<html><body><div style="color:#000; background-color:#fff; font-family:arial, helvetica, sans-serif;font-size:10pt"><div style="font-family: arial, helvetica, sans-serif; font-size: 10pt; "><span>Ciao a tutti,</span></div><div style="font-family: arial, helvetica, sans-serif; font-size: 10pt; "><span> ho un server Ubuntu 10.04 che ho configurato per un sito web, </span><span style="font-size: 10pt; ">e sto</span></div><div style="font-family: arial, helvetica, sans-serif; font-size: 10pt; "><span style="font-size: 10pt; ">cercando di venire a capo di un piccolo ma fastidioso problema con</span></div><div style="font-family: arial, helvetica, sans-serif; font-size: 10pt; "><span style="font-size: 10pt; ">ssh.</span></div><div style="font-family: arial, helvetica, sans-serif; font-size: 10pt; "><span style="font-size: 10pt; "><br></span></div><div style="font-family: arial, helvetica, sans-serif; font-size: 10pt; "><span style="font-size: 10pt;
">L'ho configurato per utilizzare una porta diversa dalla 22 e disabilitato</span></div><div style="font-family: arial, helvetica, sans-serif; font-size: 10pt; "><span style="font-size: 10pt; ">il login per root, ma per il resto ho lasciato la configurazione di default.</span></div><div style="font-family: arial, helvetica, sans-serif; font-size: 10pt; "><span style="font-size: 10pt; ">La cosa "strana" é che riesco a fare il login con Putty (sia su Win che</span></div><div style="font-family: arial, helvetica, sans-serif; font-size: 10pt; "><span style="font-size: 10pt; ">linux, ma non Mac), ma non da riga di comando con ssh. Di seguito i</span></div><div style="font-family: arial, helvetica, sans-serif; font-size: 10pt; "><span style="font-size: 10pt; ">vari file di configurazione e l'errore che ho quando provo a loggarmi.</span></div><div style="font-family: arial, helvetica, sans-serif; font-size: 10pt; "><span style="font-size: 10pt;
"><br></span></div><div style="font-family: arial, helvetica, sans-serif; font-size: 10pt; "><span style="font-size: 10pt; ">Versione di SSH sul server</span></div><div style="font-family: arial, helvetica, sans-serif; font-size: 10pt; "><span style="font-size: 13px; ">OpenSSH_5.3p1 Debian-3ubuntu7, OpenSSL 0.9.8k 25 Mar 2009</span><br></div><div style="font-family: arial, helvetica, sans-serif; font-size: 10pt; "><span style="font-size: 10pt; "><br></span></div><div style="font-family: arial, helvetica, sans-serif; font-size: 10pt; "><span style="font-size: 10pt; ">sshd_config</span></div><div style="font-family: arial, helvetica, sans-serif; font-size: 10pt; "><span style="font-size: small; "># Package generated configuration file</span><br></div><div><span><font size="2"><div># See the sshd_config(5) manpage for details</div><div><br></div><div># What ports, IPs and protocols we listen for</div><div>Port xxxx</div><div># Use these options to restrict
which interfaces/protocols sshd will bind to</div><div>#ListenAddress ::</div><div>#ListenAddress 0.0.0.0</div><div>Protocol 2</div><div># HostKeys for protocol version 2</div><div>HostKey /etc/ssh/ssh_host_rsa_key</div><div>HostKey /etc/ssh/ssh_host_dsa_key</div><div>#Privilege Separation is turned on for security</div><div>UsePrivilegeSeparation yes</div><div><br></div><div># Lifetime and size of ephemeral version 1 server key</div><div>KeyRegenerationInterval 3600</div><div>ServerKeyBits 768</div><div><br></div><div># Logging</div><div>SyslogFacility AUTH</div><div>LogLevel INFO</div><div><br></div><div># Authentication:</div><div>LoginGraceTime 120</div><div>PermitRootLogin no</div><div>StrictModes yes</div><div><br></div><div>RSAAuthentication yes</div><div>PubkeyAuthentication yes</div><div>#AuthorizedKeysFile %h/.ssh/authorized_keys</div><div><br></div><div># Don't read the user's ~/.rhosts and ~/.shosts files</div><div>IgnoreRhosts
