lool38 | Bonjour à tous,
Je cherche à changer de port pour mes connexions en ssh (afin de limiter les attaques...) sur mon NAS synology DS411+ (DSM 5.1-5022 Update 3)
J'ai donc édité le fichier /etc/ssh/sshd_config en décommentant la ligne #port 22 et ajouté une nouvelle ligne avec le nouveau port. cela donne :
port 2222
port 22
(ainsi, je peux continuer à me connecter en ssh sur le port "classique" 22 le temps de faire fonctionner le port 2222)
J'ai, naturellement, effectué la redirection au niveau de mon router (freebox)
J'ai redémarré le synology.
Or, impossible de me connecter en ssh sur le synology via le port 2222, que ce soit en local connecté sur le syno via le port 22 (ssh root@127.0.0.1 -p 2222) ou depuis le wan :
En local :
Code :
- ssh root@127.0.0.1 -p 2222
- root@127.0.0.1's password:
- Permission denied, please try again.
- Connection to 127.0.0.1 closed.
|
Depuis le wan :
Code :
- ssh root@<IP DE MON NAS> -p 2222
- root@<IP DE MON NAS>.fr's password:
- Permission denied, please try again.
- Connection to <IP DE MON NAS> closed.
|
Naturellement, le password renseigné est correct :-)
Pour info, je me connecte correctement sur le port 22, que ce soit en local ou depuis le WAN.
/var/log/messages ne contient aucun message relatif à la connexion.
En revanche, lorsque je me connecte en local, le fichier /var/log/synolog/synoconn.log indique :
info 2015/03/18 10:24:58 SYSTEM: User [root] from [127.0.0.1] logged in successfully via [SSH].
Visiblement, la connexion se fait puis je me fais sortir avec le message "Permission denied, please try again."...
Voici le résultat de la commande ssh -vvv root@127.0.0.1 -p 2222 (c'est verbeux, mais au moins, il y a tout!)
Code :
- OpenSSH_6.6, OpenSSL 1.0.1k-fips 8 Jan 2015
- debug2: ssh_connect: needpriv 0
- debug1: Connecting to 127.0.0.1 [127.0.0.1] port 2222.
- debug1: Connection established.
- debug1: permanently_set_uid: 0/0
- debug1: identity file /var/services/homes/root/.ssh/id_rsa type -1
- debug1: identity file /var/services/homes/root/.ssh/id_rsa-cert type -1
- debug1: identity file /var/services/homes/root/.ssh/id_dsa type -1
- debug1: identity file /var/services/homes/root/.ssh/id_dsa-cert type -1
- debug1: identity file /var/services/homes/root/.ssh/id_ecdsa type -1
- debug1: identity file /var/services/homes/root/.ssh/id_ecdsa-cert type -1
- debug1: identity file /var/services/homes/root/.ssh/id_ed25519 type -1
- debug1: identity file /var/services/homes/root/.ssh/id_ed25519-cert type -1
- debug1: Enabling compatibility mode for protocol 2.0
- debug1: Local version string SSH-2.0-OpenSSH_6.6p2-hpn14v4
- debug1: Remote protocol version 2.0, remote software version OpenSSH_6.6p2-hpn14v4
- debug1: match: OpenSSH_6.6p2-hpn14v4 pat OpenSSH* compat 0x04000000
- debug2: fd 3 setting O_NONBLOCK
- debug3: put_host_port: [127.0.0.1]:2222
- debug3: load_hostkeys: loading entries for host "[127.0.0.1]:2222" from file "/var/services/homes/root/.ssh/known_hosts"
- debug3: load_hostkeys: loaded 0 keys
- debug1: SSH2_MSG_KEXINIT sent
- debug1: SSH2_MSG_KEXINIT received
- debug1: AUTH STATE IS 0
- debug2: kex_parse_kexinit: curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,dif
- fie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
- debug2: kex_parse_kexinit: ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh
- -ed25519-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,ssh-dss-cert-v01@openssh.com,ssh-rsa-cert-v00@openssh.com,ssh-dss-cert-v00@openssh.com,ecdsa-s
- ha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519,ssh-rsa,ssh-dss
- debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfou
- r128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
- debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfou
- r128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
- debug2: kex_parse_kexinit: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@ope
- nssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5-etm@openssh.com,hmac-ripemd160-etm@openssh.com,hmac-sha1
- -96-etm@openssh.com,hmac-md5-96-etm@openssh.com,hmac-md5,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
- debug2: kex_parse_kexinit: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@ope
- nssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5-etm@openssh.com,hmac-ripemd160-etm@openssh.com,hmac-sha1
