Настройка AbillS + Mikrotik. Видео.

Платформа Mikrotik
Ответить
Sinner
Сообщения: 22
Зарегистрирован: Чт мар 20, 2014 3:52 pm

Настройка AbillS + Mikrotik. Видео.

Сообщение Sinner »

видеоинструкция по настройке AbillS + Mikrotik.

http://www.youtube.com/watch?v=M6YU9g9W9VU

faridmmv
Сообщения: 7
Зарегистрирован: Вс апр 23, 2017 8:30 pm

Re: Настройка AbillS + Mikrotik. Видео.

Сообщение faridmmv »

Здравствуйте.

После генерирования и импортирования ключа в микротик не авторизуются по ссх ни по ключу ни по паролю. Пишет Permission Denied.

Так же пробовал по http://abills.net.ua/wiki/doku.php/abil ... krotik:ssh

Mikrotik RouterBOARD 951-2n
m5.JPG
m5.JPG (86.89 КБ) 22530 просмотров

antoman
Сообщения: 39
Зарегистрирован: Пт май 22, 2015 6:49 am

Re: Настройка AbillS + Mikrotik. Видео.

Сообщение antoman »

Используется DSA ключ (Переход на RSA уже в задачах).

Добавьте в ssh_config:

Код: Выделить всё

PubkeyAcceptedKeyTypes=+ssh-dss

faridmmv
Сообщения: 7
Зарегистрирован: Вс апр 23, 2017 8:30 pm

Re: Настройка AbillS + Mikrotik. Видео.

Сообщение faridmmv »

нашел файл в

Код: Выделить всё

root@abills:/# find . -name ssh_config
./etc/ssh/ssh_config
Внес изменения стало:

Код: Выделить всё


root@abills:/etc/ssh# vi ssh_config
#   IdentityFile ~/.ssh/identity
#   IdentityFile ~/.ssh/id_rsa
#   IdentityFile ~/.ssh/id_dsa
#   IdentityFile ~/.ssh/id_ecdsa
#   IdentityFile ~/.ssh/id_ed25519
#   Port 22
#   Protocol 2
#   Cipher 3des
#   Ciphers aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc
#   MACs hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160
#   EscapeChar ~
#   Tunnel no
#   TunnelDevice any:any
#   PermitLocalCommand no
#   VisualHostKey no
#   ProxyCommand ssh -q -W %h:%p gateway.example.com
#   RekeyLimit 1G 1h
    SendEnv LANG LC_*
    HashKnownHosts yes
    GSSAPIAuthentication yes
    GSSAPIDelegateCredentials no
    PubkeyAcceptedKeyTypes=+ssh-dss

Код: Выделить всё

root@abills:/usr/abills/Certs# ll
total 36
drwxr-xr-x  2 root     root    4096 Apr 24 21:33 ./
drwxr-xr-x 17 freerad  freerad 4096 Apr 22 19:05 ../
-r--------  1 www-data root    1265 Apr 22 19:06 server.crt
-rw-r--r--  1 www-data root    1066 Apr 22 19:06 server.csr
-r--------  1 root     root    1675 Apr 22 19:06 server.key
-r--------  1 root     root    1743 Apr 22 19:06 server.key.org
-rw-r--r--  1 root     root     451 Apr 22 19:06 server_public.pem
-rw-------  1 root     root    1679 Apr 24 00:18 test1
-rw-r--r--  1 root     root     393 Apr 24 00:18 test1.pub
root@abills:/usr/abills/Certs# /usr/abills/misc/certs_create.sh ssh abills_admin                                                                                                                       -UPLOAD_FTP admin@192.168.1.1
/usr/abills/misc/certs_create.sh: 6: /usr/abills/misc/certs_create.sh: server.cr                                                                                                                      t: not found
Upload ftp: admin@192.168.1.1
**************************************************************************
Creating SSH authentication Key
 Make ssh-keygen with empty password.
**************************************************************************

