ssh-login with rsa-key normal user server refused our key

[maether]

Liebe Synology-Community,

ich weiß, zu diesem Thema gibt es schon einige Einträge, aber bisher konnte mir keiner helfen.

Ich will mich mit dem Benutzer "webssh" (Gruppe: User) per ssh und key auf die DiskStation (2bay 214se) verbinden.

Folgende Files sehen wie folgt aus:

/etc/passwd

admin:x:1024:100:System default user:/var/services/homes/admin:/bin/sh
anonymous:x:21:21:Anonymous FTP User:/nonexist:/sbin/nologin
avahi:x:84:84:Avahi mDNS daemon:/noexist:/bin/false
dovecot:x:143:143:Dovecot User:/nonexist:/sbin/nologin
ftp:x:21:21:Anonymous FTP User:/nonexist:/sbin/nologin
guest:x:1025:100:Guest:/nonexist:/sbin/nologin
http:x:1023:1023:http:/var/services/web:/bin/false
lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin
maether:x:1026:100:Admin:/var/services/homes/maether:/sbin/nologin
martin:x:1027:100:User:/var/services/homes/martin:/sbin/nologin
mysql:x:66:66:MariaDB User:/var/services/mysql:/bin/false
nobody:x:99:99:nobody:/:/bin/false
ntp:x:87:87:Network Time Protocol:/var/lib/ntp:/sbin/nologin
postfix:x:125:125:Postfix User:/nonexist:/sbin/nologin
postgres:x:55:55:PostgreSQL User:/var/services/pgsql:/bin/sh
root:x:0:0:root:/root:/bin/ash
smmsp:x:25:25:Sendmail Submission User:/var/spool/clientmqueue:/sbin/nologin
spamfilter:x:783:99:Spamassassin User:/var/spool/postfix:/sbin/nologin
webssh:x:1031:100:webssh:/var/services/homes/webssh:/bin/sh

/etc/ssh/sshd_config

Ciphers 3des-cbc,aes128-cbc,aes128-ctr,aes128-gcm@openssh.com,aes192-cbc,aes192-ctr,aes256-cbc,aes256-ctr,aes256-gcm@openssh.com,arcfour,arcfour128,arcfour256,blowfish-cbc,cast128-cbc,chacha20-poly1305@openssh.com,rijndael-cbc@lysator.liu.se
KexAlgorithms curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,diffie-hellman-group1-sha1,diffie-hellman-group14-sha1,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521
MACs hmac-md5,hmac-md5-96,hmac-md5-96-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-ripemd160,hmac-ripemd160-etm@openssh.com,hmac-ripemd160@openssh.com,hmac-sha1,hmac-sha1-96,hmac-sha1-96-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,umac-128-etm@openssh.com,umac-128@openssh.com,umac-64-etm@openssh.com,umac-64@openssh.com
#       $OpenBSD: sshd_config,v 1.93 2014/01/10 05:59:19 djm Exp $

# This is the sshd server system-wide configuration file.  See
# sshd_config(5) for more information.

# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin

# The strategy used for options in the default sshd_config shipped with
# OpenSSH is to specify options with their default value where
# possible, but leave them commented.  Uncommented options override the
# default value.

#Port 22
#AddressFamily any
#ListenAddress 0.0.0.0
#ListenAddress ::

# The default requires explicit activation of protocol 1
#Protocol 2

# HostKey for protocol version 1
#HostKey /etc/ssh/ssh_host_key
# HostKeys for protocol version 2
#HostKey /etc/ssh/ssh_host_rsa_key
#HostKey /etc/ssh/ssh_host_dsa_key
#HostKey /etc/ssh/ssh_host_ecdsa_key
#HostKey /etc/ssh/ssh_host_ed25519_key

# Lifetime and size of ephemeral version 1 server key
#KeyRegenerationInterval 1h
#ServerKeyBits 1024

# Ciphers and keying
#RekeyLimit default none

# Logging
# obsoletes QuietMode and FascistLogging
#SyslogFacility AUTH
#LogLevel INFO

# Authentication:

#LoginGraceTime 2m
#PermitRootLogin yes
#StrictModes yes
#MaxAuthTries 6
#MaxSessions 10

