# [gelöst] sshd beachtet sshd_config nicht

## dsiggi

HIi,

ich hab mir daheim einen kleinen Server aufgesetzt, um meine Dateien im Netzwerk zu teilen.

Also System habe ich Gentoo laufen. Es funktioniert auch alles ganz gut, bis auf das sshd anscheinen die "/etc/ssh/sshd_config" nicht beachtet.

Ich habe folgende Einstellungen in der sshd_config gestezt:

```

PermitRootLogin no

PubkeyAuthentication yes

PasswordAuthentication no

```

Trotzdem kann ich mich mit Geräten einloggen, die nicht in der "authorized_keys"-Datei des Benutzers stehen.

Der Root-Login funktioniert aber nicht. Was ja richtig ist.

Hier mal der Log wenn ich mich von einem Computer einlogge, bei dem ich keinen Pub-Key erstellt habe:

```

ssh -vvv siggi@server

OpenSSH_6.4, OpenSSL 1.0.1f 6 Jan 2014

debug1: Reading configuration data /etc/ssh/ssh_config

debug2: ssh_connect: needpriv 0

debug1: Connecting to server [192.168.0.111] port 22.

debug1: Connection established.

debug1: identity file /home/siggi/.ssh/id_rsa type -1

debug1: identity file /home/siggi/.ssh/id_rsa-cert type -1

debug1: identity file /home/siggi/.ssh/id_dsa type -1

debug1: identity file /home/siggi/.ssh/id_dsa-cert type -1

debug1: identity file /home/siggi/.ssh/id_ecdsa type -1

debug1: identity file /home/siggi/.ssh/id_ecdsa-cert type -1

debug1: Enabling compatibility mode for protocol 2.0

debug1: Local version string SSH-2.0-OpenSSH_6.4p1-hpn14v2

debug1: Remote protocol version 2.0, remote software version OpenSSH_6.4p1-hpn14v2

debug1: match: OpenSSH_6.4p1-hpn14v2 pat OpenSSH*

debug2: fd 3 setting O_NONBLOCK

debug3: load_hostkeys: loading entries for host "server" from file "/home/siggi/.ssh/known_hosts"

debug3: load_hostkeys: found key type RSA in file /home/siggi/.ssh/known_hosts:2

debug3: load_hostkeys: loaded 1 keys

debug3: order_hostkeyalgs: prefer hostkeyalgs: ssh-rsa-cert-v01@openssh.com,ssh-rsa-cert-v00@openssh.com,ssh-rsa

debug1: SSH2_MSG_KEXINIT sent

debug1: SSH2_MSG_KEXINIT received

debug1: AUTH STATE IS 0

debug2: kex_parse_kexinit: ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1

debug2: kex_parse_kexinit: ssh-rsa-cert-v01@openssh.com,ssh-rsa-cert-v00@openssh.com,ssh-rsa,ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-dss-cert-v01@openssh.com,ssh-dss-cert-v00@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-dss

debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se

debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se

debug2: kex_parse_kexinit: hmac-md5-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-ripemd160-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,hmac-md5,hmac-sha1,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96

debug2: kex_parse_kexinit: hmac-md5-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-ripemd160-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,hmac-md5,hmac-sha1,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96

debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib

debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib

debug2: kex_parse_kexinit: 

debug2: kex_parse_kexinit: 

debug2: kex_parse_kexinit: first_kex_follows 0 

debug2: kex_parse_kexinit: reserved 0 

debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1

debug2: kex_parse_kexinit: ssh-rsa,ssh-dss

debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se

debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se

debug2: kex_parse_kexinit: hmac-md5-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-ripemd160-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,hmac-md5,hmac-sha1,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96