yes</div><div># For this to work you will also need host keys in /etc/ssh_known_hosts</div><div>RhostsRSAAuthentication no</div><div># similar for protocol version 2</div><div>HostbasedAuthentication no</div><div># Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication</div><div>#IgnoreUserKnownHosts yes</div><div><br></div><div># To enable empty passwords, change to yes (NOT RECOMMENDED)</div><div>PermitEmptyPasswords no</div><div><br></div><div># Change to yes to enable challenge-response passwords (beware issues with</div><div># some PAM modules and threads)</div><div>ChallengeResponseAuthentication no</div><div><br></div><div># Change to no to disable tunnelled clear text passwords</div><div>#PasswordAuthentication yes</div><div><br></div><div># Kerberos options</div><div>#KerberosAuthentication no</div><div>#KerberosGetAFSToken no</div><div>#KerberosOrLocalPasswd yes</div><div>#KerberosTicketCleanup
yes</div><div><br></div><div># GSSAPI options</div><div>#GSSAPIAuthentication no</div><div>#GSSAPICleanupCredentials yes</div><div><br></div><div>X11Forwarding yes</div><div>X11DisplayOffset 10</div><div>PrintMotd no</div><div>PrintLastLog yes</div><div>TCPKeepAlive yes</div><div>#UseLogin no</div><div><br></div><div>#MaxStartups 10:30:60</div><div>#Banner /etc/issue.net</div><div><br></div><div># Allow client to pass locale environment variables</div><div>AcceptEnv LANG LC_*</div><div><br></div><div>Subsystem sftp internal-sftp</div><div>#Subsystem sftp internal-sftp</div><div><br></div><div># Set this to 'yes' to enable PAM authentication, account processing,</div><div># and session processing. If this is enabled, PAM authentication will</div><div># be allowed through the ChallengeResponseAuthentication and</div><div># PasswordAuthentication. Depending on your PAM configuration,</div><div># PAM authentication via ChallengeResponseAuthentication
may bypass</div><div># the setting of "PermitRootLogin without-password".</div><div># If you just want the PAM account and session checks to run without</div><div># PAM authentication, then enable this but set PasswordAuthentication</div><div># and ChallengeResponseAuthentication to 'no'.</div><div>UsePAM yes</div><div><br></div><div>Match Group sftp-www</div><div>ChrootDirectory /var/wwwroot</div><div> ForceCommand internal-sftp</div><div> AllowTCPForwarding no</div><div><br></div><div>Messaggio di errore in auth.log</div><div>Aug 14 01:11:37 bridesmat sshd[1855]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=xxx.xxx.xxx.xxx user=admin<br></div><div><div>Aug 14 01:11:38 bridesmat sshd[1855]: Failed password for admin from
xxx.xxx.xxx.xxx port 49584 ssh2</div><div><br></div><div>Log del comando ssh quando provo a connettermi:</div><div><div>OpenSSH_5.6p1, OpenSSL 0.9.8r 8 Feb 2011<br></div><div>debug1: Reading configuration data /etc/ssh_config</div><div>debug1: Applying options for *</div><div>debug1: Connecting to xxx.xxx.xxx.xxx [xxx.xxx.xxx.xxx] port xxx.</div><div>debug1: Connection established.</div><div>debug1: identity file /Users/utente/.ssh/id_rsa type -1</div><div>debug1: identity file /Users/utente/.ssh/id_rsa-cert type -1</div><div>debug1: identity file /Users/utente/.ssh/id_dsa type -1</div><div>debug1: identity file /Users/utente/.ssh/id_dsa-cert type -1</div><div>debug1: Remote protocol version 2.0, remote software version OpenSSH_5.3p1 Debian-3ubuntu7</div><div>debug1: match: OpenSSH_5.3p1 Debian-3ubuntu7 pat OpenSSH*</div><div>debug1: Enabling compatibility mode for protocol 2.0</div><div>debug1: Local version string
