SSH, авторизация публичным ключём: ЧЯДНТ?

Question

[Deerenaros]

logs

Попытка коннекта

OpenSSH_6.6.1, OpenSSL 1.0.1g 7 Apr 2014
debug1: Reading configuration data /home/yuriy/.ssh/config
debug1: /home/yuriy/.ssh/config line 1: Applying options for home
debug1: Hostname has changed; re-reading configuration
debug1: Reading configuration data /home/yuriy/.ssh/config
debug2: ssh_connect: needpriv 0
debug1: Connecting to xxx.org [xxx.xxx.xxx.xxx] port xxx.
debug1: Connection established.
debug3: Incorrect RSA1 identifier
debug3: Could not load "/home/yuriy/.ssh/id_rsa" as a RSA1 public key
debug1: identity file /home/yuriy/.ssh/id_rsa type 1
debug1: identity file /home/yuriy/.ssh/id_rsa-cert type -1
debug1: identity file /home/yuriy/.ssh/id_dsa type -1
debug1: identity file /home/yuriy/.ssh/id_dsa-cert type -1
debug1: identity file /home/yuriy/.ssh/id_ecdsa type -1
debug1: identity file /home/yuriy/.ssh/id_ecdsa-cert type -1
debug1: identity file /home/yuriy/.ssh/id_ed25519 type -1
debug1: identity file /home/yuriy/.ssh/id_ed25519-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.6.1
debug1: Remote protocol version 2.0, remote software version OpenSSH_6.6.1
debug1: match: OpenSSH_6.6.1 pat OpenSSH_6.6.1* compat 0x04000000
debug2: fd 3 setting O_NONBLOCK
debug1: using hostkeyalias: home
debug3: load_hostkeys: loading entries for host "home" from file "/home/yuriy/.ssh/known_hosts"
debug3: load_hostkeys: found key type ECDSA in file /home/yuriy/.ssh/known_hosts:5
debug3: load_hostkeys: loaded 1 keys
debug3: order_hostkeyalgs: prefer hostkeyalgs: ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit: curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,ssh-dss-cert-v01@openssh.com,ssh-rsa-cert-v00@openssh.com,ssh-dss-cert-v00@openssh.com,ssh-ed25519,ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: hmac-md5-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-ripemd160-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,hmac-md5,hmac-sha1,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-ripemd160-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,hmac-md5,hmac-sha1,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
debug2: kex_parse_kexinit: 
debug2: kex_parse_kexinit: 
debug2: kex_parse_kexinit: first_kex_follows 0 
debug2: kex_parse_kexinit: reserved 0 
debug2: kex_parse_kexinit: curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss,ecdsa-sha2-nistp256,ssh-ed25519
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: hmac-md5-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-ripemd160-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,hmac-md5,hmac-sha1,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-ripemd160-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,hmac-md5,hmac-sha1,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib@openssh.com
debug2: kex_parse_kexinit: none,zlib@openssh.com
debug2: kex_parse_kexinit: 
debug2: kex_parse_kexinit: 
debug2: kex_parse_kexinit: first_kex_follows 0 
debug2: kex_parse_kexinit: reserved 0 
debug2: mac_setup: setup hmac-md5-etm@openssh.com
debug1: kex: server->client aes128-ctr hmac-md5-etm@openssh.com none
debug2: mac_setup: setup hmac-md5-etm@openssh.com
debug1: kex: client->server aes128-ctr hmac-md5-etm@openssh.com none
debug1: sending SSH2_MSG_KEX_ECDH_INIT
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ECDSA aa:b0:c1:e9:1b:b3:81:82:eb:82:8a:3f:d0:42:51:88
debug1: using hostkeyalias: home
debug3: load_hostkeys: loading entries for host "home" from file "/home/yuriy/.ssh/known_hosts"
debug3: load_hostkeys: found key type ECDSA in file /home/yuriy/.ssh/known_hosts:5
debug3: load_hostkeys: loaded 1 keys
debug3: load_hostkeys: loading entries for host "176.222.203.100" from file "/home/yuriy/.ssh/known_hosts"
debug3: load_hostkeys: found key type ECDSA in file /home/yuriy/.ssh/known_hosts:3
debug3: load_hostkeys: loaded 1 keys
debug1: Host 'home' is known and matches the ECDSA host key.
debug1: Found key in /home/yuriy/.ssh/known_hosts:5
debug1: ssh_ecdsa_verify: signature correct
debug2: kex_derive_keys
debug2: set_newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug2: set_newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug2: key: /home/yuriy/.ssh/id_rsa (0x60006d420),
debug2: key: /home/yuriy/.ssh/id_dsa (0x0),
debug2: key: /home/yuriy/.ssh/id_ecdsa (0x0),
debug2: key: /home/yuriy/.ssh/id_ed25519 (0x0),
debug1: Authentications that can continue: publickey,password
debug3: start over, passed a different list publickey,password
debug3: preferred publickey,keyboard-interactive,password
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /home/yuriy/.ssh/id_rsa
debug3: send_pubkey_test
debug2: we sent a publickey packet, wait for reply
debug1: Authentications that can continue: publickey,password
debug1: Trying private key: /home/yuriy/.ssh/id_dsa
debug3: no such identity: /home/yuriy/.ssh/id_dsa: No such file or directory
debug1: Trying private key: /home/yuriy/.ssh/id_ecdsa
debug3: no such identity: /home/yuriy/.ssh/id_ecdsa: No such file or directory
debug1: Trying private key: /home/yuriy/.ssh/id_ed25519
debug3: no such identity: /home/yuriy/.ssh/id_ed25519: No such file or directory
debug2: we did not send a packet, disable method
debug3: authmethod_lookup password
debug3: remaining preferred: ,password
debug3: authmethod_is_enabled password
debug1: Next authentication method: password

