SSH logging on Windows Server 2016 - “Server refused our key

tag-icon tag-icon windows ssh openssh windows-server-2016 ssh-keys
SSH logging on Windows Server 2016 - “Server refused our key

Ich habe ein Authentifizierungsproblem in Windows Server 2016.

Ich habe einen lokalen Benutzer (keinen Administrator) erstellt, der eine Verbindung per SSH herstellen muss und sich mit seinem privaten Schlüssel authentifiziert.

Da Windows Server 2016 nicht mit der installierbaren OpenSSH-Funktion ausgestattet ist, habe ichdieser Leitfadenund erfolgreich die neueste Version von OpenSSH installiert vonPowerShell-GitHub-Repository. In den Windows Server-Diensten ist „OpenSSH SSH Server“ korrekt ausgeführt und auf automatischen Start eingestellt.

Ich habe außerdem eine spezielle eingehende Regel in der Windows-Firewall mit erweiterter Sicherheit erstellt, um Verbindungen über Port 22 nur von bestimmten IPs aus zuzulassen (tatsächlich funktioniert die Standardauthentifizierung mit Benutzername und Kennwort sowohl in Putty als auch in WinSCP).

Ich habe den öffentlichen Schlüssel des Benutzers in einer Datei „authorized_keys“ im Ordner „.ssh“ im username1Hauptverzeichnis des Benutzers (später „.ssh“ genannt) abgelegt. Ich habe es sowohl manuell (Ordner erstellen und Datei kopieren) als auch mit der WinSCP-Funktion „Öffentlichen Schlüssel auf Server installieren“ versucht. In beiden Fällen ist das Ergebnis dasselbe.

Der Ordner verfügt über Lese- und Schreibberechtigungen sowohl für die Administratoren als auch für den lokalen Benutzer, der sich authentifizieren muss. Der Schlüssel hat das Format „ssh-rsa XXXXXXX rsa-key-YYYYMMDD“.

Zuletzt habe ich den privaten Schlüssel in der Registerkarte SSH -> Authentifizierung in WinSCP eingefügt und versucht, eine Verbindung herzustellen. Ich habe den folgenden Fehler erhalten: „Der Server hat unseren Schlüssel abgelehnt“.

Ich habe sowohl in WinSCP als auch in Putty denselben Fehler erhalten. Ich habe nur zu Testzwecken neue private/öffentliche Schlüssel erstellt und eine Datei „administrators_authorized_keys“ in „C:\ProgramData\ssh“ mit demselben öffentlichen Schlüssel erstellt, aber ich erhalte denselben Fehler. Ich nehme an, dass etwas mit der Dateiberechtigung nicht stimmt.

Ich kann nicht herausfinden, was mir fehlt. Ich habe viele Fragen gelesen, aber sie drehen sich alle um Linux-Instanzen. Kann mir bitte jemand helfen?

Dies ist das WinSCP-Protokoll:

2019-12-17 14:16:03.852 --------------------------------------------------------------------------
2019-12-17 14:16:03.889 Looking up host "XXX.XXX.XXX.X" for SSH connection
2019-12-17 14:16:03.889 Connecting to XXX.XXX.XXX.X port 22
2019-12-17 14:16:03.936 Selecting events 63 for socket 1788
2019-12-17 14:16:03.936 We claim version: SSH-2.0-WinSCP_release_5.15.9
2019-12-17 14:16:03.960 Waiting for the server to continue with the initialization
2019-12-17 14:16:03.961 Looking for incoming data
2019-12-17 14:16:03.961 Looking for network events
2019-12-17 14:16:03.961 Detected network event
2019-12-17 14:16:03.961 Enumerating network events for socket 1788
2019-12-17 14:16:03.961 Enumerated 18 network events making 18 cumulative events for socket 1788
2019-12-17 14:16:03.961 Handling network write event on socket 1788 with error 0
2019-12-17 14:16:03.961 Handling network connect event on socket 1788 with error 0
2019-12-17 14:16:03.961 Looking for network events
2019-12-17 14:16:04.026 Detected network event
2019-12-17 14:16:04.026 Enumerating network events for socket 1788
2019-12-17 14:16:04.026 Enumerated 1 network events making 1 cumulative events for socket 1788
2019-12-17 14:16:04.026 Handling network read event on socket 1788 with error 0
2019-12-17 14:16:04.027 Server version: SSH-2.0-OpenSSH_for_Windows_8.0
2019-12-17 14:16:04.027 Using SSH protocol version 2
2019-12-17 14:16:04.027 Have a known host key of type ssh-ed25519
2019-12-17 14:16:04.028 Waiting for the server to continue with the initialization
2019-12-17 14:16:04.028 Looking for incoming data
2019-12-17 14:16:04.028 Looking for network events
2019-12-17 14:16:04.078 Detected network event
2019-12-17 14:16:04.078 Enumerating network events for socket 1788
2019-12-17 14:16:04.078 Enumerated 1 network events making 1 cumulative events for socket 1788
2019-12-17 14:16:04.078 Handling network read event on socket 1788 with error 0
2019-12-17 14:16:04.079 Doing ECDH key exchange with curve Curve25519 and hash SHA-256
2019-12-17 14:16:04.103 Waiting for the server to continue with the initialization
2019-12-17 14:16:04.103 Looking for incoming data
2019-12-17 14:16:04.103 Looking for network events
2019-12-17 14:16:04.151 Detected network event
2019-12-17 14:16:04.151 Enumerating network events for socket 1788
2019-12-17 14:16:04.151 Enumerated 1 network events making 1 cumulative events for socket 1788
2019-12-17 14:16:04.151 Handling network read event on socket 1788 with error 0
2019-12-17 14:16:04.529 Server also has ecdsa-sha2-nistp256/ssh-rsa host keys, but we don't know any of them
2019-12-17 14:16:04.531 Host key fingerprint is:
2019-12-17 14:16:04.531 ssh-ed25519 256 XXXXXXXXX
2019-12-17 14:16:04.531 Verifying host key ssh-ed25519 XXXXXXXXXXX
2019-12-17 14:16:04.572 Host key matches cached key
2019-12-17 14:16:04.572 Selecting events 63 for socket 1788
2019-12-17 14:16:04.572 Initialised AES-256 SDCTR client->server encryption