Create cert for User: abills_admin
  /usr/abills/Certs/id_dsa.abills_admin
Generating public/private dsa key pair.
Your identification has been saved in /usr/abills/Certs/id_dsa.abills_admin.
Your public key has been saved in /usr/abills/Certs/id_dsa.abills_admin.pub.
The key fingerprint is:
SHA256:+Cxl/SLsuSBpXJtnYjxKxDMtsj2wf6YBPD1OdieUwEU ABillS remote machine manage                                                                                                                       key (Mon Apr 24 21:34:14 +04 2017)
The key's randomart image is:
+---[DSA 1024]----+
|   ..oE          |
|    .. .         |
|      o          |
| . o o . .       |
|  * @ * S .      |
|   # X @   .     |
|  o @ X B . .    |
|   + *oO o .     |
|    ++  +.       |
+----[SHA256]-----+
Enter ftp password:
Connected to 192.168.1.1.
220 MikroTik FTP server (MikroTik 6.37.5) ready
331 Password required for admin
Password:
230 User admin logged in
Remote system type is UNIX.
250 CWD command successful
227 Entering Passive Mode (192,168,1,1,201,232).
150 Opening data connection
drwxrwx---   1 root     root         2048 Apr 20 18:55 pub
drwxrwx---   1 root     root         2048 Feb 22 14:13 tftpboot
-rw-rw----   1 root     root       465406 Apr 20 18:56 autosupout.rif
-rw-rw----   1 root     root        17755 Apr 24 00:22 auto-before-reset.backup
drwxrwx---   1 root     root         2048 Jan  1 04:00 skins
226 Transfer complete
Local directory now /usr/abills/Certs
local: id_dsa.abills_admin.pub remote: id_dsa.abills_admin.pub
227 Entering Passive Mode (192,168,1,1,194,109).
150 Opening ASCII mode data connection for '/id_dsa.abills_admin.pub'
226 ASCII transfer complete
654 bytes sent in 0.00 secs (6.2370 MB/s)
221 Closing
root@abills:/usr/abills/Certs# ll
total 44
drwxr-xr-x  2 root     root    4096 Apr 24 21:34 ./
drwxr-xr-x 17 freerad  freerad 4096 Apr 22 19:05 ../
-rw-------  1 www-data root     668 Apr 24 21:34 id_dsa.abills_admin
-r--------  1 root     root     653 Apr 24 21:34 id_dsa.abills_admin.pub
-r--------  1 www-data root    1265 Apr 22 19:06 server.crt
-rw-r--r--  1 www-data root    1066 Apr 22 19:06 server.csr
-r--------  1 root     root    1675 Apr 22 19:06 server.key
-r--------  1 root     root    1743 Apr 22 19:06 server.key.org
-rw-r--r--  1 root     root     451 Apr 22 19:06 server_public.pem
-rw-------  1 root     root    1679 Apr 24 00:18 test1
-rw-r--r--  1 root     root     393 Apr 24 00:18 test1.pub
root@abills:/usr/abills/Certs# ssh -l abills_admin  -i /usr/abills/Certs/id_dsa.                                                                                                                      abills_admin  10.20.1.1 "/system identity print"

^C
root@abills:/usr/abills/Certs# ssh -l abills_admin -i /usr/abills/Certs/id_dsa.a                                                                                                                      bills_admin 192.168.1.1 "/system identity print"
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the RSA key sent by the remote host is
SHA256:Vfzi5bFgmP7ZaEnVEw6e3KtzuuMtbdV9SzKypCxiru4.
Please contact your system administrator.
Add correct host key in /root/.ssh/known_hosts to get rid of this message.
Offending RSA key in /root/.ssh/known_hosts:3
  remove with:
  ssh-keygen -f "/root/.ssh/known_hosts" -R 192.168.1.1
RSA host key for 192.168.1.1 has changed and you have requested strict checking.
Host key verification failed.

Код: Выделить всё

[admin@MikroTik] > user add name=abills_admin group=write
[admin@MikroTik] > user ssh-keys import public-key-file=id_dsa.abills_admin.pub user=abills_admin
[admin@MikroTik] >

Последний раз редактировалось faridmmv Пн апр 24, 2017 5:53 pm, всего редактировалось 1 раз.

faridmmv
Сообщения: 7
Зарегистрирован: Вс апр 23, 2017 8:30 pm

Re: Настройка AbillS + Mikrotik. Видео.

Сообщение faridmmv »

