![Bei Verwendung der SSH-Schlüsselauthentifizierung muss ich weiterhin sowohl die Passphrase für den Schlüssel als auch das Serverkennwort eingeben](https://rvso.com/image/231050/Bei%20Verwendung%20der%20SSH-Schl%C3%BCsselauthentifizierung%20muss%20ich%20weiterhin%20sowohl%20die%20Passphrase%20f%C3%BCr%20den%20Schl%C3%BCssel%20als%20auch%20das%20Serverkennwort%20eingeben.png)
Ich versuche, von meinem neuen Laptop (Client) aus Fernzugriff auf meinen alten Laptop (Server) einzurichten. Der alte läuft unter Linux Mint 21.2, der neue unter Ubuntu 23.10.1. Ich habe auf dem Client ein Paar SSH-Schlüssel erstellt und dann verwendet, ssh-copy-id -i ~/.ssh/id_rsa.pub server-name@server_ip
um den öffentlichen Schlüssel zur Liste der autorisierten Schlüssel auf dem Server zu bringen. Ich werde jedoch immer noch aufgefordert, SOWOHL die Passphrase als auch das Serverkennwort einzugeben, wenn ich mich über mit dem Server verbinde ssh
. Ich habe alle Ratschläge von befolgtHier, nämlich, ich habe alle Berechtigungen wie in der akzeptierten Antwort beschrieben überprüft und dann das Debug wie in der zweiten Antwort beschrieben durchgeführt; das Debugprotokoll enthält keine Zeilen der Form Authentication refused:
. Mein Home-Verzeichnis ist möglicherweise verschlüsselt (bei Linux Mint ist das Home-Verzeichnis standardmäßig verschlüsselt), aber ich werde bei jedem Login nach dem Passwort gefragt, nicht nur beim ersten. Unten ist das vollständige Debugprotokoll, von der Anmeldung bis zur Abmeldung, wobei SSH-Schlüssel und IPs herausgeschnitten wurden:
debug1: sshd version OpenSSH_8.9, OpenSSL 3.0.2 15 Mar 2022
debug1: private host key #0: ssh-rsa SHA256:<...>
debug1: private host key #1: ecdsa-sha2-nistp256 SHA256:<...>
debug1: private host key #2: ssh-ed25519 SHA256:<...>
debug1: rexec_argv[0]='/usr/sbin/sshd'
debug1: rexec_argv[1]='-d'
debug1: rexec_argv[2]='-p'
debug1: rexec_argv[3]='2222'
debug1: Set /proc/self/oom_score_adj from 0 to -1000
debug1: Bind to port 2222 on 0.0.0.0.
Server listening on 0.0.0.0 port 2222.
debug1: Bind to port 2222 on ::.
Server listening on :: port 2222.
debug1: Server will not fork when running in debugging mode.
debug1: rexec start in 5 out 5 newsock 5 pipe -1 sock 8
debug1: sshd version OpenSSH_8.9, OpenSSL 3.0.2 15 Mar 2022
debug1: private host key #0: ssh-rsa SHA256:<...>
debug1: private host key #1: ecdsa-sha2-nistp256 SHA256:<...>
debug1: private host key #2: ssh-ed25519 SHA256:<...>
debug1: inetd sockets after dupping: 3, 3
Connection from 192.168.0.117 port 44842 on 192.168.0.108 port 2222 rdomain ""
debug1: Local version string SSH-2.0-OpenSSH_8.9p1 Ubuntu-3ubuntu0.7
debug1: Remote protocol version 2.0, remote software version OpenSSH_9.3p1 Ubuntu-1ubuntu3.3
debug1: compat_banner: match: OpenSSH_9.3p1 Ubuntu-1ubuntu3.3 pat OpenSSH* compat 0x04000000
debug1: permanently_set_uid: 129/65534 [preauth]
debug1: list_hostkey_types: rsa-sha2-512,rsa-sha2-256,ecdsa-sha2-nistp256,ssh-ed25519 [preauth]
debug1: SSH2_MSG_KEXINIT sent [preauth]
debug1: SSH2_MSG_KEXINIT received [preauth]
debug1: kex: algorithm: [email protected] [preauth]
debug1: kex: host key algorithm: ssh-ed25519 [preauth]
debug1: kex: client->server cipher: [email protected] MAC: <implicit> compression: none [preauth]
debug1: kex: server->client cipher: [email protected] MAC: <implicit> compression: none [preauth]
debug1: expecting SSH2_MSG_KEX_ECDH_INIT [preauth]
debug1: SSH2_MSG_KEX_ECDH_INIT received [preauth]
debug1: ssh_packet_send2_wrapped: resetting send seqnr 3 [preauth]
debug1: rekey out after 134217728 blocks [preauth]
debug1: SSH2_MSG_NEWKEYS sent [preauth]
debug1: Sending SSH2_MSG_EXT_INFO [preauth]
debug1: expecting SSH2_MSG_NEWKEYS [preauth]
debug1: ssh_packet_read_poll2: resetting read seqnr 3 [preauth]
debug1: SSH2_MSG_NEWKEYS received [preauth]
debug1: rekey in after 134217728 blocks [preauth]
debug1: KEX done [preauth]
debug1: userauth-request for user monsier-catastrophe service ssh-connection method none [preauth]
debug1: attempt 0 failures 0 [preauth]
debug1: PAM: initializing for "monsier-catastrophe"
debug1: PAM: setting PAM_RHOST to "<an_ip_was_here>"
debug1: PAM: setting PAM_TTY to "ssh"
debug1: userauth-request for user monsier-catastrophe service ssh-connection method publickey [preauth]
debug1: attempt 1 failures 0 [preauth]
debug1: userauth_pubkey: publickey test pkalg rsa-sha2-512 pkblob RSA SHA256:<...> [preauth]
debug1: temporarily_use_uid: 1000/1000 (e=0/0)
debug1: trying public key file /home/monsier-catastrophe/.ssh/authorized_keys
debug1: fd 4 clearing O_NONBLOCK
debug1: /home/monsier-catastrophe/.ssh/authorized_keys:1: matching key found: RSA SHA256:<...>
debug1: /home/monsier-catastrophe/.ssh/authorized_keys:1: key options: agent-forwarding port-forwarding pty user-rc x11-forwarding
