Настройка AbillS + Mikrotik. Видео.
Re: Настройка AbillS + Mikrotik. Видео.
Здравствуйте.
После генерирования и импортирования ключа в микротик не авторизуются по ссх ни по ключу ни по паролю. Пишет Permission Denied.
Так же пробовал по http://abills.net.ua/wiki/doku.php/abil ... krotik:ssh
Mikrotik RouterBOARD 951-2n
После генерирования и импортирования ключа в микротик не авторизуются по ссх ни по ключу ни по паролю. Пишет Permission Denied.
Так же пробовал по http://abills.net.ua/wiki/doku.php/abil ... krotik:ssh
Mikrotik RouterBOARD 951-2n
Re: Настройка AbillS + Mikrotik. Видео.
Используется DSA ключ (Переход на RSA уже в задачах).
Добавьте в ssh_config:
Добавьте в ssh_config:
Код: Выделить всё
PubkeyAcceptedKeyTypes=+ssh-dss
Re: Настройка AbillS + Mikrotik. Видео.
нашел файл в
Внес изменения стало:
Код: Выделить всё
root@abills:/# find . -name ssh_config
./etc/ssh/ssh_config
Код: Выделить всё
root@abills:/etc/ssh# vi ssh_config
# IdentityFile ~/.ssh/identity
# IdentityFile ~/.ssh/id_rsa
# IdentityFile ~/.ssh/id_dsa
# IdentityFile ~/.ssh/id_ecdsa
# IdentityFile ~/.ssh/id_ed25519
# Port 22
# Protocol 2
# Cipher 3des
# Ciphers aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc
# MACs hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160
# EscapeChar ~
# Tunnel no
# TunnelDevice any:any
# PermitLocalCommand no
# VisualHostKey no
# ProxyCommand ssh -q -W %h:%p gateway.example.com
# RekeyLimit 1G 1h
SendEnv LANG LC_*
HashKnownHosts yes
GSSAPIAuthentication yes
GSSAPIDelegateCredentials no
PubkeyAcceptedKeyTypes=+ssh-dss
Код: Выделить всё
root@abills:/usr/abills/Certs# ll
total 36
drwxr-xr-x 2 root root 4096 Apr 24 21:33 ./
drwxr-xr-x 17 freerad freerad 4096 Apr 22 19:05 ../
-r-------- 1 www-data root 1265 Apr 22 19:06 server.crt
-rw-r--r-- 1 www-data root 1066 Apr 22 19:06 server.csr
-r-------- 1 root root 1675 Apr 22 19:06 server.key
-r-------- 1 root root 1743 Apr 22 19:06 server.key.org
-rw-r--r-- 1 root root 451 Apr 22 19:06 server_public.pem
-rw------- 1 root root 1679 Apr 24 00:18 test1
-rw-r--r-- 1 root root 393 Apr 24 00:18 test1.pub
root@abills:/usr/abills/Certs# /usr/abills/misc/certs_create.sh ssh abills_admin -UPLOAD_FTP admin@192.168.1.1
/usr/abills/misc/certs_create.sh: 6: /usr/abills/misc/certs_create.sh: server.cr t: not found
Upload ftp: admin@192.168.1.1
**************************************************************************
Creating SSH authentication Key
Make ssh-keygen with empty password.
**************************************************************************
Create cert for User: abills_admin
/usr/abills/Certs/id_dsa.abills_admin
Generating public/private dsa key pair.
Your identification has been saved in /usr/abills/Certs/id_dsa.abills_admin.
Your public key has been saved in /usr/abills/Certs/id_dsa.abills_admin.pub.
The key fingerprint is:
SHA256:+Cxl/SLsuSBpXJtnYjxKxDMtsj2wf6YBPD1OdieUwEU ABillS remote machine manage key (Mon Apr 24 21:34:14 +04 2017)
The key's randomart image is:
+---[DSA 1024]----+
| ..oE |
| .. . |
| o |
| . o o . . |
| * @ * S . |
| # X @ . |
| o @ X B . . |
| + *oO o . |
| ++ +. |
+----[SHA256]-----+
Enter ftp password:
Connected to 192.168.1.1.
220 MikroTik FTP server (MikroTik 6.37.5) ready
331 Password required for admin
Password:
230 User admin logged in
Remote system type is UNIX.