попробовал еще так https://www.youtube.com/watch?v=HC4OFP3NCtw

Код: Выделить всё

root@abills:/usr/abills/Certs# ssh-keygen -t dsa
Generating public/private dsa key pair.
Enter file in which to save the key (/root/.ssh/id_dsa): abills_test
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in abills_test.
Your public key has been saved in abills_test.pub.
The key fingerprint is:
SHA256:tP/qY9vGSH9RhjxD0KXPkDHAV7fr01atjobo6GSJtYM root@abills
The key's randomart image is:
+---[DSA 1024]----+
|           .o+oo+|
|            . +=o|
|        .    ++o |
|       . .    =+=|
|      . S      *=|
|     + o ..   o.o|
|    E *  o.=  .+o|
|     o o. =o=o...|
|     .o..o+*+..  |
+----[SHA256]-----+
root@abills:/usr/abills/Certs# ll
total 52
drwxr-xr-x  2 root     root    4096 Apr 24 21:43 ./
drwxr-xr-x 17 freerad  freerad 4096 Apr 22 19:05 ../
-rw-------  1 root     root     668 Apr 24 21:43 abills_test
-rw-r--r--  1 root     root     601 Apr 24 21:43 abills_test.pub
-rw-------  1 www-data root     668 Apr 24 21:34 id_dsa.abills_admin
-r--------  1 root     root     653 Apr 24 21:34 id_dsa.abills_admin.pub
-r--------  1 www-data root    1265 Apr 22 19:06 server.crt
-rw-r--r--  1 www-data root    1066 Apr 22 19:06 server.csr
-r--------  1 root     root    1675 Apr 22 19:06 server.key
-r--------  1 root     root    1743 Apr 22 19:06 server.key.org
-rw-r--r--  1 root     root     451 Apr 22 19:06 server_public.pem
-rw-------  1 root     root    1679 Apr 24 00:18 test1
-rw-r--r--  1 root     root     393 Apr 24 00:18 test1.pub
root@abills:/usr/abills/Certs# scp abills_test.pub admin@192.168.1.1 :/
:/: No such file or directory
root@abills:/usr/abills/Certs# scp abills_test.pub admin@192.168.1.1:/
The authenticity of host '192.168.1.1 (192.168.1.1)' can't be established.
RSA key fingerprint is SHA256:Vfzi5bFgmP7ZaEnVEw6e3KtzuuMtbdV9SzKypCxiru4.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.1.1' (RSA) to the list of known hosts.
abills_test.pub                               100%  601     0.6KB/s   00:00
root@abills:/usr/abills/Certs#

1212.jpg
1212.jpg (33.83 КБ) 22521 просмотр

Код: Выделить всё

root@abills:/usr/abills/Certs# ssh abills_test@192.168.1.1
abills_test@192.168.1.1's password:
Permission denied, please try again.
abills_test@192.168.1.1's password:
Permission denied, please try again.
abills_test@192.168.1.1's password:


antoman
Сообщения: 39
Зарегистрирован: Пт май 22, 2015 6:49 am

Re: Настройка AbillS + Mikrotik. Видео.

Сообщение antoman »

Выполните и покажите вывод:

Код: Выделить всё

  # ssh -vv -i /usr/abills/Certs/id_dsa.abills_admin abills_admin@192.168.1.1

faridmmv
Сообщения: 7
Зарегистрирован: Вс апр 23, 2017 8:30 pm

Re: Настройка AbillS + Mikrotik. Видео.

Сообщение faridmmv »