2019-12-17 14:16:04.572 Initialised HMAC-SHA-256 client->server MAC algorithm
2019-12-17 14:16:04.572 Initialised AES-256 SDCTR server->client encryption
2019-12-17 14:16:04.572 Initialised HMAC-SHA-256 server->client MAC algorithm
2019-12-17 14:16:04.572 Waiting for the server to continue with the initialization
2019-12-17 14:16:04.572 Looking for incoming data
2019-12-17 14:16:04.572 Looking for network events
2019-12-17 14:16:04.746 Detected network event
2019-12-17 14:16:04.746 Enumerating network events for socket 1788
2019-12-17 14:16:04.746 Enumerated 1 network events making 1 cumulative events for socket 1788
2019-12-17 14:16:04.746 Handling network read event on socket 1788 with error 0
2019-12-17 14:16:04.746 Reading key file "C:\Users\username1\Desktop\private.ppk"
    ! 2019-12-17 14:16:04.748 Using username1 "USERNAME1".
2019-12-17 14:16:04.783 Waiting for the server to continue with the initialization
2019-12-17 14:16:04.783 Looking for incoming data
2019-12-17 14:16:04.783 Looking for network events
2019-12-17 14:16:04.847 Detected network event
2019-12-17 14:16:04.847 Enumerating network events for socket 1788
2019-12-17 14:16:04.847 Enumerated 1 network events making 1 cumulative events for socket 1788
2019-12-17 14:16:04.847 Handling network read event on socket 1788 with error 0
2019-12-17 14:16:04.847 Server offered these authentication methods: publickey,password,keyboard-interactive
2019-12-17 14:16:04.847 Offered public key
2019-12-17 14:16:04.847 Waiting for the server to continue with the initialization
2019-12-17 14:16:04.847 Looking for incoming data
2019-12-17 14:16:04.847 Looking for network events
2019-12-17 14:16:04.923 Detected network event
2019-12-17 14:16:04.923 Enumerating network events for socket 1788
2019-12-17 14:16:04.923 Enumerated 1 network events making 1 cumulative events for socket 1788
2019-12-17 14:16:04.923 Handling network read event on socket 1788 with error 0
    ! 2019-12-17 14:16:04.923 Server refused our key
2019-12-17 14:16:04.937 Server refused our key
2019-12-17 14:16:04.937 Server offered these authentication methods: publickey,password,keyboard-interactive
2019-12-17 14:16:04.938 Attempting keyboard-interactive authentication
2019-12-17 14:16:04.938 Waiting for the server to continue with the initialization
2019-12-17 14:16:04.938 Looking for incoming data
2019-12-17 14:16:04.938 Looking for network events
2019-12-17 14:16:05.004 Detected network event
2019-12-17 14:16:05.005 Enumerating network events for socket 1788
2019-12-17 14:16:05.005 Enumerated 1 network events making 1 cumulative events for socket 1788
2019-12-17 14:16:05.005 Handling network read event on socket 1788 with error 0
2019-12-17 14:16:05.005 Server refused keyboard-interactive authentication
2019-12-17 14:16:05.005 Server offered these authentication methods: publickey,password,keyboard-interactive
2019-12-17 14:16:05.005 Prompt (password, "SSH password", <no instructions>, "&Password: ")

