Ich versuche, die Authentifizierung mit öffentlichem Schlüssel auf einem Mac OSX-Server einzurichten, aber ohne Erfolg (ich kann mich problemlos mit meinem Passwort anmelden). Ich habe mehrere Vorschläge in Antworten auf andere Fragen ausprobiert, aber bisher das Problem nicht gefunden. Ich veröffentliche eine Menge Debugdaten, die ich beim Durchgehen möglicher Lösungen gesammelt habe, um Ihnen eine Vorstellung davon zu geben, was ich bereits versucht habe und wie meine Systemkonfigurationen sind.
Systeminformationen
Server
server:~ admin$ ssh -V
OpenSSH_5.2p1, OpenSSL 0.9.8r 8 Feb 2011
server:~ admin$ uname -a
Darwin server 10.8.0 Darwin Kernel Version 10.8.0: Tue Jun 7 16:32:41 PDT 2011; root:xnu-1504.15.3~1/RELEASE_X86_64 x86_64
Klient
user@local ~ $ ssh -V
OpenSSH_6.6.1p1 Ubuntu-2ubuntu2, OpenSSL 1.0.1f 6 Jan 2014
user@local ~ $ uname -a
Linux local 3.13.0-24-generic #47-Ubuntu SMP Fri May 2 23:30:00 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux
Dateiberechtigungen
Server
server:~ admin$ ls -la
drwx------ 4 admin staff 136 Jul 13 14:43 .ssh
server:~ admin$ ls -la .ssh
-rw------- 1 admin staff 895 Jul 13 15:32 authorized_keys
server:~ admin$ ls -l ..
drwxr-x---+ 23 admin staff 782 Jul 13 17:40 admin
Klient
user@local ~ $ ls -la .ssh
-rw------- 1 user user 444 Jul 13 14:38 id_ed25519
-rw-r--r-- 1 user user 95 Jul 13 14:38 id_ed25519.pub
-rw------- 1 user user 3326 Aug 14 2012 id_rsa
-rw-r--r-- 1 user user 800 Feb 18 2014 id_rsa.pub
Schlüssel kopieren
Ursprünglich habe ich meine öffentlichen Schlüssel manuell mit kopiert und sie mit scpangehängt , aber ich habe auch Folgendes versucht :authorized_keyscatssh-copy-id
user@local ~/.ssh $ ssh-copy-id admin@server
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
Enter passphrase for key '/home/user/.ssh/id_rsa':
Password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh 'admin@server'"
and check to make sure that only the key(s) you wanted were added.
Die Authentifizierung mit öffentlichem Schlüssel funktioniert danach nicht mehr und wenn ich es ssh-copy-iderneut ausführe, erhalte ich genau die gleiche Ausgabe.
Unkommentierte Zeilen insshd_config
Protocol 2
SyslogFacility AUTHPRIV
# The following three lines were originally commented out, but I uncommented
# them since I wasn't sure what the defaults were.
RSAAuthentication yes
PubkeyAuthentication yes
AuthorizedKeysFile .ssh/authorized_keys
PasswordAuthentication yes
KerberosAuthentication yes
KerberosOrLocalPasswd yes
KerberosTicketCleanup yes
GSSAPIAuthentication yes
GSSAPICleanupCredentials yes
GSSAPIStrictAcceptorCheck yes
GSSAPIKeyExchange no
Subsystem sftp /usr/libexec/sftp-server
Ausführen sshdim Debugmodus
Server
server:~ admin$ sudo /usr/sbin/sshd -p 2222 -d
Password:
debug1: sshd version OpenSSH_5.2p1
debug1: read PEM private key done: type RSA
debug1: private host key: #0 type 1 RSA
debug1: read PEM private key done: type DSA
debug1: private host key: #1 type 2 DSA
debug1: rexec_argv[0]='/usr/sbin/sshd'
debug1: rexec_argv[1]='-p'
debug1: rexec_argv[2]='2222'
debug1: rexec_argv[3]='-d'
debug1: Bind to port 2222 on 0.0.0.0.
Server listening on 0.0.0.0 port 2222.
debug1: Bind to port 2222 on ::.