Я переустановил систему, попробовал без изменения файлы certs_create

Код: Выделить всё

root@ubuntubilling:/home/tier3# ssh -vv -i /usr/abills/Certs/id_dsa.abills_admin                                                                                                                      abills_admin@192.168.1.1
OpenSSH_7.2p2 Ubuntu-4ubuntu2.1, OpenSSL 1.0.2g  1 Mar 2016
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug2: resolving "192.168.1.1" port 22
debug2: ssh_connect_direct: needpriv 0
debug1: Connecting to 192.168.1.1 [192.168.1.1] port 22.
debug1: Connection established.
debug1: permanently_set_uid: 0/0
debug1: identity file /usr/abills/Certs/id_dsa.abills_admin type 2
debug1: key_load_public: No such file or directory
debug1: identity file /usr/abills/Certs/id_dsa.abills_admin-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_7.2p2 Ubuntu-4ubuntu2.1
debug1: Remote protocol version 2.0, remote software version ROSSSH
debug1: no match: ROSSSH
debug2: fd 3 setting O_NONBLOCK
debug1: Authenticating to 192.168.1.1:22 as 'abills_admin'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: local client KEXINIT proposal
debug2: KEX algorithms: curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha                                                                                                                     2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellma                                                                                                                     n-group-exchange-sha1,diffie-hellman-group14-sha1,ext-info-c
debug2: host key algorithms: ssh-rsa-cert-v01@openssh.com,rsa-sha2-512,rsa-sha2-                                                                                                                     256,ssh-rsa,ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v0                                                                                                                     1@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-ed25519-cert-v01@open                                                                                                                     ssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519
debug2: ciphers ctos: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256                                                                                                                     -ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,aes192-cbc,aes256-                                                                                                                     cbc,3des-cbc
debug2: ciphers stoc: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256                                                                                                                     -ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,aes192-cbc,aes256-                                                                                                                     cbc,3des-cbc
debug2: MACs ctos: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-25                                                                                                                     6-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-6                                                                                                                     4@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: MACs stoc: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-25                                                                                                                     6-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-6                                                                                                                     4@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: compression ctos: none,zlib@openssh.com,zlib
debug2: compression stoc: none,zlib@openssh.com,zlib
debug2: languages ctos:
debug2: languages stoc:
debug2: first_kex_follows 0
debug2: reserved 0
debug2: peer server KEXINIT proposal
debug2: KEX algorithms: diffie-hellman-group-exchange-sha256,diffie-hellman-grou                                                                                                                     p-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: host key algorithms: ssh-dss,ssh-rsa
debug2: ciphers ctos: aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,aes192-cbc,aes                                                                                                                     256-cbc,blowfish-cbc,3des-cbc,none
debug2: ciphers stoc: aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,aes192-cbc,aes                                                                                                                     256-cbc,blowfish-cbc,3des-cbc,none
debug2: MACs ctos: hmac-sha1,hmac-md5
debug2: MACs stoc: hmac-sha1,hmac-md5
debug2: compression ctos: none
debug2: compression stoc: none
debug2: languages ctos:
debug2: languages stoc:
debug2: first_kex_follows 0
debug2: reserved 0
debug1: kex: algorithm: diffie-hellman-group-exchange-sha256
debug1: kex: host key algorithm: ssh-rsa
debug1: kex: server->client cipher: aes128-ctr MAC: hmac-sha1 compression: none
debug1: kex: client->server cipher: aes128-ctr MAC: hmac-sha1 compression: none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(2048<7680<8192) sent
debug1: got SSH2_MSG_KEX_DH_GEX_GROUP
debug2: bits set: 997/2048
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: got SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Server host key: ssh-rsa SHA256:Vfzi5bFgmP7ZaEnVEw6e3KtzuuMtbdV9SzKypCxi                                                                                                                     ru4
debug1: Host '192.168.1.1' is known and matches the RSA host key.
debug1: Found key in /root/.ssh/known_hosts:3
debug2: bits set: 992/2048
debug2: set_newkeys: mode 1
debug1: rekey after 4294967296 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug2: set_newkeys: mode 0
debug1: rekey after 4294967296 blocks
debug1: SSH2_MSG_NEWKEYS received
debug1: Skipping ssh-dss key /usr/abills/Certs/id_dsa.abills_admin - not in Pubk                                                                                                                     eyAcceptedKeyTypes
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug2: we did not send a packet, disable method
debug1: Next authentication method: password
abills_admin@192.168.1.1's password:
debug2: we sent a password packet, wait for reply
debug1: Authentications that can continue: password
debug1: Next authentication method: password
Permission denied, please try again.
abills_admin@192.168.1.1's password:
debug2: we sent a password packet, wait for reply
debug1: Authentications that can continue: password
Permission denied, please try again.
abills_admin@192.168.1.1's password:
debug2: we sent a password packet, wait for reply
debug1: Authentications that can continue: password
debug2: we did not send a packet, disable method
debug1: No more authentication methods to try.
Permission denied (password).
root@ubuntubilling:/home/tier3#