Hier das OpenSSH-Log:

3356 2019-12-17 19:31:44.650 debug1: inetd sockets after dupping: 4, 4
3356 2019-12-17 19:31:44.650 Connection from X.XX.XX.XXX port 54728 on 10.0.0.2 port 22
3356 2019-12-17 19:31:44.650 debug1: Local version string SSH-2.0-OpenSSH_for_Windows_8.0
3356 2019-12-17 19:31:44.650 debug1: Remote protocol version 2.0, remote software version WinSCP_release_5.15.9
3356 2019-12-17 19:31:44.650 debug1: no match: WinSCP_release_5.15.9
3356 2019-12-17 19:31:44.650 debug2: fd 4 setting O_NONBLOCK
3356 2019-12-17 19:31:44.666 debug3: spawning "C:\\Program Files\\OpenSSH\\sshd.exe" -y
3356 2019-12-17 19:31:44.666 debug2: Network child is on pid 4660
3356 2019-12-17 19:31:44.666 debug3: send_rexec_state: entering fd = 6 config len 289
3356 2019-12-17 19:31:44.666 debug3: ssh_msg_send: type 0
3356 2019-12-17 19:31:44.666 debug3: send_rexec_state: done
3356 2019-12-17 19:31:44.666 debug3: ssh_msg_send: type 0
3356 2019-12-17 19:31:44.666 debug3: ssh_msg_send: type 0
3356 2019-12-17 19:31:44.666 debug3: preauth child monitor started
3356 2019-12-17 19:31:44.681 debug1: list_hostkey_types: rsa-sha2-512,rsa-sha2-256,ssh-rsa,ecdsa-sha2-nistp256,ssh-ed25519 [preauth]
3356 2019-12-17 19:31:44.681 debug3: send packet: type 20 [preauth]
3356 2019-12-17 19:31:44.681 debug1: SSH2_MSG_KEXINIT sent [preauth]
3356 2019-12-17 19:31:44.744 debug3: receive packet: type 20 [preauth]
3356 2019-12-17 19:31:44.744 debug1: SSH2_MSG_KEXINIT received [preauth]
3356 2019-12-17 19:31:44.744 debug2: local server KEXINIT proposal [preauth]
3356 2019-12-17 19:31:44.744 debug2: KEX algorithms: curve25519-sha256,[email protected],ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1 [preauth]
3356 2019-12-17 19:31:44.744 debug2: host key algorithms: rsa-sha2-512,rsa-sha2-256,ssh-rsa,ecdsa-sha2-nistp256,ssh-ed25519 [preauth]
3356 2019-12-17 19:31:44.744 debug2: ciphers ctos: [email protected],aes128-ctr,aes192-ctr,aes256-ctr,[email protected],[email protected] [preauth]
3356 2019-12-17 19:31:44.744 debug2: ciphers stoc: [email protected],aes128-ctr,aes192-ctr,aes256-ctr,[email protected],[email protected] [preauth]
3356 2019-12-17 19:31:44.744 debug2: MACs ctos: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-sha1 [preauth]
3356 2019-12-17 19:31:44.744 debug2: MACs stoc: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-sha1 [preauth]
3356 2019-12-17 19:31:44.744 debug2: compression ctos: none [preauth]
3356 2019-12-17 19:31:44.744 debug2: compression stoc: none [preauth]
3356 2019-12-17 19:31:44.744 debug2: languages ctos:  [preauth]
3356 2019-12-17 19:31:44.744 debug2: languages stoc:  [preauth]
3356 2019-12-17 19:31:44.744 debug2: first_kex_follows 0  [preauth]
3356 2019-12-17 19:31:44.744 debug2: reserved 0  [preauth]
3356 2019-12-17 19:31:44.744 debug2: peer client KEXINIT proposal [preauth]
3356 2019-12-17 19:31:44.744 debug2: KEX algorithms: [email protected],ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,rsa2048-sha256,rsa1024-sha1,diffie-hellman-group1-sha1 [preauth]
3356 2019-12-17 19:31:44.744 debug2: host key algorithms: ssh-ed25519,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-rsa,ssh-dss [preauth]
3356 2019-12-17 19:31:44.744 debug2: ciphers ctos: aes256-ctr,aes256-cbc,[email protected],aes192-ctr,aes192-cbc,aes128-ctr,aes128-cbc,[email protected],blowfish-ctr,blowfish-cbc,3des-ctr,3des-cbc,arcfour256,arcfour128 [preauth]
