由买买提看人间百态

boards

本页内容为未名空间相应帖子的节选和存档,一周内的贴子最多显示50字,超过一周显示500字 访问原贴
Programming版 - 没有home的user怎么实现无密码访问?
相关主题
问一道狗狗网管面试题 (转载)能不能这样存密码
How to Parsing function in haskell?RESTful设计几个问题
parsing bibliography and sorting (转载)怎么在源代码内加入不可删除的版权信息?
问java api的问题有人试过把HTTPS的certificate从SHA1转换到SHA2吗?
parsing file in node: js or python ?怎么生成Certificate Signing Request (CSR)?
请教一个parser的问题GIT的rebase和merge到底有啥不同?
请教一个优化问题怎么找到hash和原文的关系?
nkw,nowhere7, 请问你们用F#是做什么应用的?[bssd]我现在有个难题
相关话题的讨论汇总
话题: debug3话题: debug1话题: debug2话题: ssh话题: ignored
进入Programming版参与讨论
1 (共1页)
n******7
发帖数: 12463
1
需要传数据到一个ftp site
我的用户没有自己的home dir
我记得这是配置ftp服务的时候指定的,只有一个假的home
控制用户权限
每次登陆就redirect到/
我能有写权限的目录只是..../pub/incoming/
这样的情况下,能配置ssh服务,用key pair来无密码访问吗?
M*P
发帖数: 6456
2
你自己建一个authorize_keys 试验一下不就好了?

【在 n******7 的大作中提到】
: 需要传数据到一个ftp site
: 我的用户没有自己的home dir
: 我记得这是配置ftp服务的时候指定的,只有一个假的home
: 控制用户权限
: 每次登陆就redirect到/
: 我能有写权限的目录只是..../pub/incoming/
: 这样的情况下,能配置ssh服务,用key pair来无密码访问吗?

n******7
发帖数: 12463
3
建到哪里?
我在/不能写
难道丢到incoming?


: 你自己建一个authorize_keys 试验一下不就好了?



【在 M*P 的大作中提到】
: 你自己建一个authorize_keys 试验一下不就好了?
M*P
发帖数: 6456
4
在那个incoming folder里放
./.ssh/authorized_keys
不知道SSH是直接看当前folder还是home folder的这个文件,你试一下就知道了。

【在 n******7 的大作中提到】
: 建到哪里?
: 我在/不能写
: 难道丢到incoming?
:
:
: 你自己建一个authorize_keys 试验一下不就好了?
:

n******7
发帖数: 12463
5
试了,不行
这整个过程是 ssh 登录 -> 没有/home/nowhere7 -> 跳到 / -> cd ../pub/incoming
/silent hill/
最后的目录是个group folder,一组人都可以写
ssh怎么也不可能通过check最后这个folder来验证登录吧
除非让admin这么设
好像这种情况只能用sshpass了?都说这个太不安全了
如果能让passwd加密的话,跟手输密码的安全度就相当了吧?

【在 M*P 的大作中提到】
: 在那个incoming folder里放
: ./.ssh/authorized_keys
: 不知道SSH是直接看当前folder还是home folder的这个文件,你试一下就知道了。

n******7
发帖数: 12463
6
想了一个土办法
一开始run的时候从stdin读入密码
存到一个变量里面
然后
方案1: 每次需要输入密码的时候模拟stdin输入这个密码
方案2: 把密码bake到某个函数里面 这个函数再通过pipe把密码传给rsync
最终是保证密码不要明文出现在shell命令行,被ps或者log 文件捕获
这样跟手输密码差不多安全吧
p******g
发帖数: 347
7
turn on full debug with ssh -vvvv to see what's wrong.

incoming

【在 n******7 的大作中提到】
: 试了,不行
: 这整个过程是 ssh 登录 -> 没有/home/nowhere7 -> 跳到 / -> cd ../pub/incoming
: /silent hill/
: 最后的目录是个group folder,一组人都可以写
: ssh怎么也不可能通过check最后这个folder来验证登录吧
: 除非让admin这么设
: 好像这种情况只能用sshpass了?都说这个太不安全了
: 如果能让passwd加密的话,跟手输密码的安全度就相当了吧?

c**o
发帖数: 56
8


【在 n******7 的大作中提到】
: 需要传数据到一个ftp site
: 我的用户没有自己的home dir
: 我记得这是配置ftp服务的时候指定的,只有一个假的home
: 控制用户权限
: 每次登陆就redirect到/
: 我能有写权限的目录只是..../pub/incoming/
: 这样的情况下,能配置ssh服务,用key pair来无密码访问吗?