Потом с изменениями в certs_create

Код: Выделить всё

root@ubuntubilling:/home/tier3# ssh abills_admin@192.168.1.1                                                                                                                                         abills_admin@192.168.1.1's password:
Permission denied, please try again.
abills_admin@192.168.1.1's password:
Permission denied, please try again.
abills_admin@192.168.1.1's password:
Permission denied (password).
root@ubuntubilling:/home/tier3# ssh -vv -i /usr/abills/Certs/id_dsa.abills_admin                                                                                                                      abills_admin@192.168.1.1
OpenSSH_7.2p2 Ubuntu-4ubuntu2.1, OpenSSL 1.0.2g  1 Mar 2016
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug2: resolving "192.168.1.1" port 22
debug2: ssh_connect_direct: needpriv 0
debug1: Connecting to 192.168.1.1 [192.168.1.1] port 22.
debug1: Connection established.
debug1: permanently_set_uid: 0/0
debug1: identity file /usr/abills/Certs/id_dsa.abills_admin type 2
debug1: key_load_public: No such file or directory
debug1: identity file /usr/abills/Certs/id_dsa.abills_admin-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_7.2p2 Ubuntu-4ubuntu2.1
debug1: Remote protocol version 2.0, remote software version ROSSSH
debug1: no match: ROSSSH
debug2: fd 3 setting O_NONBLOCK
debug1: Authenticating to 192.168.1.1:22 as 'abills_admin'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: local client KEXINIT proposal
debug2: KEX algorithms: curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha                                                                                                                     2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellma                                                                                                                     n-group-exchange-sha1,diffie-hellman-group14-sha1,ext-info-c
debug2: host key algorithms: ssh-rsa-cert-v01@openssh.com,rsa-sha2-512,rsa-sha2-                                                                                                                     256,ssh-rsa,ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v0                                                                                                                     1@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-ed25519-cert-v01@open                                                                                                                     ssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519
debug2: ciphers ctos: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256                                                                                                                     -ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,aes192-cbc,aes256-                                                                                                                     cbc,3des-cbc
debug2: ciphers stoc: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256                                                                                                                     -ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,aes192-cbc,aes256-                                                                                                                     cbc,3des-cbc
debug2: MACs ctos: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-25                                                                                                                     6-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-6                                                                                                                     4@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: MACs stoc: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-25                                                                                                                     6-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-6                                                                                                                     4@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: compression ctos: none,zlib@openssh.com,zlib
debug2: compression stoc: none,zlib@openssh.com,zlib
debug2: languages ctos:
debug2: languages stoc:
debug2: first_kex_follows 0
debug2: reserved 0
debug2: peer server KEXINIT proposal
debug2: KEX algorithms: diffie-hellman-group-exchange-sha256,diffie-hellman-grou                                                                                                                     p-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: host key algorithms: ssh-dss,ssh-rsa
debug2: ciphers ctos: aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,aes192-cbc,aes                                                                                                                     256-cbc,blowfish-cbc,3des-cbc,none
debug2: ciphers stoc: aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,aes192-cbc,aes                                                                                                                     256-cbc,blowfish-cbc,3des-cbc,none
debug2: MACs ctos: hmac-sha1,hmac-md5
debug2: MACs stoc: hmac-sha1,hmac-md5
debug2: compression ctos: none
debug2: compression stoc: none
debug2: languages ctos:
debug2: languages stoc:
debug2: first_kex_follows 0
debug2: reserved 0
debug1: kex: algorithm: diffie-hellman-group-exchange-sha256
debug1: kex: host key algorithm: ssh-rsa
debug1: kex: server->client cipher: aes128-ctr MAC: hmac-sha1 compression: none
debug1: kex: client->server cipher: aes128-ctr MAC: hmac-sha1 compression: none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(2048<7680<8192) sent
debug1: got SSH2_MSG_KEX_DH_GEX_GROUP
debug2: bits set: 1024/2048
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: got SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Server host key: ssh-rsa SHA256:Vfzi5bFgmP7ZaEnVEw6e3KtzuuMtbdV9SzKypCxi                                                                                                                     ru4
debug1: Host '192.168.1.1' is known and matches the RSA host key.
debug1: Found key in /root/.ssh/known_hosts:3
debug2: bits set: 1029/2048
debug2: set_newkeys: mode 1
debug1: rekey after 4294967296 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug2: set_newkeys: mode 0
debug1: rekey after 4294967296 blocks
debug1: SSH2_MSG_NEWKEYS received
debug2: key: /usr/abills/Certs/id_dsa.abills_admin (0x559626d598c0), explicit
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: Offering DSA public key: /usr/abills/Certs/id_dsa.abills_admin
debug2: we sent a publickey packet, wait for reply
debug1: Server accepts key: pkalg ssh-dss blen 434
debug2: input_userauth_pk_ok: fp SHA256:WeYwL+yeYgbG5nnsLLN16zMax7zH0Z3hddexBFuc                                                                                                                     wLc
debug1: Authentication succeeded (publickey).
Authenticated to 192.168.1.1 ([192.168.1.1]:22).
debug1: channel 0: new [client-session]
debug2: channel 0: send open
debug1: Entering interactive session.
debug1: pledge: network
debug2: callback start
debug2: fd 3 setting TCP_NODELAY
debug2: client_session2_setup: id 0
debug2: channel 0: request pty-req confirm 1
debug1: Sending environment.
debug1: Sending env LANG = en_US.UTF-8
debug2: channel 0: request env confirm 0
debug2: channel 0: request shell confirm 1
debug2: callback done
debug2: channel 0: open confirm rwindow 2621440 rmax 262144
debug2: channel_input_status_confirm: type 99 id 0
debug2: PTY allocation request accepted on channel 0
debug2: channel_input_status_confirm: type 99 id 0
debug2: shell request accepted on channel 0




                                                                                                                                                                                                     



  MMMM    MMMM       KKK                          TTTTTTTTTTT      KKK
  MMM MMMM MMM  III  KKK  KKK  RRRRRR     OOOOOO      TTT     III  KKK  KKK
  MMM  MM  MMM  III  KKKKK     RRR  RRR  OOO  OOO     TTT     III  KKKKK
  MMM      MMM  III  KKK KKK   RRRRRR    OOO  OOO     TTT     III  KKK KKK
  MMM      MMM  III  KKK  KKK  RRR  RRR   OOOOOO      TTT     III  KKK  KKK