250 CWD command successful
227 Entering Passive Mode (192,168,1,1,201,232).
150 Opening data connection
drwxrwx--- 1 root root 2048 Apr 20 18:55 pub
drwxrwx--- 1 root root 2048 Feb 22 14:13 tftpboot
-rw-rw---- 1 root root 465406 Apr 20 18:56 autosupout.rif
-rw-rw---- 1 root root 17755 Apr 24 00:22 auto-before-reset.backup
drwxrwx--- 1 root root 2048 Jan 1 04:00 skins
226 Transfer complete
Local directory now /usr/abills/Certs
local: id_dsa.abills_admin.pub remote: id_dsa.abills_admin.pub
227 Entering Passive Mode (192,168,1,1,194,109).
150 Opening ASCII mode data connection for '/id_dsa.abills_admin.pub'
226 ASCII transfer complete
654 bytes sent in 0.00 secs (6.2370 MB/s)
221 Closing
root@abills:/usr/abills/Certs# ll
total 44
drwxr-xr-x 2 root root 4096 Apr 24 21:34 ./
drwxr-xr-x 17 freerad freerad 4096 Apr 22 19:05 ../
-rw------- 1 www-data root 668 Apr 24 21:34 id_dsa.abills_admin
-r-------- 1 root root 653 Apr 24 21:34 id_dsa.abills_admin.pub
-r-------- 1 www-data root 1265 Apr 22 19:06 server.crt
-rw-r--r-- 1 www-data root 1066 Apr 22 19:06 server.csr
-r-------- 1 root root 1675 Apr 22 19:06 server.key
-r-------- 1 root root 1743 Apr 22 19:06 server.key.org
-rw-r--r-- 1 root root 451 Apr 22 19:06 server_public.pem
-rw------- 1 root root 1679 Apr 24 00:18 test1
-rw-r--r-- 1 root root 393 Apr 24 00:18 test1.pub
root@abills:/usr/abills/Certs# ssh -l abills_admin -i /usr/abills/Certs/id_dsa. abills_admin 10.20.1.1 "/system identity print"
^C
root@abills:/usr/abills/Certs# ssh -l abills_admin -i /usr/abills/Certs/id_dsa.a bills_admin 192.168.1.1 "/system identity print"
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the RSA key sent by the remote host is
SHA256:Vfzi5bFgmP7ZaEnVEw6e3KtzuuMtbdV9SzKypCxiru4.
Please contact your system administrator.
Add correct host key in /root/.ssh/known_hosts to get rid of this message.
Offending RSA key in /root/.ssh/known_hosts:3
remove with:
ssh-keygen -f "/root/.ssh/known_hosts" -R 192.168.1.1
RSA host key for 192.168.1.1 has changed and you have requested strict checking.
Host key verification failed.
Код: Выделить всё
[admin@MikroTik] > user add name=abills_admin group=write
[admin@MikroTik] > user ssh-keys import public-key-file=id_dsa.abills_admin.pub user=abills_admin
[admin@MikroTik] >
Последний раз редактировалось faridmmv Пн апр 24, 2017 5:53 pm, всего редактировалось 1 раз.
Re: Настройка AbillS + Mikrotik. Видео.
попробовал еще так https://www.youtube.com/watch?v=HC4OFP3NCtw
Код: Выделить всё
root@abills:/usr/abills/Certs# ssh-keygen -t dsa
Generating public/private dsa key pair.
Enter file in which to save the key (/root/.ssh/id_dsa): abills_test
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in abills_test.
Your public key has been saved in abills_test.pub.