n******7
发帖数: 12463
9
基本就是试了一堆方法,最后只能password
然后chdir /home/nowhere7/失败
ssh -vvvv [email protected]/* */
OpenSSH_6.7p1 Debian-5, OpenSSL 1.0.1t 3 May 2016
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug2: ssh_connect: needpriv 0
debug1: Connecting to ftp.mitbbs.com [8.8.8.8] port 22.
debug1: Connection established.
debug1: identity file /home/nowhere7/.ssh/id_rsa type 1
debug1: key_load_public: No such file or directory
debug1: identity file /home/nowhere7/.ssh/id_rsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/nowhere7/.ssh/id_dsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/nowhere7/.ssh/id_dsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/nowhere7/.ssh/id_ecdsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/nowhere7/.ssh/id_ecdsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/nowhere7/.ssh/id_ed25519 type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/nowhere7/.ssh/id_ed25519-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.7p1 Debian-5
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.3
debug1: match: OpenSSH_5.3 pat OpenSSH_5* compat 0x0c000000
debug2: fd 3 setting O_NONBLOCK
debug3: load_hostkeys: loading entries for host "ftp.mitbbs.com" from file "
/home/nowhere7/.ssh/known_hosts"
debug3: load_hostkeys: found key type RSA in file /home/nowhere7/.ssh/known_
hosts:7
debug3: load_hostkeys: loaded 1 keys
debug3: order_hostkeyalgs: prefer hostkeyalgs: [email protected]/* */,
[email protected]/* */,ssh-rsa
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit: [email protected]/* */,ecdh-sha2-nistp256,
ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,
diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1,diffie-
hellman-group1-sha1
debug2: kex_parse_kexinit: [email protected]/* */,ssh-rsa-cert-v00@
openssh.com,ssh-rsa,[email protected]/* */,ecdsa-sha2-
[email protected]/* */,[email protected]/* */,ssh-
[email protected]/* */,[email protected]/* */,ssh-dss-cert-v00@
openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-
ed25519,ssh-dss
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@
openssh.com,[email protected]/* */,[email protected]/* */,arcfour256,
arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-
cbc,arcfour,[email protected]/* */
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@
openssh.com,[email protected]/* */,[email protected]/* */,arcfour256,
arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-
cbc,arcfour,[email protected]/* */
debug2: kex_parse_kexinit: [email protected]/* */,[email protected]/* */,
[email protected]/* */,[email protected]/* */,hmac-sha1-etm@
openssh.com,[email protected]/* */,[email protected]/* */,hmac-sha2-256,hmac-sha2
-512,hmac-sha1,[email protected]/* */,[email protected]/* */,hmac-
[email protected]/* */,[email protected]/* */,hmac-md5,hmac-ripemd160,
[email protected]/* */,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: [email protected]/* */,[email protected]/* */,
[email protected]/* */,[email protected]/* */,hmac-sha1-etm@
openssh.com,[email protected]/* */,[email protected]/* */,hmac-sha2-256,hmac-sha2
-512,hmac-sha1,[email protected]/* */,[email protected]/* */,hmac-
[email protected]/* */,[email protected]/* */,hmac-md5,hmac-ripemd160,
[email protected]/* */,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,[email protected]/* */,zlib
debug2: kex_parse_kexinit: none,[email protected]/* */,zlib
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-
hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-
group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,
arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-
cbc,arcfour,[email protected]/* */
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,
arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-
cbc,arcfour,[email protected]/* */
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,[email protected]/* */,hmac-sha2-
256,hmac-sha2-512,hmac-ripemd160,[email protected]/* */,hmac-sha1-96,
hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,[email protected]/* */,hmac-sha2-
256,hmac-sha2-512,hmac-ripemd160,[email protected]/* */,hmac-sha1-96,
hmac-md5-96
debug2: kex_parse_kexinit: none,[email protected]/* */
debug2: kex_parse_kexinit: none,[email protected]/* */
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: mac_setup: setup [email protected]/* */
debug1: kex: server->client aes128-ctr [email protected]/* */ none
debug2: mac_setup: setup [email protected]/* */
debug1: kex: client->server aes128-ctr [email protected]/* */ none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<3072<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug2: bits set: 1579/3072
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Server host key: RSA xx:xx:xx:xx:xx
debug3: load_hostkeys: loading entries for host "ftp.mitbbs.com" from file "
/home/nowhere7/.ssh/known_hosts"
debug3: load_hostkeys: found key type RSA in file /home/nowhere7/.ssh/known_
hosts:7
debug3: load_hostkeys: loaded 1 keys
debug3: load_hostkeys: loading entries for host "8.8.8.8" from file "/home/