RSAAuthentication yes
PubkeyAuthentication yes

# The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2
# but this is overridden so installations will only check .ssh/authorized_keys
AuthorizedKeysFile      .ssh/authorized_keys

#AuthorizedPrincipalsFile none

#AuthorizedKeysCommand none
#AuthorizedKeysCommandUser nobody

# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
#RhostsRSAAuthentication no
# similar for protocol version 2
#HostbasedAuthentication no
# Change to yes if you don't trust ~/.ssh/known_hosts for
# RhostsRSAAuthentication and HostbasedAuthentication
#IgnoreUserKnownHosts no
# Don't read the user's ~/.rhosts and ~/.shosts files
#IgnoreRhosts yes

# To disable tunneled clear text passwords, change to no here!
#PasswordAuthentication yes
#PermitEmptyPasswords no

# Change to no to disable s/key passwords
ChallengeResponseAuthentication no

# Kerberos options
#KerberosAuthentication no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes
#KerberosGetAFSToken no

# GSSAPI options
#GSSAPIAuthentication no
#GSSAPICleanupCredentials yes

# Set this to 'yes' to enable PAM authentication, account processing,
# and session processing. If this is enabled, PAM authentication will
# be allowed through the ChallengeResponseAuthentication and
# PasswordAuthentication.  Depending on your PAM configuration,
# PAM authentication via ChallengeResponseAuthentication may bypass
# the setting of "PermitRootLogin without-password".
# If you just want the PAM account and session checks to run without
# PAM authentication, then enable this but set PasswordAuthentication
# and ChallengeResponseAuthentication to 'no'.
UsePAM yes

#AllowAgentForwarding yes
AllowTcpForwarding no
#GatewayPorts no
#X11Forwarding no
#X11DisplayOffset 10
#X11UseLocalhost yes
#PermitTTY yes
#PrintMotd yes
#PrintLastLog yes
#TCPKeepAlive yes
#UseLogin no
UsePrivilegeSeparation sandbox          # Default for new installations.
#PermitUserEnvironment no
#Compression delayed
#ClientAliveInterval 0
#ClientAliveCountMax 3
UseDNS no
#PidFile /var/run/sshd.pid
#MaxStartups 10:30:100
#PermitTunnel no
ChrootDirectory none
#VersionAddendum none

# no default banner path
#Banner none

# override default of no subsystems
#Subsystem      sftp    /usr/libexec/sftp-server
Subsystem       sftp    internal-sftp -f DAEMON -u 000

# the following are HPN related configuration options
# tcp receive buffer polling. disable in non autotuning kernels
#TcpRcvBufPoll yes

# disable hpn performance boosts
#HPNDisabled no

# buffer size for hpn to non-hpn connections
#HPNBufferSize 2048


# allow the use of the none cipher
#NoneEnabled no

# Example of overriding settings on a per-user basis
#Match User anoncvs
#       X11Forwarding no
#       AllowTcpForwarding no
#       PermitTTY no
#       ForceCommand cvs server
Match User root
        AllowTcpForwarding yes

$HOME/.ssh des Benutzers webssh:

/volume1/homes/webssh $ echo $HOME
/var/services/homes/webssh
/volume1/homes/webssh $ cd /var/services/homes/webssh/.ssh
/volume1/homes/webssh/.ssh $ ls -lisa
 131539    4 drwx------    2 webssh   users         4096 Feb 25 23:24 .
 131217    4 drwxrwxrwx    3 webssh   users         4096 Feb 25 23:18 ..
 131553    4 -rw-------    1 webssh   users          400 Feb 25 23:20 authorized_files
 131732    4 -rw-------    1 webssh   users         1675 Feb 25 23:19 id_rsa
 131739    4 -rw-r--r--    1 webssh   users          400 Feb 25 23:19 id_rsa.pub
 131205    4 -rw-r--r--    1 webssh   users          179 Feb 25 23:24 known_hosts

Der Key wurde per

ssh-keygen -t rsa

ohne passphrase und ohne namen
Anschließend wurde der pub per

cat webssh.pub >> authorized_keys

geschrieben. Per chmod habe ich diverse rechte gesetzt (siehen oben)

Wenn ich nun versuche mit

/volume1/homes/webssh/.ssh $ ssh -p 22201 webssh@localhost
webssh@localhost's password:

zu verbinden, bekomme ich die Frage nach dem Passwort :/

Was mache ich falsch, bzw. habe ich vergessen?