Локальный конфиг не нашёл (cygwin), локальный конфиг юзера:

Host home
	Hostname		xxx.org
	HostKeyAlias	home
	User			user

Собственно, всё что может требоваться под спойлером. Надо что-то ещё: пишите, предоставлю. Вдохновлено этим, "A note from one of our readers" также был прочитан и принят к сведению (то есть испробован в разной последовательности и как ещё только можно - мало ли баг какой хитрый), но не помогло.

P.S. Toster в который раз огорчил: не более 10k симовол. Лолшто: а многотомные логи? А тут ещё спойлер не работает (ложная тревога - спойлер работает, но предпросмотр его упорно игнорировал). В общем, не бейте сильно, я старался.

UPD. Кое-какие логи/настройки/ещё_что запостил в комментариях к вопросу. Всё больше убеждаюсь, что stackoverflow продуман намного лучше этого.

Comments

[Deerenaros]

ещё

В общем, не понимаю, что с ним не так. На всякий случай ниже публичные ключи (на то они и публичные, что пролетариат с ними... хотя нет - часть вырежу, ибо не критично):
cat .ssh/id_rsa.pub

ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCtumGma0elJx+DOcMpHQNBLyyCYEl4c+F7IFaV6kTqbhnvZGrRsGnkyOE4zIhSNyem4o669s8Ny1UB7xNRj6auxi5toQhazbKC0CLneq+u8BqLAFiVQxF1Txr0UxkrBbo5lg+bS6jhXPmvmTmkR11c

***

LzSvlVp0CypVz0SOkWLvF9l0Iv/o7wB6xS8HkXVNiXsKHBPg7rVql255nank+qsZMLnddmJUmLyYGPGQUbT2iM3fuAiH2IPXeql yuriy@yuriy-laptop

ssh home cat .ssh/authorized_keys

ssh-dss AAAAB3NzaC1kc3MAAACBALk5oOHaJ7DYLk47mDO+MZJX4md4AkeIX8jdcJKLqKTpu564BeuOj9NRjINKi3W/cglSZ6gKVIeCX0ExDl1u3yxVe/N6Qxm3uSGbs9P2W8fsBw+Wb06A+rEObCRjBxOEvvtpE4wldScHflcLiZ3LamsYJ+NMK6EgYjj49/YSwomhAAAAFQDI3Qr4i9ppm5S7EjaGt

***

AIAyKzWMgJJ77pV/BoXXB3VuJCtS1h1kp8qai0ybBI2apuWRq32+NScKvNXIV7LyXHKwoR3Vm3EW+LkZL8Z01TkyZ+CkKQepADnC+HxQ8RQlCxAf+9RIyoyQ4OnmcwnCxvW7/cu1DBE+ckd2a8XqbHoY9cwkGmRxf1agxKTc6vctTA== yuriy@yuriy-notebook
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCtumGma0elJx+DOcMpHQNBLyyCYEl4c+F7IFaV6kTqbhnvZGrRsGnkyOE4zIhSNyem4o669s8Ny1UB7xNRj6auxi5toQhazbKC0CLneq+u8BqLAFiVQxF1Txr0UxkrBbo5lg+bS6jhXPmvmTmkR11c