nowhere7/.ssh/known_hosts"
debug3: load_hostkeys: found key type RSA in file /home/nowhere7/.ssh/known_
hosts:8
debug3: load_hostkeys: loaded 1 keys
debug1: Host 'ftp.mitbbs.com' is known and matches the RSA host key.
debug1: Found key in /home/nowhere7/.ssh/known_hosts:7
debug2: bits set: 1582/3072
debug2: kex_derive_keys
debug2: set_newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug2: set_newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug2: key: /home/nowhere7/.ssh/id_rsa (0x9df7923c11ae8),
debug2: key: /home/nowhere7/.ssh/id_dsa ((nil)),
debug2: key: /home/nowhere7/.ssh/id_ecdsa ((nil)),
debug2: key: /home/nowhere7/.ssh/id_ed25519 ((nil)),
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-
with-mic,password
debug3: start over, passed a different list publickey,gssapi-keyex,gssapi-
with-mic,password
debug3: preferred gssapi-keyex,gssapi-with-mic,publickey,keyboard-
interactive,password
debug3: authmethod_lookup gssapi-keyex
debug3: remaining preferred: gssapi-with-mic,publickey,keyboard-interactive,
password
debug3: authmethod_is_enabled gssapi-keyex
debug1: Next authentication method: gssapi-keyex
debug1: No valid Key exchange context
debug2: we did not send a packet, disable method
debug3: authmethod_lookup gssapi-with-mic
debug3: remaining preferred: publickey,keyboard-interactive,password
debug3: authmethod_is_enabled gssapi-with-mic
debug1: Next authentication method: gssapi-with-mic
debug1: Unspecified GSS failure. Minor code may provide more information
No Kerberos credentials available
debug1: Unspecified GSS failure. Minor code may provide more information
No Kerberos credentials available
debug1: Unspecified GSS failure. Minor code may provide more information
debug1: Unspecified GSS failure. Minor code may provide more information
No Kerberos credentials available
debug2: we did not send a packet, disable method
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /home/nowhere7/.ssh/id_rsa
debug3: send_pubkey_test
debug2: we sent a publickey packet, wait for reply
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-
with-mic,password
debug1: Trying private key: /home/nowhere7/.ssh/id_dsa
debug3: no such identity: /home/nowhere7/.ssh/id_dsa: No such file or
directory
debug1: Trying private key: /home/nowhere7/.ssh/id_ecdsa
debug3: no such identity: /home/nowhere7/.ssh/id_ecdsa: No such file or
directory
debug1: Trying private key: /home/nowhere7/.ssh/id_ed25519
debug3: no such identity: /home/nowhere7/.ssh/id_ed25519: No such file or
directory
debug2: we did not send a packet, disable method
debug3: authmethod_lookup password
debug3: remaining preferred: ,password
debug3: authmethod_is_enabled password
debug1: Next authentication method: password
[email protected]/* */'s password:
debug2: we sent a password packet, wait for reply
debug1: Authentication succeeded (password).
Authenticated to ftp.mitbbs.com ([86.113.120.32]:22).
debug1: channel 0: new [client-session]
debug3: ssh_session2_open: channel_new: 0
debug2: channel 0: send open
debug1: Requesting [email protected]/* */
debug1: Entering interactive session.
debug2: callback start
debug2: fd 3 setting TCP_NODELAY
debug3: packet_set_tos: set IP_TOS 0x10
debug2: client_session2_setup: id 0
debug2: channel 0: request pty-req confirm 1
debug1: Sending environment.
debug3: Ignored env XDG_VTNR
debug3: Ignored env SSH_AGENT_PID
debug3: Ignored env XDG_SESSION_ID
debug3: Ignored env XDG_GREETER_DATA_DIR
debug3: Ignored env GPG_AGENT_INFO
debug3: Ignored env TERM
debug3: Ignored env SHELL
debug3: Ignored env VTE_VERSION
debug3: Ignored env GJS_DEBUG_OUTPUT
debug3: Ignored env WINDOWID
debug3: Ignored env GJS_DEBUG_TOPICS
debug3: Ignored env USER
debug3: Ignored env LS_COLORS
debug3: Ignored env XDG_SESSION_PATH
debug3: Ignored env XDG_SEAT_PATH
debug3: Ignored env SSH_AUTH_SOCK
debug3: Ignored env SESSION_MANAGER
debug3: Ignored env PATH
debug3: Ignored env DESKTOP_SESSION
debug3: Ignored env PWD
debug3: Ignored env JAVA_HOME
debug1: Sending env LANG = en_US.UTF-8
debug2: channel 0: request env confirm 0
debug3: Ignored env GDM_LANG
debug3: Ignored env GDMSESSION
debug3: Ignored env CINNAMON_VERSION
debug3: Ignored env SHLVL
debug3: Ignored env XDG_SEAT
debug3: Ignored env HOME
debug3: Ignored env GNOME_DESKTOP_SESSION_ID
debug3: Ignored env LOGNAME
debug3: Ignored env XDG_DATA_DIRS
debug3: Ignored env DBUS_SESSION_BUS_ADDRESS
debug3: Ignored env XDG_RUNTIME_DIR
debug3: Ignored env DISPLAY
debug3: Ignored env XDG_CURRENT_DESKTOP
debug3: Ignored env XAUTHORITY
debug3: Ignored env _
debug2: channel 0: request shell confirm 1
debug2: callback done
debug2: channel 0: open confirm rwindow 0 rmax 32768
debug2: channel_input_status_confirm: type 99 id 0
debug2: PTY allocation request accepted on channel 0
debug2: channel 0: rcvd adjust 2285152
debug2: channel_input_status_confirm: type 99 id 0
debug2: shell request accepted on channel 0
Last login: Tue Aug 16 22:39:11 2016 from vpn.mitbbs.com
Could not chdir to home directory /home/nowhere7: No such file or directory