Server listening on :: port 2222.
debug1: fd 5 clearing O_NONBLOCK
debug1: Server will not fork when running in debugging mode.
debug1: rexec start in 5 out 5 newsock 5 pipe -1 sock 8
debug1: inetd sockets after dupping: 3, 3
Connection from local port 43965
debug1: Client protocol version 2.0; client software version OpenSSH_6.6.1p1 Ubuntu-2ubuntu2
debug1: match: OpenSSH_6.6.1p1 Ubuntu-2ubuntu2 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.2
debug1: privsep_preauth: successfully loaded Seatbelt profile for unprivileged child
debug1: permanently_set_uid: 75/75
debug1: list_hostkey_types: ssh-rsa,ssh-dss
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST received
debug1: SSH2_MSG_KEX_DH_GEX_GROUP sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_INIT
debug1: SSH2_MSG_KEX_DH_GEX_REPLY sent
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: KEX done
debug1: userauth-request for user admin service ssh-connection method none
debug1: attempt 0 failures 0
debug1: PAM: initializing for "admin"
debug1: PAM: setting PAM_RHOST to "local"
Failed none for admin from local port 43965 ssh2
debug1: audit_event: unhandled event 3
debug1: userauth-request for user admin service ssh-connection method publickey
debug1: attempt 1 failures 0
userauth_pubkey: unsupported public key algorithm: ssh-ed25519
debug1: userauth-request for user admin service ssh-connection method publickey
debug1: attempt 2 failures 1
debug1: temporarily_use_uid: 501/20 (e=0/0)
debug1: trying public key file /Users/admin/.ssh/authorized_keys
debug1: fd 4 clearing O_NONBLOCK
debug1: restore_uid: 0/0
debug1: temporarily_use_uid: 501/20 (e=0/0)
debug1: trying public key file /Users/admin/.ssh/authorized_keys
debug1: fd 4 clearing O_NONBLOCK
debug1: restore_uid: 0/0
Failed publickey for admin from local port 43965 ssh2
debug1: audit_event: unhandled event 6
debug1: userauth-request for user admin service ssh-connection method keyboard-interactive
debug1: attempt 3 failures 2
debug1: keyboard-interactive devs
debug1: auth2_challenge: user=admin devs=
debug1: kbdint_alloc: devices 'pam'
debug1: auth2_challenge_start: trying authentication method 'pam'
Postponed keyboard-interactive for admin from local port 43965 ssh2
debug1: do_pam_account: called
debug1: PAM: num PAM env strings 1
Postponed keyboard-interactive/pam for admin from local port 43965 ssh2
debug1: do_pam_account: called
Accepted keyboard-interactive/pam for admin from local port 43965 ssh2
debug1: monitor_child_preauth: admin has been authenticated by privileged process
debug1: PAM: establishing credentials
debug1: temporarily_use_uid: 501/20 (e=0/0)
debug1: ssh_gssapi_storecreds: Not a GSSAPI mechanism
debug1: restore_uid: 0/0
User child is on pid 48532
debug1: PAM: establishing credentials
debug1: permanently_set_uid: 501/20
debug1: privsep_postauth: successfully loaded Seatbelt profile for unprivileged child
debug1: Entering interactive session for SSH2.
debug1: server_init_dispatch_20
debug1: server_input_channel_open: ctype session rchan 0 win 1048576 max 16384
debug1: input_session_request
debug1: channel 0: new [server-session]
debug1: session_new: session 0
debug1: session_open: channel 0
debug1: session_open: session 0: link with channel 0
debug1: server_input_channel_open: confirm session
debug1: server_input_global_request: rtype [email protected] want_reply 0
debug1: server_input_channel_req: channel 0 request pty-req reply 1
debug1: session_by_channel: session 0 channel 0
debug1: session_input_channel_req: session 0 req pty-req
debug1: Allocating pty.
debug1: session_new: session 0
debug1: session_pty_req: session 0 alloc /dev/ttys003
debug1: Ignoring unsupported tty mode opcode 37 (0x25)
debug1: Ignoring unsupported tty mode opcode 52 (0x34)
debug1: Ignoring unsupported tty mode opcode 71 (0x47)
debug1: server_input_channel_req: channel 0 request env reply 0
debug1: session_by_channel: session 0 channel 0
debug1: session_input_channel_req: session 0 req env
debug1: server_input_channel_req: channel 0 request shell reply 1
debug1: session_by_channel: session 0 channel 0
debug1: session_input_channel_req: session 0 req shell
debug1: Setting controlling tty using TIOCSCTTY.
