Re: Non riesco a connettermi ad un server ssh da un particolare client

[Federico Di Gregorio]

Vedo che stai usando un client nuovo (OpenSSH_9.3p1) per connetterti ad 
un server "vecchio" (OpenSSH_8.4p1). Dalla versione 8.8p1 sono stati 
disattivati alcuni algoritmi considerati poco sicuri. Puoi provare ad 
abilitarli per quell'host in .ssh/config (sul client):

         Host dominio.org
             HostkeyAlgorithms +ssh-rsa
             PubkeyAcceptedAlgorithms +ssh-rsa
Ciao,

federico


On 20/07/23 11:56, Leandro Noferini wrote:
Ciao a tutti,

ho un server ssh al quale mi connetto regolarmente da molti client ma non riesco
da uno in particolare e non capisco perché. Il server accetta esclusivamente
autenticazione via chiave.

Se provo a collegarmi al server dal client problematico ho questo log
(anonimizzato, ovviamente) nel quale non riesco a trovare errori:

     ~  ssh -v dominio.org
  OpenSSH_9.3p1, OpenSSL 3.1.1 30 May 2023
  debug1: Reading configuration data /home/utente/.ssh/config
  debug1: Reading configuration data /etc/ssh/ssh_config
  debug1: Connecting to dominio.org [IP.IP.IP.IP] port 22.
  debug1: Connection established.
  debug1: identity file /home/utente/.ssh/id_rsa type 0
  debug1: identity file /home/utente/.ssh/id_rsa-cert type -1
  debug1: identity file /home/utente/.ssh/id_ecdsa type -1
  debug1: identity file /home/utente/.ssh/id_ecdsa-cert type -1
  debug1: identity file /home/utente/.ssh/id_ecdsa_sk type -1
  debug1: identity file /home/utente/.ssh/id_ecdsa_sk-cert type -1
  debug1: identity file /home/utente/.ssh/id_ed25519 type 3
  debug1: identity file /home/utente/.ssh/id_ed25519-cert type -1
  debug1: identity file /home/utente/.ssh/id_ed25519_sk type -1
  debug1: identity file /home/utente/.ssh/id_ed25519_sk-cert type -1
  debug1: identity file /home/utente/.ssh/id_xmss type -1
  debug1: identity file /home/utente/.ssh/id_xmss-cert type -1
  debug1: identity file /home/utente/.ssh/id_dsa type -1
  debug1: identity file /home/utente/.ssh/id_dsa-cert type -1
  debug1: Local version string SSH-2.0-OpenSSH_9.3
  debug1: Remote protocol version 2.0, remote software version OpenSSH_8.4p1
  Debian-5+deb11u1
  debug1: compat_banner: match: OpenSSH_8.4p1 Debian-5+deb11u1 pat OpenSSH*
  compat 0x04000000
  debug1: Authenticating to dominio.org:22 as 'utente'
  debug1: load_hostkeys: fopen /home/utente/.ssh/known_hosts2: No such file or
  directory
  debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts: No such file or
  directory
  debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts2: No such file or
  directory
  debug1: SSH2_MSG_KEXINIT sent
  debug1: SSH2_MSG_KEXINIT received
  debug1: kex: algorithm: curve25519-sha256
  debug1: kex: host key algorithm: ssh-ed25519
  debug1: kex: server->client cipher: chacha20-poly1...@openssh.com MAC:
  <implicit> compression: none
  debug1: kex: client->server cipher: chacha20-poly1...@openssh.com MAC:
  <implicit> compression: none
  debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
  debug1: SSH2_MSG_KEX_ECDH_REPLY received
  debug1: Server host key: ssh-ed25519
  SHA256:/6jSA7Pc5b3+/ashKdTnDbiF0VF8VE4rxaKTzl6e+Z8
  debug1: load_hostkeys: fopen /home/utente/.ssh/known_hosts2: No such file or
  directory
  debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts: No such file or
  directory
  debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts2: No such file or
  directory
  debug1: Host 'dominio.org' is known and matches the ED25519 host key.
  debug1: Found key in /home/utente/.ssh/known_hosts:343
  debug1: rekey out after 134217728 blocks
  debug1: SSH2_MSG_NEWKEYS sent
  debug1: expecting SSH2_MSG_NEWKEYS
  debug1: SSH2_MSG_NEWKEYS received
  debug1: rekey in after 134217728 blocks
  debug1: get_agent_identities: bound agent to hostkey
  debug1: get_agent_identities: agent returned 2 keys
  debug1: Will attempt key: /home/utente/.ssh/id_ed25519 ED25519
  SHA256:ID_DELLA_CHIAVE_ED25519 agent
  debug1: Will attempt key: /home/utente/.ssh/id_rsa RSA
  SHA256:ID_DELLA_CHIAVE_RSA agent
  debug1: Will attempt key: /home/utente/.ssh/id_ecdsa
  debug1: Will attempt key: /home/utente/.ssh/id_ecdsa_sk
  debug1: Will attempt key: /home/utente/.ssh/id_ed25519_sk
  debug1: Will attempt key: /home/utente/.ssh/id_xmss
  debug1: Will attempt key: /home/utente/.ssh/id_dsa
  debug1: SSH2_MSG_EXT_INFO received
  debug1: kex_input_ext_info:
  
server-sig-algs=<ssh-ed25519,sk-ssh-ed25...@openssh.com,ssh-rsa,rsa-sha2-256,rsa-sha2-512,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,sk-ecdsa-sha2-nistp...@openssh.com,webauthn-sk-ecdsa-sha2-nistp...@openssh.com>
  debug1: SSH2_MSG_SERVICE_ACCEPT received
  debug1: Authentications that can continue: publickey
  debug1: Next authentication method: publickey
  debug1: Offering public key: /home/utente/.ssh/id_ed25519 ED25519
  SHA256:ID_DELLA_CHIAVE_ED25519 agent
  debug1: Authentications that can continue: publickey
  debug1: Offering public key: /home/utente/.ssh/id_rsa RSA
  SHA256:ID_DELLA_CHIAVE_RSA agent
  debug1: Authentications that can continue: publickey
  debug1: Trying private key: /home/utente/.ssh/id_ecdsa
  debug1: Trying private key: /home/utente/.ssh/id_ecdsa_sk
  debug1: Trying private key: /home/utente/.ssh/id_ed25519_sk
  debug1: Trying private key: /home/utente/.ssh/id_xmss
  debug1: Trying private key: /home/utente/.ssh/id_dsa
  debug1: No more authentication methods to try.
  ute...@dominio.org: Permission denied (publickey).

Ovviamente le chiavi rsa e ed25519 sembrerebbero al loro posto sul server.