【在 p******g 的大作中提到】
: turn on full debug with ssh -vvvv to see what's wrong.
:
: incoming

d****n
发帖数: 1637
10
run ftpd using a dedicated account.
then everyone uploading through ftp service will share that user's
permissions.
p******g
发帖数: 347
11
================================================================debug3:
authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /home/nowhere7/.ssh/id_rsa
debug3: send_pubkey_test
debug2: we sent a publickey packet, wait for reply
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-
with-mic,password
debug1: Trying private key: /home/nowhere7/.ssh/id_dsa
debug3: no such identity: /home/nowhere7/.ssh/id_dsa: No such file or
directory
debug1: Trying private key: /home/nowhere7/.ssh/id_ecdsa
debug3: no such identity: /home/nowhere7/.ssh/id_ecdsa: No such file or
directory
debug1: Trying private key: /home/nowhere7/.ssh/id_ed25519
debug3: no such identity: /home/nowhere7/.ssh/id_ed25519: No such file or
directory
debug2: we did not send a packet, disable method
================================================================
these lines looks suspicious. r u sure u have both id_rsa and id_rsa.pub in
your local pc's $HOME/.ssh and r u sure the .ssh has the correct mode?
also try to turn on the sshd's full debug in the ftp site to see the server
side logs. make sure u have ssh/sftp configured properly in ur ftp site. and
i am sure there can be an option in the sshd config to direct to a
different authorized key location.

【在 n******7 的大作中提到】
: 基本就是试了一堆方法,最后只能password
: 然后chdir /home/nowhere7/失败
: ssh -vvvv [email protected]/* */
: OpenSSH_6.7p1 Debian-5, OpenSSL 1.0.1t 3 May 2016
: debug1: Reading configuration data /etc/ssh/ssh_config
: debug1: /etc/ssh/ssh_config line 19: Applying options for *
: debug2: ssh_connect: needpriv 0
: debug1: Connecting to ftp.mitbbs.com [8.8.8.8] port 22.
: debug1: Connection established.
: debug1: identity file /home/nowhere7/.ssh/id_rsa type 1

n******7
发帖数: 12463
12
我知道可以指定不同的ssh config location
问题是这不是我的ftp site
我没有root权限,也不能访问我的$HOME: /home/nowhere7/
不然就简单了...

【在 p******g 的大作中提到】
: ================================================================debug3:
: authmethod_is_enabled publickey
: debug1: Next authentication method: publickey
: debug1: Offering RSA public key: /home/nowhere7/.ssh/id_rsa
: debug3: send_pubkey_test
: debug2: we sent a publickey packet, wait for reply
: debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-
: with-mic,password
: debug1: Trying private key: /home/nowhere7/.ssh/id_dsa
: debug3: no such identity: /home/nowhere7/.ssh/id_dsa: No such file or

p******g
发帖数: 347
13
this line: debug3: no such identity: /home/nowhere7/.ssh/id_dsa: No such
file or directory
it tells me ssh is looking for the private key in ur local machine and it
didn't find it. the private key is in ur LOCAL pc, not in the ftp site, and
your local ssh complains it is missing.
check if the file exist, if the key file has the right mode, and .ssh should
have the right mode, too.

【在 n******7 的大作中提到】
: 我知道可以指定不同的ssh config location
: 问题是这不是我的ftp site
: 我没有root权限,也不能访问我的$HOME: /home/nowhere7/
: 不然就简单了...

1 (共1页)
进入Programming版参与讨论
相关主题
[bssd]我现在有个难题parsing file in node: js or python ?
Test 一个 number 是否prime 比较好的办法是什么?请教一个parser的问题
随便问一下请教一个优化问题
这么好的帖子没人转?nkw,nowhere7, 请问你们用F#是做什么应用的?
问一道狗狗网管面试题 (转载)能不能这样存密码
How to Parsing function in haskell?RESTful设计几个问题
parsing bibliography and sorting (转载)怎么在源代码内加入不可删除的版权信息?
问java api的问题有人试过把HTTPS的certificate从SHA1转换到SHA2吗?
相关话题的讨论汇总
话题: debug3话题: debug1话题: debug2话题: ssh话题: ignored