3356 2019-12-17 19:31:44.744 debug2: ciphers stoc: aes256-ctr,aes256-cbc,[email protected],aes192-ctr,aes192-cbc,aes128-ctr,aes128-cbc,[email protected],blowfish-ctr,blowfish-cbc,3des-ctr,3des-cbc,arcfour256,arcfour128 [preauth]
3356 2019-12-17 19:31:44.744 debug2: MACs ctos: hmac-sha2-256,hmac-sha1,hmac-sha1-96,hmac-md5,[email protected],[email protected],[email protected],[email protected] [preauth]
3356 2019-12-17 19:31:44.744 debug2: MACs stoc: hmac-sha2-256,hmac-sha1,hmac-sha1-96,hmac-md5,[email protected],[email protected],[email protected],[email protected] [preauth]
3356 2019-12-17 19:31:44.744 debug2: compression ctos: none,zlib [preauth]
3356 2019-12-17 19:31:44.744 debug2: compression stoc: none,zlib [preauth]
3356 2019-12-17 19:31:44.744 debug2: languages ctos:  [preauth]
3356 2019-12-17 19:31:44.744 debug2: languages stoc:  [preauth]
3356 2019-12-17 19:31:44.744 debug2: first_kex_follows 0  [preauth]
3356 2019-12-17 19:31:44.744 debug2: reserved 0  [preauth]
3356 2019-12-17 19:31:44.744 debug1: kex: algorithm: [email protected] [preauth]
3356 2019-12-17 19:31:44.744 debug1: kex: host key algorithm: ssh-ed25519 [preauth]
3356 2019-12-17 19:31:44.744 debug1: kex: client->server cipher: aes256-ctr MAC: hmac-sha2-256 compression: none [preauth]
3356 2019-12-17 19:31:44.744 debug1: kex: server->client cipher: aes256-ctr MAC: hmac-sha2-256 compression: none [preauth]
3356 2019-12-17 19:31:44.744 debug1: expecting SSH2_MSG_KEX_ECDH_INIT [preauth]
3356 2019-12-17 19:31:44.822 debug3: receive packet: type 30 [preauth]
3356 2019-12-17 19:31:44.822 debug3: mm_sshkey_sign entering [preauth]
3356 2019-12-17 19:31:44.822 debug3: mm_request_send entering: type 6 [preauth]
3356 2019-12-17 19:31:44.822 debug3: mm_request_receive entering
3356 2019-12-17 19:31:44.822 debug3: monitor_read: checking request 6
3356 2019-12-17 19:31:44.822 debug3: mm_answer_sign
3356 2019-12-17 19:31:44.822 debug3: mm_answer_sign: hostkey proof signature 000001D8B28BAFA0(83)
3356 2019-12-17 19:31:44.822 debug3: mm_request_send entering: type 7
3356 2019-12-17 19:31:44.822 debug2: monitor_read: 6 used once, disabling now
3356 2019-12-17 19:31:44.822 debug3: mm_sshkey_sign: waiting for MONITOR_ANS_SIGN [preauth]
3356 2019-12-17 19:31:44.822 debug3: mm_request_receive_expect entering: type 7 [preauth]
3356 2019-12-17 19:31:44.822 debug3: mm_request_receive entering [preauth]
3356 2019-12-17 19:31:44.822 debug3: send packet: type 31 [preauth]
3356 2019-12-17 19:31:44.822 debug3: send packet: type 21 [preauth]
3356 2019-12-17 19:31:44.822 debug2: set_newkeys: mode 1 [preauth]
3356 2019-12-17 19:31:44.822 debug1: rekey out after 4294967296 blocks [preauth]
3356 2019-12-17 19:31:44.822 debug1: SSH2_MSG_NEWKEYS sent [preauth]
3356 2019-12-17 19:31:44.822 debug1: expecting SSH2_MSG_NEWKEYS [preauth]
3356 2019-12-17 19:31:45.338 debug3: receive packet: type 21 [preauth]
3356 2019-12-17 19:31:45.338 debug1: SSH2_MSG_NEWKEYS received [preauth]
3356 2019-12-17 19:31:45.338 debug2: set_newkeys: mode 0 [preauth]
3356 2019-12-17 19:31:45.338 debug1: rekey in after 4294967296 blocks [preauth]
3356 2019-12-17 19:31:45.338 debug1: KEX done [preauth]
3356 2019-12-17 19:31:45.416 debug3: receive packet: type 5 [preauth]
3356 2019-12-17 19:31:45.416 debug3: send packet: type 6 [preauth]
3356 2019-12-17 19:31:45.494 debug3: receive packet: type 50 [preauth]
3356 2019-12-17 19:31:45.494 debug1: userauth-request for user username1 service ssh-connection method none [preauth]