SSH-2.0-OpenSSH_5.6</div><div>debug1: SSH2_MSG_KEXINIT sent</div><div>debug1: SSH2_MSG_KEXINIT received</div><div>debug1: kex: server->client aes128-ctr hmac-md5 none</div><div>debug1: kex: client->server aes128-ctr hmac-md5 none</div><div>debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent</div><div>debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP</div><div>debug1: SSH2_MSG_KEX_DH_GEX_INIT sent</div><div>debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY</div><div>debug1: Host '[xxx.xxx.xxx.xxx]:xxxx' is known and matches the RSA host key.</div><div>debug1: Found key in /Users/utente/.ssh/known_hosts:1</div><div>debug1: ssh_rsa_verify: signature correct</div><div>debug1: SSH2_MSG_NEWKEYS sent</div><div>debug1: expecting SSH2_MSG_NEWKEYS</div><div>debug1: SSH2_MSG_NEWKEYS received</div><div>debug1: Roaming not allowed by server</div><div>debug1: SSH2_MSG_SERVICE_REQUEST sent</div><div>debug1: SSH2_MSG_SERVICE_ACCEPT received</div><div>debug1:
Authentications that can continue: publickey,password</div><div>debug1: Next authentication method: publickey</div><div>debug1: Trying private key: /Users/utente/.ssh/id_rsa</div><div>debug1: Trying private key: /Users/utente/.ssh/id_dsa</div><div>debug1: Next authentication method: password</div><div>admin@xxx.xxx.xxx.xxx's password: </div><div>debug1: Authentications that can continue: publickey,password</div><div>Permission denied, please try again.</div></div></div></font></span></div><div style="font-family: arial, helvetica, sans-serif; font-size: 10pt; "><span style="font-size: 10pt; "><br></span></div><div style="font-family: arial, helvetica, sans-serif; font-size: 10pt; "><span style="font-size: 10pt; ">Come dicevo, con la stessa identica configurazione, utente e password,</span></div><div style="font-family: arial, helvetica, sans-serif; font-size: 10pt; "><span style="font-size: 10pt; ">con Putty funziona tutto liscio.</span></div><div
style="font-family: arial, helvetica, sans-serif; font-size: 10pt; "><span style="font-size: 10pt; "><br></span></div><div style="font-family: arial, helvetica, sans-serif; font-size: 10pt; "><span style="font-size: 10pt; ">So anche che sarebbe meglio preferire l'autorizzazione tramite chiave,</span></div><div style="font-family: arial, helvetica, sans-serif; font-size: 10pt; "><span style="font-size: 10pt; ">ed é quello che faró, peró volevo prima venire a capo di questo arcano.</span></div><div style="font-family: arial, helvetica, sans-serif; font-size: 10pt; "><span style="font-size: 10pt; "><br></span></div><div style="font-family: arial, helvetica, sans-serif; font-size: 10pt; "><span style="font-size: 10pt; ">Se riusciamo a risolvere questo, poi avrei la seconda parte (relativa ad</span></div><div style="font-family: arial, helvetica, sans-serif; font-size: 10pt; "><span style="font-size: 10pt; ">sftp :-)).</span></div><div style="font-family:
arial, helvetica, sans-serif; font-size: 10pt; "><span style="font-size: 10pt; "><br></span></div><div style="font-family: arial, helvetica, sans-serif; font-size: 10pt; "><span style="font-size: 10pt; ">Come al solito, grazie a tutti in anticipo per l'aiuto!</span></div><div style="font-family: arial, helvetica, sans-serif; font-size: 10pt; "><span style="font-size: 10pt; "> </span></div><div style="font-family: arial, helvetica, sans-serif; font-size: 10pt; ">-- </div><div style="font-family: arial, helvetica, sans-serif; font-size: 10pt; ">Marco</div></div></body></html>