***

LzSvlVp0CypVz0SOkWLvF9l0Iv/o7wB6xS8HkXVNiXsKHBPg7rVql255nank+qsZMLnddmJUmLyYGPGQUbT2iM3fuAiH2IPXeql yuriy@yuriy-laptop

[Deerenaros]

и ещё конфиг сервера

#	$OpenBSD: sshd_config,v 1.90 2013/05/16 04:09:14 dtucker Exp $

# This is the sshd server system-wide configuration file.  See
# sshd_config(5) for more information.

# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin

# The strategy used for options in the default sshd_config shipped with
# OpenSSH is to specify options with their default value where
# possible, but leave them commented.  Uncommented options override the
# default value.

#Port 22
#AddressFamily any
#ListenAddress 0.0.0.0
#ListenAddress ::

# The default requires explicit activation of protocol 1
#Protocol 2

# HostKey for protocol version 1
#HostKey /etc/ssh/ssh_host_key
# HostKeys for protocol version 2
#HostKey /etc/ssh/ssh_host_rsa_key
#HostKey /etc/ssh/ssh_host_dsa_key
#HostKey /etc/ssh/ssh_host_ecdsa_key

# Lifetime and size of ephemeral version 1 server key
#KeyRegenerationInterval 1h
#ServerKeyBits 1024

# Ciphers and keying
#RekeyLimit default none

# Logging
# obsoletes QuietMode and FascistLogging
#SyslogFacility AUTH
#LogLevel INFO

# Authentication:

#LoginGraceTime 2m
#PermitRootLogin yes
#StrictModes yes
#MaxAuthTries 6
#MaxSessions 10

RSAAuthentication yes
PubkeyAuthentication yes

# The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2
# but this is overridden so installations will only check .ssh/authorized_keys
AuthorizedKeysFile	.ssh/authorized_keys

#AuthorizedPrincipalsFile none

#AuthorizedKeysCommand none
#AuthorizedKeysCommandUser nobody

# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
#RhostsRSAAuthentication no
# similar for protocol version 2
#HostbasedAuthentication no
# Change to yes if you don't trust ~/.ssh/known_hosts for
# RhostsRSAAuthentication and HostbasedAuthentication
#IgnoreUserKnownHosts no
# Don't read the user's ~/.rhosts and ~/.shosts files
#IgnoreRhosts yes

# To disable tunneled clear text passwords, change to no here!
#PasswordAuthentication no
#PermitEmptyPasswords no

# Change to no to disable s/key passwords
ChallengeResponseAuthentication no

# Kerberos options
#KerberosAuthentication no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes
#KerberosGetAFSToken no

# GSSAPI options
#GSSAPIAuthentication no
#GSSAPICleanupCredentials yes

# Set this to 'yes' to enable PAM authentication, account processing, 
# and session processing. If this is enabled, PAM authentication will 
# be allowed through the ChallengeResponseAuthentication and
# PasswordAuthentication.  Depending on your PAM configuration,
# PAM authentication via ChallengeResponseAuthentication may bypass
# the setting of "PermitRootLogin without-password".
# If you just want the PAM account and session checks to run without
# PAM authentication, then enable this but set PasswordAuthentication
# and ChallengeResponseAuthentication to 'no'.
UsePAM yes

#AllowAgentForwarding yes
AllowTcpForwarding yes
#GatewayPorts no
X11Forwarding yes
X11DisplayOffset 10
X11UseLocalhost yes
PrintMotd no # pam does that
#PrintLastLog yes
#TCPKeepAlive yes
#UseLogin no
UsePrivilegeSeparation sandbox		# Default for new installations.
#PermitUserEnvironment no
#Compression delayed
#ClientAliveInterval 0
#ClientAliveCountMax 3
#UseDNS yes
#PidFile /run/sshd.pid
#MaxStartups 10:30:100
#PermitTunnel no
#ChrootDirectory none
#VersionAddendum none

# no default banner path
#Banner none

# override default of no subsystems
Subsystem	sftp	/usr/lib/ssh/sftp-server

# Example of overriding settings on a per-user basis
#Match User anoncvs
#	X11Forwarding no
#	AllowTcpForwarding no
#	ForceCommand cvs server

[Lynn «Кофеман»]

А какие права доступа у папки `~/.ssh` и файла `~/.ssh/authorized_keys`?