3356 2019-12-17 19:31:45.494 debug1: attempt 0 failures 0 [preauth]
3356 2019-12-17 19:31:45.494 debug3: mm_getpwnamallow entering [preauth]
3356 2019-12-17 19:31:45.494 debug3: mm_request_send entering: type 8 [preauth]
3356 2019-12-17 19:31:45.494 debug3: mm_getpwnamallow: waiting for MONITOR_ANS_PWNAM [preauth]
3356 2019-12-17 19:31:45.494 debug3: mm_request_receive_expect entering: type 9 [preauth]
3356 2019-12-17 19:31:45.494 debug3: mm_request_receive entering [preauth]
3356 2019-12-17 19:31:45.494 debug3: mm_request_receive entering
3356 2019-12-17 19:31:45.494 debug3: monitor_read: checking request 8
3356 2019-12-17 19:31:45.494 debug3: mm_answer_pwnamallow
3356 2019-12-17 19:31:45.494 debug2: parse_server_config: config reprocess config len 289
3356 2019-12-17 19:31:45.494 debug3: checking match for 'Group administrators' user username1 host X.XX.XX.XXX addr X.XX.XX.XXX laddr 10.0.0.2 lport 22
3356 2019-12-17 19:31:45.494 debug3: LsaLogonUser Succeeded (Impersonation: 0)
3356 2019-12-17 19:31:45.494 debug1: user username1 does not match group list administrators at line 87
3356 2019-12-17 19:31:45.494 debug3: match not found
3356 2019-12-17 19:31:45.494 debug3: mm_answer_pwnamallow: sending MONITOR_ANS_PWNAM: 1
3356 2019-12-17 19:31:45.494 debug3: mm_request_send entering: type 9
3356 2019-12-17 19:31:45.494 debug2: monitor_read: 8 used once, disabling now
3356 2019-12-17 19:31:45.494 debug2: input_userauth_request: setting up authctxt for username1 [preauth]
3356 2019-12-17 19:31:45.494 debug3: mm_inform_authserv entering [preauth]
3356 2019-12-17 19:31:45.494 debug3: mm_request_send entering: type 4 [preauth]
3356 2019-12-17 19:31:45.494 debug3: mm_request_receive entering
3356 2019-12-17 19:31:45.494 debug3: monitor_read: checking request 4
3356 2019-12-17 19:31:45.494 debug3: mm_answer_authserv: service=ssh-connection, style=
3356 2019-12-17 19:31:45.494 debug2: monitor_read: 4 used once, disabling now
3356 2019-12-17 19:31:45.494 debug2: input_userauth_request: try method none [preauth]
3356 2019-12-17 19:31:45.494 debug3: user_specific_delay: user specific delay 0.000ms [preauth]
3356 2019-12-17 19:31:45.494 debug3: ensure_minimum_time_since: elapsed 0.000ms, delaying 8.286ms (requested 8.286ms) [preauth]
3356 2019-12-17 19:31:45.510 debug3: userauth_finish: failure partial=0 next methods="publickey,password,keyboard-interactive" [preauth]
3356 2019-12-17 19:31:45.510 debug3: send packet: type 51 [preauth]
3356 2019-12-17 19:31:45.556 debug3: receive packet: type 50 [preauth]
3356 2019-12-17 19:31:45.556 debug1: userauth-request for user username1 service ssh-connection method publickey [preauth]
3356 2019-12-17 19:31:45.556 debug1: attempt 1 failures 0 [preauth]
3356 2019-12-17 19:31:45.556 debug2: input_userauth_request: try method publickey [preauth]
3356 2019-12-17 19:31:45.556 debug2: userauth_pubkey: valid user username1 querying public key ssh-rsa XXXXXXXXXXX [preauth]
3356 2019-12-17 19:31:45.556 debug1: userauth_pubkey: test pkalg ssh-rsa pkblob RSA SHA256:XXXXXXX [preauth]
3356 2019-12-17 19:31:45.556 debug3: mm_key_allowed entering [preauth]
3356 2019-12-17 19:31:45.556 debug3: mm_request_send entering: type 22 [preauth]
3356 2019-12-17 19:31:45.556 debug3: mm_request_receive entering
3356 2019-12-17 19:31:45.556 debug3: monitor_read: checking request 22
3356 2019-12-17 19:31:45.556 debug3: mm_answer_keyallowed entering
