SSH - Accessing sent publickey gssapi-keyex gssapi-with-mic

olGerva

Member
Nov 20, 2017
22
2
53
Italy
cPanel Access Level
Root Administrator
Hi to all
I have a problem with accessing SSH server, I get this kind of error:
sent publickey gssapi-keyex gssapi-with-mic

I running "Security Advisor" on two of my VPS's I get the following suggestions.

SERVER AA
SSH direct root logins are permitted.
Manually edit etc-ssh-sshd_config and change PermitRootLogin to "without-password" or "no", then restart SSH in the "Restart SSH" area

SERVER BB
SSH password authentication is enabled.
Disable SSH password authentication in the "SSH Password Authorization Tweak" area.
SSH direct root logins are permitted.
Manually edit etc-ssh-sshd_config and change PermitRootLogin to "without-password" or "no", then restart SSH in the "Restart SSH" area


Wanting me to increase security and as you suggested I want to inhibit access to the root user as well, so
- I create a new user
- I add him to the Wheel group
- I generate a new SSH key
- I restart the SSH service
- I set up access to Putty

In both servers the values are set the same
etc-ssh-sshd_config
#PermitRootLogin yes
#PubkeyAuthentication yes

I assume that having put comment to the two default lines the value is OFF / NO. Right?

Trying to access SERVER AA with Putty Using a certificate:
Using username "user".
Server refused our key
no supported authentication methods available ( server sent publickey gssapi-keyex gssapi-with-mic)

Trying to access SERVER AA with Putty without the use of a certificate
Login as: user
no supported authentication methods available ( server sent publickey gssapi-keyex gssapi-with-mic)

Trying to access SERVER BB with Putty without the use of the certificate:
access regularly.

I point out that currently on the SERVER AA root access is already donewith a certificate and it works regularly.

On the SERVER BB it is enable password authentication to do this test.

Now the question is as follows:

If for added security and as suggested by Advisor, it is necessary to “Disable SSH password authentication” and “change PermitRootLogin” how can I proceed ??

For maximum security I should set
PermitRootLogin NO
PubkeyAuthentication NO

But at this point how can I log in with the user created? Or worse yet will I have access?

Sorry maybe I am confusing myself, but I don't understand the best way to find the right solution

I would not want to find myself locked out and no longer have access to the server.

Happy New Year to all of you
Thank you very much
 

quietFinn

Well-Known Member
Feb 4, 2006
2,042
553
493
Finland
cPanel Access Level
Root Administrator
We have SSH password authentication enabled and SSH direct root logins disabled , one user in wheel group so can connect to that and su to root.

When you are changing SSH settings don't close the SSH connection, but open a new connection. In case something is wrong you can use the other connection to revert the changes.
 
  • Like
Reactions: cPRex