Accepted key RSA SHA256:<...> found at /home/monsier-catastrophe/.ssh/authorized_keys:1
debug1: restore_uid: 0/0
Postponed publickey for monsier-catastrophe from <client_ip_was_here> port 44842 ssh2 [preauth]
debug1: userauth-request for user monsier-catastrophe service ssh-connection method password [preauth]
debug1: attempt 2 failures 0 [preauth]
debug1: PAM: password authentication accepted for monsier-catastrophe
debug1: do_pam_account: called
Accepted password for monsier-catastrophe from <client_ip> port 44842 ssh2
debug1: monitor_child_preauth: user monsier-catastrophe authenticated by privileged process
debug1: monitor_read_log: child log fd closed
debug1: PAM: establishing credentials
User child is on pid 36402
debug1: SELinux support disabled
debug1: PAM: establishing credentials
debug1: permanently_set_uid: 1000/1000
debug1: rekey in after 134217728 blocks
debug1: rekey out after 134217728 blocks
debug1: ssh_packet_set_postauth: called
debug1: active: key options: agent-forwarding port-forwarding pty user-rc x11-forwarding
debug1: Entering interactive session for SSH2.
debug1: server_init_dispatch
debug1: server_input_channel_open: ctype session rchan 0 win 1048576 max 16384
debug1: input_session_request
debug1: channel 0: new [server-session]
debug1: session_new: session 0
debug1: session_open: channel 0
debug1: session_open: session 0: link with channel 0
debug1: server_input_channel_open: confirm session
debug1: server_input_global_request: rtype [email protected] want_reply 0
debug1: server_input_channel_req: channel 0 request pty-req reply 1
debug1: session_by_channel: session 0 channel 0
debug1: session_input_channel_req: session 0 req pty-req
debug1: Allocating pty.
debug1: session_new: session 0
debug1: SELinux support disabled
debug1: session_pty_req: session 0 alloc /dev/pts/2
debug1: server_input_channel_req: channel 0 request env reply 0
debug1: session_by_channel: session 0 channel 0
debug1: session_input_channel_req: session 0 req env
debug1: server_input_channel_req: channel 0 request env reply 0
debug1: session_by_channel: session 0 channel 0
debug1: session_input_channel_req: session 0 req env
debug1: server_input_channel_req: channel 0 request env reply 0
debug1: session_by_channel: session 0 channel 0
debug1: session_input_channel_req: session 0 req env
debug1: server_input_channel_req: channel 0 request env reply 0
debug1: session_by_channel: session 0 channel 0
debug1: session_input_channel_req: session 0 req env
debug1: server_input_channel_req: channel 0 request env reply 0
debug1: session_by_channel: session 0 channel 0
debug1: session_input_channel_req: session 0 req env
debug1: server_input_channel_req: channel 0 request env reply 0
debug1: session_by_channel: session 0 channel 0
debug1: session_input_channel_req: session 0 req env
debug1: server_input_channel_req: channel 0 request env reply 0
debug1: session_by_channel: session 0 channel 0
debug1: session_input_channel_req: session 0 req env
debug1: server_input_channel_req: channel 0 request env reply 0
debug1: session_by_channel: session 0 channel 0
debug1: session_input_channel_req: session 0 req env
debug1: server_input_channel_req: channel 0 request env reply 0
debug1: session_by_channel: session 0 channel 0
debug1: session_input_channel_req: session 0 req env
debug1: server_input_channel_req: channel 0 request env reply 0
debug1: session_by_channel: session 0 channel 0
debug1: session_input_channel_req: session 0 req env
debug1: server_input_channel_req: channel 0 request shell reply 1
debug1: session_by_channel: session 0 channel 0
debug1: session_input_channel_req: session 0 req shell
Starting session: shell on pts/2 for monsier-catastrophe from <client_ip_was_here> port 44842 id 0
debug1: Setting controlling tty using TIOCSCTTY.
debug1: Received SIGCHLD.
debug1: session_by_pid: pid 36403
debug1: session_exit_message: session 0 channel 0 pid 36403
debug1: session_exit_message: release channel 0
debug1: session_by_tty: session 0 tty /dev/pts/2
debug1: session_pty_cleanup2: session 0 release /dev/pts/2
Received disconnect from 192.168.0.117 port 44842:11: disconnected by user
Disconnected from user monsier-catastrophe <client_ip_was_here> port 44842
debug1: do_cleanup
debug1: temporarily_use_uid: 1000/1000 (e=1000/1000)
debug1: restore_uid: (unprivileged)
debug1: do_cleanup
debug1: PAM: cleanup
debug1: PAM: closing session
debug1: PAM: deleting credentials
debug1: temporarily_use_uid: 1000/1000 (e=0/0)
debug1: restore_uid: 0/0
debug1: audit_event: unhandled event 12
Antwort1
Überprüfen Sie die Berechtigungen für Ihr Home-Verzeichnis. Versuchen Sie es mit einem chmod 0700. ssh-copy-id sollte (!) die Berechtigungen für .ssh und authorized_keys in Ordnung gebracht haben. Überprüfen Sie jedoch, dass diese auch nicht geöffnet sind.