Results 1 to 3 of 3

Thread: SSH keys Permission denied (publickey,gssapi-keyex,gssapi-with-mic)

  1. #1
    Registered User
    Join Date
    Oct 2012
    Posts
    1
    cPanel/WHM Access Level

    Root Administrator

    Default SSH keys Permission denied (publickey,gssapi-keyex,gssapi-with-mic)

    I've been troubleshooting this since yesterday afternoon.

    I have a centos server running whm and I had ssh access working with a key. SSH Password Authorization Tweak is Disabled.

    My SSH key had a passphrase and I was working on a backup solution for which I wanted to try using a key with no passphrase. WHM doesn't allow null password keys it seems so I created one locally on my mac with ssh-keygen, uploaded the public key and this didn't work.

    I ended up removing the working ssh key from the server, not a big problem I thought as I can just make a new one.

    Now I can't get any keys working for ssh access. Here are the steps I've been taking for the last few hours:

    1) Manage root’s SSH Keys > Generate a new key
    2) I have copied and pasted the text from the private key into a key on my computer
    2 a) I have also used scp (by enabling ssh password authorization temporarily) to retrieve the private key
    3) Manage Authorization > Enable
    4) Attempt login > ssh -i <id_dsa/id_rsa> root@<server>
    type key password

    Code:
    Permission denied (publickey,gssapi-keyex,gssapi-with-mic).
    5) chmod 600 <id_dsa/id_rsa>

    Code:
    Permission denied (publickey,gssapi-keyex,gssapi-with-mic).
    OK. Next.

    On mac
    1) ssh-keygen -t id_dsa
    1 a) I have also tried ssh-keygen -t id_rsa, the difference is not significant i know.
    1 b) I've done this with a password and without a password, neither work
    2) copy id_dsa.pub/id_rsa.pub to remote server through Manage root’s SSH Keys > Import Key
    2 a) I've also used scp (by enabling ssh password authorization temporarily) to copy the key to the server
    3) Manage Authorization > Enable
    4) Attempt login > ssh -i <id_dsa/id_rsa> root@<server>
    type key password

    Code:
    Permission denied (publickey,gssapi-keyex,gssapi-with-mic).
    5) chmod 600 <id_dsa/id_rsa>

    Code:
    Permission denied (publickey,gssapi-keyex,gssapi-with-mic).
    OK. Permissions.

    on server in /root/.ssh
    Code:
    -rw-------.  1 root root  422 Oct  3 10:57 authorized_keys
    -rw-------.  1 root root  422 Oct  3 10:57 authorized_keys2
    -rw-r--r--.  1 root root  422 Oct  3 10:57 id_rsa.pub
    and from /root
    Code:
    drwx------.  2 root root     4096 Oct  3 10:57 .ssh/
    on mac in ~/
    Code:
    drwx------   3 darrencperry  staff    102  3 Oct 00:54 .ssh
    and in ~/.ssh
    Code:
    -rw-r--r--   1 darrencperry  staff  418  3 Oct 00:54 known_hosts
    my private key permissions
    Code:
    -rw-------   1 darrencperry  staff   1675  3 Oct 10:56 id_rsa
    Firewall:

    I've made sure port 22 is open on my server and am using port 22 for SSH.


    read out from ssh -vvv -i <id_dsa/id_rsa> root@<server>

    (I've hidden addresses and IPs)

