ssh Permission denied publickey gssapi-with-mic

Question

i m use centos 5 9  after installing gitlab by this link ssh not working  before install gitlab ssh correctly working  i m using this server localy and other services such as elastix and apache mysql installed on server   appeare this error    OpenSSH 6 9p1 Ubuntu-2ubuntu0 1  OpenSSL 1 0 2d 9 Jul 2015 debug1  Reading configuration data  etc ssh ssh config debug1   etc ssh ssh config line 19  Applying options for   debug2  ssh connect  needpriv 0 debug1  Connecting to 192 168 88 23  192 168 88 23  port 22  debug1  Connection established  debug1  permanently set uid  0 0 debug1  key load public  No such file or directory debug1  identity file  root  ssh id rsa type -1 debug1  key load public  No such file or directory debug1  identity file  root  ssh id rsa-cert type -1 debug1  key load public  No such file or directory debug1  identity file  root  ssh id dsa type -1 debug1  key load public  No such file or directory debug1  identity file  root  ssh id dsa-cert type -1 debug1  key load public  No such file or directory debug1  identity file  root  ssh id ecdsa type -1 debug1  key load public  No such file or directory debug1  identity file  root  ssh id ecdsa-cert type -1 debug1  key load public  No such file or directory debug1  identity file  root  ssh id ed25519 type -1 debug1  key load public  No such file or directory debug1  identity file  root  ssh id ed25519-cert type -1 debug1  Enabling compatibility mode for protocol 2 0                                         debug1  Local version string SSH-2 0-OpenSSH 6 9p1 Ubuntu-2ubuntu0 1 debug1  Remote protocol version 2 0  remote software version OpenSSH 4 3 debug1  match  OpenSSH 4 3 pat OpenSSH 4  compat 0x00000000 debug2  fd 3 setting O NONBLOCK debug1  Authenticating to 192 168 88 23 22 as  root  debug1  SSH2 MSG KEXINIT sent debug1  SSH2 MSG KEXINIT received debug2  kex parse kexinit  curve25519-sha256 libssh org ecdh-sha2-nistp256 ecdh-sha2-nistp384 ecdh-sha2-nistp521 diffie-hellman-group-exchange-sha256 diffie-hellman-group-exchange-sha1 diffie-hellman-group14-sha1 diffie-hellman-group1-sha1 debug2  kex parse kexinit  ssh-rsa-cert-v01 openssh com ssh-rsa-cert-v00 openssh com ssh-rsa ecdsa-sha2-nistp256-cert-v01 openssh com ecdsa-sha2-nistp384-cert-v01 openssh com ecdsa-sha2-nistp521-cert-v01 openssh com ssh-ed25519-cert-v01 openssh com ssh-dss-cert-v01 openssh com ssh-dss-cert-v00 openssh com ecdsa-sha2-nistp256 ecdsa-sha2-nistp384 ecdsa-sha2-nistp521 ssh-ed25519 ssh-dss debug2  kex parse kexinit  chacha20-poly1305 openssh com aes128-ctr aes192-ctr aes256-ctr aes128-gcm openssh com aes256-gcm openssh com arcfour256 arcfour128 aes128-cbc 3des-cbc blowfish-cbc cast128-cbc aes192-cbc aes256-cbc arcfour rijndael-cbc lysator liu se debug2  kex parse kexinit  chacha20-poly1305 openssh com aes128-ctr aes192-ctr aes256-ctr aes128-gcm openssh com aes256-gcm openssh com arcfour256 arcfour128 aes128-cbc 3des-cbc blowfish-cbc cast128-cbc aes192-cbc aes256-cbc arcfour rijndael-cbc lysator liu se debug2  kex parse kexinit  umac-64-etm openssh com umac-128-etm openssh com hmac-sha2-256-etm openssh com hmac-sha2-512-etm openssh com hmac-sha1-etm openssh com umac-64 openssh com umac-128 openssh com hmac-sha2-256 hmac-sha2-512 hmac-sha1 hmac-md5-etm openssh com hmac-ripemd160-etm openssh com hmac-sha1-96-etm openssh com hmac-md5-96-etm openssh com hmac-md5 hmac-ripemd160 hmac-ripemd160 openssh com hmac-sha1-96 hmac-md5-96 debug2  kex parse kexinit  umac-64-etm openssh com umac-128-etm