Estoy intentando configurar la autenticación de clave pública en un servidor Mac OSX, pero fue en vano (puedo iniciar sesión con mi contraseña correctamente). Probé varias sugerencias en respuestas a otras preguntas, pero hasta ahora no encontré el problema. Estoy publicando una gran cantidad de datos de depuración que acumulé analizando posibles soluciones para darle una idea de lo que ya probé y cuáles son las configuraciones de mi sistema.
Información del sistema
Servidor
server:~ admin$ ssh -V
OpenSSH_5.2p1, OpenSSL 0.9.8r 8 Feb 2011
server:~ admin$ uname -a
Darwin server 10.8.0 Darwin Kernel Version 10.8.0: Tue Jun 7 16:32:41 PDT 2011; root:xnu-1504.15.3~1/RELEASE_X86_64 x86_64
Cliente
user@local ~ $ ssh -V
OpenSSH_6.6.1p1 Ubuntu-2ubuntu2, OpenSSL 1.0.1f 6 Jan 2014
user@local ~ $ uname -a
Linux local 3.13.0-24-generic #47-Ubuntu SMP Fri May 2 23:30:00 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux
Permisos de archivos
Servidor
server:~ admin$ ls -la
drwx------ 4 admin staff 136 Jul 13 14:43 .ssh
server:~ admin$ ls -la .ssh
-rw------- 1 admin staff 895 Jul 13 15:32 authorized_keys
server:~ admin$ ls -l ..
drwxr-x---+ 23 admin staff 782 Jul 13 17:40 admin
Cliente
user@local ~ $ ls -la .ssh
-rw------- 1 user user 444 Jul 13 14:38 id_ed25519
-rw-r--r-- 1 user user 95 Jul 13 14:38 id_ed25519.pub
-rw------- 1 user user 3326 Aug 14 2012 id_rsa
-rw-r--r-- 1 user user 800 Feb 18 2014 id_rsa.pub
Copiando claves
Originalmente copié manualmente mis claves públicas scpy las agregué authorized_keyscon cat, pero también probé ssh-copy-id:
user@local ~/.ssh $ ssh-copy-id admin@server
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
Enter passphrase for key '/home/user/.ssh/id_rsa':
Password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh 'admin@server'"
and check to make sure that only the key(s) you wanted were added.
La autenticación de clave pública no funciona después de esto, y si ssh-copy-idvuelvo a ejecutar obtengo exactamente el mismo resultado.
Líneas sin comentar ensshd_config
Protocol 2
SyslogFacility AUTHPRIV
# The following three lines were originally commented out, but I uncommented
# them since I wasn't sure what the defaults were.
RSAAuthentication yes
PubkeyAuthentication yes
AuthorizedKeysFile .ssh/authorized_keys
PasswordAuthentication yes
KerberosAuthentication yes
KerberosOrLocalPasswd yes
KerberosTicketCleanup yes
GSSAPIAuthentication yes
GSSAPICleanupCredentials yes
GSSAPIStrictAcceptorCheck yes
GSSAPIKeyExchange no
Subsystem sftp /usr/libexec/sftp-server
Ejecutando sshden depuración
Servidor
server:~ admin$ sudo /usr/sbin/sshd -p 2222 -d
Password:
debug1: sshd version OpenSSH_5.2p1
debug1: read PEM private key done: type RSA
debug1: private host key: #0 type 1 RSA
debug1: read PEM private key done: type DSA
debug1: private host key: #1 type 2 DSA
debug1: rexec_argv[0]='/usr/sbin/sshd'
debug1: rexec_argv[1]='-p'
debug1: rexec_argv[2]='2222'
debug1: rexec_argv[3]='-d'
debug1: Bind to port 2222 on 0.0.0.0.
Server listening on 0.0.0.0 port 2222.
debug1: Bind to port 2222 on ::.