Liebe Grüße

 

[maether]

Hier die DEBUG-Ausgabe:

/volume1/homes/webssh/.ssh $ ssh -i webssh -p 22201 -vvv localhost
Warning: Identity file webssh not accessible: No such file or directory.
OpenSSH_6.6, OpenSSL 1.0.1q-fips 3 Dec 2015
debug2: ssh_connect: needpriv 0
debug1: Connecting to localhost [127.0.0.1] port 22201.
debug1: Connection established.
debug3: Incorrect RSA1 identifier
debug3: Could not load "/var/services/homes/webssh/.ssh/id_rsa" as a RSA1 public key
debug1: identity file /var/services/homes/webssh/.ssh/id_rsa type 1
debug1: identity file /var/services/homes/webssh/.ssh/id_rsa-cert type -1
debug1: identity file /var/services/homes/webssh/.ssh/id_dsa type -1
debug1: identity file /var/services/homes/webssh/.ssh/id_dsa-cert type -1
debug1: identity file /var/services/homes/webssh/.ssh/id_ecdsa type -1
debug1: identity file /var/services/homes/webssh/.ssh/id_ecdsa-cert type -1
debug1: identity file /var/services/homes/webssh/.ssh/id_ed25519 type -1
debug1: identity file /var/services/homes/webssh/.ssh/id_ed25519-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.6p2-hpn14v4
debug1: Remote protocol version 2.0, remote software version OpenSSH_6.6p2-hpn14v4
debug1: match: OpenSSH_6.6p2-hpn14v4 pat OpenSSH* compat 0x04000000
debug2: fd 3 setting O_NONBLOCK
debug3: put_host_port: [localhost]:22201
debug3: load_hostkeys: loading entries for host "[localhost]:22201" from file "/var/services/homes/webssh/.ssh/known_hosts"
debug3: load_hostkeys: found key type ECDSA in file /var/services/homes/webssh/.ssh/known_hosts:1
debug3: load_hostkeys: loaded 1 keys
debug3: order_hostkeyalgs: prefer hostkeyalgs: ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: AUTH STATE IS 0
debug2: kex_parse_kexinit: curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,ssh-dss-cert-v01@openssh.com,ssh-rsa-cert-v00@openssh.com,ssh-dss-cert-v00@openssh.com,ssh-ed25519,ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5-etm@openssh.com,hmac-ripemd160-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,hmac-md5,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5-etm@openssh.com,hmac-ripemd160-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,hmac-md5,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: kex_parse_kexinit: curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss,ecdsa-sha2-nistp256
debug2: kex_parse_kexinit: aes128-ctr,aes128-gcm@openssh.com,aes192-ctr,aes256-ctr,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com
debug2: kex_parse_kexinit: aes128-ctr,aes128-gcm@openssh.com,aes192-ctr,aes256-ctr,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com
debug2: kex_parse_kexinit: hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,umac-128-etm@openssh.com,umac-128@openssh.com,umac-64-etm@openssh.com,umac-64@openssh.com