debug2: kex_parse_kexinit: hmac-md5-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-ripemd160-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,hmac-md5,hmac-sha1,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96

debug2: kex_parse_kexinit: none,zlib@openssh.com

debug2: kex_parse_kexinit: none,zlib@openssh.com

debug2: kex_parse_kexinit: 

debug2: kex_parse_kexinit: 

debug2: kex_parse_kexinit: first_kex_follows 0 

debug2: kex_parse_kexinit: reserved 0 

debug2: mac_setup: found hmac-md5-etm@openssh.com

debug1: REQUESTED ENC.NAME is 'aes128-ctr'

debug1: kex: server->client aes128-ctr hmac-md5-etm@openssh.com none

debug2: mac_setup: found hmac-md5-etm@openssh.com

debug1: REQUESTED ENC.NAME is 'aes128-ctr'

debug1: kex: client->server aes128-ctr hmac-md5-etm@openssh.com none

debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent

debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP

debug2: dh_gen_key: priv key bits set: 137/256

debug2: bits set: 524/1024

debug1: SSH2_MSG_KEX_DH_GEX_INIT sent

debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY

debug1: Server host key: RSA 56:bd:1b:ba:70:38:40:bb:1c:b6:8b:4f:3f:ba:4e:d6

debug3: load_hostkeys: loading entries for host "server" from file "/home/siggi/.ssh/known_hosts"

debug3: load_hostkeys: found key type RSA in file /home/siggi/.ssh/known_hosts:2

debug3: load_hostkeys: loaded 1 keys

debug3: load_hostkeys: loading entries for host "192.168.0.111" from file "/home/siggi/.ssh/known_hosts"

debug3: load_hostkeys: found key type RSA in file /home/siggi/.ssh/known_hosts:2

debug3: load_hostkeys: loaded 1 keys

debug1: Host 'server' is known and matches the RSA host key.

debug1: Found key in /home/siggi/.ssh/known_hosts:2

debug2: bits set: 508/1024

debug1: ssh_rsa_verify: signature correct

debug2: kex_derive_keys

debug2: set_newkeys: mode 1

debug1: SSH2_MSG_NEWKEYS sent

debug1: expecting SSH2_MSG_NEWKEYS

debug2: set_newkeys: mode 0

debug1: SSH2_MSG_NEWKEYS received

debug1: Roaming not allowed by server

debug1: SSH2_MSG_SERVICE_REQUEST sent

debug2: service_accept: ssh-userauth

debug1: SSH2_MSG_SERVICE_ACCEPT received

debug2: key: /home/siggi/.ssh/id_rsa ((nil)),

debug2: key: /home/siggi/.ssh/id_dsa ((nil)),

debug2: key: /home/siggi/.ssh/id_ecdsa ((nil)),

debug1: Authentications that can continue: publickey,keyboard-interactive

debug3: start over, passed a different list publickey,keyboard-interactive

debug3: preferred publickey,keyboard-interactive,password

debug3: authmethod_lookup publickey

debug3: remaining preferred: keyboard-interactive,password

debug3: authmethod_is_enabled publickey

debug1: Next authentication method: publickey

debug1: Trying private key: /home/siggi/.ssh/id_rsa

debug3: no such identity: /home/siggi/.ssh/id_rsa: No such file or directory

debug1: Trying private key: /home/siggi/.ssh/id_dsa

debug3: no such identity: /home/siggi/.ssh/id_dsa: No such file or directory

debug1: Trying private key: /home/siggi/.ssh/id_ecdsa

debug3: no such identity: /home/siggi/.ssh/id_ecdsa: No such file or directory

debug2: we did not send a packet, disable method

debug3: authmethod_lookup keyboard-interactive

debug3: remaining preferred: password

debug3: authmethod_is_enabled keyboard-interactive

debug1: Next authentication method: keyboard-interactive

debug2: userauth_kbdint

debug2: we sent a keyboard-interactive packet, wait for reply

debug2: input_userauth_info_req

debug2: input_userauth_info_req: num_prompts 1

Password: 

debug3: packet_send2: adding 32 (len 19 padlen 13 extra_pad 64)

debug2: input_userauth_info_req

debug2: input_userauth_info_req: num_prompts 0

debug3: packet_send2: adding 48 (len 6 padlen 10 extra_pad 64)

debug1: Single to Multithread CTR cipher swap - client request

debug1: Authentication succeeded (keyboard-interactive).

