Hallo liebe Qnap Gemeinde,
ich versuche seit Tagen den SSH Key zu aktivieren, damit ein Key und ein Passwort abgefragt wird. Ich hab gefühlt das komplette Internet durchforstet und komme einfach nicht weiter.
Ich habe folgende Anleitung benutzt:
[Howto] - SSH-Login via PuTTY ohne Passwort
Die einzelnen Dateien haben die richtigen Schreibrechte
Code: mnt/HDA_Root/.config/ssh
[/mnt/HDA_ROOT/.config/ssh] # ls -la
total 48
drwxr-xr-x 2 admin administrators 4096 2022-04-24 18:48 ./
drwxr-xr-x 51 admin administrators 12288 2022-04-24 18:57 ../
-rw------- 1 admin administrators 568 2022-04-23 21:49 authorized_keys
lrwxrwxrwx 1 admin administrators 16 2022-04-22 21:25 id_rsa -> ssh_host_rsa_key
-rw-r--r-- 1 admin administrators 568 2022-04-23 14:34 id_rsa.pub
-rw-r--r-- 1 admin administrators 188 2022-04-24 18:48 sshd_config
-rw-r--r-- 1 admin administrators 17 2022-04-24 18:48 sshd_user_config
-rw------- 1 admin administrators 1385 2022-04-22 22:48 ssh_host_dsa_key
-rw-r--r-- 1 admin administrators 604 2022-04-22 22:48 ssh_host_dsa_key.pub
-rw------- 1 admin administrators 2655 2022-04-23 14:34 ssh_host_rsa_key
-rw-r--r-- 1 admin administrators 568 2022-04-22 22:48 ssh_host_rsa_key.pub
Alles anzeigen
Code: etc/ssh
[/etc/ssh] # ls -al
total 20
drwxr-xr-x 2 admin administrators 140 2022-04-24 18:48 ./
drwxr-xr-x 40 admin administrators 3700 2022-04-24 18:47 ../
-rw-r--r-- 1 admin administrators 3058 2022-04-24 18:48 sshd_config
-rw------- 1 admin administrators 1385 2022-04-22 22:48 ssh_host_dsa_key
-rw-r--r-- 1 admin administrators 604 2022-04-22 22:48 ssh_host_dsa_key.pub
-rw------- 1 admin administrators 2655 2022-04-23 14:34 ssh_host_rsa_key
-rw-r--r-- 1 admin administrators 568 2022-04-22 22:48 ssh_host_rsa_key.pub
und anliegend meine sshd_config
Code: nano /share/Public/sshd_config
# $OpenBSD: sshd_config,v 1.74 2006/07/19 13:07:10 dtucker Exp $
# This is the sshd server system-wide configuration file. See
# sshd_config(5) for more information.
# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin
# The strategy used for options in the default sshd_config shipped with
# OpenSSH is to specify options with their default value where
# possible, but leave them commented. Uncommented options change a
# default value.
#Port 22
#Protocol 2,1
Protocol 2
#AddressFamily any
#ListenAddress 0.0.0.0
#ListenAddress ::
