«С пятницы ничего не изменилось.» Но см. Ниже. Сегодня утром (!) Bitbucket.org отклоняет мою попытку ssh
с:
Connection blocked because server only allows public key authentication.
Please contact your network administrator.
Я последовал другому предложению и попробовал ssh -Tv git@bitbucket.org
(это идентификатор пользователя, показанный git remote -v
, и в выходных данных увидел эту странность:
Редактировать: Вот полный выход:
$ ssh-agent
SSH_AUTH_SOCK=/tmp/ssh-F8PhcLGt2yVB/agent.11836; export SSH_AUTH_SOCK;
SSH_AGENT_PID=11837; export SSH_AGENT_PID;
echo Agent pid 11837;
$ ssh -Tv git@bitbucket.org
OpenSSH_7.6p1 Ubuntu-4ubuntu0.3, OpenSSL 1.0.2n 7 Dec 2017
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug1: Connecting to bitbucket.org [18.205.93.0] port 22.
debug1: Connection established.
debug1: identity file /home/mike/.ssh/id_rsa type 0
debug1: key_load_public: No such file or directory
debug1: identity file /home/mike/.ssh/id_rsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/mike/.ssh/id_dsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/mike/.ssh/id_dsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/mike/.ssh/id_ecdsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/mike/.ssh/id_ecdsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/mike/.ssh/id_ed25519 type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/mike/.ssh/id_ed25519-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_7.6p1 Ubuntu-4ubuntu0.3
debug1: Remote protocol version 2.0, remote software version conker_31073e5a11 app-191
debug1: no match: conker_31073e5a11 app-191
debug1: Authenticating to bitbucket.org:22 as 'git'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: curve25519-sha256@libssh.org
debug1: kex: host key algorithm: ssh-rsa
debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ssh-rsa SHA256:6tASx4IX+FSngemFsQuAIyt0aQ/+fMAyzXBRWRajoBM
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the RSA key sent by the remote host is
SHA256:6tASx4IX+FSngemFsQuAIyt0aQ/+fMAyzXBRWRajoBM.
Please contact your system administrator.
Add correct host key in /home/mike/.ssh/known_hosts to get rid of this message.
Offending RSA key in /home/mike/.ssh/known_hosts:2
remove with:
ssh-keygen -f "/home/mike/.ssh/known_hosts" -R "bitbucket.org"
RSA host key for bitbucket.org has changed and you have requested strict checking.
Host key verification failed.
Однако: каталог .ssh
существует , его разрешения: -r--------
, id_rsa
( и id_rsa.pub
) оба файла существуют, и их права доступа также являются правильными. ssh-agent
был перезапущен.
ls -ld /home/mike/.ssh/id_rsa
-r-------- 1 mike mike 1679 Oct 24 10:41 /home/mike/.ssh/id_rsa
(notice the date ... many months ago ... correct)
cat /home/mike/.ssh/id_rsa
(the correct private key is displayed ...) (ditto public-key)
Снова: "ничего не изменилось с пятницы." Я думаю, что я думал обо всем! Так что, черт возьми, все еще может быть не так? И почему это внезапно начало происходить, и со мной, и с коллегами, сегодня? (Ничто в /etc/ssh
не изменилось за многие месяцы. Аналогично сертификаты в ~/.ssh
, который, как отмечалось ранее, имеет правильные разрешения.)
Другое Правка: Ее Вот что происходит, когда я удаляю запись known_hosts
:
$ ssh-keygen -f "/home/mike/.ssh/known_hosts" -R "bitbucket.org"
# Host bitbucket.org found: line 2
/home/mike/.ssh/known_hosts updated.
Original contents retained as /home/mike/.ssh/known_hosts.old
$ ssh -Tv git@bitbucket.org
OpenSSH_7.6p1 Ubuntu-4ubuntu0.3, OpenSSL 1.0.2n 7 Dec 2017
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug1: Connecting to bitbucket.org [18.205.93.1] port 22.
debug1: Connection established.
debug1: identity file /home/mike/.ssh/id_rsa type 0
debug1: key_load_public: No such file or directory
debug1: identity file /home/mike/.ssh/id_rsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/mike/.ssh/id_dsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/mike/.ssh/id_dsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/mike/.ssh/id_ecdsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/mike/.ssh/id_ecdsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/mike/.ssh/id_ed25519 type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/mike/.ssh/id_ed25519-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_7.6p1 Ubuntu-4ubuntu0.3
debug1: Remote protocol version 2.0, remote software version conker_31073e5a11 app-155
debug1: no match: conker_31073e5a11 app-155
debug1: Authenticating to bitbucket.org:22 as 'git'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: curve25519-sha256@libssh.org
debug1: kex: host key algorithm: ssh-rsa
debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ssh-rsa SHA256:6tASx4IX+FSngemFsQuAIyt0aQ/+fMAyzXBRWRajoBM
The authenticity of host 'bitbucket.org (18.205.93.1)' can't be established.
RSA key fingerprint is SHA256:6tASx4IX+FSngemFsQuAIyt0aQ/+fMAyzXBRWRajoBM.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'bitbucket.org' (RSA) to the list of known hosts.
Warning: the RSA host key for 'bitbucket.org' differs from the key for the IP address '18.205.93.1'
Offending key for IP in /home/mike/.ssh/known_hosts:3
Are you sure you want to continue connecting (yes/no)? yes
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_SERVICE_ACCEPT received
Received disconnect from 18.205.93.1 port 22:2: Connection blocked because server only allows public key authentication. Please contact your network administrator.
Disconnected from 18.205.93.1 port 22
То, что я немедленно обнуляю, это сообщение, с которым я ранее не сталкивался при работе с ssh
:
Warning: the RSA host key for 'bitbucket.org' differs from the key
for the IP address '18.205.93.1'
... это должно быть значительным ...