SSH with rsa key failure "Permission denied (publickey,gssapi-keyex,gssapi-with-mic)"
Linux - NewbieThis Linux forum is for members that are new to Linux.
Just starting out and have a question?
If it is not in the man pages or the how-to's this is the place!
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
SSH with rsa key failure "Permission denied (publickey,gssapi-keyex,gssapi-with-mic)"
Hi, I'm trying connect to other server with the same rsa key but it doesn't works...I'm use the same procedure but not works...
Code:
$ ls -lah /home/ | grep USER
drwx------ 3 USER sistemas 103 Aug 29 13:29 USER
$ ls -lah /home/USER/
total 24K
-rw------- 1 USER USER 279 Aug 29 13:33 .bash_history
-rw-r--r-- 1 USER USER 18 Dec 7 2016 .bash_logout
-rw-r--r-- 1 USER USER 193 Dec 7 2016 .bash_profile
-rw-r--r-- 1 USER USER 231 Dec 7 2016 .bashrc
-rw-r--r-- 1 USER USER 172 Nov 5 2016 .kshrc
drwxrwx--- 2 USER sistemas 46 Aug 29 13:32 .ssh
$ ls -lah /home/USER/.ssh/
total 8.0K
drwxrwx--- 2 USER sistemas 46 Aug 29 13:32 .
drwx------ 3 USER sistemas 103 Aug 29 13:29 ..
-rwxrwx--- 1 USER sistemas 381 Aug 29 12:59 authorized_keys
-rw-r--r-- 1 USER sistemas 394 Aug 29 13:32 known_hosts
If I execute the connection with the verbose option, shows the following:
Code:
penSSH_6.6.1, OpenSSL 1.0.1e-fips 11 Feb 2013
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 1: Applying options for *
debug1: Connecting to 10.4.141.230 [10.4.141.230] port 22.
debug1: Connection established.
debug1: identity file /home/USER/.ssh/id_rsa type -1
debug1: identity file /home/USER/.ssh/id_rsa-cert type -1
debug1: identity file /home/USER/.ssh/id_dsa type -1
debug1: identity file /home/USER/.ssh/id_dsa-cert type -1
debug1: identity file /home/USER/.ssh/id_ecdsa type -1
debug1: identity file /home/USER/.ssh/id_ecdsa-cert type -1
debug1: identity file /home/USER/.ssh/id_ed25519 type -1
debug1: identity file /home/USER/.ssh/id_ed25519-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.6.1
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.3
debug1: match: OpenSSH_5.3 pat OpenSSH_5* compat 0x0c000000
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: kex: diffie-hellman-group-exchange-sha256 need=16 dh_need=16
debug1: kex: diffie-hellman-group-exchange-sha256 need=16 dh_need=16
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<3072<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Server host key: RSA 63:4a:23:e8:7f:db:be:c4:31:d4:c1:a9:a8:dd:7d:3f
debug1: Host '10.4.141.230' is known and matches the RSA host key.
debug1: Found key in /home/USER/.ssh/known_hosts:1
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic
debug1: Next authentication method: gssapi-keyex
debug1: No valid Key exchange context
debug1: Next authentication method: gssapi-with-mic
debug1: Unspecified GSS failure. Minor code may provide more information
No Kerberos credentials available (default cache: KEYRING:persistent:1022)
debug1: Unspecified GSS failure. Minor code may provide more information
No Kerberos credentials available (default cache: KEYRING:persistent:1022)
debug1: Next authentication method: publickey
debug1: Trying private key: /home/USER/.ssh/id_rsa
debug1: Trying private key: /home/USER/.ssh/id_dsa
debug1: Trying private key: /home/USER/.ssh/id_ecdsa
debug1: Trying private key: /home/USER/.ssh/id_ed25519
debug1: No more authentication methods to try.
Permission denied (publickey,gssapi-keyex,gssapi-with-mic).
Last edited by businesscat; 08-29-2017 at 07:04 AM.
Tried ssh with the -i rsa_id.private option? Not that it ends in .private, but the .pub[lic] one is on the server (in theory). With various known and authorized files under .ssh/ for the user logging in. You might have also changed the port that it listens on so -p 2022 or related options. I tend to go with the less secure route these days with the $(ssh user@IP_address) method. Versus the $(ssh user@ip_address -p 2222 -i $HOME/.ssh/rsa_id) method and other less than default options. It's kind of hard to do without a well written and up to date guide.
I create the files and the folders and copy the same key (like in other servers in the same network) on the file. I make the same on different servers and works fine...I don't know where is the changed detail.
this is the ssh output:
Code:
[root@nagios4 ~]# ls -lah /home/USER/.ssh/
total 8.0K
drwxr-x--- 2 USER sistemas 46 Aug 29 13:32 .
drwx------ 3 USER sistemas 103 Aug 29 13:29 ..
-rwxrwx--- 1 USER sistemas 381 Aug 29 12:59 authorized_keys
-rw-r--r-- 1 USER sistemas 394 Aug 29 13:32 known_hosts
Again as posted by MensaWater the permissions of the .ssh directory should be 700 i.e drwx------
Change the permissions of the authorized_keys to 600 -rw-------
You did not post what distribution/version running on the server but you indicated Redhat/Centos. If selinux is running you might need to fix via restorecon -R -v /home/user/.ssh command although that usually is only needed for root.
I assume that you copied the public key correctly to the destiny host correctly.
Again as posted by MensaWater the permissions of the .ssh directory should be 700 i.e drwx------
Change the permissions of the authorized_keys to 600 -rw-------
You did not post what distribution/version running on the server but you indicated Redhat/Centos. If selinux is running you might need to fix via restorecon -R -v /home/user/.ssh command although that usually is only needed for root.
I assume that you copied the public key correctly to the destiny host correctly.
It is our version:
CentOS Linux release 7.3.1611 (Core)
I will try again the permissions of the .ssh and authorized_keys and back with feedback as soon as possible.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.