openssh com hmac-sha2-256-etm openssh com hmac-sha2-512-etm openssh com hmac-sha1-etm openssh com umac-64 openssh com umac-128 openssh com hmac-sha2-256 hmac-sha2-512 hmac-sha1 hmac-md5-etm openssh com hmac-ripemd160-etm openssh com hmac-sha1-96-etm openssh com hmac-md5-96-etm openssh com hmac-md5 hmac-ripemd160 hmac-ripemd160 openssh com hmac-sha1-96 hmac-md5-96 debug2  kex parse kexinit  none zlib openssh com zlib debug2  kex parse kexinit  none zlib openssh com zlib debug2  kex parse kexinit   debug2  kex parse kexinit   debug2  kex parse kexinit  first kex follows 0  debug2  kex parse kexinit  reserved 0  debug2  kex parse kexinit  diffie-hellman-group-exchange-sha1 diffie-hellman-group14-sha1 diffie-hellman-group1-sha1 debug2  kex parse kexinit  ssh-rsa ssh-dss debug2  kex parse kexinit  aes128-ctr aes192-ctr aes256-ctr arcfour256 arcfour128 aes128-cbc 3des-cbc blowfish-cbc cast128-cbc aes192-cbc aes256-cbc arcfour rijndael-cbc lysator liu se debug2  kex parse kexinit  aes128-ctr aes192-ctr aes256-ctr arcfour256 arcfour128 aes128-cbc 3des-cbc blowfish-cbc cast128-cbc aes192-cbc aes256-cbc arcfour rijndael-cbc lysator liu se debug2  kex parse kexinit  hmac-md5 hmac-sha1 hmac-ripemd160 hmac-ripemd160 openssh com hmac-sha1-96 hmac-md5-96 debug2  kex parse kexinit  hmac-md5 hmac-sha1 hmac-ripemd160 hmac-ripemd160 openssh com hmac-sha1-96 hmac-md5-96 debug2  kex parse kexinit  none zlib openssh com debug2  kex parse kexinit  none zlib openssh com debug2  kex parse kexinit   debug2  kex parse kexinit   debug2  kex parse kexinit  first kex follows 0  debug2  kex parse kexinit  reserved 0  debug1  kex  server- gt client aes128-ctr hmac-sha1 none debug1  kex  client- gt server aes128-ctr hmac-sha1 none debug1  SSH2 MSG KEX DH GEX REQUEST 1024 lt 7680 lt 8192  sent debug1  got SSH2 MSG KEX DH GEX GROUP debug2  bits set  3111 6144 debug1  SSH2 MSG KEX DH GEX INIT sent debug1  got SSH2 MSG KEX DH GEX REPLY debug1  Server host key  ssh-rsa SHA256 7J6JOe94H9PedNKlx6yG wMy6ZYC8iB74WdOVGDgY7A debug1  Host  192 168 88 23  is known and matches the RSA host key      debug1  Found key in  root  ssh known hosts 1 debug2  bits set  3102 6144 debug2  set newkeys  mode 1 debug1  SSH2 MSG NEWKEYS sent debug1  expecting SSH2 MSG NEWKEYS debug2  set newkeys  mode 0 debug1  SSH2 MSG NEWKEYS received debug1  SSH2 MSG SERVICE REQUEST sent debug2  service accept  ssh-userauth debug1  SSH2 MSG SERVICE ACCEPT received debug2  key   root  ssh id rsa   nil    debug2  key   root  ssh id dsa   nil    debug2  key   root  ssh id ecdsa   nil    debug2  key   root  ssh id ed25519   nil    debug1  Authentications that can continue  publickey gssapi-with-mic debug1  Next authentication method  gssapi-with-mic debug1  Unspecified GSS failure   Minor code may provide more information No Kerberos credentials available  debug1  Unspecified GSS failure   Minor code may provide more information No Kerberos credentials available  debug1  Unspecified GSS failure   Minor code may provide more information   debug1  Unspecified GSS failure   Minor code may provide more information No Kerberos credentials available  debug2  we did not send a packet  disable method debug1  Next authentication method  publickey debug1  Trying private key   root  ssh id rsa debug1  Trying private key   root  ssh id dsa debug1  Trying private key   root  ssh id ecdsa debug1  Trying private key   root  ssh id ed25519 debug2  we did not send a packet  disable method debug1  No more authentication methods to try  Permission denied  publickey gssapi-with-mic