Answer 1

[Сергей Петриков]

Судя по:

Could not load "/home/yuriy/.ssh/id_rsa" as a RSA1 public key

Надо сделать для юзера yuriy:

chmod 700 ~/.ssh
chmod 600 ~/.ssh/authorized_keys
restorecon -R -v ~/.ssh

Если не поможет, приложите лог сервера, а не клиента.

Comments

[Deerenaros]

Навроде, всё как надо:
ssh home "ls -ltra .ssh; echo; ls -ltra | grep .ssh"

total 28
-rw-r--r--   1 anyone wheel   366 May  6 08:32 known_hosts
-rw-r-----   1 anyone wheel   799 Jul 22 08:04 authorized_keys2
drwx------   2 anyone wheel  4096 Jul 22 08:21 .
-rw-r--r--   1 anyone wheel  1010 Jul 22 09:00 authorized_keys
drwxrwxr-x 103 anyone wheel 12288 Jul 22 09:51 ..

-rw-------   1 anyone wheel        149 May 10 21:53 .lesshst
drwx------   2 anyone wheel       4096 Jul 22 08:21 .ssh

restorecon у меня нет

Здесь есть упоминание того, что возможно надо "посиэшмодить". Как и написал, не помогло.

ssh home systemctl status sshd; journalctl _PID=1081

ΓùÅ sshd.service - OpenSSH Daemon
   Loaded: loaded (/usr/lib/systemd/system/sshd.service; enabled)
   Active: active (running) since Tue 2014-07-22 09:01:17 MSK; 1h 4min ago
 Main PID: 1081 (sshd)
   CGroup: /system.slice/sshd.service
           ΓööΓöÇ1081 /usr/bin/sshd -D