Server listening on :: port 2222.
debug1: fd 5 clearing O_NONBLOCK
debug1: Server will not fork when running in debugging mode.
debug1: rexec start in 5 out 5 newsock 5 pipe -1 sock 8
debug1: inetd sockets after dupping: 3, 3
Connection from local port 43965
debug1: Client protocol version 2.0; client software version OpenSSH_6.6.1p1 Ubuntu-2ubuntu2
debug1: match: OpenSSH_6.6.1p1 Ubuntu-2ubuntu2 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.2
debug1: privsep_preauth: successfully loaded Seatbelt profile for unprivileged child
debug1: permanently_set_uid: 75/75
debug1: list_hostkey_types: ssh-rsa,ssh-dss
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST received
debug1: SSH2_MSG_KEX_DH_GEX_GROUP sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_INIT
debug1: SSH2_MSG_KEX_DH_GEX_REPLY sent
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: KEX done
debug1: userauth-request for user admin service ssh-connection method none
debug1: attempt 0 failures 0
debug1: PAM: initializing for "admin"
debug1: PAM: setting PAM_RHOST to "local"
Failed none for admin from local port 43965 ssh2
debug1: audit_event: unhandled event 3
debug1: userauth-request for user admin service ssh-connection method publickey
debug1: attempt 1 failures 0
userauth_pubkey: unsupported public key algorithm: ssh-ed25519
debug1: userauth-request for user admin service ssh-connection method publickey
debug1: attempt 2 failures 1
debug1: temporarily_use_uid: 501/20 (e=0/0)
debug1: trying public key file /Users/admin/.ssh/authorized_keys
debug1: fd 4 clearing O_NONBLOCK
debug1: restore_uid: 0/0
debug1: temporarily_use_uid: 501/20 (e=0/0)
debug1: trying public key file /Users/admin/.ssh/authorized_keys
debug1: fd 4 clearing O_NONBLOCK
debug1: restore_uid: 0/0
Failed publickey for admin from local port 43965 ssh2
debug1: audit_event: unhandled event 6
debug1: userauth-request for user admin service ssh-connection method keyboard-interactive
debug1: attempt 3 failures 2
debug1: keyboard-interactive devs
debug1: auth2_challenge: user=admin devs=
debug1: kbdint_alloc: devices 'pam'
debug1: auth2_challenge_start: trying authentication method 'pam'
Postponed keyboard-interactive for admin from local port 43965 ssh2
debug1: do_pam_account: called
debug1: PAM: num PAM env strings 1
Postponed keyboard-interactive/pam for admin from local port 43965 ssh2
debug1: do_pam_account: called
Accepted keyboard-interactive/pam for admin from local port 43965 ssh2
debug1: monitor_child_preauth: admin has been authenticated by privileged process
debug1: PAM: establishing credentials
debug1: temporarily_use_uid: 501/20 (e=0/0)
debug1: ssh_gssapi_storecreds: Not a GSSAPI mechanism
debug1: restore_uid: 0/0
User child is on pid 48532
debug1: PAM: establishing credentials
debug1: permanently_set_uid: 501/20
debug1: privsep_postauth: successfully loaded Seatbelt profile for unprivileged child
debug1: Entering interactive session for SSH2.
debug1: server_init_dispatch_20
debug1: server_input_channel_open: ctype session rchan 0 win 1048576 max 16384
debug1: input_session_request
debug1: channel 0: new [server-session]
debug1: session_new: session 0
debug1: session_open: channel 0
debug1: session_open: session 0: link with channel 0
debug1: server_input_channel_open: confirm session
debug1: server_input_global_request: rtype [email protected] want_reply 0
debug1: server_input_channel_req: channel 0 request pty-req reply 1
debug1: session_by_channel: session 0 channel 0
debug1: session_input_channel_req: session 0 req pty-req
debug1: Allocating pty.
debug1: session_new: session 0
debug1: session_pty_req: session 0 alloc /dev/ttys003
debug1: Ignoring unsupported tty mode opcode 37 (0x25)
debug1: Ignoring unsupported tty mode opcode 52 (0x34)
debug1: Ignoring unsupported tty mode opcode 71 (0x47)
debug1: server_input_channel_req: channel 0 request env reply 0
debug1: session_by_channel: session 0 channel 0
debug1: session_input_channel_req: session 0 req env
debug1: server_input_channel_req: channel 0 request shell reply 1
debug1: session_by_channel: session 0 channel 0
debug1: session_input_channel_req: session 0 req shell
debug1: Setting controlling tty using TIOCSCTTY.
