Cloud Platform

Announcement

For appeals, questions and feedback about Oracle Forums, please email oracle-forums-moderators_us@oracle.com. Technical questions should be asked in the appropriate category. Thank you!

Oracle Cloud Compute VM SSH Permission Denied Issue

user13428019Dec 4 2017 — edited Dec 4 2017

I followed the below steps to generate SSH key pair set up for 3 nodes cluster.

In Master Node:

[root@master opc]# getenforce

Enforcing

[root@master opc]# setenforce 0

[root@master opc]# getenforce

Permissive

[root@master opc]# pwd

/home/opc

[opc@master ~]$ ssh-keygen -t rsa

Generating public/private rsa key pair.

Enter file in which to save the key (/home/opc/.ssh/id_rsa):

Enter passphrase (empty for no passphrase):

Enter same passphrase again:

Your identification has been saved in /home/opc/.ssh/id_rsa.

Your public key has been saved in /home/opc/.ssh/id_rsa.pub.

The key fingerprint is:

SHA256:RnTb8+ywe74oq3Pbvxak7PyRYV5FsSpWMVyjzF5WXGw opc@master

The key's randomart image is:

+---[RSA 2048]----+

| . . .o.**|

| . . oo.+.E|

| . . o= =.|

| . o+= .|

| S +.== .|

| . . +*.+ |

| o. =. |

| . o.ooo. |

| .+o++**o |

+----[SHA256]-----+

[opc@master ~]$ ls -lrt .ssh/

total 12

-rw-------. 1 opc opc 381 Dec 4 08:16 authorized_keys

-rw-r--r--. 1 opc opc 391 Dec 4 09:11 id_rsa.pub

-rw-------. 1 opc opc 1675 Dec 4 09:11 id_rsa

[opc@master ~]$ pwd

/home/opc

[opc@mnode .ssh]$ ssh -i id_rsa.pub opc@129.x.x.x

The authenticity of host '129.x. (129.x.x.x)' can't be established.

ECDSA key fingerprint is SHA256:Nj1UwRK8MREcCJRuFRf7VIAQgk.

ECDSA key fingerprint is MD5:a0:b3:89:88:1d:17:a7:02:a8:8f:a3:ef:f4:ba:3e:3d.

Are you sure you want to continue connecting (yes/no)? yes

Warning: Permanently added '129.x' (ECDSA) to the list of known hosts.

Permission denied (publickey,gssapi-keyex,gssapi-with-mic).

Here is the verbose enabled details:

[opc@master .ssh]$ ssh -vvv -i id_rsa.pub opc@129.x.x.x

OpenSSH_7.4p1, OpenSSL 1.0.2k-fips 26 Jan 2017

debug1: Reading configuration data /etc/ssh/ssh_config

debug1: /etc/ssh/ssh_config line 58: Applying options for *

debug2: resolving "129.x.x.x" port 22

debug2: ssh_connect_direct: needpriv 0

debug1: Connecting to 129.x.x.x [129.x.x.x] port 22.

debug1: Connection established.

debug1: identity file id_rsa.pub type 1

debug1: key_load_public: No such file or directory

debug1: identity file id_rsa.pub-cert type -1

debug1: Enabling compatibility mode for protocol 2.0

debug1: Local version string SSH-2.0-OpenSSH_7.4

debug1: Remote protocol version 2.0, remote software version OpenSSH_7.4

debug1: match: OpenSSH_7.4 pat OpenSSH* compat 0x04000000

debug2: fd 3 setting O_NONBLOCK

debug1: Authenticating to 129.x.x.x:22 as 'opc'

debug3: hostkeys_foreach: reading file "/home/opc/.ssh/known_hosts"

debug3: record_hostkey: found key type ECDSA in file /home/opc/.ssh/known_hosts:1

debug3: load_hostkeys: loaded 1 keys from 129.x.x.x

debug3: order_hostkeyalgs: prefer hostkeyalgs: ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521

debug3: send packet: type 20

debug1: SSH2_MSG_KEXINIT sent

debug3: receive packet: type 20

debug1: SSH2_MSG_KEXINIT received

debug2: local client KEXINIT proposal

debug2: KEX algorithms: curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c

debug2: host key algorithms: ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,ssh-dss-cert-v01@openssh.com,ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa,ssh-dss

debug2: ciphers ctos: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc

debug2: ciphers stoc: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc

debug2: MACs ctos: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1

debug2: MACs stoc: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1

debug2: compression ctos: none,zlib@openssh.com,zlib

debug2: compression stoc: none,zlib@openssh.com,zlib

debug2: languages ctos:

debug2: languages stoc:

debug2: first_kex_follows 0

debug2: reserved 0

debug2: peer server KEXINIT proposal

debug2: host key algorithms: ssh-rsa,rsa-sha2-512,rsa-sha2-256,ecdsa-sha2-nistp256,ssh-ed25519

debug2: ciphers ctos: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc,blowfish-cbc,cast128-cbc,3des-cbc

debug2: ciphers stoc: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc,blowfish-cbc,cast128-cbc,3des-cbc

debug2: compression ctos: none,zlib@openssh.com

debug2: compression stoc: none,zlib@openssh.com

debug2: languages ctos:

debug2: languages stoc:

debug2: first_kex_follows 0

debug2: reserved 0

debug1: kex: algorithm: curve25519-sha256

debug1: kex: host key algorithm: ecdsa-sha2-nistp256

debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none

debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none

debug1: kex: curve25519-sha256 need=64 dh_need=64

debug3: send packet: type 30

debug1: expecting SSH2_MSG_KEX_ECDH_REPLY

debug3: receive packet: type 31

debug1: Server host key: ecdsa-sha2-nistp256 SHA256:Nj1UwRK8MREcCJRuFRf7VIAQgLBP2se327FzyGaVBxk

debug3: hostkeys_foreach: reading file "/home/opc/.ssh/known_hosts"

debug3: record_hostkey: found key type ECDSA in file /home/opc/.ssh/known_hosts:1

debug3: load_hostkeys: loaded 1 keys from 129.x.x.x

debug1: Host '129.x.x.x' is known and matches the ECDSA host key.

debug1: Found key in /home/opc/.ssh/known_hosts:1

debug3: send packet: type 21

debug2: set_newkeys: mode 1

debug1: rekey after 134217728 blocks

debug1: SSH2_MSG_NEWKEYS sent

debug1: expecting SSH2_MSG_NEWKEYS

debug3: receive packet: type 21

debug1: SSH2_MSG_NEWKEYS received

debug2: set_newkeys: mode 0

debug1: rekey after 134217728 blocks

debug2: key: id_rsa.pub (0x55b0b1968ea0), explicit

debug3: send packet: type 5

debug3: receive packet: type 7

debug1: SSH2_MSG_EXT_INFO received

debug1: kex_input_ext_info: server-sig-algs=<rsa-sha2-256,rsa-sha2-512>

debug3: receive packet: type 6

debug2: service_accept: ssh-userauth

debug1: SSH2_MSG_SERVICE_ACCEPT received

debug3: send packet: type 50

debug3: receive packet: type 51

debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic

debug3: start over, passed a different list publickey,gssapi-keyex,gssapi-with-mic

debug3: preferred gssapi-keyex,gssapi-with-mic,publickey,keyboard-interactive,password

debug3: authmethod_lookup gssapi-keyex

debug3: remaining preferred: gssapi-with-mic,publickey,keyboard-interactive,password

debug3: authmethod_is_enabled gssapi-keyex

debug1: Next authentication method: gssapi-keyex

debug1: No valid Key exchange context

debug2: we did not send a packet, disable method

debug3: authmethod_lookup gssapi-with-mic

debug3: remaining preferred: publickey,keyboard-interactive,password

debug3: authmethod_is_enabled gssapi-with-mic

debug1: Next authentication method: gssapi-with-mic

debug1: Unspecified GSS failure. Minor code may provide more information

No Kerberos credentials available (default cache: KEYRING:persistent:1000)

debug1: Unspecified GSS failure. Minor code may provide more information

No Kerberos credentials available (default cache: KEYRING:persistent:1000)

debug2: we did not send a packet, disable method

debug3: authmethod_lookup publickey

debug3: remaining preferred: keyboard-interactive,password

debug3: authmethod_is_enabled publickey

debug1: Next authentication method: publickey

debug1: Offering RSA public key: id_rsa.pub

debug3: send_pubkey_test

debug3: send packet: type 50

debug2: we sent a publickey packet, wait for reply

debug3: receive packet: type 51

debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic

debug2: we did not send a packet, disable method

debug1: No more authentication methods to try.

Permission denied (publickey,gssapi-keyex,gssapi-with-mic).

[opc@master .ssh]$

I changed SElinux enforcing -> permissive. Still it gives the error ?

What step i m missing here ?

Added on Dec 4 2017

#cloud-applications, #cloud-infrastructure, #compute, #virtual-cloud-network

6 comments

3,120 views