- -96-etm@openssh.com,hmac-md5-96-etm@openssh.com,hmac-md5,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
- debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
- debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
- debug2: kex_parse_kexinit:
- debug2: kex_parse_kexinit:
- debug2: kex_parse_kexinit: first_kex_follows 0
- debug2: kex_parse_kexinit: reserved 0
- debug2: kex_parse_kexinit: curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,dif
- fie-hellman-group14-sha1
- debug2: kex_parse_kexinit: ssh-rsa,ssh-dss,ecdsa-sha2-nistp256
- debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com
- debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com
- debug2: kex_parse_kexinit: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@ope
- nssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
- debug2: kex_parse_kexinit: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@ope
- nssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
- debug2: kex_parse_kexinit: none,zlib@openssh.com
- debug2: kex_parse_kexinit: none,zlib@openssh.com
- debug2: kex_parse_kexinit:
- debug2: kex_parse_kexinit:
- debug2: kex_parse_kexinit: first_kex_follows 0
- debug2: kex_parse_kexinit: reserved 0
- debug2: mac_setup: setup umac-64-etm@openssh.com
- debug1: REQUESTED ENC.NAME is 'aes128-ctr'
- debug1: kex: server->client aes128-ctr umac-64-etm@openssh.com none
- debug2: mac_setup: setup umac-64-etm@openssh.com
- debug1: REQUESTED ENC.NAME is 'aes128-ctr'
- debug1: kex: client->server aes128-ctr umac-64-etm@openssh.com none
- debug1: sending SSH2_MSG_KEX_ECDH_INIT
- debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
- debug1: Server host key: ECDSA f9:30:29:b9:59:7e:d9:bc:27:b6:a0:8d:76:55:e6:27
- debug3: put_host_port: [127.0.0.1]:2222
- debug3: put_host_port: [127.0.0.1]:2222
- debug3: load_hostkeys: loading entries for host "[127.0.0.1]:2222" from file "/var/services/homes/root/.ssh/known_hosts"
- debug3: load_hostkeys: loaded 0 keys
- debug1: checking without port identifier
- debug3: load_hostkeys: loading entries for host "127.0.0.1" from file "/var/services/homes/root/.ssh/known_hosts"
- debug3: load_hostkeys: found key type ECDSA in file /var/services/homes/root/.ssh/known_hosts:82
- debug3: load_hostkeys: loaded 1 keys
- debug1: Host '127.0.0.1' is known and matches the ECDSA host key.
- debug1: Found key in /var/services/homes/root/.ssh/known_hosts:82
- debug1: found matching key w/out port
- debug1: ssh_ecdsa_verify: signature correct
- debug2: kex_derive_keys
- debug2: set_newkeys: mode 1
- debug1: SSH2_MSG_NEWKEYS sent
- debug1: expecting SSH2_MSG_NEWKEYS
- debug2: set_newkeys: mode 0
- debug1: SSH2_MSG_NEWKEYS received
- debug1: Roaming not allowed by server
- debug1: SSH2_MSG_SERVICE_REQUEST sent
- debug2: service_accept: ssh-userauth
- debug1: SSH2_MSG_SERVICE_ACCEPT received
- debug2: key: /var/services/homes/root/.ssh/id_rsa ((nil)),
- debug2: key: /var/services/homes/root/.ssh/id_dsa ((nil)),
- debug2: key: /var/services/homes/root/.ssh/id_ecdsa ((nil)),
- debug2: key: /var/services/homes/root/.ssh/id_ed25519 ((nil)),
- debug1: Authentications that can continue: publickey,password
- debug3: start over, passed a different list publickey,password
- debug3: preferred publickey,keyboard-interactive,password
- debug3: authmethod_lookup publickey
- debug3: remaining preferred: keyboard-interactive,password
- debug3: authmethod_is_enabled publickey
- debug1: Next authentication method: publickey
- debug1: Trying private key: /var/services/homes/root/.ssh/id_rsa
- debug3: no such identity: /var/services/homes/root/.ssh/id_rsa: No such file or directory
- debug1: Trying private key: /var/services/homes/root/.ssh/id_dsa
- debug3: no such identity: /var/services/homes/root/.ssh/id_dsa: No such file or directory
- debug1: Trying private key: /var/services/homes/root/.ssh/id_ecdsa
- debug3: no such identity: /var/services/homes/root/.ssh/id_ecdsa: No such file or directory
- debug1: Trying private key: /var/services/homes/root/.ssh/id_ed25519
- debug3: no such identity: /var/services/homes/root/.ssh/id_ed25519: No such file or directory
- debug2: we did not send a packet, disable method
- debug3: authmethod_lookup password
- debug3: remaining preferred: ,password
- debug3: authmethod_is_enabled password
- debug1: Next authentication method: password
- root@127.0.0.1's password: Je renseigne le bon mot de passe ici :-)