The key fingerprint is:
SHA256:tP/qY9vGSH9RhjxD0KXPkDHAV7fr01atjobo6GSJtYM root@abills
The key's randomart image is:
+---[DSA 1024]----+
| .o+oo+|
| . +=o|
| . ++o |
| . . =+=|
| . S *=|
| + o .. o.o|
| E * o.= .+o|
| o o. =o=o...|
| .o..o+*+.. |
+----[SHA256]-----+
root@abills:/usr/abills/Certs# ll
total 52
drwxr-xr-x 2 root root 4096 Apr 24 21:43 ./
drwxr-xr-x 17 freerad freerad 4096 Apr 22 19:05 ../
-rw------- 1 root root 668 Apr 24 21:43 abills_test
-rw-r--r-- 1 root root 601 Apr 24 21:43 abills_test.pub
-rw------- 1 www-data root 668 Apr 24 21:34 id_dsa.abills_admin
-r-------- 1 root root 653 Apr 24 21:34 id_dsa.abills_admin.pub
-r-------- 1 www-data root 1265 Apr 22 19:06 server.crt
-rw-r--r-- 1 www-data root 1066 Apr 22 19:06 server.csr
-r-------- 1 root root 1675 Apr 22 19:06 server.key
-r-------- 1 root root 1743 Apr 22 19:06 server.key.org
-rw-r--r-- 1 root root 451 Apr 22 19:06 server_public.pem
-rw------- 1 root root 1679 Apr 24 00:18 test1
-rw-r--r-- 1 root root 393 Apr 24 00:18 test1.pub
root@abills:/usr/abills/Certs# scp abills_test.pub admin@192.168.1.1 :/
:/: No such file or directory
root@abills:/usr/abills/Certs# scp abills_test.pub admin@192.168.1.1:/
The authenticity of host '192.168.1.1 (192.168.1.1)' can't be established.
RSA key fingerprint is SHA256:Vfzi5bFgmP7ZaEnVEw6e3KtzuuMtbdV9SzKypCxiru4.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.1.1' (RSA) to the list of known hosts.
abills_test.pub 100% 601 0.6KB/s 00:00
root@abills:/usr/abills/Certs#
Код: Выделить всё
root@abills:/usr/abills/Certs# ssh abills_test@192.168.1.1
abills_test@192.168.1.1's password:
Permission denied, please try again.
abills_test@192.168.1.1's password:
Permission denied, please try again.
abills_test@192.168.1.1's password:
Re: Настройка AbillS + Mikrotik. Видео.
Выполните и покажите вывод:
Код: Выделить всё
# ssh -vv -i /usr/abills/Certs/id_dsa.abills_admin abills_admin@192.168.1.1
Re: Настройка AbillS + Mikrotik. Видео.
Я переустановил систему, попробовал без изменения файлы certs_create
Потом с изменениями в certs_create
И залез в микротик. А почему обычным # ssh abills_admin@192.168.1.1 не лезет?
Код: Выделить всё
root@ubuntubilling:/home/tier3# ssh -vv -i /usr/abills/Certs/id_dsa.abills_admin abills_admin@192.168.1.1
OpenSSH_7.2p2 Ubuntu-4ubuntu2.1, OpenSSL 1.0.2g 1 Mar 2016
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug2: resolving "192.168.1.1" port 22
debug2: ssh_connect_direct: needpriv 0
debug1: Connecting to 192.168.1.1 [192.168.1.1] port 22.
debug1: Connection established.
debug1: permanently_set_uid: 0/0
debug1: identity file /usr/abills/Certs/id_dsa.abills_admin type 2
debug1: key_load_public: No such file or directory
debug1: identity file /usr/abills/Certs/id_dsa.abills_admin-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_7.2p2 Ubuntu-4ubuntu2.1
debug1: Remote protocol version 2.0, remote software version ROSSSH
debug1: no match: ROSSSH
debug2: fd 3 setting O_NONBLOCK
debug1: Authenticating to 192.168.1.1:22 as 'abills_admin'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: local client KEXINIT proposal
debug2: KEX algorithms: curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha 2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellma n-group-exchange-sha1,diffie-hellman-group14-sha1,ext-info-c
debug2: host key algorithms: ssh-rsa-cert-v01@openssh.com,rsa-sha2-512,rsa-sha2- 256,ssh-rsa,ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v0 1@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-ed25519-cert-v01@open ssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519
debug2: ciphers ctos: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256 -ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,aes192-cbc,aes256- cbc,3des-cbc
debug2: ciphers stoc: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256 -ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,aes192-cbc,aes256- cbc,3des-cbc
