LinuxQuestions.org
Latest LQ Deal: Latest LQ Deals
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 08-29-2017, 06:56 AM   #1
businesscat
Member
 
Registered: Jun 2017
Location: Spain
Distribution: RedHat 6.9 /Centos 8
Posts: 42

Rep: Reputation: Disabled
SSH with rsa key failure "Permission denied (publickey,gssapi-keyex,gssapi-with-mic)"


Hi, I'm trying connect to other server with the same rsa key but it doesn't works...I'm use the same procedure but not works...

Code:
$ ls -lah /home/ | grep USER
drwx------   3 USER sistemas           103 Aug 29 13:29 USER


$ ls -lah /home/USER/
total 24K

-rw-------   1 USER USER  279 Aug 29 13:33 .bash_history
-rw-r--r--   1 USER USER   18 Dec  7  2016 .bash_logout
-rw-r--r--   1 USER USER  193 Dec  7  2016 .bash_profile
-rw-r--r--   1 USER USER  231 Dec  7  2016 .bashrc
-rw-r--r--   1 USER USER  172 Nov  5  2016 .kshrc
drwxrwx---   2 USER sistemas             46 Aug 29 13:32 .ssh


$ ls -lah /home/USER/.ssh/
total 8.0K
drwxrwx--- 2 USER sistemas  46 Aug 29 13:32 .
drwx------ 3 USER sistemas 103 Aug 29 13:29 ..
-rwxrwx--- 1 USER sistemas 381 Aug 29 12:59 authorized_keys
-rw-r--r-- 1 USER sistemas 394 Aug 29 13:32 known_hosts
If I execute the connection with the verbose option, shows the following:

Code:
penSSH_6.6.1, OpenSSL 1.0.1e-fips 11 Feb 2013
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 1: Applying options for *
debug1: Connecting to 10.4.141.230 [10.4.141.230] port 22.
debug1: Connection established.
debug1: identity file /home/USER/.ssh/id_rsa type -1
debug1: identity file /home/USER/.ssh/id_rsa-cert type -1
debug1: identity file /home/USER/.ssh/id_dsa type -1
debug1: identity file /home/USER/.ssh/id_dsa-cert type -1
debug1: identity file /home/USER/.ssh/id_ecdsa type -1
debug1: identity file /home/USER/.ssh/id_ecdsa-cert type -1
debug1: identity file /home/USER/.ssh/id_ed25519 type -1
debug1: identity file /home/USER/.ssh/id_ed25519-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.6.1
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.3
debug1: match: OpenSSH_5.3 pat OpenSSH_5* compat 0x0c000000
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: kex: diffie-hellman-group-exchange-sha256 need=16 dh_need=16
debug1: kex: diffie-hellman-group-exchange-sha256 need=16 dh_need=16
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<3072<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Server host key: RSA 63:4a:23:e8:7f:db:be:c4:31:d4:c1:a9:a8:dd:7d:3f
debug1: Host '10.4.141.230' is known and matches the RSA host key.
debug1: Found key in /home/USER/.ssh/known_hosts:1
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic
debug1: Next authentication method: gssapi-keyex
debug1: No valid Key exchange context
debug1: Next authentication method: gssapi-with-mic
debug1: Unspecified GSS failure.  Minor code may provide more information
No Kerberos credentials available (default cache: KEYRING:persistent:1022)

debug1: Unspecified GSS failure.  Minor code may provide more information
No Kerberos credentials available (default cache: KEYRING:persistent:1022)

debug1: Next authentication method: publickey
debug1: Trying private key: /home/USER/.ssh/id_rsa
debug1: Trying private key: /home/USER/.ssh/id_dsa
debug1: Trying private key: /home/USER/.ssh/id_ecdsa
debug1: Trying private key: /home/USER/.ssh/id_ed25519
debug1: No more authentication methods to try.
Permission denied (publickey,gssapi-keyex,gssapi-with-mic).

Last edited by businesscat; 08-29-2017 at 07:04 AM.
 