Jul 22 09:57:58 anyone-pc sshd[7458]: input_userauth_request: invalid user gin [preauth]
Jul 22 09:59:43 anyone-pc sshd[7640]: pam_tally(sshd:auth): Tally overflowed for user root
Jul 22 09:59:43 anyone-pc sshd[7640]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=xxx.xxx.xxx.xxx  user=root
Jul 22 09:59:45 anyone-pc sshd[7640]: Failed password for root from xxx.xxx.xxx.xxx port 51999 ssh2
Jul 22 09:59:47 anyone-pc sshd[7640]: pam_tally(sshd:auth): Tally overflowed for user root
Jul 22 09:59:48 anyone-pc sshd[7640]: Failed password for root from xxx.xxx.xxx.xxx port 51999 ssh2
Jul 22 10:01:32 anyone-pc sshd[7837]: Connection closed by xxx.xxx.xxx.xxx [preauth]
Jul 22 10:05:41 anyone-pc sshd[8393]: Authentication refused: bad ownership or modes for directory /home/anyone
Jul 22 10:05:43 anyone-pc sshd[8393]: Accepted password for anyone from xxx.xxx.xxx.xxx port 64028 ssh2
Jul 22 10:05:43 anyone-pc sshd[8393]: pam_unix(sshd:session): session opened for user anyone by (uid=0)
-- Logs begin at Fri 2014-01-17 18:59:28 MSK, end at Tue 2014-07-22 10:05:43 MSK. --
Apr 22 02:17:21 anyone-pc sshd[1081]: pam_tally(sshd:auth): Tally overflowed for user root
Apr 22 02:17:21 anyone-pc sshd[1081]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=xxx.xxx.xxx.xxx  user=root
Apr 22 02:17:23 anyone-pc sshd[1081]: Failed password for root from xxx.xxx.xxx.xxx port 59576 ssh2
Apr 22 02:17:26 anyone-pc sshd[1081]: pam_tally(sshd:auth): Tally overflowed for user root
Apr 22 02:17:27 anyone-pc sshd[1081]: Failed password for root from xxx.xxx.xxx.xxx port 59576 ssh2
Apr 22 02:17:28 anyone-pc sshd[1081]: pam_tally(sshd:auth): Tally overflowed for user root
Apr 22 02:17:30 anyone-pc sshd[1081]: Failed password for root from xxx.xxx.xxx.xxx port 59576 ssh2
Apr 22 02:17:30 anyone-pc sshd[1081]: pam_tally(sshd:auth): Tally overflowed for user root
Apr 22 02:17:31 anyone-pc sshd[1081]: Failed password for root from xxx.xxx.xxx.xxx port 59576 ssh2
Apr 22 02:17:32 anyone-pc sshd[1081]: pam_tally(sshd:auth): Tally overflowed for user root
Apr 22 02:17:33 anyone-pc sshd[1081]: Failed password for root from xxx.xxx.xxx.xxx port 59576 ssh2
Apr 22 02:17:34 anyone-pc sshd[1081]: pam_tally(sshd:auth): Tally overflowed for user root
Apr 22 02:17:36 anyone-pc sshd[1081]: Failed password for root from xxx.xxx.xxx.xxx port 59576 ssh2
Apr 22 02:17:36 anyone-pc sshd[1081]: Disconnecting: Too many authentication failures for root [preauth]
Apr 22 02:17:36 anyone-pc sshd[1081]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=xxx.xxx.xxx.xxx  user=root
Apr 22 02:17:36 anyone-pc sshd[1081]: PAM service(sshd) ignoring max retries; 6 > 3
Apr 22 10:43:43 anyone-pc sshd[1081]: pam_tally(sshd:auth): Tally overflowed for user root
Apr 22 10:43:43 anyone-pc sshd[1081]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=xxx.xxx.xxx.xxx  user=root
Apr 22 10:43:45 anyone-pc sshd[1081]: Failed password for root from xxx.xxx.xxx.xxx port 38344 ssh2
Apr 22 10:43:45 anyone-pc sshd[1081]: pam_tally(sshd:auth): Tally overflowed for user root
Apr 22 10:43:46 anyone-pc sshd[1081]: Failed password for root from xxx.xxx.xxx.xxx port 38344 ssh2
Apr 22 10:43:47 anyone-pc sshd[1081]: pam_tally(sshd:auth): Tally overflowed for user root
Apr 22 10:43:49 anyone-pc sshd[1081]: Failed password for root from xxx.xxx.xxx.xxx port 38344 ssh2
Apr 22 10:43:49 anyone-pc sshd[1081]: pam_tally(sshd:auth): Tally overflowed for user root
Apr 22 10:43:51 anyone-pc sshd[1081]: Failed password for root from xxx.xxx.xxx.xxx port 38344 ssh2
Apr 22 10:43:51 anyone-pc sshd[1081]: pam_tally(sshd:auth): Tally overflowed for user root
Apr 22 10:43:53 anyone-pc sshd[1081]: Failed password for root from xxx.xxx.xxx.xxx port 38344 ssh2
Apr 22 10:43:54 anyone-pc sshd[1081]: pam_tally(sshd:auth): Tally overflowed for user root
Apr 22 10:43:56 anyone-pc sshd[1081]: Failed password for root from xxx.xxx.xxx.xxx port 38344 ssh2
Apr 22 10:43:56 anyone-pc sshd[1081]: Disconnecting: Too many authentication failures for root [preauth]
Apr 22 10:43:56 anyone-pc sshd[1081]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=xxx.xxx.xxx.xxx  user=root
Apr 22 10:43:56 anyone-pc sshd[1081]: PAM service(sshd) ignoring max retries; 6 > 3
-- Reboot --
May 30 01:20:47 anyone-pc sshd[1081]: reverse mapping checking getaddrinfo for megaparty.sadm.in [xxx.xxx.xxx.xxx] failed - POSSIBLE BREAK-IN ATTEMPT!
May 30 01:20:47 anyone-pc sshd[1081]: Invalid user geri from xxx.xxx.xxx.xxx
May 30 01:20:47 anyone-pc sshd[1081]: input_userauth_request: invalid user geri [preauth]
May 30 01:20:47 anyone-pc sshd[1081]: pam_tally(sshd:auth): pam_get_uid; no such user
May 30 01:20:47 anyone-pc sshd[1081]: pam_unix(sshd:auth): check pass; user unknown
May 30 01:20:47 anyone-pc sshd[1081]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=xxx.xxx.xxx.xxx
May 30 01:20:49 anyone-pc sshd[1081]: Failed password for invalid user geri from xxx.xxx.xxx.xxx port 59019 ssh2
May 30 01:20:49 anyone-pc sshd[1081]: Received disconnect from xxx.xxx.xxx.xxx: 11: Bye Bye [preauth]
-- Reboot --
Jun 15 15:30:49 anyone-pc sshd[1081]: pam_tally(sshd:auth): Tally overflowed for user root
Jun 15 15:30:49 anyone-pc sshd[1081]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=xxx.xxx.xxx.xxx  user=root
Jun 15 15:30:51 anyone-pc sshd[1081]: Failed password for root from xxx.xxx.xxx.xxx port 33738 ssh2
Jun 15 15:30:51 anyone-pc sshd[1081]: Received disconnect from xxx.xxx.xxx.xxx: 11: Bye Bye [preauth]
-- Reboot --
Jul 08 17:15:14 anyone-pc sshd[1081]: pam_tally(sshd:auth): Tally overflowed for user root
Jul 08 17:15:14 anyone-pc sshd[1081]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=xxx.xxx.xxx.xxx  user=root
Jul 08 17:15:16 anyone-pc sshd[1081]: Failed password for root from xxx.xxx.xxx.xxx port 13383 ssh2
Jul 08 17:15:16 anyone-pc sshd[1081]: pam_tally(sshd:auth): Tally overflowed for user root
Jul 08 17:15:18 anyone-pc sshd[1081]: Failed password for root from xxx.xxx.xxx.xxx port 13383 ssh2
Jul 08 17:15:18 anyone-pc sshd[1081]: pam_tally(sshd:auth): Tally overflowed for user root
Jul 08 17:15:21 anyone-pc sshd[1081]: Failed password for root from xxx.xxx.xxx.xxx port 13383 ssh2
Jul 08 17:15:21 anyone-pc sshd[1081]: pam_tally(sshd:auth): Tally overflowed for user root
Jul 08 17:15:22 anyone-pc sshd[1081]: Failed password for root from xxx.xxx.xxx.xxx port 13383 ssh2
Jul 08 17:15:23 anyone-pc sshd[1081]: pam_tally(sshd:auth): Tally overflowed for user root
Jul 08 17:15:25 anyone-pc sshd[1081]: Failed password for root from xxx.xxx.xxx.xxx port 13383 ssh2
Jul 08 17:15:25 anyone-pc sshd[1081]: pam_tally(sshd:auth): Tally overflowed for user root
Jul 08 17:15:28 anyone-pc sshd[1081]: Failed password for root from xxx.xxx.xxx.xxx port 13383 ssh2
Jul 08 17:15:28 anyone-pc sshd[1081]: Disconnecting: Too many authentication failures for root [preauth]
Jul 08 17:15:28 anyone-pc sshd[1081]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=xxx.xxx.xxx.xxx  user=root
Jul 08 17:15:28 anyone-pc sshd[1081]: PAM service(sshd) ignoring max retries; 6 > 3
-- Reboot --
Jul 22 09:01:17 anyone-pc sshd[1081]: Server listening on xxx.xxx.xxx.xxx port 22.
Jul 22 09:01:17 anyone-pc sshd[1081]: Server listening on :: port 22.

