问题描述

环境：ubuntu 20.04
问题描述：在已经设置免密登录后，ssh登录时（例如ssh localhost）还需要输入密码，并且输入密码后出现下面一系列的报错：

xxx(用户名)@localhost's password: 
Permission denied, please try again.
xxx@localhost's password: 
Permission denied, please try again.
xxx@localhost's password: 
xxx@localhost: Permission denied (publickey,password).

问题排查

首先使用命令ssh localhost -v查看登录时的日志：

OpenSSH_8.2p1 Ubuntu-4ubuntu0.5, OpenSSL 1.1.1f  31 Mar 2020
debug1: Reading configuration data /home/yhy/.ssh/config
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: include /etc/ssh/ssh_config.d/*.conf matched no files
debug1: /etc/ssh/ssh_config line 21: Applying options for *
debug1: Connecting to localhost [127.0.0.1] port 22.
debug1: Connection established.
debug1: identity file /home/yhy/.ssh/id_rsa type 0
debug1: identity file /home/yhy/.ssh/id_rsa-cert type -1
debug1: identity file /home/yhy/.ssh/id_dsa type 1
debug1: identity file /home/yhy/.ssh/id_dsa-cert type -1
debug1: identity file /home/yhy/.ssh/id_ecdsa type -1
debug1: identity file /home/yhy/.ssh/id_ecdsa-cert type -1
debug1: identity file /home/yhy/.ssh/id_ecdsa_sk type -1
debug1: identity file /home/yhy/.ssh/id_ecdsa_sk-cert type -1
debug1: identity file /home/yhy/.ssh/id_ed25519 type -1
debug1: identity file /home/yhy/.ssh/id_ed25519-cert type -1
debug1: identity file /home/yhy/.ssh/id_ed25519_sk type -1
debug1: identity file /home/yhy/.ssh/id_ed25519_sk-cert type -1
debug1: identity file /home/yhy/.ssh/id_xmss type -1
debug1: identity file /home/yhy/.ssh/id_xmss-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_8.2p1 Ubuntu-4ubuntu0.5
debug1: Remote protocol version 2.0, remote software version OpenSSH_8.2p1 Ubuntu-4ubuntu0.5
debug1: match: OpenSSH_8.2p1 Ubuntu-4ubuntu0.5 pat OpenSSH* compat 0x04000000
debug1: Authenticating to localhost:22 as 'yhy'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: curve25519-sha256
debug1: kex: host key algorithm: ssh-ed25519
debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ssh-ed25519 SHA256:KgNVsJSzDmK9KHR57LTY2Xarsui27l0FIm9CY2fUO6o
debug1: Host 'localhost' is known and matches the ED25519 host key.
debug1: Found key in /home/yhy/.ssh/known_hosts:1
debug1: rekey out after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey in after 134217728 blocks
debug1: Will attempt key: /home/yhy/.ssh/id_dsa DSA SHA256:G/HRSEJY5SzAo4ejVp+GVHkIp+UjzMTETklcP2P0ym4 agent
debug1: Will attempt key: /home/yhy/.ssh/id_rsa RSA SHA256:ysy/bD0PakYR49V2kxCs95GxfpHjLifTAPqNJ5yH480 agent
debug1: Will attempt key: /home/yhy/.ssh/id_ecdsa 
debug1: Will attempt key: /home/yhy/.ssh/id_ecdsa_sk 
debug1: Will attempt key: /home/yhy/.ssh/id_ed25519 
debug1: Will attempt key: /home/yhy/.ssh/id_ed25519_sk 
debug1: Will attempt key: /home/yhy/.ssh/id_xmss 
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<ssh-ed25519,sk-ssh-ed25519@openssh.com,ssh-rsa,rsa-sha2-256,rsa-sha2-512,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,sk-ecdsa-sha2-nistp256@openssh.com>
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: Offering public key: /home/yhy/.ssh/id_dsa DSA SHA256:G/HRSEJY5SzAo4ejVp+GVHkIp+UjzMTETklcP2P0ym4 agent
debug1: Authentications that can continue: publickey,password
debug1: Offering public key: /home/yhy/.ssh/id_rsa RSA SHA256:ysy/bD0PakYR49V2kxCs95GxfpHjLifTAPqNJ5yH480 agent
debug1: Authentications that can continue: publickey,password
debug1: Trying private key: /home/yhy/.ssh/id_ecdsa
debug1: Trying private key: /home/yhy/.ssh/id_ecdsa_sk
debug1: Trying private key: /home/yhy/.ssh/id_ed25519
debug1: Trying private key: /home/yhy/.ssh/id_ed25519_sk
debug1: Trying private key: /home/yhy/.ssh/id_xmss
debug1: Next authentication method: password

从日志上看，应该还是配置的问题。

可能的原因

配置问题：如果是ssh配置的问题首先可以尝试这里修改配置。（如果之前从未修改过相关配置，大概率不是这里的问题）
进行上面的方法后，如果还不行，说明不是配置文件的问题。
文件权限问题：有时文件权限也可能会导致登录失败，按照上述方法查看日志后，如果日志中出现有关文件权限的错误badownership，那么就要考虑.ssh文件夹和authorized_keys文件的权限问题了。
进入.ssh文件夹下，使用如下命令查看文件夹的信息：
```
ll -ld

drwx------ 3 xxx xxx 4096 5月   3 08:41 ./
```
该目录必须具有上面所示的读（r）、写（w）、执行（x） 权限，如果没有则需要使用命令：
```
chmod 0700 /home/your_home/.ssh
```
修改权限；
使用命令：
```
/home/xxx/.ssh$ ls -ld authorized_keys

-rw------- 1 yhy yhy 564 5月   3 07:08 authorized_keys
```
查看文件authorized_keys的文件权限。该文件必须有上面所示的读写（rw） 权限，否则使用命令：
```
chmod 0600 /home/[username]/.ssh/authorized_keys
```
修改权限。
zsh问题：如果上述方法都不奏效，且你正在/曾经使用zsh那么恭喜你可能遇到了和我相同的问题。这个问题可以通过命令
```
service sshd status
```
查看ssh服务运行状态发现，如果运行日志中有：
```
User xxx not allowed because shell /bin/zsh
```
那么就是由于zsh使用问题导致。我的问题是之前使用过 zsh，卸载后忘记修改默认终端，导致ssh出现问题。
首先查看系统可用终端：

$ cat /etc/shells

# /etc/shells: valid login shells
/bin/sh
/bin/bash
/usr/bin/bash
/bin/rbash
/usr/bin/rbash
/bin/dash
/usr/bin/dash
/bin/zsh
/usr/bin/zsh

可以看到由于之前设置过该文件，所以里面有bin/zsh和usr/bin/zsh，如果zsh已经卸载的话，可以删除后面这两行。
通过命令sudo nautilus可以以管理员身份打开文件夹，并且任意对里面的文件进行修改。
接下来查看系统默认shell：

$ echo $SHELL
/bin/zsh

可以看到还是因为之前的设置，默认shell是zsh。通过命令：

grep xxx(你的用户名) /etc/passwd #这条命令显示/etc/passwd中用户的终端设置

sudo chsh --shell /bin/bash xxx #这条命令修改用户的默认终端为/bin/bash

grep xxx /etc/passwd #再次查看，默认终端已经变成/bin/bash

在用户登录时，系统会根据/etc/passwd中的设置为用户设置默认终端，所以执行完上述操作后重启，再次检查默认终端：