debug2: kex_parse_kexinit: hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,umac-128-etm@openssh.com,umac-128@openssh.com,umac-64-etm@openssh.com,umac-64@openssh.com
debug2: kex_parse_kexinit: none,zlib@openssh.com
debug2: kex_parse_kexinit: none,zlib@openssh.com
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: mac_setup: setup umac-64-etm@openssh.com
debug1: REQUESTED ENC.NAME is 'aes128-ctr'
debug1: kex: server->client aes128-ctr umac-64-etm@openssh.com none
debug2: mac_setup: setup umac-64-etm@openssh.com
debug1: REQUESTED ENC.NAME is 'aes128-ctr'
debug1: kex: client->server aes128-ctr umac-64-etm@openssh.com none
debug1: sending SSH2_MSG_KEX_ECDH_INIT
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ECDSA a3:3f:1e:0d:2b:1a:4e:de:0c:90:70:ce:54:c9:89:21
debug3: put_host_port: [127.0.0.1]:22201
debug3: put_host_port: [localhost]:22201
debug3: load_hostkeys: loading entries for host "[localhost]:22201" from file "/var/services/homes/webssh/.ssh/known_hosts"
debug3: load_hostkeys: found key type ECDSA in file /var/services/homes/webssh/.ssh/known_hosts:1
debug3: load_hostkeys: loaded 1 keys
debug1: Host '[localhost]:22201' is known and matches the ECDSA host key.
debug1: Found key in /var/services/homes/webssh/.ssh/known_hosts:1
debug1: ssh_ecdsa_verify: signature correct
debug2: kex_derive_keys
debug2: set_newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug2: set_newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug2: key: /var/services/homes/webssh/.ssh/id_rsa (0x40fc6050),
debug2: key: /var/services/homes/webssh/.ssh/id_dsa ((nil)),
debug2: key: /var/services/homes/webssh/.ssh/id_ecdsa ((nil)),
debug2: key: /var/services/homes/webssh/.ssh/id_ed25519 ((nil)),
debug1: Authentications that can continue: publickey,password
debug3: start over, passed a different list publickey,password
debug3: preferred publickey,keyboard-interactive,password
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /var/services/homes/webssh/.ssh/id_rsa
debug3: send_pubkey_test
debug2: we sent a publickey packet, wait for reply
debug1: Authentications that can continue: publickey,password
debug1: Trying private key: /var/services/homes/webssh/.ssh/id_dsa
debug3: no such identity: /var/services/homes/webssh/.ssh/id_dsa: No such file or directory
debug1: Trying private key: /var/services/homes/webssh/.ssh/id_ecdsa
debug3: no such identity: /var/services/homes/webssh/.ssh/id_ecdsa: No such file or directory
debug1: Trying private key: /var/services/homes/webssh/.ssh/id_ed25519
debug3: no such identity: /var/services/homes/webssh/.ssh/id_ed25519: No such file or directory
debug2: we did not send a packet, disable method
debug3: authmethod_lookup password
debug3: remaining preferred: ,password
debug3: authmethod_is_enabled password
debug1: Next authentication method: password