  MikroTik RouterOS 6.38.5 (c) 1999-2017       http://www.mikrotik.com/

[?]             Gives the list of available commands
command [?]     Gives help on the command and list of arguments

[Tab]           Completes the command/word. If the input is ambiguous,
                a second [Tab] gives possible options

/               Move up to base level
..              Move up one level
/command        Use command at the base level

[abills_admin@MikroTik] > debug2: client_check_window_change: changed
debug2: channel 0: request window-change confirm 0
[abills_admin@MikroTik] >

И залез в микротик. А почему обычным # ssh abills_admin@192.168.1.1 не лезет?

antoman
Сообщения: 39
Зарегистрирован: Пт май 22, 2015 6:49 am

Re: Настройка AbillS + Mikrotik. Видео.

Сообщение antoman »

ssh читает ключи из файла /etc/ssh_config, если он там не прописан, нужно указывать сертификат через ключ -i

Когда abills обращается к серверу, он всегда подставляет -i /usr/abills/Certs/id.dsa_%nas_admin%

faridmmv
Сообщения: 7
Зарегистрирован: Вс апр 23, 2017 8:30 pm

Re: Настройка AbillS + Mikrotik. Видео.

Сообщение faridmmv »

r1.JPG
r1.JPG (26.36 КБ) 22475 просмотров
radiusd -X

Код: Выделить всё

Ready to process requests.
rad_recv: Access-Request packet from host 192.168.1.1 port 35325, id=17, length=                                                                                                                     141
        Service-Type = Framed-User
        Framed-Protocol = PPP
        NAS-Port = 15728646
        NAS-Port-Type = Ethernet
        User-Name = "farid"
        Calling-Station-Id = "00:26:55:CB:1A:CC"
        Called-Station-Id = "pppoe-in"
        NAS-Port-Id = "bridge"
        CHAP-Challenge = 0x8d486b81ea9a6a23fe4049918917beec
        CHAP-Password = 0x014994451ce57a4ed248b6bd56e77c8b58
        NAS-Identifier = "MikroTik"
        NAS-IP-Address = 192.168.1.1
# Executing section authorize from file /usr/local/freeradius/etc/raddb/sites-en                                                                                                                     abled/abills_default
+group authorize {
++[preprocess] = ok
++[mschap] = noop
[files] users: Matched entry DEFAULT at line 38
++[files] = ok
rlm_perl: Added pair NAS-IP-Address = 192.168.1.1
rlm_perl: Added pair Called-Station-Id = pppoe-in
rlm_perl: Added pair Service-Type = Framed-User
rlm_perl: Added pair CHAP-Challenge = 0x8d486b81ea9a6a23fe4049918917beec
rlm_perl: Added pair NAS-Port-Id = bridge
rlm_perl: Added pair NAS-Port = 15728646
rlm_perl: Added pair User-Name = farid
rlm_perl: Added pair Framed-Protocol = PPP
rlm_perl: Added pair Calling-Station-Id = 00:26:55:CB:1A:CC
rlm_perl: Added pair NAS-Identifier = MikroTik
rlm_perl: Added pair CHAP-Password = 0x014994451ce57a4ed248b6bd56e77c8b58
rlm_perl: Added pair NAS-Port-Type = Ethernet
rlm_perl: Added pair Auth-Type = Perl
++[perl] = ok
+} # group authorize = ok
Found Auth-Type = Perl
# Executing group from file /usr/local/freeradius/etc/raddb/sites-enabled/abills                                                                                                                     _default
+group Perl {
rlm_perl: Added pair Called-Station-Id = pppoe-in
rlm_perl: Added pair NAS-IP-Address = 192.168.1.1
rlm_perl: Added pair Service-Type = Framed-User
rlm_perl: Added pair NAS-Port = 15728646
rlm_perl: Added pair NAS-Port-Id = bridge
rlm_perl: Added pair CHAP-Challenge = 0x8d486b81ea9a6a23fe4049918917beec
rlm_perl: Added pair User-Name = farid
rlm_perl: Added pair Framed-Protocol = PPP
rlm_perl: Added pair Calling-Station-Id = 00:26:55:CB:1A:CC
rlm_perl: Added pair CHAP-Password = 0x014994451ce57a4ed248b6bd56e77c8b58
rlm_perl: Added pair NAS-Identifier = MikroTik
rlm_perl: Added pair NAS-Port-Type = Ethernet
rlm_perl: Added pair Framed-IP-Netmask = 255.255.255.255
rlm_perl: Added pair Framed-IP-Address = 10.0.0.84
