bonjour,
BESOIN:
je veux faire passer mon trafic web par ssh pour accéder au web via la méthode "ssh + tunnel + socks5".
cependant mon parc informatique se résume uniquement à mon pc portable.
ce que j'ai déjà faitne trouvant pas de tuto sur la particularité de mon projet je me suis dis que logiquement une machine peut être à la fois client/serveur et si cela ne fonctionne pas, il doit exister une astuce pour pour cela.
j'ai donc installé openssh-server sur ma machine et l'ai mème configuré avec clef + passphrase.
parametré openssh-client.
paramétré mon explorateur.
ouvert un port dedié.
actuelement:il m'est impossible d'établir une connexion dans le terminal pour cause:
$: ssh -D port user@address
Enter passphrase for key '/home/user/.ssh/id_ed25519':
user@127.0.0.1: Permission denied (publickey).
question:
pourquoi cette erreur?
est ce que sur une même machine client et serveur peuvent cohabiter?
l'usage de ssh ne me servant uniquement que pour la tunnelisation socks, dois-je supprimer la clef/passphrase et commenter le parametre dans sshd.conf pour passer outre ce soucis de connexion console?
en gros qu'est ce qui ne vas pas?
pour vous aider dans vos investigations je vous joins les 2 .conf ssh
sshd.conf: serveur
# $OpenBSD: sshd_config,v 1.103 2018/04/09 20:41:22 tj Exp $
Port 8934
AddressFamily inet
#ListenAddress 127.0.0.1
#ListenAddress ::
#HostKey /etc/ssh/ssh_host_rsa_key
#HostKey /etc/ssh/ssh_host_ecdsa_key
HostKey /etc/ssh/ssh_host_ed25519_key
# Ciphers and keying
#RekeyLimit default none
# Logging
SyslogFacility AUTHPRIV
LogLevel VERBOSE
# Authentication:
#LoginGraceTime 2m
#PermitRootLogin prohibit-password
PermitRootLogin no
StrictModes yes
MaxAuthTries 3
MaxSessions 1
PubkeyAuthentication yes
# Expect .ssh/authorized_keys2 to be disregarded by default in future.
#AuthorizedKeysFile .ssh/authorized_keys .ssh/authorized_keys2
#AuthorizedPrincipalsFile none
#AuthorizedKeysCommand none
#AuthorizedKeysCommandUser nobody
# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
#HostbasedAuthentication no
# Change to yes if you don't trust ~/.ssh/known_hosts for
# HostbasedAuthentication
#IgnoreUserKnownHosts no
# Don't read the user's ~/.rhosts and ~/.shosts files
#IgnoreRhosts yes
# To disable tunneled clear text passwords, change to no here!
PasswordAuthentication no
PermitEmptyPasswords no
# Change to yes to enable challenge-response passwords (beware issues with
# some PAM modules and threads)
ChallengeResponseAuthentication no
# Kerberos options
#KerberosAuthentication no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes
#KerberosGetAFSToken no
# GSSAPI options
#GSSAPIAuthentication no
#GSSAPICleanupCredentials yes
#GSSAPIStrictAcceptorCheck yes
#GSSAPIKeyExchange no
# Set this to 'yes' to enable PAM authentication, account processing,
# and session processing. If this is enabled, PAM authentication will
# be allowed through the ChallengeResponseAuthentication and
# PasswordAuthentication. Depending on your PAM configuration,
# PAM authentication via ChallengeResponseAuthentication may bypass
# the setting of "PermitRootLogin without-password".
# If you just want the PAM account and session checks to run without
# PAM authentication, then enable this but set PasswordAuthentication
# and ChallengeResponseAuthentication to 'no'.
UsePAM yes
#AllowAgentForwarding yes
#AllowTcpForwarding yes
#GatewayPorts no
X11Forwarding no
#X11DisplayOffset 10
#X11UseLocalhost yes
#PermitTTY yes
PrintMotd no
PrintLastLog yes
#TCPKeepAlive yes
#PermitUserEnvironment no
#Compression delayed
#ClientAliveInterval 0
#ClientAliveCountMax 3
UseDNS yes
PidFile /var/run/sshd.pid
#MaxStartups 10:30:100
PermitTunnel yes
#ChrootDirectory none
#VersionAddendum none
# no default banner path
Banner /etc/ssh/banner
# Allow client to pass locale environment variables
AcceptEnv LANG LC_*
# override default of no subsystems
Subsystem sftp /usr/lib/openssh/sftp-server
# Example of overriding settings on a per-user basis
#Match User anoncvs proxy-only
# X11Forwarding no
# AllowTcpForwarding no
# PermitTTY no
# ForceCommand cvs server
ssh_config: client
Host *
# ForwardAgent no
ForwardX11 no
# ForwardX11Trusted yes
PasswordAuthentication no
# HostbasedAuthentication no
# GSSAPIAuthentication no
# GSSAPIDelegateCredentials no
# GSSAPIKeyExchange no
# GSSAPITrustDNS no
# BatchMode no
CheckHostIP yes
# AddressFamily any
# ConnectTimeout 0
StrictHostKeyChecking ask
# IdentityFile ~/.ssh/id_rsa
# IdentityFile ~/.ssh/id_dsa
# IdentityFile ~/.ssh/id_ecdsa
IdentityFile ~/.ssh/id_ed25519
Port 8934
# Ciphers aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,3des-cbc
# MACs hmac-md5,hmac-sha1,umac-64@openssh.com
# EscapeChar ~
Tunnel yes
# TunnelDevice any:any
# PermitLocalCommand no
# VisualHostKey no
# ProxyCommand ssh -q -W %h:%p gateway.example.com
# RekeyLimit 1G 1h
# VerifyHostKeyDNS yes
PreferredAuthentications publickey
SendEnv LANG LC_*
HashKnownHosts yes
merci