3356 2019-12-17 19:31:45.556 debug3: mm_answer_keyallowed: key_from_blob: 000001D8B28BF1C0
3356 2019-12-17 19:31:45.556 debug1: trying public key file C:\\Users\\username1\\.ssh/authorized_keys
3356 2019-12-17 19:31:45.556 debug3: Bad permissions. Try removing permissions for user: VM-EPM\\username2 (S-1-5-21-3826319457-1004635287-1909893433-1001) on file C:/Users/username1/.ssh/authorized_keys.
3356 2019-12-17 19:31:45.556 Authentication refused.
3356 2019-12-17 19:31:45.556 debug3: mm_answer_keyallowed: publickey authentication test: RSA key is not allowed
3356 2019-12-17 19:31:45.556 Failed publickey for username1 from X.XX.XX.XXX port 54728 ssh2: RSA SHA256:o8b9CXuYPzNSz6M/rsN+XAQHqEcdPwWasDglinXbtig
3356 2019-12-17 19:31:45.556 debug3: mm_request_send entering: type 23
3356 2019-12-17 19:31:45.556 debug3: mm_key_allowed: waiting for MONITOR_ANS_KEYALLOWED [preauth]
3356 2019-12-17 19:31:45.556 debug3: mm_request_receive_expect entering: type 23 [preauth]
3356 2019-12-17 19:31:45.556 debug3: mm_request_receive entering [preauth]
3356 2019-12-17 19:31:45.556 debug2: userauth_pubkey: authenticated 0 pkalg ssh-rsa [preauth]
3356 2019-12-17 19:31:45.556 debug3: user_specific_delay: user specific delay 0.000ms [preauth]
3356 2019-12-17 19:31:45.556 debug3: ensure_minimum_time_since: elapsed 0.000ms, delaying 8.286ms (requested 8.286ms) [preauth]
3356 2019-12-17 19:31:45.572 debug3: userauth_finish: failure partial=0 next methods="publickey,password,keyboard-interactive" [preauth]
3356 2019-12-17 19:31:45.572 debug3: send packet: type 51 [preauth]
3356 2019-12-17 19:31:45.666 debug3: receive packet: type 50 [preauth]
3356 2019-12-17 19:31:45.666 debug1: userauth-request for user username1 service ssh-connection method keyboard-interactive [preauth]
3356 2019-12-17 19:31:45.666 debug1: attempt 2 failures 1 [preauth]
3356 2019-12-17 19:31:45.666 debug2: input_userauth_request: try method keyboard-interactive [preauth]
3356 2019-12-17 19:31:45.666 debug1: keyboard-interactive devs  [preauth]
3356 2019-12-17 19:31:45.666 debug1: auth2_challenge: user=username1 devs= [preauth]
3356 2019-12-17 19:31:45.666 debug1: kbdint_alloc: devices '' [preauth]
3356 2019-12-17 19:31:45.666 debug2: auth2_challenge_start: devices  [preauth]
3356 2019-12-17 19:31:45.666 debug3: user_specific_delay: user specific delay 0.000ms [preauth]
3356 2019-12-17 19:31:45.666 debug3: ensure_minimum_time_since: elapsed 0.000ms, delaying 8.286ms (requested 8.286ms) [preauth]
3356 2019-12-17 19:31:45.681 debug3: userauth_finish: failure partial=0 next methods="publickey,password,keyboard-interactive" [preauth]
3356 2019-12-17 19:31:45.681 debug3: send packet: type 51 [preauth]

In beiden Protokollen username1ist der lokale Benutzer, der eine Verbindung herstellen muss, username2ein Administrator (nicht SYSTEM).

Danke,

Andrea

Antwort1

Ich glaube, diese Botschaft ist ziemlich klar:

3356 2019-12-17 19:31:45.556 debug3: Ungültige Berechtigungen. Versuchen Sie, die Berechtigungen für den Benutzer zu entfernen: VM-EPM\username2 (S-1-5-21-3826319457-1004635287-1909893433-1001) für die Datei C:/Users/username1/.ssh/authorized_keys.

No other user except for the user himself/herself (username1) can have write permissions to the authorized_keys file.

See also the section "Setting up SSH public key authentication" in my article on Windows OpenSSH.

verwandte Informationen