[Сергей Петриков]

Что то не сходится, в запросе клиента вы коннектитесь от юзера yuriy а права показываете на настройки ssh для юзера anyone - уточните. Также судя по всему у вас FreeBSD по-этому и нет restorecon. Скорее всего проблема в правах, но пока не ясно так как разные юзеры.

[Deerenaros]

@RicoX @merryjane эм... anyone и yuriy - одно и тоже, хотел заменить sed'ом, но похоже кое-что не заменил. Ну, теперь знаете как меня зовут.

Это archlinux, ssh, ssl ставил из core.

Очень странная штука невероятно мешающая жить.

Answer 2

[Игорь]

1. Что за операционная система?
2. ls -l /home
3. ls -la /home/yuriy
4.ls -Z /home/yuriy
5. ls -l /home/yuriy/.ssh
6. Точно ли в authorized_keys прописан ключ целиком, если не сложно покажите и этот файл:
cat /home/yuriy/.ssh/authorized_keys

Answer 3

[Deerenaros]

ls /home и /home/yuriy вам не понравяться (пару десятков килобайт, хех).

Впрочем, пара ls'ов есть - всё что надо с правами и вообще, много всего в комментариях к вопросу: TM такой TM что не даёт развернуться и ограничивает 30 или 10 килосимволами (не помню уже), пришлось уменьшать.

Answer 4

[iXCray]

id_rsa - это обычно приватный ключ, в то время как id_rsa.pub - публичный.
проверьте наличие обоих файлов, и поправьте конфиг по умолчанию, соответственно.
Судя по дебагу, вы скармливаете приватный ключ под видом публичного (судя по имени файла).

А также проверьте, чтобы на сервере, куда происходит соединение, содержимое публичного ключа пользователя лежало в файле /home/{username}/.ssh/authorized_keys