The normal user failed because only root can bind to ports below 1024. Using a high port (>= 1024) would have taken care of that. To show you what you could expect, I ran (as root)
Code:
/usr/sbin/sshd -dd -p 2222
The user trying to log in must specify "ssh -p 2222 ...". Below is the output I get, starting with the "KEX done" that you got too. Note my double d, which gives me debug2 messages in addition to the debug1.
One more interesting thing: keyboard-interactive fails for me just as for you. Only after that method fails, ssh tries method password (using PAM), which then succeeds and gives me an interactive session. My biggest question now: Why does your sshd not attempt password authentication? In my sshd.config, the relevant sections are commented out, i.e., falling back on defaults:
Code:
# To disable tunneled clear text passwords, change to no here!
#PasswordAuthentication yes
#PermitEmptyPasswords no
# Change to no to disable s/key passwords
#ChallengeResponseAuthentication yes
#...
# Set this to 'yes' to enable PAM keyboard-interactive authentication
# Warning: enabling this may bypass the setting of 'PasswordAuthentication'
#PAMAuthenticationViaKbdInt no
How does the "Authentication:" section from your sshd.config look like?
So, here goes the promised lengthy sshd output:
Code:
debug1: KEX done
debug1: userauth-request for user brech service ssh-connection method none
debug1: attempt 0 failures 0
debug2: monitor_read: 6 used once, disabling now
debug2: input_userauth_request: setting up authctxt for brech
debug2: input_userauth_request: try method none
Failed none for brech from ::ffff:127.0.0.1 port 56836 ssh2
debug1: Starting up PAM with username "brech"
debug1: userauth-request for user brech service ssh-connection method publickey
debug1: attempt 1 failures 1
debug2: input_userauth_request: try method publickey
debug1: test whether pkalg/pkblob are acceptable
debug1: PAM setting rhost to "localhost.localdomain"
debug2: monitor_read: 41 used once, disabling now
debug2: monitor_read: 3 used once, disabling now
debug1: temporarily_use_uid: 502/100 (e=0/0)
debug1: trying public key file /home/brech/.ssh/authorized_keys
debug1: restore_uid: 0/0
debug1: temporarily_use_uid: 502/100 (e=0/0)
debug1: trying public key file /home/brech/.ssh/authorized_keys2
debug1: restore_uid: 0/0
debug2: userauth_pubkey: authenticated 0 pkalg ssh-dss
Failed publickey for brech from ::ffff:127.0.0.1 port 56836 ssh2
debug1: userauth-request for user brech service ssh-connection method keyboard-interactive
debug1: attempt 2 failures 2
debug2: input_userauth_request: try method keyboard-interactive
debug1: keyboard-interactive devs
debug1: auth2_challenge: user=brech devs=
debug1: kbdint_alloc: devices ''
debug2: auth2_challenge_start: devices
Failed keyboard-interactive for brech from ::ffff:127.0.0.1 port 56836 ssh2
* At this point the correponding ssh asks for brech's password
debug1: userauth-request for user brech service ssh-connection method password
debug1: attempt 3 failures 3
debug2: input_userauth_request: try method password
debug1: PAM password authentication accepted for brech
debug2: pam_acct_mgmt() = 0
Accepted password for brech from ::ffff:127.0.0.1 port 56836 ssh2
debug1: monitor_child_preauth: brech has been authenticated by privileged process
Accepted password for brech from ::ffff:127.0.0.1 port 56836 ssh2
debug2: mac_init: found hmac-md5
debug2: mac_init: found hmac-md5
debug1: PAM establishing creds
debug1: permanently_set_uid: 502/100
debug2: set_newkeys: mode 0
debug2: set_newkeys: mode 1
debug1: Entering interactive session for SSH2.
debug1: fd 8 setting O_NONBLOCK
debug1: fd 9 setting O_NONBLOCK
debug1: server_init_dispatch_20
debug1: server_input_channel_open: ctype session rchan 0 win 65536 max 16384
debug1: input_session_request
debug1: channel 0: new [server-session]
debug1: session_new: init
debug1: session_new: session 0
debug1: session_open: channel 0
debug1: session_open: session 0: link with channel 0
debug1: server_input_channel_open: confirm session
debug2: User child is on pid 17710
debug1: server_input_channel_req: channel 0 request pty-req reply 0
debug1: session_by_channel: session 0 channel 0
debug1: session_input_channel_req: session 0 req pty-req
debug1: lastlog_openseek: Couldn't open /var/log/lastlog: Permission denied
debug1: Allocating pty.
debug1: session_new: init
debug1: session_new: session 0
debug1: session_pty_req: session 0 alloc /dev/pts/7
debug1: server_input_channel_req: channel 0 request x11-req reply 0
debug1: session_by_channel: session 0 channel 0
debug1: session_input_channel_req: session 0 req x11-req
debug1: fd 12 setting O_NONBLOCK
debug2: fd 12 is O_NONBLOCK
debug1: channel 1: new [X11 inet listener]
debug1: fd 13 setting O_NONBLOCK
debug2: fd 13 is O_NONBLOCK
debug1: channel 2: new [X11 inet listener]
debug1: server_input_channel_req: channel 0 request shell reply 0
debug1: session_by_channel: session 0 channel 0
debug1: session_input_channel_req: session 0 req shell
debug1: PAM setting tty to "/dev/pts/7"
debug1: PAM establishing creds
debug1: Setting controlling tty using TIOCSCTTY.
debug1: channel 0: rfd 3 isatty
debug1: fd 3 setting O_NONBLOCK
debug2: fd 10 is O_NONBLOCK
debug1: X11 connection requested.
debug2: fd 14 setting TCP_NODELAY
debug1: fd 14 setting O_NONBLOCK
debug2: fd 14 is O_NONBLOCK