    Code:
    OpenSSH_5.9p1, OpenSSL 0.9.8r 8 Feb 2011
    debug1: Reading configuration data /etc/ssh_config
    debug1: /etc/ssh_config line 20: Applying options for *
    debug2: ssh_connect: needpriv 0
    debug1: Connecting to myserver.co.uk [my.ip.address] port 22.
    debug1: Connection established.
    debug3: Incorrect RSA1 identifier
    debug3: Could not load "id_rsa" as a RSA1 public key
    debug1: identity file id_rsa type 1
    debug1: identity file id_rsa-cert type -1
    debug1: Remote protocol version 2.0, remote software version OpenSSH_5.3
    debug1: match: OpenSSH_5.3 pat OpenSSH*
    debug1: Enabling compatibility mode for protocol 2.0
    debug1: Local version string SSH-2.0-OpenSSH_5.9
    debug2: fd 3 setting O_NONBLOCK
    debug3: load_hostkeys: loading entries for host "myserver.co.uk" from file "/Users/darrencperry/.ssh/known_hosts"
    debug3: load_hostkeys: found key type RSA in file /Users/darrencperry/.ssh/known_hosts:1
    debug3: load_hostkeys: loaded 1 keys
    debug3: order_hostkeyalgs: prefer hostkeyalgs: ssh-rsa-cert-v01@openssh.com,ssh-rsa-cert-v00@openssh.com,ssh-rsa
    debug1: SSH2_MSG_KEXINIT sent
    debug1: SSH2_MSG_KEXINIT received
    debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
    debug2: kex_parse_kexinit: ssh-rsa-cert-v01@openssh.com,ssh-rsa-cert-v00@openssh.com,ssh-rsa,ssh-dss-cert-v01@openssh.com,ssh-dss-cert-v00@openssh.com,ssh-dss
    debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
    debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
    debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-sha2-256,hmac-sha2-256-96,hmac-sha2-512,hmac-sha2-512-96,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
    debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-sha2-256,hmac-sha2-256-96,hmac-sha2-512,hmac-sha2-512-96,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
    debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
    debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
    debug2: kex_parse_kexinit: 
    debug2: kex_parse_kexinit: 
    debug2: kex_parse_kexinit: first_kex_follows 0 
    debug2: kex_parse_kexinit: reserved 0 
    debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
    debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
    debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
    debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
    debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
    debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
    debug2: kex_parse_kexinit: none,zlib@openssh.com
    debug2: kex_parse_kexinit: none,zlib@openssh.com
    debug2: kex_parse_kexinit: 
    debug2: kex_parse_kexinit: 
    debug2: kex_parse_kexinit: first_kex_follows 0 
    debug2: kex_parse_kexinit: reserved 0 
    debug2: mac_setup: found hmac-md5
    debug1: kex: server->client aes128-ctr hmac-md5 none
    debug2: mac_setup: found hmac-md5
    debug1: kex: client->server aes128-ctr hmac-md5 none
    debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
    debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
    debug2: dh_gen_key: priv key bits set: 128/256
    debug2: bits set: 493/1024
    debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
    debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
    debug1: Server host key: RSA hi:dd:en:so:me:of:th:is:42:b2:0b:10:10:25:4f:3f
    debug3: load_hostkeys: loading entries for host "myserver.co.uk" from file "/Users/darrencperry/.ssh/known_hosts"
    debug3: load_hostkeys: found key type RSA in file /Users/darrencperry/.ssh/known_hosts:1
    debug3: load_hostkeys: loaded 1 keys
    debug3: load_hostkeys: loading entries for host "my.ip.address" from file "/Users/darrencperry/.ssh/known_hosts"
    debug3: load_hostkeys: found key type RSA in file /Users/darrencperry/.ssh/known_hosts:1
    debug3: load_hostkeys: loaded 1 keys
    debug1: Host 'myserver.co.uk' is known and matches the RSA host key.
    debug1: Found key in /Users/darrencperry/.ssh/known_hosts:1
    debug2: bits set: 507/1024
    debug1: ssh_rsa_verify: signature correct
    debug2: kex_derive_keys
    debug2: set_newkeys: mode 1
    debug1: SSH2_MSG_NEWKEYS sent
    debug1: expecting SSH2_MSG_NEWKEYS
    debug2: set_newkeys: mode 0
    debug1: SSH2_MSG_NEWKEYS received
    debug1: Roaming not allowed by server
    debug1: SSH2_MSG_SERVICE_REQUEST sent
    debug2: service_accept: ssh-userauth
    debug1: SSH2_MSG_SERVICE_ACCEPT received
    debug2: key: id_rsa (0x7fe2f241d220)
    debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic
    debug3: start over, passed a different list publickey,gssapi-keyex,gssapi-with-mic
    debug3: preferred publickey,keyboard-interactive,password
    debug3: authmethod_lookup publickey
    debug3: remaining preferred: keyboard-interactive,password
    debug3: authmethod_is_enabled publickey
    debug1: Next authentication method: publickey
    debug1: Offering RSA public key: id_rsa
    debug3: send_pubkey_test
    debug2: we sent a publickey packet, wait for reply
    debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic
    debug2: we did not send a packet, disable method
    debug1: No more authentication methods to try.
    Permission denied (publickey,gssapi-keyex,gssapi-with-mic).

    I've also run:

    tail -f /var/log/secure

    on the server and all that's logged when I attempt and fail to login with the SSH key is this:

    Code:
    Oct  3 11:31:52 host-my-server-ip sshd[13261]: Connection closed by <my.ip>
    I've also tried to ssh in from another machine using the same methods...

    Any help would be GREATLY appreciated!!

    Thanks!

  2. #2
    cPanel Staff cPanelTristan's Avatar
    Join Date
    Oct 2010
    Location
    somewhere over the rainbow
    Posts
    7,609
    cPanel/WHM Access Level

    Root Administrator

    Default Re: SSH keys Permission denied (publickey,gssapi-keyex,gssapi-with-mic)

    Hello,

    I'm not seeing anything obvious that's causing this to occur. Could you try opening up a ticket for us to test adding a public key to the machine ourselves to test it? You'll need to provide WHM root access for us to try adding the key to the machine.

    Thanks!
    cPResources: Support Options | More Support Options | Forums Search | cPanel.net Site Search | Mailing Lists(Alt) | Docs
    -- Tristan, Technical Analyst III, Forums Specialist, cPanel Tech Support

    Submit a ticket | Check an existing ticket

  3. #3
    Registered Member
    Join Date
    Mar 2012
    Posts
    13
    cPanel/WHM Access Level

    Root Administrator

    Default Re: SSH keys Permission denied (publickey,gssapi-keyex,gssapi-with-mic)

    Hi,

    Check your home directory is encrypted:
    /http://gopukrish.wordpress.com/2013/04/24/ssh-cant-connect-authentications-that-can-continue-publickeygssapi-keyexgssapi-with-micpassword/

Similar Threads

  1. Permission denied (publickey,gssapi-keyex,gssapi-with-mic)
    By mahdy_sharifi in forum cPanel & WHM Discussions
    Replies: 7
    Last Post: 07-30-2013, 10:34 AM
  2. Permission denied (publickey,gssapi-with-mic).
    By pueblosnet in forum Security
    Replies: 2
    Last Post: 06-07-2010, 02:27 AM
  3. SSH Permission Denied???
    By Hines in forum New User Questions
    Replies: 5
    Last Post: 05-08-2010, 09:55 AM
  4. Replies: 1
    Last Post: 06-09-2009, 10:26 AM
  5. Create SSH Keys and login using putty - access denied
    By isputra in forum cPanel & WHM Discussions
    Replies: 8
    Last Post: 05-05-2008, 09:34 PM
bargain