Klient
user@local ~ $ ssh -vvv -l admin -p 2222 server
OpenSSH_6.6.1, OpenSSL 1.0.1f 6 Jan 2014
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug2: ssh_connect: needpriv 0
debug1: Connecting to server [server] port 2222.
debug1: Connection established.
debug3: Incorrect RSA1 identifier
debug3: Could not load "/home/user/.ssh/id_rsa" as a RSA1 public key
debug1: identity file /home/user/.ssh/id_rsa type -1
debug1: identity file /home/user/.ssh/id_rsa-cert type -1
debug1: identity file /home/user/.ssh/id_dsa type -1
debug1: identity file /home/user/.ssh/id_dsa-cert type -1
debug1: identity file /home/user/.ssh/id_ecdsa type -1
debug1: identity file /home/user/.ssh/id_ecdsa-cert type -1
debug3: Incorrect RSA1 identifier
debug3: Could not load "/home/user/.ssh/id_ed25519" as a RSA1 public key
debug1: identity file /home/user/.ssh/id_ed25519 type 4
debug1: identity file /home/user/.ssh/id_ed25519-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.6.1p1 Ubuntu-2ubuntu2
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.2
debug1: match: OpenSSH_5.2 pat OpenSSH_5* compat 0x0c000000
debug2: fd 3 setting O_NONBLOCK
debug3: put_host_port: [server]:2222
debug3: load_hostkeys: loading entries for host "[server]:2222" from file "/home/user/.ssh/known_hosts"
debug3: load_hostkeys: loaded 0 keys
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit: [email protected],ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519,ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,[email protected],[email protected],[email protected],aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,[email protected]
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,[email protected],[email protected],[email protected],aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,[email protected]
debug2: kex_parse_kexinit: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-md5,hmac-sha1,[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,[email protected],hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-md5,hmac-sha1,[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,[email protected],hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,[email protected],zlib
debug2: kex_parse_kexinit: none,[email protected],zlib
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,[email protected]
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,[email protected]
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,[email protected],hmac-ripemd160,[email protected],hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,[email protected],hmac-ripemd160,[email protected],hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,[email protected]
debug2: kex_parse_kexinit: none,[email protected]
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: mac_setup: setup hmac-md5
debug1: kex: server->client aes128-ctr hmac-md5 none
debug2: mac_setup: setup hmac-md5
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<3072<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug2: bits set: 1548/3072
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Server host key: RSA bd:70:7f:7c:fc:b1:6d:5d:83:86:05:6b:e2:51:5a:a0
debug3: put_host_port: [server]:2222
debug3: put_host_port: [server]:2222
debug3: load_hostkeys: loading entries for host "[server]:2222" from file "/home/user/.ssh/known_hosts"
debug3: load_hostkeys: loaded 0 keys
debug3: load_hostkeys: loading entries for host "[server]:2222" from file "/home/user/.ssh/known_hosts"
debug3: load_hostkeys: loaded 0 keys
debug1: checking without port identifier
debug3: load_hostkeys: loading entries for host "server" from file "/home/user/.ssh/known_hosts"
debug3: load_hostkeys: found key type RSA in file /home/user/.ssh/known_hosts:12
debug3: load_hostkeys: loaded 1 keys
debug3: load_hostkeys: loading entries for host "server" from file "/home/user/.ssh/known_hosts"
debug3: load_hostkeys: found key type RSA in file /home/user/.ssh/known_hosts:13
debug3: load_hostkeys: loaded 1 keys
debug1: Host 'server' is known and matches the RSA host key.