Old 08-29-2017, 08:02 AM   #2
MensaWater
LQ Guru
 
Registered: May 2005
Location: Atlanta Georgia USA
Distribution: Redhat (RHEL), CentOS, Fedora, CoreOS, Debian, FreeBSD, HP-UX, Solaris, SCO
Posts: 7,831
Blog Entries: 15

Rep: Reputation: 1669Reputation: 1669Reputation: 1669Reputation: 1669Reputation: 1669Reputation: 1669Reputation: 1669Reputation: 1669Reputation: 1669Reputation: 1669Reputation: 1669
Change permissions on /home/USER/.ssh to "drwx------" (700) or "drwxr-x---" (750)
 
Old 08-29-2017, 08:41 AM   #3
businesscat
Member
 
Registered: Jun 2017
Location: Spain
Distribution: RedHat 6.9 /Centos 8
Posts: 42

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by MensaWater View Post
Change permissions on /home/USER/.ssh to "drwx------" (700) or "drwxr-x---" (750)
changed to:
Code:
drwxr-x---   2 USER GROUP             46 Aug 29 13:32 .ssh
the same

Permission denied (publickey,gssapi-keyex,gssapi-with-mic).

in any chase, thank you
 
Old 08-29-2017, 09:03 AM   #4
michaelk
Moderator
 
Registered: Aug 2002
Posts: 26,196

Rep: Reputation: 6089Reputation: 6089Reputation: 6089Reputation: 6089Reputation: 6089Reputation: 6089Reputation: 6089Reputation: 6089Reputation: 6089Reputation: 6089Reputation: 6089
Quote:
-rwxrwx--- 1 USER sistemas 381 Aug 29 12:59 authorized_keys
Try setting authorized_keys permission to 600. -rw-------
 
Old 08-29-2017, 09:17 AM   #5
Shadow_7
Senior Member
 
Registered: Feb 2003
Distribution: debian
Posts: 4,137
Blog Entries: 1

Rep: Reputation: 875Reputation: 875Reputation: 875Reputation: 875Reputation: 875Reputation: 875Reputation: 875
Tried ssh with the -i rsa_id.private option? Not that it ends in .private, but the .pub[lic] one is on the server (in theory). With various known and authorized files under .ssh/ for the user logging in. You might have also changed the port that it listens on so -p 2022 or related options. I tend to go with the less secure route these days with the $(ssh user@IP_address) method. Versus the $(ssh user@ip_address -p 2222 -i $HOME/.ssh/rsa_id) method and other less than default options. It's kind of hard to do without a well written and up to date guide.
 
Old 08-29-2017, 09:52 AM   #6
tshikose
Member
 
Registered: Apr 2010
Location: Kinshasa, Democratic Republic of Congo
Distribution: RHEL, Fedora, CentOS
Posts: 525

Rep: Reputation: 95
Hi,

Are you sure you had created the keys with

Code:
ssh-keygen
?

And then had pushed the public one with
Code:
ssh-copy-id -i ~/.ssh/id_rsa.pub
?

Because I do not see any in the output of
Code:
ls -lah /home/USER/.ssh/
 
Old 08-30-2017, 01:30 AM   #7
businesscat
Member
 
Registered: Jun 2017
Location: Spain
Distribution: RedHat 6.9 /Centos 8
Posts: 42

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by tshikose View Post
Hi,

Are you sure you had created the keys with

Code:
ssh-keygen
?

And then had pushed the public one with
Code:
ssh-copy-id -i ~/.ssh/id_rsa.pub
?

Because I do not see any in the output of
Code:
ls -lah /home/USER/.ssh/


Hello,

I create the files and the folders and copy the same key (like in other servers in the same network) on the file. I make the same on different servers and works fine...I don't know where is the changed detail.

this is the ssh output:

Code:
[root@nagios4 ~]# ls -lah /home/USER/.ssh/
total 8.0K
drwxr-x--- 2 USER sistemas  46 Aug 29 13:32 .
drwx------ 3 USER sistemas 103 Aug 29 13:29 ..
-rwxrwx--- 1 USER sistemas 381 Aug 29 12:59 authorized_keys
-rw-r--r-- 1 USER sistemas 394 Aug 29 13:32 known_hosts
 
Old 08-30-2017, 05:32 AM   #8
tshikose
Member
 
Registered: Apr 2010
Location: Kinshasa, Democratic Republic of Congo
Distribution: RHEL, Fedora, CentOS
Posts: 525

Rep: Reputation: 95
There are no key in your /home/USER/.ssh/

Look at mine below

Code:
[root@centos ~]# ls -lah /home/student/.ssh/
total 12K
drwx------.  2 student student   36 Aug 30 11:31 .
drwx------. 15 student student 4.0K Aug 30 11:31 ..
-rw-------.  1 student student 1.7K Aug 30 11:31 id_rsa
-rw-r--r--.  1 student student  408 Aug 30 11:31 id_rsa.pub
 
Old 08-30-2017, 05:48 AM   #9
michaelk
Moderator
 
Registered: Aug 2002
Posts: 26,196

Rep: Reputation: 6089Reputation: 6089Reputation: 6089Reputation: 6089Reputation: 6089Reputation: 6089Reputation: 6089Reputation: 6089Reputation: 6089Reputation: 6089Reputation: 6089
It is not obvious if the posted .ssh information is from the server or client. I assume it is the server.

