sftp chyba acess denited

Problematika Linuxu a ostatních operačních systémů (mimo Win)

Moderátor: Mods_senior

heavyblack1
Level 1
Level 1
Příspěvky: 57
Registrován: leden 15
Pohlaví: Muž

sftp chyba acess denited

Příspěvekod heavyblack1 » 12 led 2019 18:36

Ahoj mam problem s sftp chyba acess denited

heslo musi byt spravne jelikož jsem ho kopiroval ze správce hesel a žadny další uživatel mi taky přes sftp nefunguje
problem asi bude v konfiguraci
muj log
heavyblack@DESKTOP-8KITEGE:~$ ssh -vv nas@192.168.1.107
OpenSSH_7.6p1 Ubuntu-4ubuntu0.1, OpenSSL 1.0.2n 7 Dec 2017
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug2: resolving "192.168.1.107" port 22
debug2: ssh_connect_direct: needpriv 0
debug1: Connecting to 192.168.1.107 [192.168.1.107] port 22.
debug1: Connection established.
debug1: key_load_public: No such file or directory
debug1: identity file /home/heavyblack/.ssh/id_rsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/heavyblack/.ssh/id_rsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/heavyblack/.ssh/id_dsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/heavyblack/.ssh/id_dsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/heavyblack/.ssh/id_ecdsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/heavyblack/.ssh/id_ecdsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/heavyblack/.ssh/id_ed25519 type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/heavyblack/.ssh/id_ed25519-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_7.6p1 Ubuntu-4ubuntu0.1
debug1: Remote protocol version 2.0, remote software version OpenSSH_7.4p1 Raspbian-10+deb9u4
debug1: match: OpenSSH_7.4p1 Raspbian-10+deb9u4 pat OpenSSH* compat 0x04000000
debug2: fd 3 setting O_NONBLOCK
debug1: Authenticating to 192.168.1.107:22 as 'nas'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: local client KEXINIT proposal
debug2: KEX algorithms: curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c
debug2: host key algorithms: ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa
debug2: ciphers ctos: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
debug2: ciphers stoc: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
debug2: MACs ctos: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: MACs stoc: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: compression ctos: none,zlib@openssh.com,zlib
debug2: compression stoc: none,zlib@openssh.com,zlib
debug2: languages ctos:
debug2: languages stoc:
debug2: first_kex_follows 0
debug2: reserved 0
debug2: peer server KEXINIT proposal
debug2: KEX algorithms: curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1
debug2: host key algorithms: ssh-rsa,rsa-sha2-512,rsa-sha2-256,ecdsa-sha2-nistp256,ssh-ed25519
debug2: ciphers ctos: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
debug2: ciphers stoc: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
debug2: MACs ctos: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: MACs stoc: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: compression ctos: none,zlib@openssh.com
debug2: compression stoc: none,zlib@openssh.com
debug2: languages ctos:
debug2: languages stoc:
debug2: first_kex_follows 0
debug2: reserved 0
debug1: kex: algorithm: curve25519-sha256
debug1: kex: host key algorithm: ecdsa-sha2-nistp256
debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:JY1JWWNBfKrpHgQ2jUS+y7+xq6zwQn8S+06pqXA6WxE
debug1: Host '192.168.1.107' is known and matches the ECDSA host key.
debug1: Found key in /home/heavyblack/.ssh/known_hosts:1
debug2: set_newkeys: mode 1
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug2: set_newkeys: mode 0
debug1: rekey after 134217728 blocks
debug2: key: /home/heavyblack/.ssh/id_rsa ((nil))
debug2: key: /home/heavyblack/.ssh/id_dsa ((nil))
debug2: key: /home/heavyblack/.ssh/id_ecdsa ((nil))
debug2: key: /home/heavyblack/.ssh/id_ed25519 ((nil))
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<ssh-ed25519,ssh-rsa,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521>
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
Raspbian GNU/Linux 9
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: Trying private key: /home/heavyblack/.ssh/id_rsa
debug1: Trying private key: /home/heavyblack/.ssh/id_dsa
debug1: Trying private key: /home/heavyblack/.ssh/id_ecdsa
debug1: Trying private key: /home/heavyblack/.ssh/id_ed25519
debug2: we did not send a packet, disable method
debug1: Next authentication method: password
nas@192.168.1.107's password:
debug2: we sent a password packet, wait for reply
debug1: Authentications that can continue: publickey,password
Permission denied, please try again.
nas@192.168.1.107's password:

konfigurace
sshd_config:

# $OpenBSD: sshd_config,v 1.100 2016/08/15 12:32:04 naddy Exp $

# This is the sshd server system-wide configuration file. See
# sshd_config(5) for more information.

# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin

# The strategy used for options in the default sshd_config shipped with
# OpenSSH is to specify options with their default value where
# possible, but leave them commented. Uncommented options override the
# default value.