rlm_perl: Added pair Acct-Interim-Interval = 300
rlm_perl: Added pair Session-Timeout = 289130
rlm_perl: Added pair Auth-Type = Accept
++[perl] = ok
+} # group Perl = ok
# Executing section post-auth from file /usr/local/freeradius/etc/raddb/sites-en                                                                                                                     abled/abills_default
+group post-auth {
rlm_perl: Added pair NAS-IP-Address = 192.168.1.1
rlm_perl: Added pair Called-Station-Id = pppoe-in
rlm_perl: Added pair Service-Type = Framed-User
rlm_perl: Added pair CHAP-Challenge = 0x8d486b81ea9a6a23fe4049918917beec
rlm_perl: Added pair NAS-Port-Id = bridge
rlm_perl: Added pair NAS-Port = 15728646
rlm_perl: Added pair User-Name = farid
rlm_perl: Added pair Framed-Protocol = PPP
rlm_perl: Added pair Calling-Station-Id = 00:26:55:CB:1A:CC
rlm_perl: Added pair NAS-Identifier = MikroTik
rlm_perl: Added pair CHAP-Password = 0x014994451ce57a4ed248b6bd56e77c8b58
rlm_perl: Added pair NAS-Port-Type = Ethernet
rlm_perl: Added pair Framed-IP-Netmask = 255.255.255.255
rlm_perl: Added pair Framed-IP-Address = 10.0.0.84
rlm_perl: Added pair Acct-Interim-Interval = 300
rlm_perl: Added pair Session-Timeout = 289130
rlm_perl: Added pair Auth-Type = Accept
++[perl] = ok
+} # group post-auth = ok
Sending Access-Accept of id 17 to 192.168.1.1 port 35325
        Framed-IP-Netmask = 255.255.255.255
        Framed-IP-Address = 10.0.0.84
        Acct-Interim-Interval = 300
        Session-Timeout = 289130
Finished request 0.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.1.1 port 35325, id=17, length=                                                                                                                     141
Sending duplicate reply to client NAS_2 port 35325 - ID: 17
Sending Access-Accept of id 17 to 192.168.1.1 port 35325
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.1.1 port 35325, id=17, length=                                                                                                                     141
Sending duplicate reply to client NAS_2 port 35325 - ID: 17
Sending Access-Accept of id 17 to 192.168.1.1 port 35325
Waking up in 4.6 seconds.
rad_recv: Access-Request packet from host 192.168.1.1 port 59143, id=9, length=1                                                                                                                     41
        Service-Type = Framed-User
        Framed-Protocol = PPP
        NAS-Port = 15728646
        NAS-Port-Type = Ethernet
        User-Name = "farid"
        Calling-Station-Id = "00:26:55:CB:1A:CC"
        Called-Station-Id = "pppoe-in"
        NAS-Port-Id = "bridge"
        CHAP-Challenge = 0x8d486b81ea9a6a23fe4049918917beec
        CHAP-Password = 0x014994451ce57a4ed248b6bd56e77c8b58
        NAS-Identifier = "MikroTik"
        NAS-IP-Address = 192.168.1.1
# Executing section authorize from file /usr/local/freeradius/etc/raddb/sites-en                                                                                                                     abled/abills_default
+group authorize {
++[preprocess] = ok
++[mschap] = noop
[files] users: Matched entry DEFAULT at line 38
++[files] = ok
rlm_perl: Added pair NAS-IP-Address = 192.168.1.1
rlm_perl: Added pair Called-Station-Id = pppoe-in
rlm_perl: Added pair Service-Type = Framed-User
rlm_perl: Added pair CHAP-Challenge = 0x8d486b81ea9a6a23fe4049918917beec
rlm_perl: Added pair NAS-Port-Id = bridge
rlm_perl: Added pair NAS-Port = 15728646
rlm_perl: Added pair User-Name = farid
rlm_perl: Added pair Framed-Protocol = PPP
rlm_perl: Added pair Calling-Station-Id = 00:26:55:CB:1A:CC
rlm_perl: Added pair NAS-Identifier = MikroTik
rlm_perl: Added pair CHAP-Password = 0x014994451ce57a4ed248b6bd56e77c8b58
rlm_perl: Added pair NAS-Port-Type = Ethernet
rlm_perl: Added pair Auth-Type = Perl
++[perl] = ok
+} # group authorize = ok
Found Auth-Type = Perl