# HostKey for protocol version 1
#HostKey /etc/ssh/ssh_host_key
# HostKeys for protocol version 2
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_dsa_key
# Lifetime and size of ephemeral version 1 server key
#KeyRegenerationInterval 1h
#ServerKeyBits 768
# Logging
# obsoletes QuietMode and FascistLogging
#SyslogFacility AUTH
#LogLevel INFO
# Authentication:
#LoginGraceTime 2m
#PermitRootLogin yes
#StrictModes yes
#MaxAuthTries 6
#HostKeyAlgorithms ssh-rsa
#PubkeyAcceptedKeyTypes ssh-rsa
HostkeyAlgorithms +ssh-rsa
PubkeyAcceptedAlgorithms +ssh-rsa
allowUsers admin Nils-86
RSAAuthentication yes
PubkeyAuthentication yes
AuthorizedKeysFile /root/.ssh/authorized_keys
# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
#RhostsRSAAuthentication no
# similar for protocol version 2
#HostbasedAuthentication no
# Change to yes if you don't trust ~/.ssh/known_hosts for
# RhostsRSAAuthentication and HostbasedAuthentication
#IgnoreUserKnownHosts no
# Don't read the user's ~/.rhosts and ~/.shosts files
#IgnoreRhosts yes
# To disable tunneled clear text passwords, change to no here!
#PasswordAuthentication no
#PermitEmptyPasswords no
# Change to no to disable s/key passwords
#ChallengeResponseAuthentication yes
# Kerberos options
#KerberosAuthentication no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes
#KerberosGetAFSToken no
# GSSAPI options
#GSSAPIAuthentication no
#GSSAPICleanupCredentials yes
# Set this to 'yes' to enable PAM authentication, account processing,
# and session processing. If this is enabled, PAM authentication will
# be allowed through the ChallengeResponseAuthentication and
# PasswordAuthentication. Depending on your PAM configuration,
# PAM authentication via ChallengeResponseAuthentication may bypass
# the setting of "PermitRootLogin without-password".
# If you just want the PAM account and session checks to run without
# PAM authentication, then enable this but set PasswordAuthentication
# and ChallengeResponseAuthentication to 'no'.
#UsePAM no
#AllowTcpForwarding yes
#GatewayPorts no
#X11Forwarding no
#X11DisplayOffset 10
#X11UseLocalhost yes
#PrintMotd yes
#PrintLastLog yes
#TCPKeepAlive yes
#UseLogin no
#PermitUserEnvironment no
#Compression delayed
#ClientAliveInterval 0
#ClientAliveCountMax 3
UseDNS no
#PidFile /var/run/sshd.pid
#MaxStartups 10
#PermitTunnel no
# no default banner path
#Banner /some/path
# override default of no subsystems
Subsystem sftp /usr/libexec/sftp-server
AllowUsers admin
# Example of overriding settings on a per-user basis
#Match User anoncvs
# X11Forwarding no
# AllowTcpForwarding no
# ForceCommand cvs server
Alles anzeigen
Code: ssh -vvv admin@192.168.178.49
[~] #
OpenSSH_8.0p1, OpenSSL 1.1.1l 24 Aug 2021
debug2: resolve_canonicalize: hostname 192.168.178.49 is address
debug2: ssh_connect_direct
debug1: Connecting to 192.168.178.49 [192.168.178.49] port 22.
debug1: Connection established.
debug1: identity file /root/.ssh/id_rsa type 0
debug1: identity file /root/.ssh/id_rsa-cert type -1
debug1: identity file /root/.ssh/id_dsa type -1
debug1: identity file /root/.ssh/id_dsa-cert type -1
debug1: identity file /root/.ssh/id_ecdsa type -1
debug1: identity file /root/.ssh/id_ecdsa-cert type -1
debug1: identity file /root/.ssh/id_ed25519 type -1
debug1: identity file /root/.ssh/id_ed25519-cert type -1
debug1: identity file /root/.ssh/id_xmss type -1
debug1: identity file /root/.ssh/id_xmss-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_8.0
debug1: Remote protocol version 2.0, remote software version OpenSSH_8.0
debug1: match: OpenSSH_8.0 pat OpenSSH* compat 0x04000000
debug2: fd 3 setting O_NONBLOCK
debug1: Authenticating to 192.168.178.49:22 as 'admin'
debug3: send packet: type 20
debug1: SSH2_MSG_KEXINIT sent
debug3: receive packet: type 20
debug1: SSH2_MSG_KEXINIT received
debug2: local client KEXINIT proposal