#port
Port 22

#AddressFamily any
#ListenAddress 0.0.0.0
#ListenAddress ::

#HostKey /etc/ssh/ssh_host_rsa_key
#HostKey /etc/ssh/ssh_host_ecdsa_key
#HostKey /etc/ssh/ssh_host_ed25519_key

# Ciphers and keying
#RekeyLimit default none

# Logging
#SyslogFacility AUTH
#LogLevel INFO

# Authentication:

#LoginGraceTime 2m
#PermitRootLogin prohibit-password
#StrictModes yes
#MaxAuthTries 6
#MaxSessions 10

#PubkeyAuthentication yes

# Expect .ssh/authorized_keys2 to be disregarded by default in future.
#AuthorizedKeysFile .ssh/authorized_keys .ssh/authorized_keys2

#AuthorizedPrincipalsFile none

#AuthorizedKeysCommand none
#AuthorizedKeysCommandUser nobody

# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
#HostbasedAuthentication no
# Change to yes if you don't trust ~/.ssh/known_hosts for
# HostbasedAuthentication
#IgnoreUserKnownHosts no
# Don't read the user's ~/.rhosts and ~/.shosts files
#IgnoreRhosts yes

# To disable tunneled clear text passwords, change to no here!
#PasswordAuthentication yes
#PermitEmptyPasswords no

# Change to yes to enable challenge-response passwords (beware issues with
# some PAM modules and threads)
ChallengeResponseAuthentication no

# Kerberos options
#KerberosAuthentication no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes
#KerberosGetAFSToken no

# GSSAPI options
#GSSAPIAuthentication no
#GSSAPICleanupCredentials yes
#GSSAPIStrictAcceptorCheck yes
#GSSAPIKeyExchange no

# Set this to 'yes' to enable PAM authentication, account processing,
# and session processing. If this is enabled, PAM authentication will
# be allowed through the ChallengeResponseAuthentication and
# PasswordAuthentication. Depending on your PAM configuration,
# PAM authentication via ChallengeResponseAuthentication may bypass
# the setting of "PermitRootLogin without-password".
# If you just want the PAM account and session checks to run without
# PAM authentication, then enable this but set PasswordAuthentication
# and ChallengeResponseAuthentication to 'no'.
UsePAM yes

#AllowAgentForwarding yes
#AllowTcpForwarding yes
#GatewayPorts no
X11Forwarding yes
#X11DisplayOffset 10
#X11UseLocalhost yes
#PermitTTY yes
PrintMotd yes
#PrintLastLog yes
#TCPKeepAlive yes
#UseLogin no
#UsePrivilegeSeparation sandbox
#PermitUserEnvironment no
#Compression delayed
#ClientAliveInterval 0
#ClientAliveCountMax 3
#UseDNS no
#PidFile /var/run/sshd.pid
#MaxStartups 10:30:100
#PermitTunnel no
#ChrootDirectory none
#VersionAddendum none

# PasswordAuthentication no
PermintRootLogin no

# no default banner path
#Banner none
Banner /etc/issue.net


# Allow client to pass locale environment variables
AcceptEnv LANG LC_*

# override default of no subsystems
Subsystem sftp /usr/lib/openssh/sftp-server

# Example of overriding settings on a per-user basis
#Match User anoncvs
# X11Forwarding no
# AllowTcpForwarding no
# PermitTTY no
# ForceCommand cvs server

AllowUsers heavyblack@192.168.1.103
AllowUsers nas@192.168.1.103
#DenyUsers pi

###########################

#DenyUsers pi
AllowUsers pi@192.168.1.103
Match User pi
PasswordAuthentication yes
###########################

Match User heavyblack
PasswordAuthentication no

Match User nas
ChrootDirectory /media/nas/
ForceCommand internal-sftp
X11Forwarding no
AllowTcpForwarding no
PasswordAuthentication yes


jinak uzival nas ma home directory na externim disku /media/nas rwxr-xr-x root root
ostatni uživatele maji home v /media/nas/nas
drwxrwxr-x 7 nas sftpusers 4,0K pro 28 17:55 nas/
Před nejakou dobou mi to fungovalo ale ted nevim proč to přestalo fungovat
děkuji za pomoc



Reklama
petr22
Guru Level 15
Guru Level 15
Příspěvky: 39564
Registrován: únor 12
Pohlaví: Muž

