT 3
- The "apkg build" breaks due pam.de/netopeer2.conf path issue HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from netopeer2.