- debug3: packet_send2: adding 64 (len 52 padlen 12 extra_pad 64)
- debug2: we sent a password packet, wait for reply
- debug1: Single to Multithread CTR cipher swap - client request
- debug1: Authentication succeeded (password).
- Authenticated to 127.0.0.1 ([127.0.0.1]:2222).
- debug1: Final hpn_buffer_size = 2097152
- debug1: HPN Disabled: 0, HPN Buffer Size: 2097152
- debug1: channel 0: new [client-session]
- debug1: Enabled Dynamic Window Scaling
- debug3: ssh_session2_open: channel_new: 0
- debug2: channel 0: send open
- debug1: Requesting no-more-sessions@openssh.com
- debug1: Entering interactive session.
- debug1: need rekeying
- debug1: SSH2_MSG_KEXINIT sent
- debug1: rekeying in progress
- debug1: SSH2_MSG_KEXINIT received
- debug1: AUTH STATE IS 1
- debug2: kex_parse_kexinit: curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,dif
- fie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
- debug2: kex_parse_kexinit: ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh
- -ed25519-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,ssh-dss-cert-v01@openssh.com,ssh-rsa-cert-v00@openssh.com,ssh-dss-cert-v00@openssh.com,ecdsa-s
- ha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519,ssh-rsa,ssh-dss
- debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfou
- r128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
- debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfou
- r128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
- debug2: kex_parse_kexinit: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@ope
- nssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5-etm@openssh.com,hmac-ripemd160-etm@openssh.com,hmac-sha1
- -96-etm@openssh.com,hmac-md5-96-etm@openssh.com,hmac-md5,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
- debug2: kex_parse_kexinit: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@ope
- nssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5-etm@openssh.com,hmac-ripemd160-etm@openssh.com,hmac-sha1
- -96-etm@openssh.com,hmac-md5-96-etm@openssh.com,hmac-md5,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
- debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
- debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
- debug2: kex_parse_kexinit:
- debug2: kex_parse_kexinit:
- debug2: kex_parse_kexinit: first_kex_follows 0
- debug2: kex_parse_kexinit: reserved 0
- debug2: kex_parse_kexinit: curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,dif
- fie-hellman-group14-sha1
- debug2: kex_parse_kexinit: ssh-rsa,ssh-dss,ecdsa-sha2-nistp256
- debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com
- debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com
- debug2: kex_parse_kexinit: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@ope
- nssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
- debug2: kex_parse_kexinit: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@ope
- nssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
- debug2: kex_parse_kexinit: none,zlib@openssh.com
- debug2: kex_parse_kexinit: none,zlib@openssh.com
- debug2: kex_parse_kexinit:
- debug2: kex_parse_kexinit:
- debug2: kex_parse_kexinit: first_kex_follows 0
- debug2: kex_parse_kexinit: reserved 0
- debug2: mac_setup: setup umac-64-etm@openssh.com
- debug1: REQUESTED ENC.NAME is 'aes128-ctr'
- debug1: kex: server->client aes128-ctr umac-64-etm@openssh.com none
- debug2: mac_setup: setup umac-64-etm@openssh.com
- debug1: REQUESTED ENC.NAME is 'aes128-ctr'
- debug1: kex: client->server aes128-ctr umac-64-etm@openssh.com none
- debug1: sending SSH2_MSG_KEX_ECDH_INIT
- debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
- debug1: Server host key: ECDSA f9:30:29:b9:59:7e:d9:bc:27:b6:a0:8d:76:55:e6:27
- debug3: put_host_port: [127.0.0.1]:2222
- debug3: put_host_port: [127.0.0.1]:2222
- debug3: load_hostkeys: loading entries for host "[127.0.0.1]:2222" from file "/var/services/homes/root/.ssh/known_hosts"
- debug3: load_hostkeys: loaded 0 keys
- debug1: checking without port identifier
- debug3: load_hostkeys: loading entries for host "127.0.0.1" from file "/var/services/homes/root/.ssh/known_hosts"
- debug3: load_hostkeys: found key type ECDSA in file /var/services/homes/root/.ssh/known_hosts:82
- debug3: load_hostkeys: loaded 1 keys
- debug1: Host '127.0.0.1' is known and matches the ECDSA host key.