Authenticated to server ([192.168.0.111]:22).

debug1: Final hpn_buffer_size = 131072

debug1: HPN Disabled: 0, HPN Buffer Size: 131072

debug1: channel 0: new [client-session]

debug1: Enabled Dynamic Window Scaling

debug3: ssh_session2_open: channel_new: 0

debug2: channel 0: send open

debug1: Requesting no-more-sessions@openssh.com

debug1: Entering interactive session.

debug1: need rekeying

debug1: SSH2_MSG_KEXINIT sent

debug1: rekeying in progress

debug1: rekeying in progress

debug1: SSH2_MSG_KEXINIT received

debug1: AUTH STATE IS 1

debug2: kex_parse_kexinit: ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1

debug2: kex_parse_kexinit: ssh-rsa-cert-v01@openssh.com,ssh-rsa-cert-v00@openssh.com,ssh-rsa,ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-dss-cert-v01@openssh.com,ssh-dss-cert-v00@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-dss

debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se

debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se

debug2: kex_parse_kexinit: hmac-md5-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-ripemd160-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,hmac-md5,hmac-sha1,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96

debug2: kex_parse_kexinit: hmac-md5-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-ripemd160-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,hmac-md5,hmac-sha1,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96

debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib

debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib

debug2: kex_parse_kexinit: 

debug2: kex_parse_kexinit: 

debug2: kex_parse_kexinit: first_kex_follows 0 

debug2: kex_parse_kexinit: reserved 0 

debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1

debug2: kex_parse_kexinit: ssh-rsa,ssh-dss

debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se

debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se

debug2: kex_parse_kexinit: hmac-md5-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-ripemd160-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,hmac-md5,hmac-sha1,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96

debug2: kex_parse_kexinit: hmac-md5-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-ripemd160-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,hmac-md5,hmac-sha1,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96

debug2: kex_parse_kexinit: none,zlib@openssh.com

debug2: kex_parse_kexinit: none,zlib@openssh.com

debug2: kex_parse_kexinit: 

debug2: kex_parse_kexinit: 

debug2: kex_parse_kexinit: first_kex_follows 0 

debug2: kex_parse_kexinit: reserved 0 

debug2: mac_setup: found hmac-md5-etm@openssh.com

debug1: REQUESTED ENC.NAME is 'aes128-ctr'

debug1: kex: server->client aes128-ctr hmac-md5-etm@openssh.com none

debug2: mac_setup: found hmac-md5-etm@openssh.com

debug1: REQUESTED ENC.NAME is 'aes128-ctr'

debug1: kex: client->server aes128-ctr hmac-md5-etm@openssh.com none

debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent

debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP

debug2: dh_gen_key: priv key bits set: 146/256

debug2: bits set: 478/1024

debug1: SSH2_MSG_KEX_DH_GEX_INIT sent

debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY

debug1: Server host key: RSA 56:bd:1b:ba:70:38:40:bb:1c:b6:8b:4f:3f:ba:4e:d6

debug3: load_hostkeys: loading entries for host "server" from file "/home/siggi/.ssh/known_hosts"

debug3: load_hostkeys: found key type RSA in file /home/siggi/.ssh/known_hosts:2

debug3: load_hostkeys: loaded 1 keys

debug3: load_hostkeys: loading entries for host "192.168.0.111" from file "/home/siggi/.ssh/known_hosts"

