Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password) - Additional Destinations for backup

[competitions]

Attempted additional destination for backup using SFTP and Key Authentication as per instructions from cPanel here: Backup Configuration | cPanel & WHM Documentation

The end goal is to have a hot swap cPanel server with backup of accounts and WHM already set the same as the production server [except for the server IP address].

Wondering if people have success with just those cPanel instructions as I get an error when I attempt to verify of "Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password)"

Googling that error it appears that perhaps the /etc/ssh/sshd_config might need tweaking [source: Solution 2 from How to Fix SSH Failed Permission Denied (publickey,gssapi-keyex,gssapi-with-mic)]

Also tail -n30 /var/log/secure shows preauth ports mentioned so perhaps CSF needs additional port(s) open and perhaps CSF and cPhulkd need whitelisting the server IP.

If any cPanel users have documented what they did to get success, I and others would be appreciative if you could share.

 

[ZenHostingTravis]

You could temporarily disable the firewall(s) to determine if that is the cause of the problem.

 

[cPRex]

I also like that plan @ZenHostingTravis - it would at least give you something you rule out.

 

[competitions]

Update: disabled both firewalls and can SSH, but it asks for 'Enter passphrase for key '/root/.ssh/id_rsa':' - after entering the passphrase I can use the other server.
So before figuring out what the firewall issues are, is there a setting somewhere to disable the requirement for the passphrase?

[Edit - rookie mistake, had incorrect account name, backup details now verify]

 

[cPRex]

There is no way around the passphrase. That is something that was created at the same time as the SSH key being used for the connection. You can create a new key with no passphrase if you wish.

 

[ZenHostingTravis]

You can completely disable pubkey authentication but it's better than password authentication.

 

[competitions]

There is no way around the passphrase. That is something that was created at the same time as the SSH key being used for the connection. You can create a new key with no passphrase if you wish.

Sorry, I should have been more clear. What I meant to say is that after I disabled the firewalls, I could SSH to the other server via command line on the source server, but it prompted for the passphrase, which I didn't expect. I then validated through the Additional Destinations in Backup and it validated, so all appears to be working as it should.

Thanks ZenHostingTravis