Have you tried changing the authorized_keys permissions as suggested?
 
Old 08-30-2017, 05:54 AM   #10
businesscat
Member
 
Registered: Jun 2017
Location: Spain
Distribution: RedHat 6.9 /Centos 8
Posts: 42

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by michaelk View Post
It is not obvious if the posted .ssh information is from the server or client. I assume it is the server.

Have you tried changing the authorized_keys permissions as suggested?
Sorry for the misunderstanding.

I show the files on the destiny host.

The permissions looks like others users with access (for example my personal user).

this is the permissions in the file right now:

Code:
-rwxrwx--- 1 USER GROUP 381 Aug 29 12:59 authorized_keys
 
Old 08-30-2017, 06:26 AM   #11
michaelk
Moderator
 
Registered: Aug 2002
Posts: 26,196

Rep: Reputation: 6089Reputation: 6089Reputation: 6089Reputation: 6089Reputation: 6089Reputation: 6089Reputation: 6089Reputation: 6089Reputation: 6089Reputation: 6089Reputation: 6089
Again as posted by MensaWater the permissions of the .ssh directory should be 700 i.e drwx------
Change the permissions of the authorized_keys to 600 -rw-------

You did not post what distribution/version running on the server but you indicated Redhat/Centos. If selinux is running you might need to fix via restorecon -R -v /home/user/.ssh command although that usually is only needed for root.

I assume that you copied the public key correctly to the destiny host correctly.
 
Old 08-30-2017, 06:45 AM   #12
businesscat
Member
 
Registered: Jun 2017
Location: Spain
Distribution: RedHat 6.9 /Centos 8
Posts: 42

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by michaelk View Post
Again as posted by MensaWater the permissions of the .ssh directory should be 700 i.e drwx------
Change the permissions of the authorized_keys to 600 -rw-------

You did not post what distribution/version running on the server but you indicated Redhat/Centos. If selinux is running you might need to fix via restorecon -R -v /home/user/.ssh command although that usually is only needed for root.

I assume that you copied the public key correctly to the destiny host correctly.
It is our version:

CentOS Linux release 7.3.1611 (Core)

I will try again the permissions of the .ssh and authorized_keys and back with feedback as soon as possible.

Thank you again
 
Old 08-31-2017, 01:17 AM   #13
businesscat
Member
 
Registered: Jun 2017
Location: Spain
Distribution: RedHat 6.9 /Centos 8
Posts: 42

Original Poster
Rep: Reputation: Disabled
The problem continues.
 
Old 08-31-2017, 05:10 AM   #14
michaelk
Moderator
 
Registered: Aug 2002
Posts: 26,196

Rep: Reputation: 6089Reputation: 6089Reputation: 6089Reputation: 6089Reputation: 6089Reputation: 6089Reputation: 6089Reputation: 6089Reputation: 6089Reputation: 6089Reputation: 6089
What are the permissions currently?
 
Old 08-31-2017, 08:24 AM   #15
MensaWater
LQ Guru
 
Registered: May 2005
Location: Atlanta Georgia USA
Distribution: Redhat (RHEL), CentOS, Fedora, CoreOS, Debian, FreeBSD, HP-UX, Solaris, SCO
Posts: 7,831
Blog Entries: 15

Rep: Reputation: 1669Reputation: 1669Reputation: 1669Reputation: 1669Reputation: 1669Reputation: 1669Reputation: 1669Reputation: 1669Reputation: 1669Reputation: 1669Reputation: 1669
You're telling us the permissions on one side of the connection. What are they on the other system?
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] ssh problem. (Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password).) Satyaveer Arya Linux - Networking 4 10-19-2013 03:43 PM
Permission denied (publickey,gssapi-keyex,gssapi-with-mic) mafteha Linux - Newbie 3 11-14-2012 04:32 AM
Permission denied (publickey, gssapi-keyex,gssapi-with-mic,password) Huaqing Wang Linux - Newbie 1 06-27-2012 07:51 PM
Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password,keyboard-inte ract MilanK Linux - Newbie 1 03-20-2012 03:44 AM
Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password) scman64 Linux - Newbie 1 12-13-2011 12:20 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 12:50 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration