Discussion :

[pcouas]

Bonjour

je genere une clef ssh comme ceci

Code :

Sélectionner tout - Visualiser dans une fenêtre à part

1
2
 
ssh-keygen -o -t rsa -f Z:\zpoubelle\tssh4\id_rsa -C git -N ""

j'ai copié mon . pub sur le serveur
et lorsque je tente de me connecte comme cela

Code :

Sélectionner tout - Visualiser dans une fenêtre à part

1
2
 
ssh git@127.0.0.1 -v -p 2223 -i Z:\zpoubelle\tssh4\id_rsa

j'ai le message suivant

Code :

Sélectionner tout - Visualiser dans une fenêtre à part

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
 
OpenSSH_for_Windows_8.1p1, LibreSSL 3.0.2
debug1: Connecting to 127.0.0.1 [127.0.0.1] port 2223.
debug1: Connection established.
debug1: identity file Z:\\zpoubelle\\tssh4\\id_rsa type 0
debug1: identity file Z:\\zpoubelle\\tssh4\\id_rsa-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_for_Windows_8.1
debug1: Remote protocol version 2.0, remote software version OpenSSH_8.9p1 Ubuntu-3
debug1: match: OpenSSH_8.9p1 Ubuntu-3 pat OpenSSH* compat 0x04000000
debug1: Authenticating to 127.0.0.1:2223 as 'git'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: curve25519-sha256
debug1: kex: host key algorithm: ecdsa-sha2-nistp256
debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:6IAdnOT8Yls3VGOKVKaRjFNGHt/RLWH9eoakalMIDhk
debug1: Host '[127.0.0.1]:2223' is known and matches the ECDSA host key.
debug1: Found key in C:\\Users\\COUAS/.ssh/known_hosts:7
debug1: rekey out after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey in after 134217728 blocks
debug1: pubkey_prepare: ssh_get_authentication_socket: No such file or directory
debug1: Will attempt key: Z:\\zpoubelle\\tssh4\\id_rsa RSA SHA256:mez7LdYFtFbO4ZiHutlanL+vxpNzKqum2SU/zQX4CLQ explicit
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<ssh-ed25519,sk-ssh-ed25519@openssh.com,ssh-rsa,rsa-sha2-256,rsa-sha2-512,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,sk-ecdsa-sha2-nistp256@openssh.com,webauthn-sk-ecdsa-sha2-nistp256@openssh.com>
debug1: kex_input_ext_info: publickey-hostbound@openssh.com (unrecognised)
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: Offering public key: Z:\\zpoubelle\\tssh4\\id_rsa RSA SHA256:mez7LdYFtFbO4ZiHutlanL+vxpNzKqum2SU/zQX4CLQ explicit
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: password
debug1: read_passphrase: can't open /dev/tty: No such file or directory
git@127.0.0.1's password:

mon sshd

Code :

Sélectionner tout - Visualiser dans une fenêtre à part

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
 
#	$OpenBSD: sshd_config,v 1.104 2021/07/02 05:11:21 dtucker Exp $
 
# This is the sshd server system-wide configuration file.  See
# sshd_config(5) for more information.
 
# This sshd was compiled with PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
 
# The strategy used for options in the default sshd_config shipped with
# OpenSSH is to specify options with their default value where
# possible, but leave them commented.  Uncommented options override the
# default value.
 
#Port 22
#AddressFamily any
#ListenAddress 0.0.0.0
#ListenAddress ::
 
#HostKey /etc/ssh/ssh_host_rsa_key
#HostKey /etc/ssh/ssh_host_ecdsa_key
#HostKey /etc/ssh/ssh_host_ed25519_key
 
# Ciphers and keying
#RekeyLimit default none
 
# Logging
#SyslogFacility AUTH
#LogLevel INFO
 
# Authentication:
 
#LoginGraceTime 2m
#PermitRootLogin prohibit-password
#StrictModes yes
#MaxAuthTries 6
#MaxSessions 10
 
#PubkeyAuthentication yes
 
# The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2
# but this is overridden so installations will only check .ssh/authorized_keys
AuthorizedKeysFile	.ssh/authorized_keys
 
#AuthorizedPrincipalsFile none
 
#AuthorizedKeysCommand none
#AuthorizedKeysCommandUser nobody
 
# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
#HostbasedAuthentication no
# Change to yes if you don't trust ~/.ssh/known_hosts for
# HostbasedAuthentication
#IgnoreUserKnownHosts no
# Don't read the user's ~/.rhosts and ~/.shosts files
#IgnoreRhosts yes
 
# To disable tunneled clear text passwords, change to no here!
#PasswordAuthentication yes
#PermitEmptyPasswords no
 
# Change to no to disable s/key passwords
#KbdInteractiveAuthentication yes
 
# Kerberos options
#KerberosAuthentication no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes
#KerberosGetAFSToken no
 
# GSSAPI options
#GSSAPIAuthentication no
#GSSAPICleanupCredentials yes
 
# Set this to 'yes' to enable PAM authentication, account processing,
# and session processing. If this is enabled, PAM authentication will
# be allowed through the KbdInteractiveAuthentication and
# PasswordAuthentication.  Depending on your PAM configuration,
# PAM authentication via KbdInteractiveAuthentication may bypass
# the setting of "PermitRootLogin without-password".
# If you just want the PAM account and session checks to run without
# PAM authentication, then enable this but set PasswordAuthentication
# and KbdInteractiveAuthentication to 'no'.
#UsePAM no
 
#AllowAgentForwarding yes
# Feel free to re-enable these if your use case requires them.
AllowTcpForwarding no
GatewayPorts no
X11Forwarding no
#X11DisplayOffset 10
#X11UseLocalhost yes
#PermitTTY yes
#PrintMotd yes
#PrintLastLog yes
#TCPKeepAlive yes
#PermitUserEnvironment no
#Compression delayed
#ClientAliveInterval 0
#ClientAliveCountMax 3
#UseDNS no
#PidFile /run/sshd.pid
#MaxStartups 10:30:100
#PermitTunnel no
#ChrootDirectory none
#VersionAddendum none
 
# no default banner path
#Banner none
 
# override default of no subsystems
Subsystem	sftp	/usr/lib/ssh/sftp-server
 
# Example of overriding settings on a per-user basis
#Match User anoncvs
#	X11Forwarding no
#	AllowTcpForwarding no
#	PermitTTY no
#	ForceCommand cvs server
#AuthenticationMethods publickey password
AuthenticationMethods publickey
PasswordAuthentication no

[disedorgue]

Bonjour,

j'ai copié mon . pub sur le serveur

C'est à dire ?

Et rajoute quelque -v sur ta commande ssh genre -vvv histoire que l'on voit plus de détails sur ce qu'il fait.

[pcouas]

Bonjour

j'ai un doute sur les droits et le repertore ou j'ai copie sur le serveur
/home/git/.ssh/authorized_keys
-rwxrwxrwx 1 root root 558 Oct 2 07:58 id_rsa.pub

ma commande depuis windows esr desormais

Code :

Sélectionner tout - Visualiser dans une fenêtre à part

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
 
ssh git@127.0.0.1 -v -p 2223 -i Z:\zpoubelle\tssh4\id_rsa
 
OpenSSH_for_Windows_8.1p1, LibreSSL 3.0.2
debug1: Connecting to 127.0.0.1 [127.0.0.1] port 2223.
debug1: Connection established.
debug1: identity file Z:\\zpoubelle\\tssh4\\id_rsa type 0
debug1: identity file Z:\\zpoubelle\\tssh4\\id_rsa-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_for_Windows_8.1
debug1: Remote protocol version 2.0, remote software version OpenSSH_8.9p1 Ubuntu-3
debug1: match: OpenSSH_8.9p1 Ubuntu-3 pat OpenSSH* compat 0x04000000
debug1: Authenticating to 127.0.0.1:2223 as 'git'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: curve25519-sha256
debug1: kex: host key algorithm: ecdsa-sha2-nistp256
debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:6IAdnOT8Yls3VGOKVKaRjFNGHt/RLWH9eoakalMIDhk
debug1: Host '[127.0.0.1]:2223' is known and matches the ECDSA host key.
debug1: Found key in C:\\Users\\COUAS/.ssh/known_hosts:4
debug1: rekey out after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey in after 134217728 blocks
debug1: pubkey_prepare: ssh_get_authentication_socket: No such file or directory
debug1: Will attempt key: Z:\\zpoubelle\\tssh4\\id_rsa RSA SHA256:mez7LdYFtFbO4ZiHutlanL+vxpNzKqum2SU/zQX4CLQ explicit
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<ssh-ed25519,sk-ssh-ed25519@openssh.com,ssh-rsa,rsa-sha2-256,rsa-sha2-512,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,sk-ecdsa-sha2-nistp256@openssh.com,webauthn-sk-ecdsa-sha2-nistp256@openssh.com>
debug1: kex_input_ext_info: publickey-hostbound@openssh.com (unrecognised)
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Offering public key: Z:\\zpoubelle\\tssh4\\id_rsa RSA SHA256:mez7LdYFtFbO4ZiHutlanL+vxpNzKqum2SU/zQX4CLQ explicit
debug1: Authentications that can continue: publickey
debug1: No more authentication methods to try.
git@127.0.0.1: Permission denied (publickey).

Code :

Sélectionner tout - Visualiser dans une fenêtre à part

1
2
3
 
J'ai également essayer de renommer le id_rsa.pub en  authorized_keys sous /home/git/.ssh sur le serveur avec un chown git et chmod 600 mais sans resultat Idem
Le Pc client est un Windows10

[disedorgue]

Faut aussi que ton répertoire .ssh soit en 700 .

Et lance la commande ssh avec plus de -v:

Code :

Sélectionner tout - Visualiser dans une fenêtre à part

ssh git@127.0.0.1 -vvv -p 2223 -i Z:\zpoubelle\tssh4\id_rsa

Après, il se peut que ta clé privée (id_rsa) ne soit pas prise en compte par le client car celui-ci ne la considère pas "sécure" , par exemple sur ton Z, les fichiers ne sont pas en ton nom ou droit trop permissif.

Mais en principe, on a le message dans le retour ssh...

[pcouas]

cool c'etait le chmod sur le répertoore Merci
ssh git@127.0.0.1 -v -p 2223 -i Z:\zpoubelle\tssh4\id_rsa OK


Maintenant je m'attaque au git clone
sur le serveur
git@541a15a5adb5:/srv/git/your-repo.git$
drwxr-xr-x 1 git git 512 Oct 1 17:42 your-repo.git
> le repertoire /srv/git/your-repo/git existe et appartient a l'utilisateur git

depuis le PC
set GIT_SSH_COMMAND='ssh -p 2223 -i Z:\zpoubelle\tssh4\id_rsa'
D:\zpoubelle\tstClone>git clone git@127.0.0.1:2223/srv/git/your-repo.git
Cloning into 'your-repo'...
'sshCommand = ssh -p 2223 -i Z:\zpoubelle\tssh4\id_rsa': line 1: sshCommand = ssh -p 2223 -i Z:\zpoubelle\tssh4\id_rsa: No such file or directory
fatal: Could not read from remote repository.

Please make sure you have the correct access rights
and the repository exists.

[disedorgue]

Il se peut que cela soit le problème que je soulève sur la clé privée dans mon message précédent, en principe la clé privé sur unix/linux doit être en 400 pour qu'elle soit prise en compte.

Sous windows, je ne sais pas.