 

[maether]

No ideas? :'(

 

[Tommes]

Nun ja "ideas" hab ich nicht wirklich, jedoch klappt bei mir die SSH-Verbindung zwischen DS und Pi wie hier beschrieben, jedoch verbinde ich hierbei als root.

Keine Ahnung, ob dir das hilft

Tommes

 

[maether]

hmm... weiß denn jemand, wo sich auf der Syno die /var/log/auth.log versteckt, die es normalerweise gibt, bzw. wo konfiguriert ist, wo sie sich verstecken soll? :/

 

[jahlives]

imho falscher Parameter. -i erwartet den Pfad zum Key und nicht den User (erste Zeile deiner Debug Ausgabe).

Warning: Identity file webssh not accessible: No such file or directory.

Den User übergibt man mit -l resp user@host

 

[maether]

Das hatte ich anderweitig auch schon ausprobiert :/

/volume1/homes/webssh/.ssh $ pwd
/volume1/homes/webssh/.ssh
/volume1/homes/webssh/.ssh $ cd /var/services/homes/webssh/.ssh/
/volume1/homes/webssh/.ssh $ ls -lisa
 131539    4 drwx------    2 webssh   users         4096 Feb 29 11:03 .
 131217    4 drwxrwxrwx    3 webssh   users         4096 Feb 29 10:04 ..
 131156    4 -rwxr--r--    1 webssh   users         1409 Feb 29 10:58 authorized_keys
 131181    4 -rw-------    1 webssh   users          668 Feb 29 09:53 id_dsa
 131199    4 -rw-r--r--    1 webssh   users          608 Feb 29 09:53 id_dsa.pub
 131732    4 -rw-------    1 webssh   users         1675 Feb 25 23:19 id_rsa
 131739    4 -rw-r--r--    1 webssh   users          400 Feb 25 23:19 id_rsa.pub
 131205    4 -rw-r--r--    1 webssh   users          179 Feb 25 23:24 known_hosts
/volume1/homes/webssh/.ssh $ cat id_rsa.pub
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCaI5X2pzCv6bhtfZ2GPL72qxG51RCZz25eftX+JpfKBPYy9tIAerAFOnp2isFNGVuJghfCNlKG2rzGt/a1AvTjkhTJoCfLMge5VoBJrRweNZ5Hkd5DN1R+hKSe+foz9w+gAF1NDDEtIkIyg96XkKdfov5kkFEWL3LvwR0Hlo8nXfr1EUQfAsOEEdWy2o7M+6a77oECxe1goZ2nwnrFzEL/ZVG874ZKWDKRWbewni3bjHa/nSdW5n84ffO5Vb3Qjeha00+IpmEKZgVSWEuDwghiHQSmtG6CS2GlyuZ2akq6fhg8fO3Pefun5Uf6rmsMXNTSFAvd66z0wfKg9Zpva9/b webssh@DataStation
/volume1/homes/webssh/.ssh $ cat id_dsa.pub
ssh-dss AAAAB3NzaC1kc3MAAACBAPXNW83vRYrR85drYoY0jMvr3WO9I8UQbWcOzVFvYvsEbTiZfXgVFlTHxfJKvS54qlnMtotl+elp3LQOJzTbXxLytwxN6b/aRWU4xsJUWtpXtrWQUU+d27RkS7lUvdgz5mfMikqATDAvTM1rNHc+1n50unigksnB+Lnq/UpLXPQ7AAAAFQD7uN1QYUQhf4GbHAVy5iU6KnWAowAAAIEAvXkIA7x5ULXUAvgWq1/RKm0n/YjFz2k4hVz2KKK2dwv9L3kKVKVDu+8kZnb0gM7m4R4UmfY79JlTvvt7uikWXcIC7xK0BS+cua5eL/TH9gqwOF/uNLjxjPJbu+FyELqwpjSeJWup0/NDUR2SBXvDZC9ssGzWD3yTPSv3yT5ZNbwAAACAHmxLSdHg0B7bSYLLA5ffjaZ9nSIjoXAVBh+ImDm0MSvCOSdTOA1iULlbTB1EdTpVPRL01IyG3YdWftem4EZh4Q324vCZVG8c5N/njTsNjl3n8GcXxdz1KUQACS4bP3/KXGYGIglk6EljbdeXUuGgv87pHhy7ia0RDcf2CoMoL0Q= webssh@DataStation
/volume1/homes/webssh/.ssh $ cat authorized_keys

ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCaI5X2pzCv6bhtfZ2GPL72qxG51RCZz25eftX+JpfKBPYy9tIAerAFOnp2isFNGVuJghfCNlKG2rzGt/a1AvTjkhTJoCfLMge5VoBJrRweNZ5Hkd5DN1R+hKSe+foz9w+gAF1NDDEtIkIyg96XkKdfov5kkFEWL3LvwR0Hlo8nXfr1EUQfAsOEEdWy2o7M+6a77oECxe1goZ2nwnrFzEL/ZVG874ZKWDKRWbewni3bjHa/nSdW5n84ffO5Vb3Qjeha00+IpmEKZgVSWEuDwghiHQSmtG6CS2GlyuZ2akq6fhg8fO3Pefun5Uf6rmsMXNTSFAvd66z0wfKg9Zpva9/b webssh@DataStation
ssh-dss AAAAB3NzaC1kc3MAAACBAPXNW83vRYrR85drYoY0jMvr3WO9I8UQbWcOzVFvYvsEbTiZfXgVFlTHxfJKvS54qlnMtotl+elp3LQOJzTbXxLytwxN6b/aRWU4xsJUWtpXtrWQUU+d27RkS7lUvdgz5mfMikqATDAvTM1rNHc+1n50unigksnB+Lnq/UpLXPQ7AAAAFQD7uN1QYUQhf4GbHAVy5iU6KnWAowAAAIEAvXkIA7x5ULXUAvgWq1/RKm0n/YjFz2k4hVz2KKK2dwv9L3kKVKVDu+8kZnb0gM7m4R4UmfY79JlTvvt7uikWXcIC7xK0BS+cua5eL/TH9gqwOF/uNLjxjPJbu+FyELqwpjSeJWup0/NDUR2SBXvDZC9ssGzWD3yTPSv3yT5ZNbwAAACAHmxLSdHg0B7bSYLLA5ffjaZ9nSIjoXAVBh+ImDm0MSvCOSdTOA1iULlbTB1EdTpVPRL01IyG3YdWftem4EZh4Q324vCZVG8c5N/njTsNjl3n8GcXxdz1KUQACS4bP3/KXGYGIglk6EljbdeXUuGgv87pHhy7ia0RDcf2CoMoL0Q= webssh@DataStation
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDtllvnoXMC/Mad13azuAEN5qzZHnvcRjfjBmaX3bGBp8CLYT5PNZmxL0ytKwNvQgmuNsF4VHCkLIxgvlpC/0sj4d0l90jUHpRKavcLJe5DBfkBRlZ7SZba8q4/XcBvzQlDkpkarH5MZhiI1vO6LKLibJKCqVunHlkYoNOPtwOHETfA6h5wxTkmMpvd1R4BpDHxh/L4rS1JDlIa06m7uk7N97p31h8hzOb+NF5X1Jf+v7GleAJ/fxAEdnBWx/e0JIpInzgZW6UG3farZvSIT1ucnxMnpPR1Xmnhf10DgeSSHwvH2GhLdJ6LmPYYtNKRhXIKzogy9CRjUUxq6Rf5AnVz webssh@DataStation
/volume1/homes/webssh/.ssh $
/volume1/homes/webssh/.ssh $ ssh -p 22201 -i ./id_rsa -l resp webssh@localhost -vvv

 

[maether]

hier der rest der code-ausgabe:

OpenSSH_6.6, OpenSSL 1.0.1q-fips 3 Dec 2015
debug2: ssh_connect: needpriv 0
debug1: Connecting to localhost [127.0.0.1] port 22201.
debug1: Connection established.
debug3: Incorrect RSA1 identifier
debug3: Could not load "./id_rsa" as a RSA1 public key
debug1: identity file ./id_rsa type 1
debug1: identity file ./id_rsa-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.6p2-hpn14v4
debug1: Remote protocol version 2.0, remote software version OpenSSH_6.6p2-hpn14v4
debug1: match: OpenSSH_6.6p2-hpn14v4 pat OpenSSH* compat 0x04000000
debug2: fd 3 setting O_NONBLOCK
debug3: put_host_port: [localhost]:22201
debug3: load_hostkeys: loading entries for host "[localhost]:22201" from file "/var/services/homes/webssh/.ssh/known_hosts"
debug3: load_hostkeys: found key type ECDSA in file /var/services/homes/webssh/.ssh/known_hosts:1
debug3: load_hostkeys: loaded 1 keys
debug3: order_hostkeyalgs: prefer hostkeyalgs: ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: AUTH STATE IS 0
debug2: kex_parse_kexinit: curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,ssh-dss-cert-v01@openssh.com,ssh-rsa-cert-v00@openssh.com,ssh-dss-cert-v00@openssh.com,ssh-ed25519,ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5-etm@openssh.com,hmac-ripemd160-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,hmac-md5,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5-etm@openssh.com,hmac-ripemd160-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,hmac-md5,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: kex_parse_kexinit: curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,diffie-hellman-group1-sha1,diffie-hellman-group14-sha1,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss,ecdsa-sha2-nistp256
debug2: kex_parse_kexinit: 3des-cbc,aes128-cbc,aes128-ctr,aes128-gcm@openssh.com,aes192-cbc,aes192-ctr,aes256-cbc,aes256-ctr,aes256-gcm@openssh.com,arcfour,arcfour128,arcfour256,blowfish-cbc,cast128-cbc,chacha20-poly1305@openssh.com,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: 3des-cbc,aes128-cbc,aes128-ctr,aes128-gcm@openssh.com,aes192-cbc,aes192-ctr,aes256-cbc,aes256-ctr,aes256-gcm@openssh.com,arcfour,arcfour128,arcfour256,blowfish-cbc,cast128-cbc,chacha20-poly1305@openssh.com,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: hmac-md5,hmac-md5-96,hmac-md5-96-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-ripemd160,hmac-ripemd160-etm@openssh.com,hmac-ripemd160@openssh.com,hmac-sha1,hmac-sha1-96,hmac-sha1-96-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,umac-128-etm@openssh.com,umac-128@openssh.com,umac-64-etm@openssh.com,umac-64@openssh.com
debug2: kex_parse_kexinit: hmac-md5,hmac-md5-96,hmac-md5-96-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-ripemd160,hmac-ripemd160-etm@openssh.com,hmac-ripemd160@openssh.com,hmac-sha1,hmac-sha1-96,hmac-sha1-96-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,umac-128-etm@openssh.com,umac-128@openssh.com,umac-64-etm@openssh.com,umac-64@openssh.com
debug2: kex_parse_kexinit: none,zlib@openssh.com
debug2: kex_parse_kexinit: none,zlib@openssh.com
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: mac_setup: setup umac-64-etm@openssh.com
debug1: REQUESTED ENC.NAME is 'aes128-ctr'
debug1: kex: server->client aes128-ctr umac-64-etm@openssh.com none
debug2: mac_setup: setup umac-64-etm@openssh.com
debug1: REQUESTED ENC.NAME is 'aes128-ctr'
debug1: kex: client->server aes128-ctr umac-64-etm@openssh.com none
debug1: sending SSH2_MSG_KEX_ECDH_INIT
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ECDSA a3:3f:1e:0d:2b:1a:4e:de:0c:90:70:ce:54:c9:89:21
debug3: put_host_port: [127.0.0.1]:22201
debug3: put_host_port: [localhost]:22201
debug3: load_hostkeys: loading entries for host "[localhost]:22201" from file "/var/services/homes/webssh/.ssh/known_hosts"
debug3: load_hostkeys: found key type ECDSA in file /var/services/homes/webssh/.ssh/known_hosts:1
debug3: load_hostkeys: loaded 1 keys
debug1: Host '[localhost]:22201' is known and matches the ECDSA host key.
debug1: Found key in /var/services/homes/webssh/.ssh/known_hosts:1
debug1: ssh_ecdsa_verify: signature correct
debug2: kex_derive_keys
debug2: set_newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug2: set_newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug2: key: ./id_rsa (0x410a6040), explicit
debug1: Authentications that can continue: publickey,password
debug3: start over, passed a different list publickey,password
debug3: preferred publickey,keyboard-interactive,password
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Offering RSA public key: ./id_rsa
debug3: send_pubkey_test
debug2: we sent a publickey packet, wait for reply
debug1: Authentications that can continue: publickey,password
debug2: we did not send a packet, disable method
debug3: authmethod_lookup password
debug3: remaining preferred: ,password
debug3: authmethod_is_enabled password
debug1: Next authentication method: password
webssh@localhost's password:

 

[jahlives]

komisch, sollte eigentlich klappen. Was ich noch sehe sind allenfalls zu viele Rechte auf dem Home selber. Auf einem Home sollte nur der Eigentümer Schreibrechte haben. Das Problem sonst wäre, dass JEDER lokale User die Rechte hätte das .ssh Verzeichnis umzubenennen (denn diese Rechte leiten sich vom Elternverzeichnis ab) und ein neues anzulegen

 

[maether]

Oh Gott... wie konnte ich das übersehen... :/

Danke, dass war die Lösung...

chmod 744^^

Ich war mir sicher, dass gefühlt 5000 überprüft zu haben

Merci!