# Executing group from file /usr/local/freeradius/etc/raddb/sites-enabled/abills                                                                                                                     _default
+group Perl {
rlm_perl: Added pair Called-Station-Id = pppoe-in
rlm_perl: Added pair NAS-IP-Address = 192.168.1.1
rlm_perl: Added pair Service-Type = Framed-User
rlm_perl: Added pair NAS-Port = 15728646
rlm_perl: Added pair NAS-Port-Id = bridge
rlm_perl: Added pair CHAP-Challenge = 0x8d486b81ea9a6a23fe4049918917beec
rlm_perl: Added pair User-Name = farid
rlm_perl: Added pair Framed-Protocol = PPP
rlm_perl: Added pair Calling-Station-Id = 00:26:55:CB:1A:CC
rlm_perl: Added pair CHAP-Password = 0x014994451ce57a4ed248b6bd56e77c8b58
rlm_perl: Added pair NAS-Identifier = MikroTik
rlm_perl: Added pair NAS-Port-Type = Ethernet
rlm_perl: Added pair Framed-IP-Netmask = 255.255.255.255
rlm_perl: Added pair Framed-IP-Address = 10.0.0.84
rlm_perl: Added pair Acct-Interim-Interval = 300
rlm_perl: Added pair Session-Timeout = 289129
rlm_perl: Added pair Auth-Type = Accept
++[perl] = ok
+} # group Perl = ok
# Executing section post-auth from file /usr/local/freeradius/etc/raddb/sites-en                                                                                                                     abled/abills_default
+group post-auth {
rlm_perl: Added pair NAS-IP-Address = 192.168.1.1
rlm_perl: Added pair Called-Station-Id = pppoe-in
rlm_perl: Added pair Service-Type = Framed-User
rlm_perl: Added pair CHAP-Challenge = 0x8d486b81ea9a6a23fe4049918917beec
rlm_perl: Added pair NAS-Port-Id = bridge
rlm_perl: Added pair NAS-Port = 15728646
rlm_perl: Added pair User-Name = farid
rlm_perl: Added pair Framed-Protocol = PPP
rlm_perl: Added pair Calling-Station-Id = 00:26:55:CB:1A:CC
rlm_perl: Added pair NAS-Identifier = MikroTik
rlm_perl: Added pair CHAP-Password = 0x014994451ce57a4ed248b6bd56e77c8b58
rlm_perl: Added pair NAS-Port-Type = Ethernet
rlm_perl: Added pair Framed-IP-Netmask = 255.255.255.255
rlm_perl: Added pair Framed-IP-Address = 10.0.0.84
rlm_perl: Added pair Acct-Interim-Interval = 300
rlm_perl: Added pair Session-Timeout = 289129
rlm_perl: Added pair Auth-Type = Accept
++[perl] = ok
+} # group post-auth = ok
Sending Access-Accept of id 9 to 192.168.1.1 port 59143
        Framed-IP-Netmask = 255.255.255.255
        Framed-IP-Address = 10.0.0.84
        Acct-Interim-Interval = 300
        Session-Timeout = 289129
Finished request 1.
Going to the next request
Waking up in 4.3 seconds.
rad_recv: Access-Request packet from host 192.168.1.1 port 59143, id=9, length=1                                                                                                                     41
Sending duplicate reply to client NAS_2 port 59143 - ID: 9
Sending Access-Accept of id 9 to 192.168.1.1 port 59143
Waking up in 4.0 seconds.
rad_recv: Access-Request packet from host 192.168.1.1 port 59143, id=9, length=1                                                                                                                     41
Sending duplicate reply to client NAS_2 port 59143 - ID: 9
Sending Access-Accept of id 9 to 192.168.1.1 port 59143
Waking up in 3.7 seconds.
Cleaning up request 0 ID 17 with timestamp +25
Waking up in 0.6 seconds.
Cleaning up request 1 ID 9 with timestamp +26
Ready to process requests.


faridmmv
Сообщения: 7
Зарегистрирован: Вс апр 23, 2017 8:30 pm

Re: Настройка AbillS + Mikrotik. Видео.

Сообщение faridmmv »

Сниффер микротика видит запросы от фрирадиус
Порты могут не совпадать. так как разное время делались логи и скрин сниффера. на деле совпадают
Вложения
r2.JPG
r2.JPG (27.13 КБ) 22474 просмотра

~AsmodeuS~
Site Admin
Сообщения: 5746
Зарегистрирован: Пт янв 28, 2005 3:11 pm
Контактная информация:

Re: Настройка AbillS + Mikrotik. Видео.

Сообщение ~AsmodeuS~ »

ответ от радиуса не приходит на микротик, скорее всего тото с ип адресами

Ответить