Вопросы Теги

Ошибка ssh: Отказано в доступе (интерактивная клавиатура)

Я пытаюсь получить доступ к удаленной системе через ssh (из OS X 10.9.5), но мне это не удается. Мой каталог ~ / .ssh пуст. 

 user@wcw-eduroam-XXX-XXX-XXX-XXX:~$ ssh -vvv user1@address.of.domain
 OpenSSH_6.2p2, OSSLShim 0.9.8r 8 Dec 2011
 debug1: Reading configuration data /etc/ssh_config
 debug1: /etc/ssh_config line 20: Applying options for *
 debug1: /etc/ssh_config line 102: Applying options for *
 debug2: ssh_connect: needpriv 0
 debug1: Connecting to address.of.domain [XXX.XX.XXX.XXX] port 22.
 debug1: Connection established.
 debug1: identity file /Users/user/.ssh/id_rsa type -1
 debug1: identity file /Users/user/.ssh/id_rsa-cert type -1
 debug1: identity file /Users/user/.ssh/id_dsa type -1
 debug1: identity file /Users/user/.ssh/id_dsa-cert type -1
 debug1: Enabling compatibility mode for protocol 2.0
 debug1: Local version string SSH-2.0-OpenSSH_6.2
 debug1: Remote protocol version 2.0, remote software version OpenSSH_5.3
 debug1: match: OpenSSH_5.3 pat OpenSSH_5*
 debug2: fd 3 setting O_NONBLOCK
 debug1: SSH2_MSG_KEXINIT sent
 debug1: SSH2_MSG_KEXINIT received
 debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
 debug2: kex_parse_kexinit: ssh-rsa-cert-v01@openssh.com,ssh-dss-cert-v01@openssh.com,ssh-rsa-cert-v00@openssh.com,ssh-dss-cert-v00@openssh.com,ssh-rsa,ssh-dss
 debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
 debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
 debug2: kex_parse_kexinit: hmac-md5-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-ripemd160-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,hmac-md5,hmac-sha1,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
 debug2: kex_parse_kexinit: hmac-md5-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-ripemd160-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,hmac-md5,hmac-sha1,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
 debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
 debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
 debug2: kex_parse_kexinit: 
 debug2: kex_parse_kexinit: 
 debug2: kex_parse_kexinit: first_kex_follows 0 
 debug2: kex_parse_kexinit: reserved 0 
 debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
 debug2: kex_parse_kexinit: ssh-rsa
 debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
 debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
 debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
 debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
 debug2: kex_parse_kexinit: none,zlib@openssh.com
 debug2: kex_parse_kexinit: none,zlib@openssh.com
 debug2: kex_parse_kexinit: 
 debug2: kex_parse_kexinit: 
 debug2: kex_parse_kexinit: first_kex_follows 0 
 debug2: kex_parse_kexinit: reserved 0 
 debug2: mac_setup: found hmac-md5
 debug1: kex: server->client aes128-ctr hmac-md5 none
 debug2: mac_setup: found hmac-md5
 debug1: kex: client->server aes128-ctr hmac-md5 none
 debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
 debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
 debug2: dh_gen_key: priv key bits set: 133/256
 debug2: bits set: 499/1024
 debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
 debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
 debug1: Server host key: RSA dc:94:dc:9b:02:8a:8f:9a:07:de:b4:ca:d3:80:65:04
 The authenticity of host 'address.of.domain (146.50.188.202)' can't be established.
 RSA key fingerprint is dc:94:dc:9b:02:8a:8f:9a:07:de:b4:ca:d3:80:65:04.
 Are you sure you want to continue connecting (yes/no)? yes
 Warning: Permanently added 'address.of.domain,146.50.188.202' (RSA) to the list of known hosts.
 debug2: bits set: 527/1024
 debug1: ssh_rsa_verify: signature correct
 debug2: kex_derive_keys
 debug2: set_newkeys: mode 1
 debug1: SSH2_MSG_NEWKEYS sent
 debug1: expecting SSH2_MSG_NEWKEYS
 debug2: set_newkeys: mode 0
 debug1: SSH2_MSG_NEWKEYS received
 debug1: SSH2_MSG_SERVICE_REQUEST sent
 debug2: service_accept: ssh-userauth
 debug1: SSH2_MSG_SERVICE_ACCEPT received
 debug2: key: /Users/user/.ssh/id_rsa (0x7fe8e940c740),
 debug2: key: /Users/user/.ssh/id_rsa (0x0),
 debug2: key: /Users/user/.ssh/id_dsa (0x0),
 debug3: input_userauth_banner

 debug1: Authentications that can continue: keyboard-interactive
 debug3: start over, passed a different list keyboard-interactive
 debug3: preferred publickey,keyboard-interactive,password
 debug3: authmethod_lookup keyboard-interactive
 debug3: remaining preferred: password
 debug3: authmethod_is_enabled keyboard-interactive
 debug1: Next authentication method: keyboard-interactive
 debug2: userauth_kbdint
 debug2: we sent a keyboard-interactive packet, wait for reply
 debug1: Authentications that can continue: keyboard-interactive
 debug3: userauth_kbdint: disable: no info_req_seen
 debug2: we did not send a packet, disable method
 debug1: No more authentication methods to try.
 Permission denied (keyboard-interactive)
0
задан 15 May 2017 в 13:30
3 ответа

SSH thường thích hai loại xác thực là kết hợp tên người dùng-mật khẩu và kết hợp tên người dùng-khóa công khai.

Có vẻ như máy chủ của bạn chỉ hỗ trợ xác thực khóa công khai tên người dùng. Kiểm tra với quản trị viên của bạn. Nếu tôi đúng, hãy yêu cầu anh ấy cung cấp khóa công khai liên quan đến tên người dùng của bạn và đăng nhập bằng khóa công khai.

1
ответ дан 4 December 2019 в 13:32

Ọ bụrụ na i hazi ihe nkesa maka igodo na 2FA (na google auth) ịkwesịrị ime ka 2FA maka onye ọ bụla onye ọrụ .

Banye ihe nkesa na onye ọrụ na-arụ ọrụ 

su user

google-authenticator

soro usoro niile

0
ответ дан 4 December 2019 в 13:32

Извините за некропост, но вот что сработало для меня, и я не нашел этого решения ни в каких других легко возвращаемых результатах поиска (надеюсь, это поможет кому-то другому):

Я есть веб-страница, сервер которой обращается к другим «узлам» (то есть другим серверам) через ssh. Таким образом, когда ssh выполняется на сервере, он выполняется как пользователь 'apache' (очевидно, что Apache работает на сервере).

Когда были предприняты попытки доступа к некоторым узлам, 'Permission denied (интерактивно с клавиатурой)'был возвращен.

Редактирование / etc / passwd на сервере решило проблему. Изменение: 

apache:x:48:48:Apache:/usr/share/httpd:/sbin/nologin

на: 

apache:x:48:48:Apache:/usr/share/httpd:/bin/bash
1
ответ дан 4 December 2019 в 13:32

Теги

Похожие вопросы