- debug1: Found key in /var/services/homes/root/.ssh/known_hosts:82
- debug1: found matching key w/out port
- debug1: ssh_ecdsa_verify: signature correct
- debug2: kex_derive_keys
- debug2: set_newkeys: mode 1
- debug1: set_newkeys: rekeying
- debug1: spawned a thread
- debug1: spawned a thread
- debug1: SSH2_MSG_NEWKEYS sent
- debug1: expecting SSH2_MSG_NEWKEYS
- debug2: set_newkeys: mode 0
- debug1: set_newkeys: rekeying
- debug1: spawned a thread
- debug1: spawned a thread
- debug1: SSH2_MSG_NEWKEYS received
- debug2: callback start
- debug2: fd 3 setting TCP_NODELAY
- debug3: packet_set_tos: set IP_TOS 0x10
- debug2: client_session2_setup: id 0
- debug2: channel 0: request pty-req confirm 1
- debug2: channel 0: request shell confirm 1
- debug2: callback done
- debug2: channel 0: open confirm rwindow 0 rmax 32768
- debug2: tcpwinsz: 87380 for connection: 3
- debug2: tcpwinsz: 87380 for connection: 3
- debug2: channel_input_status_confirm: type 99 id 0
- debug2: PTY allocation request accepted on channel 0
- debug2: channel 0: rcvd adjust 87380
- debug2: channel_input_status_confirm: type 99 id 0
- debug2: shell request accepted on channel 0
- debug2: tcpwinsz: 87380 for connection: 3
- debug2: tcpwinsz: 87380 for connection: 3
- Permission denied, please try again.
- debug2: tcpwinsz: 87380 for connection: 3
- debug1: client_input_channel_req: channel 0 rtype exit-status reply 0
- debug1: client_input_channel_req: channel 0 rtype eow@openssh.com reply 0
- debug2: channel 0: rcvd eow
- debug2: channel 0: close_read
- debug2: channel 0: input open -> closed
- debug2: channel 0: rcvd eof
- debug2: channel 0: output open -> drain
- debug2: channel 0: obuf empty
- debug2: channel 0: close_write
- debug2: channel 0: output drain -> closed
- debug2: channel 0: rcvd close
- debug3: channel 0: will not send data after close
- debug2: tcpwinsz: 87380 for connection: 3
- debug2: channel 0: almost dead
- debug2: channel 0: gc: notify user
- debug2: channel 0: gc: user detached
- debug2: channel 0: send close
- debug2: channel 0: is dead
- debug2: channel 0: garbage collecting
- debug1: channel 0: free: client-session, nchannels 1
- debug3: channel 0: status: The following connections are open:
- #0 client-session (t4 r0 i3/0 o3/0 fd -1/-1 cc -1)
-
- Connection to 127.0.0.1 closed.
- Transferred: sent 4816, received 2820 bytes, in 0.2 seconds
- Bytes per second: sent 25428.5, received 14889.6
- debug1: Exit status 1
|
Auriez-vous des idées?
Quel est le problème??
Un grand merci pour votre aide!
|