Cliente
user@local ~ $ ssh -vvv -l admin -p 2222 server
OpenSSH_6.6.1, OpenSSL 1.0.1f 6 Jan 2014
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug2: ssh_connect: needpriv 0
debug1: Connecting to server [server] port 2222.
debug1: Connection established.
debug3: Incorrect RSA1 identifier
debug3: Could not load "/home/user/.ssh/id_rsa" as a RSA1 public key
debug1: identity file /home/user/.ssh/id_rsa type -1
debug1: identity file /home/user/.ssh/id_rsa-cert type -1
debug1: identity file /home/user/.ssh/id_dsa type -1
debug1: identity file /home/user/.ssh/id_dsa-cert type -1
debug1: identity file /home/user/.ssh/id_ecdsa type -1
debug1: identity file /home/user/.ssh/id_ecdsa-cert type -1
debug3: Incorrect RSA1 identifier
debug3: Could not load "/home/user/.ssh/id_ed25519" as a RSA1 public key
debug1: identity file /home/user/.ssh/id_ed25519 type 4
debug1: identity file /home/user/.ssh/id_ed25519-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.6.1p1 Ubuntu-2ubuntu2
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.2
debug1: match: OpenSSH_5.2 pat OpenSSH_5* compat 0x0c000000
debug2: fd 3 setting O_NONBLOCK
debug3: put_host_port: [server]:2222
debug3: load_hostkeys: loading entries for host "[server]:2222" from file "/home/user/.ssh/known_hosts"
debug3: load_hostkeys: loaded 0 keys
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit: [email protected],ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519,ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,[email protected],[email protected],[email protected],aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,[email protected]
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,[email protected],[email protected],[email protected],aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,[email protected]
debug2: kex_parse_kexinit: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-md5,hmac-sha1,[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,[email protected],hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-md5,hmac-sha1,[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,[email protected],hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,[email protected],zlib
debug2: kex_parse_kexinit: none,[email protected],zlib
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,[email protected]
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,[email protected]
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,[email protected],hmac-ripemd160,[email protected],hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,[email protected],hmac-ripemd160,[email protected],hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,[email protected]
debug2: kex_parse_kexinit: none,[email protected]
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: mac_setup: setup hmac-md5
debug1: kex: server->client aes128-ctr hmac-md5 none
debug2: mac_setup: setup hmac-md5
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<3072<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug2: bits set: 1548/3072
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Server host key: RSA bd:70:7f:7c:fc:b1:6d:5d:83:86:05:6b:e2:51:5a:a0
debug3: put_host_port: [server]:2222
debug3: put_host_port: [server]:2222
debug3: load_hostkeys: loading entries for host "[server]:2222" from file "/home/user/.ssh/known_hosts"
debug3: load_hostkeys: loaded 0 keys
debug3: load_hostkeys: loading entries for host "[server]:2222" from file "/home/user/.ssh/known_hosts"
debug3: load_hostkeys: loaded 0 keys
debug1: checking without port identifier
debug3: load_hostkeys: loading entries for host "server" from file "/home/user/.ssh/known_hosts"
debug3: load_hostkeys: found key type RSA in file /home/user/.ssh/known_hosts:12
debug3: load_hostkeys: loaded 1 keys
debug3: load_hostkeys: loading entries for host "server" from file "/home/user/.ssh/known_hosts"
debug3: load_hostkeys: found key type RSA in file /home/user/.ssh/known_hosts:13
debug3: load_hostkeys: loaded 1 keys
debug1: Host 'server' is known and matches the RSA host key.