debug2: MACs ctos: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-25 6-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-6 4@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: MACs stoc: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-25 6-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-6 4@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: compression ctos: none,zlib@openssh.com,zlib
debug2: compression stoc: none,zlib@openssh.com,zlib
debug2: languages ctos:
debug2: languages stoc:
debug2: first_kex_follows 0
debug2: reserved 0
debug2: peer server KEXINIT proposal
debug2: KEX algorithms: diffie-hellman-group-exchange-sha256,diffie-hellman-grou p-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: host key algorithms: ssh-dss,ssh-rsa
debug2: ciphers ctos: aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,aes192-cbc,aes 256-cbc,blowfish-cbc,3des-cbc,none
debug2: ciphers stoc: aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,aes192-cbc,aes 256-cbc,blowfish-cbc,3des-cbc,none
debug2: MACs ctos: hmac-sha1,hmac-md5
debug2: MACs stoc: hmac-sha1,hmac-md5
debug2: compression ctos: none
debug2: compression stoc: none
debug2: languages ctos:
debug2: languages stoc:
debug2: first_kex_follows 0
debug2: reserved 0
debug1: kex: algorithm: diffie-hellman-group-exchange-sha256
debug1: kex: host key algorithm: ssh-rsa
debug1: kex: server->client cipher: aes128-ctr MAC: hmac-sha1 compression: none
debug1: kex: client->server cipher: aes128-ctr MAC: hmac-sha1 compression: none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(2048<7680<8192) sent
debug1: got SSH2_MSG_KEX_DH_GEX_GROUP
debug2: bits set: 997/2048
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: got SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Server host key: ssh-rsa SHA256:Vfzi5bFgmP7ZaEnVEw6e3KtzuuMtbdV9SzKypCxi ru4
debug1: Host '192.168.1.1' is known and matches the RSA host key.
debug1: Found key in /root/.ssh/known_hosts:3
debug2: bits set: 992/2048
debug2: set_newkeys: mode 1
debug1: rekey after 4294967296 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug2: set_newkeys: mode 0
debug1: rekey after 4294967296 blocks
debug1: SSH2_MSG_NEWKEYS received
debug1: Skipping ssh-dss key /usr/abills/Certs/id_dsa.abills_admin - not in Pubk eyAcceptedKeyTypes
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug2: we did not send a packet, disable method
debug1: Next authentication method: password
abills_admin@192.168.1.1's password:
debug2: we sent a password packet, wait for reply
debug1: Authentications that can continue: password
debug1: Next authentication method: password
Permission denied, please try again.
abills_admin@192.168.1.1's password:
debug2: we sent a password packet, wait for reply
debug1: Authentications that can continue: password
Permission denied, please try again.
abills_admin@192.168.1.1's password:
debug2: we sent a password packet, wait for reply
debug1: Authentications that can continue: password
debug2: we did not send a packet, disable method
debug1: No more authentication methods to try.
Permission denied (password).
root@ubuntubilling:/home/tier3#
Код: Выделить всё
root@ubuntubilling:/home/tier3# ssh abills_admin@192.168.1.1 abills_admin@192.168.1.1's password:
Permission denied, please try again.
abills_admin@192.168.1.1's password:
Permission denied, please try again.
abills_admin@192.168.1.1's password:
Permission denied (password).
root@ubuntubilling:/home/tier3# ssh -vv -i /usr/abills/Certs/id_dsa.abills_admin abills_admin@192.168.1.1
OpenSSH_7.2p2 Ubuntu-4ubuntu2.1, OpenSSL 1.0.2g 1 Mar 2016
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug2: resolving "192.168.1.1" port 22
debug2: ssh_connect_direct: needpriv 0
debug1: Connecting to 192.168.1.1 [192.168.1.1] port 22.
debug1: Connection established.
