如何在没有密码的情况下使用“lsh”作为 OpenSSHD 服务器的客户端?

tag-icon tag-icon ssh
如何在没有密码的情况下使用“lsh”作为 OpenSSHD 服务器的客户端?

我想尝试一下lsh,但让它与我的 OpenSSHD 服务器对话似乎非常困难。我怎么做?

答案1

那么您准备好尝试 OpenSSH 客户端的替代方案了吗?

对你有好处。lshwww.gnu.org/s/lsh/ 是一个可以与 OpenSSH 服务器一起使用的 GNU 替代方案。很遗憾不简单。

我们假设您可以ssh访问运行 OpenSSHD 的本地主机。您的第一次尝试是:

$ lsh localhost
No seed file. Please create one by running
lsh-make-seed -o "/home/tange/.lsh/yarrow-seed-file".
lsh: No randomness generator available.

那么让我们制作该文件:

$ mkdir .lsh
$ lsh-make-seed -o "/home/tange/.lsh/yarrow-seed-file"
lsh-make-seed: Reading system state...
lsh-make-seed: Got 150 bits of entropy from system state.
lsh-make-seed: Please type some random data. You better do this
lsh-make-seed: when connected directly to a console, typing over
lsh-make-seed: the network provides worse timing information, and
lsh-make-seed: more opportunities for eavesdropping.
----------------------------------------
........................................
lsh-make-seed: Got 182 keystrokes, estimating 200 bits of entropy.
lsh-make-seed: You can stop typing now.

现在对我来说似乎很愚蠢,lsh不使用 /dev/urandom并且只恢复到在没有此功能的系统上打字。

$ lsh localhost
lsh: Failed to open `/home/tange/.lsh/host-acls' for reading (errno = 2): No such file or directory
lsh: Protocol error: Algorithm negotiation failed.

这是由于lsh在与最新的 OpenSSHD 一起使用时选择了不兼容的密码。使用-c aes256-ctr- 我不知道为什么它不自动执行此操作:

$ lsh -c aes256-ctr localhost
lsh: Failed to open `/home/tange/.lsh/host-acls' for reading (errno = 2): No such file or directory
lsh: Server's hostkey is not trusted. Disconnecting.
lsh: Protocol error: Bad server host key

更好,但还不够好。通过lsh减少偏执,你可以进入:

$ lsh -c aes256-ctr --sloppy-host-authentication localhost
lsh: Failed to open `/home/tange/.lsh/host-acls' for reading (errno = 2): No such file or directory
Received unauthenticated key for host localhost
Key details:
Bubble Babble: xitem-suten-vedyd-hibuv-naril-nisog-luvet-dagik-negem-kykeb-bexyx
Fingerprint:   4b:9f:4b:4d:10:6b:09:2b:be:ee:df:48:a0:75:d3:9a
Do you trust this key? (y/n) y
Last login: Mon Dec  7 08:11:58 2015 from 192.168.1.103
$

您可以lsh将此主机密钥添加到受信任的主机密钥中:

$ lsh -c aes256-ctr --sloppy-host-authentication --capture-to ~/.lsh/host-acls localhost
Received unauthenticated key for host localhost
Key details:
Bubble Babble: xitem-suten-vedyd-hibuv-naril-nisog-luvet-dagik-negem-kykeb-bexyx
Fingerprint:   4b:9f:4b:4d:10:6b:09:2b:be:ee:df:48:a0:75:d3:9a
Do you trust this key? (y/n) y
Password for tange: 
Last login: Fri Jan  8 12:46:57 2016 from localhost
$

然后就可以使用lsh普通密码登录了:

$ lsh -c aes256-ctr localhost
Password for tange: 
Last login: Fri Jan  8 12:48:36 2016 from localhost
$

要授权客户端密钥,请将密钥转换为 OpenSSH 格式并将其附加到.ssh/authorized_keys

$ lsh-keygen | lsh-writekey
xxxxxx
xxxxxx
Enter new passphrase: 
Again: 
$ lsh-export-key --openssh < ~/.lsh/identity.pub | lsh -c aes256-ctr localhost 'cat >>.ssh/authorized_keys'
Passphrase for key `tange@hk': 
Password for tange:

现在您可以使用lsh密钥连接到 OpenSSH 服务器。为避免输入密码,请勿加密您的客户端密钥:

$ lsh-keygen | lsh-writekey -c none
xxxxxx
xxxxxx
$ lsh-export-key --openssh < ~/.lsh/identity.pub | lsh -c aes256-ctr localhost 'cat >>.ssh/authorized_keys'
Password for tange: 
$ lsh -c aes256-ctr localhost
Last login: Fri Jan  8 12:48:40 2016 from localhost
$

相关内容