debug1: Found key in /home/user/.ssh/known_hosts:12
debug1: found matching key w/out port
debug2: bits set: 1511/3072
debug1: ssh_rsa_verify: signature correct
debug2: kex_derive_keys
debug2: set_newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug2: set_newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug2: key: /home/user/.ssh/id_ed25519 (0x************),
debug2: key: /home/user/.ssh/id_rsa ((nil)),
debug2: key: /home/user/.ssh/id_dsa ((nil)),
debug2: key: /home/user/.ssh/id_ecdsa ((nil)),
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password,keyboard-interactive
debug3: start over, passed a different list publickey,gssapi-keyex,gssapi-with-mic,password,keyboard-interactive
debug3: preferred gssapi-keyex,gssapi-with-mic,publickey,keyboard-interactive,password
debug3: authmethod_lookup gssapi-keyex
debug3: remaining preferred: gssapi-with-mic,publickey,keyboard-interactive,password
debug3: authmethod_is_enabled gssapi-keyex
debug1: Next authentication method: gssapi-keyex
debug1: No valid Key exchange context
debug2: we did not send a packet, disable method
debug3: authmethod_lookup gssapi-with-mic
debug3: remaining preferred: publickey,keyboard-interactive,password
debug3: authmethod_is_enabled gssapi-with-mic
debug1: Next authentication method: gssapi-with-mic
debug1: Unspecified GSS failure. Minor code may provide more information
No Kerberos credentials available
debug1: Unspecified GSS failure. Minor code may provide more information
No Kerberos credentials available
debug1: Unspecified GSS failure. Minor code may provide more information
debug1: Unspecified GSS failure. Minor code may provide more information
No Kerberos credentials available
debug2: we did not send a packet, disable method
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Offering ED25519 public key: /home/user/.ssh/id_ed25519
debug3: send_pubkey_test
debug2: we sent a publickey packet, wait for reply
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password,keyboard-interactive
debug1: Trying private key: /home/user/.ssh/id_rsa
debug1: key_parse_private2: missing begin marker
debug1: key_parse_private_pem: PEM_read_PrivateKey failed
debug1: read PEM private key done: type <unknown>
Enter passphrase for key '/home/user/.ssh/id_rsa':
debug1: key_parse_private2: missing begin marker
debug1: read PEM private key done: type RSA
debug3: sign_and_send_pubkey: RSA 7a:2f:1b:10:60:e1:c7:f3:f1:67:5e:5d:30:f8:b1:fe
debug2: we sent a publickey packet, wait for reply
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password,keyboard-interactive
debug1: Trying private key: /home/user/.ssh/id_dsa
debug3: no such identity: /home/user/.ssh/id_dsa: No such file or directory
debug1: Trying private key: /home/user/.ssh/id_ecdsa
debug3: no such identity: /home/user/.ssh/id_ecdsa: No such file or directory
debug2: we did not send a packet, disable method
debug3: authmethod_lookup keyboard-interactive
debug3: remaining preferred: password
debug3: authmethod_is_enabled keyboard-interactive
debug1: Next authentication method: keyboard-interactive
debug2: userauth_kbdint
debug2: we sent a keyboard-interactive packet, wait for reply
debug2: input_userauth_info_req
debug2: input_userauth_info_req: num_prompts 1
Password:
debug3: packet_send2: adding 32 (len 24 padlen 8 extra_pad 64)
debug2: input_userauth_info_req
debug2: input_userauth_info_req: num_prompts 0
debug3: packet_send2: adding 48 (len 10 padlen 6 extra_pad 64)
debug1: Authentication succeeded (keyboard-interactive).
Authenticated to server ([server]:2222).
debug1: channel 0: new [client-session]
debug3: ssh_session2_open: channel_new: 0
debug2: channel 0: send open
debug1: Requesting [email protected]
debug1: Entering interactive session.
debug2: callback start
debug2: fd 3 setting TCP_NODELAY
debug3: packet_set_tos: set IP_TOS 0x10
debug2: client_session2_setup: id 0
debug2: channel 0: request pty-req confirm 1
debug1: Sending environment.
debug3: Ignored env XDG_VTNR
debug3: Ignored env SSH_AGENT_PID
debug3: Ignored env XDG_SESSION_ID
debug3: Ignored env COMP_WORDBREAKS
debug3: Ignored env TERM
debug3: Ignored env SHELL
debug3: Ignored env XDG_SESSION_COOKIE
debug3: Ignored env WINDOWID
debug3: Ignored env GNOME_KEYRING_CONTROL
debug3: Ignored env USER
debug3: Ignored env LS_COLORS
debug3: Ignored env SSH_AUTH_SOCK
debug3: Ignored env SESSION_MANAGER
debug3: Ignored env USERNAME
debug3: Ignored env DEFAULTS_PATH
debug3: Ignored env XDG_CONFIG_DIRS
debug3: Ignored env PATH
debug3: Ignored env DESKTOP_SESSION
debug3: Ignored env GDM_XSERVER_LOCATION
debug3: Ignored env PWD
debug3: Ignored env IPYTHONDIR
debug3: Ignored env GNOME_KEYRING_PID
debug1: Sending env LANG = en_US.UTF-8
debug2: channel 0: request env confirm 0
debug3: Ignored env PYTHONSTARTUP
debug3: Ignored env MANDATORY_PATH
debug3: Ignored env QMAKESPEC
debug3: Ignored env MDM_XSERVER_LOCATION
debug3: Ignored env GDMSESSION
debug3: Ignored env SHLVL
debug3: Ignored env XDG_SEAT
debug3: Ignored env HOME
debug3: Ignored env PYTHONPATH
debug3: Ignored env XDG_SESSION_DESKTOP
debug3: Ignored env LOGNAME
debug3: Ignored env XDG_DATA_DIRS
debug3: Ignored env DBUS_SESSION_BUS_ADDRESS
debug3: Ignored env MDMSESSION
debug3: Ignored env TEXTDOMAIN
debug3: Ignored env WINDOWPATH
debug3: Ignored env XDG_RUNTIME_DIR
debug3: Ignored env DISPLAY
debug3: Ignored env MDM_LANG
debug3: Ignored env TEXTDOMAINDIR
debug3: Ignored env COLORTERM
debug3: Ignored env XAUTHORITY
debug3: Ignored env _
debug2: channel 0: request shell confirm 1
debug2: callback done
debug2: channel 0: open confirm rwindow 0 rmax 32768
debug2: channel_input_status_confirm: type 99 id 0
debug2: PTY allocation request accepted on channel 0
debug2: channel 0: rcvd adjust 2097152
debug2: channel_input_status_confirm: type 99 id 0
debug2: shell request accepted on channel 0
Resumen
No puedo entender los mensajes de depuración y, en lugar de pasar otra tarde entera tratando de resolverlo por mi cuenta, pensé en ver si se le presentaba alguna solución a alguien aquí.
Gracias por echar un vistazo.
Respuesta1
El resultado de ssh-copy-idindica que copió el archivo de clave pública para /home/user/.ssh/id_rsa.El código fuente ssh-copy-idindica que habría obtenido esta clave pública del archivo id_rsa.pub.
El resultado de depuración del cliente muestra que ofreció dos claves al servidor, id_ed25519 e id_rsa. El servidor no aceptó ninguno de los dos.
debug1: Offering ED25519 public key: /home/user/.ssh/id_ed25519
[...]
debug2: we sent a publickey packet, wait for reply
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password,keyboard-interactive
debug1: Trying private key: /home/user/.ssh/id_rsa
[...]
debug2: we sent a publickey packet, wait for reply
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password,keyboard-interactive
El registro del servidor ssh muestra que no admite claves id_ed25519. Para id_rsa, leyó las claves_autorizadas pero finalmente no encontró ninguna coincidencia:
debug1: userauth-request for user admin service ssh-connection method publickey
debug1: attempt 1 failures 0
userauth_pubkey: unsupported public key algorithm: ssh-ed25519
debug1: userauth-request for user admin service ssh-connection method publickey
debug1: attempt 2 failures 1
[...]
debug1: trying public key file /Users/admin/.ssh/authorized_keys
[...]
Failed publickey for admin from local port 43965 ssh2
Entonces, aparentemente estás usando la frase de contraseña correcta para la clave. Y ni el cliente ni el servidor tuvieron quejas sobre los permisos de los archivos relevantes. Sin embargo, el servidor no acepta id_rsa a pesar de que ssh-copy-id supuestamente copió la clave pública id_rsa en Authorized_keys.
Supongo que estás lidiando con uno de los siguientes:
El
id_rsa.pubarchivo del cliente está dañado o en realidad no contiene la clave pública delid_rsaarchivo.Alternativamente, el
authorized_keysarchivo en el servidor tiene un formato incorrecto o está dañado de alguna manera que impide que el servidor lo analice correctamente.
Empezaría comprobando el archivo autorizado_keys. Debe ser un archivo de texto con una línea larga por clave.La página de manual de sshddescribe el formato de archivo con más detalle. Le sugiero que elimine cualquier línea de este archivo que haga referencia a la clave id_rsa que está utilizando aquí. Y asegúrese de que haya una nueva línea al final de la última línea del archivo.
Luego, en el cliente, ejecute esto:
cd ~/.ssh
ssh-keygen -y -f id_rsa > id_rsa.pub
Esto volverá a extraer la clave pública de id_rsa a id_rsa.pub.
Ahora vuelva a ejecutar ssh-copy-id y vea si todo funciona mejor.