debug1: permanently_set_uid: 0/0
debug1: identity file /usr/abills/Certs/id_dsa.abills_admin type 2
debug1: key_load_public: No such file or directory
debug1: identity file /usr/abills/Certs/id_dsa.abills_admin-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_7.2p2 Ubuntu-4ubuntu2.1
debug1: Remote protocol version 2.0, remote software version ROSSSH
debug1: no match: ROSSSH
debug2: fd 3 setting O_NONBLOCK
debug1: Authenticating to 192.168.1.1:22 as 'abills_admin'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: local client KEXINIT proposal
debug2: KEX algorithms: curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha 2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellma n-group-exchange-sha1,diffie-hellman-group14-sha1,ext-info-c
debug2: host key algorithms: ssh-rsa-cert-v01@openssh.com,rsa-sha2-512,rsa-sha2- 256,ssh-rsa,ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v0 1@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-ed25519-cert-v01@open ssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519
debug2: ciphers ctos: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256 -ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,aes192-cbc,aes256- cbc,3des-cbc
debug2: ciphers stoc: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256 -ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,aes192-cbc,aes256- cbc,3des-cbc
debug2: MACs ctos: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-25 6-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-6 4@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: MACs stoc: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-25 6-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-6 4@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: compression ctos: none,zlib@openssh.com,zlib
debug2: compression stoc: none,zlib@openssh.com,zlib
debug2: languages ctos:
debug2: languages stoc:
debug2: first_kex_follows 0
debug2: reserved 0
debug2: peer server KEXINIT proposal
debug2: KEX algorithms: diffie-hellman-group-exchange-sha256,diffie-hellman-grou p-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: host key algorithms: ssh-dss,ssh-rsa
debug2: ciphers ctos: aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,aes192-cbc,aes 256-cbc,blowfish-cbc,3des-cbc,none
debug2: ciphers stoc: aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,aes192-cbc,aes 256-cbc,blowfish-cbc,3des-cbc,none
debug2: MACs ctos: hmac-sha1,hmac-md5
debug2: MACs stoc: hmac-sha1,hmac-md5
debug2: compression ctos: none
debug2: compression stoc: none
debug2: languages ctos:
debug2: languages stoc:
debug2: first_kex_follows 0
debug2: reserved 0
debug1: kex: algorithm: diffie-hellman-group-exchange-sha256
debug1: kex: host key algorithm: ssh-rsa
debug1: kex: server->client cipher: aes128-ctr MAC: hmac-sha1 compression: none
debug1: kex: client->server cipher: aes128-ctr MAC: hmac-sha1 compression: none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(2048<7680<8192) sent
debug1: got SSH2_MSG_KEX_DH_GEX_GROUP
debug2: bits set: 1024/2048
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: got SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Server host key: ssh-rsa SHA256:Vfzi5bFgmP7ZaEnVEw6e3KtzuuMtbdV9SzKypCxi ru4
debug1: Host '192.168.1.1' is known and matches the RSA host key.
debug1: Found key in /root/.ssh/known_hosts:3
debug2: bits set: 1029/2048
debug2: set_newkeys: mode 1
debug1: rekey after 4294967296 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug2: set_newkeys: mode 0
debug1: rekey after 4294967296 blocks
debug1: SSH2_MSG_NEWKEYS received
debug2: key: /usr/abills/Certs/id_dsa.abills_admin (0x559626d598c0), explicit
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: Offering DSA public key: /usr/abills/Certs/id_dsa.abills_admin
debug2: we sent a publickey packet, wait for reply
debug1: Server accepts key: pkalg ssh-dss blen 434
debug2: input_userauth_pk_ok: fp SHA256:WeYwL+yeYgbG5nnsLLN16zMax7zH0Z3hddexBFuc wLc
debug1: Authentication succeeded (publickey).
Authenticated to 192.168.1.1 ([192.168.1.1]:22).
debug1: channel 0: new [client-session]
debug2: channel 0: send open
debug1: Entering interactive session.
debug1: pledge: network
debug2: callback start
debug2: fd 3 setting TCP_NODELAY
debug2: client_session2_setup: id 0
debug2: channel 0: request pty-req confirm 1
debug1: Sending environment.
debug1: Sending env LANG = en_US.UTF-8
debug2: channel 0: request env confirm 0
debug2: channel 0: request shell confirm 1
debug2: callback done
debug2: channel 0: open confirm rwindow 2621440 rmax 262144
debug2: channel_input_status_confirm: type 99 id 0
debug2: PTY allocation request accepted on channel 0
debug2: channel_input_status_confirm: type 99 id 0
debug2: shell request accepted on channel 0
MMMM MMMM KKK TTTTTTTTTTT KKK
MMM MMMM MMM III KKK KKK RRRRRR OOOOOO TTT III KKK KKK
MMM MM MMM III KKKKK RRR RRR OOO OOO TTT III KKKKK
MMM MMM III KKK KKK RRRRRR OOO OOO TTT III KKK KKK
MMM MMM III KKK KKK RRR RRR OOOOOO TTT III KKK KKK
MikroTik RouterOS 6.38.5 (c) 1999-2017 http://www.mikrotik.com/
[?] Gives the list of available commands
command [?] Gives help on the command and list of arguments
[Tab] Completes the command/word. If the input is ambiguous,
a second [Tab] gives possible options
/ Move up to base level
.. Move up one level
/command Use command at the base level
[abills_admin@MikroTik] > debug2: client_check_window_change: changed
debug2: channel 0: request window-change confirm 0
[abills_admin@MikroTik] >
Re: Настройка AbillS + Mikrotik. Видео.