debug3: load_hostkeys: found key type RSA in file /home/siggi/.ssh/known_hosts:2

debug3: load_hostkeys: loaded 1 keys

debug1: Host 'server' is known and matches the RSA host key.

debug1: Found key in /home/siggi/.ssh/known_hosts:2

debug2: bits set: 494/1024

debug1: ssh_rsa_verify: signature correct

debug2: kex_derive_keys

debug2: set_newkeys: mode 1

debug1: set_newkeys: rekeying

debug1: spawned a thread

debug1: spawned a thread

debug1: SSH2_MSG_NEWKEYS sent

debug1: expecting SSH2_MSG_NEWKEYS

debug2: set_newkeys: mode 0

debug1: set_newkeys: rekeying

debug1: spawned a thread

debug1: spawned a thread

debug1: SSH2_MSG_NEWKEYS received

debug2: callback start

debug2: fd 3 setting TCP_NODELAY

debug3: packet_set_tos: set IP_TOS 0x10

debug2: client_session2_setup: id 0

debug2: channel 0: request pty-req confirm 1

debug1: Sending environment.

debug3: Ignored env XDG_VTNR

debug3: Ignored env MANPATH

debug3: Ignored env XDG_SESSION_ID

debug3: Ignored env KDE_MULTIHEAD

debug3: Ignored env DM_CONTROL

debug3: Ignored env VGL_READBACK

debug3: Ignored env SHELL

debug3: Ignored env TERM

debug3: Ignored env XDM_MANAGED

debug3: Ignored env GTK2_RC_FILES

debug3: Ignored env KONSOLE_DBUS_SERVICE

debug3: Ignored env KONSOLE_PROFILE_NAME

debug3: Ignored env GS_LIB

debug3: Ignored env GTK_RC_FILES

debug3: Ignored env WINDOWID

debug3: Ignored env SHELL_SESSION_ID

debug3: Ignored env ANT_HOME

debug3: Ignored env KDE_FULL_SESSION

debug3: Ignored env USER

debug3: Ignored env LS_COLORS

debug3: Ignored env PRELINK_PATH_MASK

debug3: Ignored env XCURSOR_SIZE

debug3: Ignored env GUILE_LOAD_PATH

debug3: Ignored env SESSION_MANAGER

debug3: Ignored env PAGER

debug3: Ignored env CONFIG_PROTECT_MASK

debug3: Ignored env XDG_CONFIG_DIRS

debug3: Ignored env DESKTOP_SESSION

debug3: Ignored env MAIL

debug3: Ignored env PATH

debug3: Ignored env PWD

debug3: Ignored env JAVA_HOME

debug3: Ignored env KONSOLE_DBUS_WINDOW

debug3: Ignored env JAVAC

debug3: Ignored env EDITOR

debug3: Ignored env KDE_SESSION_UID

debug1: Sending env LANG = de_DE.UTF-8

debug2: channel 0: request env confirm 0

debug3: Ignored env QT_GRAPHICSSYSTEM

debug3: Ignored env KONSOLE_DBUS_SESSION

debug3: Ignored env HOME

debug3: Ignored env COLORFGBG

debug3: Ignored env JDK_HOME

debug3: Ignored env XDG_SEAT

debug3: Ignored env SHLVL

debug3: Ignored env KDE_SESSION_VERSION

debug3: Ignored env LANGUAGE

debug3: Ignored env XCURSOR_THEME

debug3: Ignored env LESS

debug3: Ignored env LOGNAME

debug3: Ignored env GCC_SPECS

debug3: Ignored env XDG_DATA_DIRS

debug3: Ignored env DBUS_SESSION_BUS_ADDRESS

debug3: Ignored env LESSOPEN

debug3: Ignored env INFOPATH

debug3: Ignored env WINDOWPATH

debug3: Ignored env PROFILEHOME

debug3: Ignored env XDG_RUNTIME_DIR

debug3: Ignored env DISPLAY

debug3: Ignored env RUBYOPT

debug3: Ignored env QT_PLUGIN_PATH

debug3: Ignored env OPENGL_PROFILE

debug3: Ignored env XDG_CURRENT_DESKTOP

debug3: Ignored env CONFIG_PROTECT

debug3: Ignored env OPENCL_PROFILE

debug3: Ignored env _

debug2: channel 0: request shell confirm 1

debug2: callback done

debug2: channel 0: open confirm rwindow 0 rmax 32768

debug2: tcpwinsz: 91840 for connection: 3

debug2: tcpwinsz: 91840 for connection: 3

debug2: channel_input_status_confirm: type 99 id 0

debug2: PTY allocation request accepted on channel 0

debug2: channel 0: rcvd adjust 87380

debug2: channel_input_status_confirm: type 99 id 0

debug2: shell request accepted on channel 0

debug2: tcpwinsz: 91840 for connection: 3

debug2: tcpwinsz: 91840 for connection: 3

debug2: tcpwinsz: 91840 for connection: 3

debug2: tcpwinsz: 91840 for connection: 3

debug2: tcpwinsz: 91840 for connection: 3

debug2: tcpwinsz: 91840 for connection: 3

