[SOLVED] SSH: Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password).
ssh connections are refused stating "Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password)."
I've gone through the sshdconfig file with a fine tooth comb looking for discrepancies between it and a working linode sshdconfig file and nothing is out of place.
I've even got password auth enabled for testing and it still wont let me in. both usernames on local and remote exist.
Here's what I get:
[rberry@krickitz ~]$ SSH_AUTH_SOCK=0 ssh -v rberry@my.ip.here
OpenSSH_7.5p1, OpenSSL 1.1.0f-fips 25 May 2017
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Reading configuration data /etc/ssh/ssh_config.d/05-redhat.conf
debug1: Reading configuration data /etc/crypto-policies/back-ends/openssh.config
debug1: /etc/ssh/ssh_config.d/05-redhat.conf line 8: Applying options for *
debug1: Connecting to my.ip.here [my.ip.here] port 22.
debug1: Connection established.
debug1: identity file /home/rberry/.ssh/id_rsa type 1
debug1: key_load_public: No such file or directory
debug1: identity file /home/rberry/.ssh/id_rsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/rberry/.ssh/id_dsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/rberry/.ssh/id_dsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/rberry/.ssh/id_ecdsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/rberry/.ssh/id_ecdsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/rberry/.ssh/id_ed25519 type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/rberry/.ssh/id_ed25519-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_7.5
debug1: Remote protocol version 2.0, remote software version OpenSSH_7.5
debug1: match: OpenSSH_7.5 pat OpenSSH* compat 0x04000000
debug1: Authenticating to my.ip.here:22 as 'rberry'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: curve25519-sha256@libssh.org
debug1: kex: host key algorithm: ecdsa-sha2-nistp256
debug1: kex: server->client cipher: aes256-gcm@openssh.com MAC: <implicit>compression: none
debug1: kex: client->server cipher: aes256-gcm@openssh.com MAC: <implicit>compression: none
debug1: kex: curve25519-sha256@libssh.org need=32 dh_need=32
debug1: kex: curve25519-sha256@libssh.org need=32 dh_need=32
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:sYatviRcS3BrbzUMMh+UErPWphD/A8FdpE41IBPyG2E
The authenticity of host my.ip.here(my.ip.here)' can't be established.
ECDSA key fingerprint is SHA256:sYatviRcS3BrbzUMMh+UErPWphD/A8FdpE41IBPyG2E.
ECDSA key fingerprint is MD5:96:31:79:27:23:3b:be:f3:95:ea:62:8c:68:1b:c4:2e.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'my.ip.here' (ECDSA) to the list of known hosts.
debug1: rekey after 4294967296 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey after 4294967296 blocks
debug1: pubkey_prepare: ssh_get_authentication_socket: No such file or directory
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs= <ssh-ed25519,ssh-rsa,rsa-sha2-256,rsa-sha2-512,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,null>debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
debug1: Next authentication method: gssapi-keyex
debug1: No valid Key exchange context
debug1: Next authentication method: gssapi-with-mic
debug1: Unspecified GSS failure. Minor code may provide more information
No Kerberos credentials available (default cache: KEYRING:persistent:1000)
debug1: Unspecified GSS failure. Minor code may provide more information
No Kerberos credentials available (default cache: KEYRING:persistent:1000)
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /home/rberry/.ssh/id_rsa
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
debug1: Trying private key: /home/rberry/.ssh/id_dsa
debug1: Trying private key: /home/rberry/.ssh/id_ecdsa
debug1: Trying private key: /home/rberry/.ssh/id_ed25519
debug1: No more authentication methods to try.
Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password).
[rberry@krickitz ~]$</ssh-ed25519,ssh-rsa,rsa-sha2-256,rsa-sha2-512,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,null></implicit></implicit>
[rberry@krickitz ~]$ ssh-copy-id rberry@myip
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/home/rberry/.ssh/id_rsa.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password).
[rberry@krickitz ~]$
If I try to login to my other linode instance ssh works just fine. It asks me for my keypass and then boom I'm in. No problem.
I don't know what the problem is here. This is a fresh install with all updates applied and the only attempts to change anything have been in order to login via ssh with no luck.
I've googled all night and can't find any solution that works in my case.
Any ideas? Need more info? I'm at a loss. I'll provide whatever info you need.
Thanks,
Randy Berry, N3LRX
1 Reply
Side note, disable GSS API authentication, you do not need or want it and it just slows down the logon.