debug1: Found key in /home/user/.ssh/known_hosts:12
debug1: found matching key w/out port
debug2: bits set: 1511/3072
debug1: ssh_rsa_verify: signature correct
debug2: kex_derive_keys
debug2: set_newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug2: set_newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug2: key: /home/user/.ssh/id_ed25519 (0x************),
debug2: key: /home/user/.ssh/id_rsa ((nil)),
debug2: key: /home/user/.ssh/id_dsa ((nil)),
debug2: key: /home/user/.ssh/id_ecdsa ((nil)),
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password,keyboard-interactive
debug3: start over, passed a different list publickey,gssapi-keyex,gssapi-with-mic,password,keyboard-interactive
debug3: preferred gssapi-keyex,gssapi-with-mic,publickey,keyboard-interactive,password
debug3: authmethod_lookup gssapi-keyex
debug3: remaining preferred: gssapi-with-mic,publickey,keyboard-interactive,password
debug3: authmethod_is_enabled gssapi-keyex
debug1: Next authentication method: gssapi-keyex
debug1: No valid Key exchange context
debug2: we did not send a packet, disable method
debug3: authmethod_lookup gssapi-with-mic
debug3: remaining preferred: publickey,keyboard-interactive,password
debug3: authmethod_is_enabled gssapi-with-mic
debug1: Next authentication method: gssapi-with-mic
debug1: Unspecified GSS failure. Minor code may provide more information
No Kerberos credentials available
debug1: Unspecified GSS failure. Minor code may provide more information
No Kerberos credentials available
debug1: Unspecified GSS failure. Minor code may provide more information
debug1: Unspecified GSS failure. Minor code may provide more information
No Kerberos credentials available
debug2: we did not send a packet, disable method
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Offering ED25519 public key: /home/user/.ssh/id_ed25519
debug3: send_pubkey_test
debug2: we sent a publickey packet, wait for reply
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password,keyboard-interactive
debug1: Trying private key: /home/user/.ssh/id_rsa
debug1: key_parse_private2: missing begin marker
debug1: key_parse_private_pem: PEM_read_PrivateKey failed
debug1: read PEM private key done: type <unknown>
Enter passphrase for key '/home/user/.ssh/id_rsa':
debug1: key_parse_private2: missing begin marker
debug1: read PEM private key done: type RSA
debug3: sign_and_send_pubkey: RSA 7a:2f:1b:10:60:e1:c7:f3:f1:67:5e:5d:30:f8:b1:fe
debug2: we sent a publickey packet, wait for reply
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password,keyboard-interactive
debug1: Trying private key: /home/user/.ssh/id_dsa
debug3: no such identity: /home/user/.ssh/id_dsa: No such file or directory
debug1: Trying private key: /home/user/.ssh/id_ecdsa
debug3: no such identity: /home/user/.ssh/id_ecdsa: No such file or directory
debug2: we did not send a packet, disable method
debug3: authmethod_lookup keyboard-interactive
debug3: remaining preferred: password
debug3: authmethod_is_enabled keyboard-interactive
debug1: Next authentication method: keyboard-interactive
debug2: userauth_kbdint
debug2: we sent a keyboard-interactive packet, wait for reply
debug2: input_userauth_info_req
debug2: input_userauth_info_req: num_prompts 1
Password:
debug3: packet_send2: adding 32 (len 24 padlen 8 extra_pad 64)
debug2: input_userauth_info_req
debug2: input_userauth_info_req: num_prompts 0
debug3: packet_send2: adding 48 (len 10 padlen 6 extra_pad 64)
debug1: Authentication succeeded (keyboard-interactive).
Authenticated to server ([server]:2222).
debug1: channel 0: new [client-session]
debug3: ssh_session2_open: channel_new: 0
debug2: channel 0: send open
debug1: Requesting [email protected]
debug1: Entering interactive session.
debug2: callback start
debug2: fd 3 setting TCP_NODELAY
debug3: packet_set_tos: set IP_TOS 0x10
debug2: client_session2_setup: id 0
debug2: channel 0: request pty-req confirm 1
debug1: Sending environment.
debug3: Ignored env XDG_VTNR
debug3: Ignored env SSH_AGENT_PID
debug3: Ignored env XDG_SESSION_ID
debug3: Ignored env COMP_WORDBREAKS
debug3: Ignored env TERM
debug3: Ignored env SHELL
debug3: Ignored env XDG_SESSION_COOKIE
debug3: Ignored env WINDOWID
debug3: Ignored env GNOME_KEYRING_CONTROL
debug3: Ignored env USER
debug3: Ignored env LS_COLORS
debug3: Ignored env SSH_AUTH_SOCK
debug3: Ignored env SESSION_MANAGER
debug3: Ignored env USERNAME
debug3: Ignored env DEFAULTS_PATH
debug3: Ignored env XDG_CONFIG_DIRS
debug3: Ignored env PATH
debug3: Ignored env DESKTOP_SESSION
debug3: Ignored env GDM_XSERVER_LOCATION
debug3: Ignored env PWD
debug3: Ignored env IPYTHONDIR
debug3: Ignored env GNOME_KEYRING_PID
debug1: Sending env LANG = en_US.UTF-8
debug2: channel 0: request env confirm 0
debug3: Ignored env PYTHONSTARTUP
debug3: Ignored env MANDATORY_PATH
debug3: Ignored env QMAKESPEC
debug3: Ignored env MDM_XSERVER_LOCATION
debug3: Ignored env GDMSESSION
debug3: Ignored env SHLVL
debug3: Ignored env XDG_SEAT
debug3: Ignored env HOME
debug3: Ignored env PYTHONPATH
debug3: Ignored env XDG_SESSION_DESKTOP
debug3: Ignored env LOGNAME
debug3: Ignored env XDG_DATA_DIRS
debug3: Ignored env DBUS_SESSION_BUS_ADDRESS
debug3: Ignored env MDMSESSION
debug3: Ignored env TEXTDOMAIN
debug3: Ignored env WINDOWPATH
debug3: Ignored env XDG_RUNTIME_DIR
debug3: Ignored env DISPLAY
debug3: Ignored env MDM_LANG
debug3: Ignored env TEXTDOMAINDIR
debug3: Ignored env COLORTERM
debug3: Ignored env XAUTHORITY
debug3: Ignored env _
debug2: channel 0: request shell confirm 1
debug2: callback done
debug2: channel 0: open confirm rwindow 0 rmax 32768
debug2: channel_input_status_confirm: type 99 id 0
debug2: PTY allocation request accepted on channel 0
debug2: channel 0: rcvd adjust 2097152
debug2: channel_input_status_confirm: type 99 id 0
debug2: shell request accepted on channel 0
Zusammenfassung
Ich komme mit den Debug-Meldungen nicht klar und anstatt noch einen ganzen Nachmittag damit zu verbringen, es selbst herauszufinden, wollte ich mal sehen, ob sich hier jemand mit einer Lösung auskennt.
Danke, dass Sie vorbeigeschaut haben.
Antwort1
Die Ausgabe von ssh-copy-idzeigt an, dass die öffentliche Schlüsseldatei für /home/user/.ssh/id_rsa kopiert wurde.Der ssh-copy-id Quellcodegibt an, dass dieser öffentliche Schlüssel aus der Datei id_rsa.pub stammt.
Die Debugausgabe des Clients zeigt, dass er dem Server zwei Schlüssel angeboten hat, id_ed25519 und id_rsa. Der Server hat keinen von beiden akzeptiert.
debug1: Offering ED25519 public key: /home/user/.ssh/id_ed25519
[...]
debug2: we sent a publickey packet, wait for reply
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password,keyboard-interactive
debug1: Trying private key: /home/user/.ssh/id_rsa
[...]
debug2: we sent a publickey packet, wait for reply
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password,keyboard-interactive
Das SSH-Serverprotokoll zeigt, dass es die Schlüssel id_ed25519 nicht unterstützt. Für id_rsa hat es authorized_keys durchgelesen, aber letztendlich keine Übereinstimmung gefunden:
debug1: userauth-request for user admin service ssh-connection method publickey
debug1: attempt 1 failures 0
userauth_pubkey: unsupported public key algorithm: ssh-ed25519
debug1: userauth-request for user admin service ssh-connection method publickey
debug1: attempt 2 failures 1
[...]
debug1: trying public key file /Users/admin/.ssh/authorized_keys
[...]
Failed publickey for admin from local port 43965 ssh2
Sie verwenden also offensichtlich die richtige Passphrase für den Schlüssel. Und weder der Client noch der Server hatten Beschwerden über die Berechtigungen für die entsprechenden Dateien. Dennoch akzeptiert der Server id_rsa nicht, obwohl ssh-copy-id den öffentlichen Schlüssel id_rsa angeblich in authorized_keys kopiert hat.
Ich vermute, dass es sich bei Ihnen um eines der folgenden Probleme handelt:
Die
id_rsa.pubDatei auf dem Client ist beschädigt oder enthält nicht den öffentlichen Schlüssel für dieid_rsaDatei.Alternativ
authorized_keysist die Datei auf dem Server fehlerhaft oder auf eine Art und Weise beschädigt, die verhindert, dass der Server sie richtig analysiert.
Ich würde zunächst die Datei authorized_keys überprüfen. Es sollte sich um eine Textdatei mit einer langen Zeile pro Schlüssel handeln.Die sshd-Manpagebeschreibt das Dateiformat genauer. Ich schlage vor, dass Sie alle Zeilen aus dieser Datei löschen, die auf den hier verwendeten id_rsa-Schlüssel verweisen. Und stellen Sie sicher, dass am Ende der letzten Zeile der Datei eine neue Zeile steht.
Führen Sie dann auf dem Client Folgendes aus:
cd ~/.ssh
ssh-keygen -y -f id_rsa > id_rsa.pub
Dadurch wird der öffentliche Schlüssel aus id_rsa erneut in id_rsa.pub extrahiert.
Führen Sie jetzt ssh-copy-id erneut aus und prüfen Sie, ob es besser funktioniert.