```

Eigentlich müsste hier die Verbindung abgelehnt werden da kein Publickey vorhanden ist.

Hier noch die komplette sshd_config

```

#       $OpenBSD: sshd_config,v 1.84 2011/05/23 03:30:07 djm Exp $

# This is the sshd server system-wide configuration file.  See

# sshd_config(5) for more information.

# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin

# The strategy used for options in the default sshd_config shipped with

# OpenSSH is to specify options with their default value where

# possible, but leave them commented.  Uncommented options override the

# default value.

#Port 22

#AddressFamily any

#ListenAddress 0.0.0.0

#ListenAddress ::

# The default requires explicit activation of protocol 1

#Protocol 2

# HostKey for protocol version 1

#HostKey /etc/ssh/ssh_host_key

# HostKeys for protocol version 2

#HostKey /etc/ssh/ssh_host_rsa_key

#HostKey /etc/ssh/ssh_host_dsa_key

#HostKey /etc/ssh/ssh_host_ecdsa_key

# Lifetime and size of ephemeral version 1 server key

#KeyRegenerationInterval 1h

#ServerKeyBits 1024

# Logging

# obsoletes QuietMode and FascistLogging

#SyslogFacility AUTH

#LogLevel INFO

# Authentication:

#LoginGraceTime 2m

PermitRootLogin no

#StrictModes yes

#MaxAuthTries 6

#MaxSessions 10

#RSAAuthentication yes

PubkeyAuthentication yes

# The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2

# but this is overridden so installations will only check .ssh/authorized_keys

#AuthorizedKeysFile     .ssh/authorized_keys

# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts

#RhostsRSAAuthentication no

# similar for protocol version 2

#HostbasedAuthentication no

# Change to yes if you don't trust ~/.ssh/known_hosts for

# RhostsRSAAuthentication and HostbasedAuthentication

#IgnoreUserKnownHosts no

# Don't read the user's ~/.rhosts and ~/.shosts files

#IgnoreRhosts yes

# To disable tunneled clear text passwords, change to no here!

PasswordAuthentication no

#PermitEmptyPasswords no

# Change to no to disable s/key passwords

#ChallengeResponseAuthentication yes

# Kerberos options

#KerberosAuthentication no

#KerberosOrLocalPasswd yes

#KerberosTicketCleanup yes

#KerberosGetAFSToken no

# GSSAPI options

#GSSAPIAuthentication no

#GSSAPICleanupCredentials yes

#GSSAPIStrictAcceptorCheck yes

# Set this to 'yes' to enable PAM authentication, account processing, 

# and session processing. If this is enabled, PAM authentication will 

# be allowed through the ChallengeResponseAuthentication and

# PasswordAuthentication.  Depending on your PAM configuration,

# PAM authentication via ChallengeResponseAuthentication may bypass

# the setting of "PermitRootLogin without-password".

# If you just want the PAM account and session checks to run without

# PAM authentication, then enable this but set PasswordAuthentication

# and ChallengeResponseAuthentication to 'no'.

UsePAM yes

#AllowAgentForwarding yes

#AllowTcpForwarding yes

#GatewayPorts no

#X11Forwarding no

#X11DisplayOffset 10

#X11UseLocalhost yes

PrintMotd no

PrintLastLog no

#TCPKeepAlive yes

#UseLogin no

#UsePrivilegeSeparation yes

#PermitUserEnvironment no

#Compression delayed

#ClientAliveInterval 0

#ClientAliveCountMax 3

#UseDNS yes

#PidFile /var/run/sshd.pid

#MaxStartups 10

#PermitTunnel no

#ChrootDirectory none

# no default banner path

#Banner none

# override default of no subsystems

Subsystem       sftp    /usr/lib64/misc/sftp-server

# the following are HPN related configuration options

# tcp receive buffer polling. disable in non autotuning kernels

#TcpRcvBufPoll yes

 

# allow the use of the none cipher

#NoneEnabled no

# disable hpn performance boosts. 

#HPNDisabled no

# buffer size for hpn to non-hpn connections

#HPNBufferSize 2048

# Example of overriding settings on a per-user basis

#Match User anoncvs

#       X11Forwarding no

#       AllowTcpForwarding no

#       ForceCommand cvs server

```

Ich hoffe ihr könnt mir helfen.

dsiggiLast edited by dsiggi on Fri Feb 14, 2014 5:15 pm; edited 1 time in total

----------

## Finswimmer

Ohne jetzt ein Profi zu sein, aber du hast da UsePAM aktiviert.

Das habe ich bei mir aus und damit kann ich mich nur über den PubKey anmelden.

----------

## cryptosteve

Ohne jetzt en detail in deine Konfiguration eingestiegen zu sein .... hat deine sshd_config die passenden Rechte? (0600, -rw-------)

----------

## dsiggi

Danke,

es lag an PAM.

dsiggi

----------