ssh читает ключи из файла /etc/ssh_config, если он там не прописан, нужно указывать сертификат через ключ -i
Когда abills обращается к серверу, он всегда подставляет -i /usr/abills/Certs/id.dsa_%nas_admin%
Когда abills обращается к серверу, он всегда подставляет -i /usr/abills/Certs/id.dsa_%nas_admin%
Re: Настройка AbillS + Mikrotik. Видео.
Код: Выделить всё
Ready to process requests.
rad_recv: Access-Request packet from host 192.168.1.1 port 35325, id=17, length= 141
Service-Type = Framed-User
Framed-Protocol = PPP
NAS-Port = 15728646
NAS-Port-Type = Ethernet
User-Name = "farid"
Calling-Station-Id = "00:26:55:CB:1A:CC"
Called-Station-Id = "pppoe-in"
NAS-Port-Id = "bridge"
CHAP-Challenge = 0x8d486b81ea9a6a23fe4049918917beec
CHAP-Password = 0x014994451ce57a4ed248b6bd56e77c8b58
NAS-Identifier = "MikroTik"
NAS-IP-Address = 192.168.1.1
# Executing section authorize from file /usr/local/freeradius/etc/raddb/sites-en abled/abills_default
+group authorize {
++[preprocess] = ok
++[mschap] = noop
[files] users: Matched entry DEFAULT at line 38
++[files] = ok
rlm_perl: Added pair NAS-IP-Address = 192.168.1.1
rlm_perl: Added pair Called-Station-Id = pppoe-in
rlm_perl: Added pair Service-Type = Framed-User
rlm_perl: Added pair CHAP-Challenge = 0x8d486b81ea9a6a23fe4049918917beec
rlm_perl: Added pair NAS-Port-Id = bridge
rlm_perl: Added pair NAS-Port = 15728646
rlm_perl: Added pair User-Name = farid
rlm_perl: Added pair Framed-Protocol = PPP
rlm_perl: Added pair Calling-Station-Id = 00:26:55:CB:1A:CC
rlm_perl: Added pair NAS-Identifier = MikroTik
rlm_perl: Added pair CHAP-Password = 0x014994451ce57a4ed248b6bd56e77c8b58
rlm_perl: Added pair NAS-Port-Type = Ethernet
rlm_perl: Added pair Auth-Type = Perl
++[perl] = ok
+} # group authorize = ok
Found Auth-Type = Perl
# Executing group from file /usr/local/freeradius/etc/raddb/sites-enabled/abills _default
+group Perl {
rlm_perl: Added pair Called-Station-Id = pppoe-in
rlm_perl: Added pair NAS-IP-Address = 192.168.1.1
rlm_perl: Added pair Service-Type = Framed-User
rlm_perl: Added pair NAS-Port = 15728646
rlm_perl: Added pair NAS-Port-Id = bridge
rlm_perl: Added pair CHAP-Challenge = 0x8d486b81ea9a6a23fe4049918917beec
rlm_perl: Added pair User-Name = farid
rlm_perl: Added pair Framed-Protocol = PPP
rlm_perl: Added pair Calling-Station-Id = 00:26:55:CB:1A:CC
rlm_perl: Added pair CHAP-Password = 0x014994451ce57a4ed248b6bd56e77c8b58
rlm_perl: Added pair NAS-Identifier = MikroTik
rlm_perl: Added pair NAS-Port-Type = Ethernet
rlm_perl: Added pair Framed-IP-Netmask = 255.255.255.255
rlm_perl: Added pair Framed-IP-Address = 10.0.0.84
rlm_perl: Added pair Acct-Interim-Interval = 300
rlm_perl: Added pair Session-Timeout = 289130
rlm_perl: Added pair Auth-Type = Accept
++[perl] = ok
+} # group Perl = ok
# Executing section post-auth from file /usr/local/freeradius/etc/raddb/sites-en abled/abills_default
+group post-auth {
rlm_perl: Added pair NAS-IP-Address = 192.168.1.1
rlm_perl: Added pair Called-Station-Id = pppoe-in
rlm_perl: Added pair Service-Type = Framed-User