User · Answer

In Centos 7   Error   publickey gssapi-keyex gssapi-with-mic  Ans   Root access to vi  etc ssh sshd config and change the PasswordAuthentication   no   to yes   2   Restart the sshd services  root  systemctl restart sshd service   Logon into local id via putty without key

User · Answer

I had the same problem  In my case  macOS doesn t load my SSH keys  but I fix it with  ssh-add  lt SSH private key gt  ssh-add  lt SSH public key gt   I couldn t connect to a Droplet on DigitalOcean  but the subsequent commands work for me  You can go to the forum here

User · Answer

I had the same issue while using vagrant   So from my Mac I was trying to ssh to a vagrant box  CentOS 7   Solved it by amending the  etc ssh sshd config PasswordAuthentication yes then re-started the service using sudo systemctl restart sshd  Hope this helps

User · Answer

As everybody else has already said you need to edit  etc ssh sshd config and change PasswordAuthentication no to PasswordAuthentication yes  I ran into this problem setting up a Vagrant box - so therefore it makes sense to script this and do it automatically in a shell provisioner   sudo sed -i  s PasswordAuthentication no PasswordAuthentication yes g   etc ssh sshd config   sudo systemctl restart sshd

User · Answer

Nobody has mention this in  above answers so i am mentioning it  This error can also come if you re in the wrong folder or path of your pem file is not correct  I was having similar issue and found that my pem file was not there from where i am executing the ssh command cd KeyPair ssh -i Keypair pem ec2-user 244 255 255 255

User · Answer

Setting PasswordAuthentication to yes   is not the best way to go    is not as secure as using private and public keys for authentication    First make sure that that you have the fallowing permissions set  on the server side   First check your home dir  SERVER SIDE    vini random     ls -ld    drwx------  3 vini vini 127 Nov 23 15 29  home vini   if it is not like this  run  chmod 0700  home your home   Now check  ssh folder    vini random     ls -ld   home vini  ssh   drwx------  2 vini vini 29 Nov 23 15 28  home vini  ssh    if it is not looking like this  run  chmod 0700  home your home  ssh   now make sure that authorized keys looks like this   vini venon     ls -ld   home vini  ssh authorized keys   -rw-------  1 vini vini 393 Nov 23 15 28  home vini  ssh authorized keys   or just run   chmod 0600  home your home  ssh authorized keys   After that go to  etc ssh sshd config  For best security set   PermitRootLogin no  PubkeyAuthentication yes   keep as yes for testing purposes   PasswordAuthentication yes   Make sure that   ChallengeResponseAuthentication no   Comment those lines for GSSAPI     GSSAPIAuthentication yes    GSSAPICleanupCredentials no   Make sure that is set to UsePAM yes  UsePAM yes   now restart sshd service  systemctl restart sshd    on the client side   cd  home your home  ssh   generate new keys  setting a password is optional but is a good idea  ssh-keygen -t rsa -b 2048     copy pub key to your server  ssh-copy-id -i id rsa pub user name server ip   start ssh agent   eval   ssh-agent   ssh-add  home user  ssh your private key   now your are good to go    ssh user name server ip   if everything works just fine  make a backup of your private key and then deny PasswordAuthentication  PasswordAuthentication no    Restart you server   now anyone trying to ssh into  your server  without your keys  should get  vini random  Permission denied  publickey     keep script kids away from your business  and good luck

User · Answer

And I think this will clearify the cause of posted problem  actualy this is bug of pssh itself  contains inside  askpass-client py    It is pssh s lib file  And there is documented issue for -A case  https   code google com archive p parallel-ssh issues 80 There are two possible resolutions to use version of pssh containing this bug in case you forced to use passphrase for private key access    Correct your  askpass-client py  as described in link listed before in my post  Using your favorite pass keeper    Thnks for attention  hope it helps

User · Answer

I try   rm    ssh id rsa pub   then it work

User · Answer

please make sure following changes should be uncommented  which I did and got succeed in centos7  vi  etc ssh sshd config  1 PubkeyAuthentication yes  2 PasswordAuthentication yes  3 GSSAPIKeyExchange no  4 GSSAPICleanupCredentials no  systemctl restart sshd  ssh-keygen  chmod 777  root  ssh id rsa pub   ssh-copy-id -i  root  ssh id rsa pub user ipaddress   thank you all and good luck

User · Answer

According to the line debug1  Authentications that can continue  publickey gssapi-with-mic   ssh password authentication is disabled and apparently you are not using public key authentication   Login to your server using console and open  etc ssh sshd config file  with an editor with root user and look for line PasswordAuthentication then set it s value to yes and finally restart sshd service

User · Answer

Setting 700 to  ssh and 600 to authorized keys solved the issue   chmod 700  root  ssh chmod 600  root  ssh authorized keys

User · Answer

First a password login has to be established to remote machine  Firstly make a password login  you have to enable a password login by enabling the property ie  PasswordAuthentication yes in sshd config file Then restart the sshd service and copy the pub key to remote server  aws ec2 in my case   key will be copied without any error  Without password login works if and only if password login is made first copy the pub key contents to authorised keys  cat xxx pub  gt  gt     ssh authorized keys

User · Answer

Tried a lot of things  it did not help   It get access in a simple way   eval   ssh-agent   gt   dev null killall ssh-agent eval  ssh-agent  ssh-add    ssh id rsa     Note that at the end of the ssh-add -L output must be not a path to the key  but your email

User · Answer

Maybe you should assign the public key to the authorized keys  the simple way to do this is using ssh-copy-id -i your-pub-key-file user dest

User · Answer

fixed by setting GSSAPIAuthentication to no in  etc ssh sshd config

User · Answer

This can happen if you are missing the correct id rsa key set up in authorized keys for an AWS instance  Exact error I got  this article came up when I googled the error   ec2-user X X X X  Permission denied  publickey gssapi-keyex gssapi-with-mic   Note  If you have many keys  you have to either specify the key on the ssh command line or else add it to you ssh-agent keys  see ssh-add -l   Only the first 6 keys from ssh-agent may work - the default sshd MaxAuthTries config value is 6

[ssh] ssh : Permission denied (publickey,gssapi-with-mic)

Examples related to ssh

Examples related to centos

Examples related to gitlab