Re: sftp chyba acess denited

Příspěvekod petr22 » 12 led 2019 18:43

#PasswordAuthentication yes

Nemas povolene overovani pomoci hesla, umaz ten # na zacatku
a restartuj SSH server nebo PC.

heavyblack1
Level 1
Level 1
Příspěvky: 57
Registrován: leden 15
Pohlaví: Muž

Re: sftp chyba acess denited

Příspěvekod heavyblack1 » 12 led 2019 19:08

bohužel to nefunguje povolil jsem to globalně tak projednotlive uživatele přihlašovaní heslem a service ssh restart

petr22
Guru Level 15
Guru Level 15
Příspěvky: 39564
Registrován: únor 12
Pohlaví: Muž

Re: sftp chyba acess denited

Příspěvekod petr22 » 12 led 2019 19:16

Ted koukam ze je to tam dokonce 2x.

Ten config je nejaky zmateny, me prijde ze
mas autentifikaci heslem povolenou jen pro uzivatele
pi a ne pro uzivatele nas.

To je Raspberry ?

heavyblack1
Level 1
Level 1
Příspěvky: 57
Registrován: leden 15
Pohlaví: Muž

Re: sftp chyba acess denited

Příspěvekod heavyblack1 » 12 led 2019 19:42

ano je to raspberry pi chtěl jsem nastavit aby uzivatel heavyblack se mohl přihlasit pouze přes ssh klič sftp uživatele heslem a pouze ze specificke ip to co si mi poradil tak mi přihlašeni pro heavyblack funguje pomoci hesla ale pro nas stale ne

petr22
Guru Level 15
Guru Level 15
Příspěvky: 39564
Registrován: únor 12
Pohlaví: Muž

Re: sftp chyba acess denited

Příspěvekod petr22 » 12 led 2019 19:45

Rekl bych ze toto je tvuj problem:

Match User heavyblack
PasswordAuthentication no

Zmen to na yes nebo umaz celou radku PasswordAuthentication no.

Nahore to povolujes globalne, dole zakazujes pro jednotlive uzivatele.

heavyblack1
Level 1
Level 1
Příspěvky: 57
Registrován: leden 15
Pohlaví: Muž

Re: sftp chyba acess denited

Příspěvekod heavyblack1 » 12 led 2019 21:00

jenže ja jsem to přepsal na PasswordAuthentication yes u všeho i odstranění duplicit nepomohlo to lze se přihlasit heavyblack pi heslem přes sftp ale na nas přes sftp ne
tak mam podezření že chyba bude že uživatel nas ma home na externim hdd /media/nas ktery je root root rwxr-xr-x
Jo a je ssh haklive na nastavení prav home directory nebo ne?


groupadd -g 1010 nas
groupadd -g 1020 sftpusers
useradd nas -m -G dialout,cdrom,audio,video,plugdev,games,users,input,netdev,gpio,i2c,spi,sftpusers -u 1010 -g 1010 -s /bin/bash -d /media/nas/
a v sshd_config
ChrootDirectory /media/nas/

petr22
Guru Level 15
Guru Level 15
Příspěvky: 39564
Registrován: únor 12
Pohlaví: Muž

Re: sftp chyba acess denited

Příspěvekod petr22 » 12 led 2019 21:07

Uzivatel musi mit pristup do slozky kde ma domovsky adresar.

Kdyz se prihlasis lokalnena uzivatele nas, dostanes se tam ?


  • Mohlo by vás zajímat
    Odpovědi
    Zobrazení
    Poslední příspěvek
  • Chyba zařízení I/O
    od Tomas_2002 » 17 úno 2019 16:37 » v Problémy s hardwarem
    4
    479
    od Tomas_2002
    17 úno 2019 19:58
  • Chyba 0xc0000007E
    od neo31 » 04 led 2019 16:04 » v BSOD (Blue Screen Of Death)
    5
    837
    od adavyp
    05 led 2019 10:46
  • Chyba ve smlouvě?
    od davsto » 31 říj 2019 20:45 » v Vše ostatní (Off topic)
    2
    960
    od mmmartin
    31 říj 2019 23:39
  • Chyba v systému
    od LukyGTgames » 24 úno 2019 20:47 » v Mobily, tablety a jiná přenosná zařízení
    0
    643
    od LukyGTgames
    24 úno 2019 20:47
  • Chyba aktualizace 0x800703f1
    od Rejsek » 05 lis 2019 11:24 » v Windows 10, 8, 7, Vista, XP…
    10
    346
    od Rejsek
    05 lis 2019 16:53

Zpět na “LiNuX a ostatní alternativní OS”

Kdo je online

Uživatelé prohlížející si toto fórum: CommonCrawl [Bot] a 7 hostů