rlm_perl: Added pair CHAP-Challenge = 0x8d486b81ea9a6a23fe4049918917beec
rlm_perl: Added pair NAS-Port-Id = bridge
rlm_perl: Added pair NAS-Port = 15728646
rlm_perl: Added pair User-Name = farid
rlm_perl: Added pair Framed-Protocol = PPP
rlm_perl: Added pair Calling-Station-Id = 00:26:55:CB:1A:CC
rlm_perl: Added pair NAS-Identifier = MikroTik
rlm_perl: Added pair CHAP-Password = 0x014994451ce57a4ed248b6bd56e77c8b58
rlm_perl: Added pair NAS-Port-Type = Ethernet
rlm_perl: Added pair Framed-IP-Netmask = 255.255.255.255
rlm_perl: Added pair Framed-IP-Address = 10.0.0.84
rlm_perl: Added pair Acct-Interim-Interval = 300
rlm_perl: Added pair Session-Timeout = 289130
rlm_perl: Added pair Auth-Type = Accept
++[perl] = ok
+} # group post-auth = ok
Sending Access-Accept of id 17 to 192.168.1.1 port 35325
Framed-IP-Netmask = 255.255.255.255
Framed-IP-Address = 10.0.0.84
Acct-Interim-Interval = 300
Session-Timeout = 289130
Finished request 0.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.1.1 port 35325, id=17, length= 141
Sending duplicate reply to client NAS_2 port 35325 - ID: 17
Sending Access-Accept of id 17 to 192.168.1.1 port 35325
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.1.1 port 35325, id=17, length= 141
Sending duplicate reply to client NAS_2 port 35325 - ID: 17
Sending Access-Accept of id 17 to 192.168.1.1 port 35325
Waking up in 4.6 seconds.
rad_recv: Access-Request packet from host 192.168.1.1 port 59143, id=9, length=1 41
Service-Type = Framed-User
Framed-Protocol = PPP
NAS-Port = 15728646
NAS-Port-Type = Ethernet
User-Name = "farid"
Calling-Station-Id = "00:26:55:CB:1A:CC"
Called-Station-Id = "pppoe-in"
NAS-Port-Id = "bridge"
CHAP-Challenge = 0x8d486b81ea9a6a23fe4049918917beec
CHAP-Password = 0x014994451ce57a4ed248b6bd56e77c8b58
NAS-Identifier = "MikroTik"
NAS-IP-Address = 192.168.1.1
# Executing section authorize from file /usr/local/freeradius/etc/raddb/sites-en abled/abills_default
+group authorize {
++[preprocess] = ok
++[mschap] = noop
[files] users: Matched entry DEFAULT at line 38
++[files] = ok
rlm_perl: Added pair NAS-IP-Address = 192.168.1.1
rlm_perl: Added pair Called-Station-Id = pppoe-in
rlm_perl: Added pair Service-Type = Framed-User
rlm_perl: Added pair CHAP-Challenge = 0x8d486b81ea9a6a23fe4049918917beec
rlm_perl: Added pair NAS-Port-Id = bridge
rlm_perl: Added pair NAS-Port = 15728646
rlm_perl: Added pair User-Name = farid
rlm_perl: Added pair Framed-Protocol = PPP
rlm_perl: Added pair Calling-Station-Id = 00:26:55:CB:1A:CC
rlm_perl: Added pair NAS-Identifier = MikroTik
rlm_perl: Added pair CHAP-Password = 0x014994451ce57a4ed248b6bd56e77c8b58
rlm_perl: Added pair NAS-Port-Type = Ethernet
rlm_perl: Added pair Auth-Type = Perl
++[perl] = ok
+} # group authorize = ok
Found Auth-Type = Perl
# Executing group from file /usr/local/freeradius/etc/raddb/sites-enabled/abills _default
+group Perl {
rlm_perl: Added pair Called-Station-Id = pppoe-in
rlm_perl: Added pair NAS-IP-Address = 192.168.1.1
rlm_perl: Added pair Service-Type = Framed-User
rlm_perl: Added pair NAS-Port = 15728646
rlm_perl: Added pair NAS-Port-Id = bridge
rlm_perl: Added pair CHAP-Challenge = 0x8d486b81ea9a6a23fe4049918917beec
rlm_perl: Added pair User-Name = farid
rlm_perl: Added pair Framed-Protocol = PPP
rlm_perl: Added pair Calling-Station-Id = 00:26:55:CB:1A:CC
rlm_perl: Added pair CHAP-Password = 0x014994451ce57a4ed248b6bd56e77c8b58
rlm_perl: Added pair NAS-Identifier = MikroTik
rlm_perl: Added pair NAS-Port-Type = Ethernet
rlm_perl: Added pair Framed-IP-Netmask = 255.255.255.255
rlm_perl: Added pair Framed-IP-Address = 10.0.0.84
rlm_perl: Added pair Acct-Interim-Interval = 300
rlm_perl: Added pair Session-Timeout = 289129
rlm_perl: Added pair Auth-Type = Accept
++[perl] = ok
+} # group Perl = ok
# Executing section post-auth from file /usr/local/freeradius/etc/raddb/sites-en abled/abills_default
+group post-auth {
rlm_perl: Added pair NAS-IP-Address = 192.168.1.1
rlm_perl: Added pair Called-Station-Id = pppoe-in
rlm_perl: Added pair Service-Type = Framed-User
rlm_perl: Added pair CHAP-Challenge = 0x8d486b81ea9a6a23fe4049918917beec
rlm_perl: Added pair NAS-Port-Id = bridge
rlm_perl: Added pair NAS-Port = 15728646
rlm_perl: Added pair User-Name = farid
rlm_perl: Added pair Framed-Protocol = PPP
rlm_perl: Added pair Calling-Station-Id = 00:26:55:CB:1A:CC
rlm_perl: Added pair NAS-Identifier = MikroTik
rlm_perl: Added pair CHAP-Password = 0x014994451ce57a4ed248b6bd56e77c8b58
rlm_perl: Added pair NAS-Port-Type = Ethernet
rlm_perl: Added pair Framed-IP-Netmask = 255.255.255.255
rlm_perl: Added pair Framed-IP-Address = 10.0.0.84
rlm_perl: Added pair Acct-Interim-Interval = 300
rlm_perl: Added pair Session-Timeout = 289129
rlm_perl: Added pair Auth-Type = Accept
++[perl] = ok
+} # group post-auth = ok
Sending Access-Accept of id 9 to 192.168.1.1 port 59143
Framed-IP-Netmask = 255.255.255.255
Framed-IP-Address = 10.0.0.84
Acct-Interim-Interval = 300
Session-Timeout = 289129
Finished request 1.
Going to the next request
Waking up in 4.3 seconds.
rad_recv: Access-Request packet from host 192.168.1.1 port 59143, id=9, length=1 41
Sending duplicate reply to client NAS_2 port 59143 - ID: 9
Sending Access-Accept of id 9 to 192.168.1.1 port 59143
Waking up in 4.0 seconds.
rad_recv: Access-Request packet from host 192.168.1.1 port 59143, id=9, length=1 41
Sending duplicate reply to client NAS_2 port 59143 - ID: 9
Sending Access-Accept of id 9 to 192.168.1.1 port 59143
Waking up in 3.7 seconds.
Cleaning up request 0 ID 17 with timestamp +25
Waking up in 0.6 seconds.
Cleaning up request 1 ID 9 with timestamp +26
Ready to process requests.
Re: Настройка AbillS + Mikrotik. Видео.
Сниффер микротика видит запросы от фрирадиус
Порты могут не совпадать. так как разное время делались логи и скрин сниффера. на деле совпадают
Порты могут не совпадать. так как разное время делались логи и скрин сниффера. на деле совпадают
- Вложения
-
- r2.JPG (27.13 КБ) 23660 просмотров
-
- Site Admin
- Сообщения: 5746
- Зарегистрирован: Пт янв 28, 2005 3:11 pm
- Контактная информация:
Re: Настройка AbillS + Mikrotik. Видео.
ответ от радиуса не приходит на микротик, скорее всего тото с ип адресами