debug2: KEX algorithms: curve25519-sha256,curve25519-[email='sha256@libssh.org'][/email],ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c
debug2: host key algorithms: [email='ecdsa-sha2-nistp256-cert-v01@openssh.com'][/email],ecdsa-[email='sha2-nistp384-cert-v01@openssh.com'][/email],ecdsa-[email='sha2-nistp521-cert-v01@openssh.com'][/email],ssh-[email='ed25519-cert-v01@openssh.com'][/email],rsa-[email='sha2-512-cert-v01@openssh.com'][/email],rsa-[email='sha2-256-cert-v01@openssh.com'][/email],ssh-[email='rsa-cert-v01@openssh.com'][/email],ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa
debug2: ciphers ctos: [email='chacha20-poly1305@openssh.com'][/email],aes128-ctr,aes192-ctr,aes256-ctr,aes128-[email='gcm@openssh.com'][/email],aes256-[email='gcm@openssh.com'][/email]
debug2: ciphers stoc: [email='chacha20-poly1305@openssh.com'][/email],aes128-ctr,aes192-ctr,aes256-ctr,aes128-[email='gcm@openssh.com'][/email],aes256-[email='gcm@openssh.com'][/email]
debug2: MACs ctos: [email='umac-64-etm@openssh.com'][/email],umac-[email='128-etm@openssh.com'][/email],hmac-[email='sha2-256-etm@openssh.com'][/email],hmac-[email='sha2-512-etm@openssh.com'][/email],hmac-[email='sha1-etm@openssh.com'][/email],umac-[email='64@openssh.com'][/email],umac-[email='128@openssh.com'][/email],hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: MACs stoc: [email='umac-64-etm@openssh.com'][/email],umac-[email='128-etm@openssh.com'][/email],hmac-[email='sha2-256-etm@openssh.com'][/email],hmac-[email='sha2-512-etm@openssh.com'][/email],hmac-[email='sha1-etm@openssh.com'][/email],umac-[email='64@openssh.com'][/email],umac-[email='128@openssh.com'][/email],hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: compression ctos: none,zlib@openssh.com,zlib
debug2: compression stoc: none,zlib@openssh.com,zlib
debug2: languages ctos:
debug2: languages stoc:
debug2: first_kex_follows 0
debug2: reserved 0
debug2: peer server KEXINIT proposal
debug2: KEX algorithms: curve25519-sha256,curve25519-[email='sha256@libssh.org'][/email],ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1
debug2: host key algorithms:
debug2: ciphers ctos: [email='chacha20-poly1305@openssh.com'][/email],aes128-ctr,aes192-ctr,aes256-ctr,aes128-[email='gcm@openssh.com'][/email],aes256-[email='gcm@openssh.com'][/email]
debug2: ciphers stoc: [email='chacha20-poly1305@openssh.com'][/email],aes128-ctr,aes192-ctr,aes256-ctr,aes128-[email='gcm@openssh.com'][/email],aes256-[email='gcm@openssh.com'][/email]
debug2: MACs ctos: [email='umac-64-etm@openssh.com'][/email],umac-[email='128-etm@openssh.com'][/email],hmac-[email='sha2-256-etm@openssh.com'][/email],hmac-[email='sha2-512-etm@openssh.com'][/email],hmac-[email='sha1-etm@openssh.com'][/email],umac-[email='64@openssh.com'][/email],umac-[email='128@openssh.com'][/email],hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: MACs stoc: [email='umac-64-etm@openssh.com'][/email],umac-[email='128-etm@openssh.com'][/email],hmac-[email='sha2-256-etm@openssh.com'][/email],hmac-[email='sha2-512-etm@openssh.com'][/email],hmac-[email='sha1-etm@openssh.com'][/email],umac-[email='64@openssh.com'][/email],umac-[email='128@openssh.com'][/email],hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: compression ctos: none,zlib@openssh.com
debug2: compression stoc: none,zlib@openssh.com
debug2: languages ctos:
debug2: languages stoc:
debug2: first_kex_follows 0
debug2: reserved 0
debug1: kex: algorithm: curve25519-sha256
debug1: kex: host key algorithm: (no match)
Unable to negotiate with 192.168.178.49 port 22: no matching host key type found. Their offer:
Alles anzeigen
Selbst wenn ich die Autorun.sh deaktiviere und meine Einstellungen mit # setze komme ich auch nicht mehr per shell drauf. Ich verwende gerade Telnet..
Hat jemand einen Rat für mich? Bin am verzweifeln..
Danke im Voraus.