Introduction
The SSH Permission denied error appears after permission-related settings are modified on the SSH server. Usual scenarios include a new package installation or the creation of new users.
In this tutorial, you will learn how to troubleshoot the SSH Permission denied error and reconnect to your SSH server.
Prerequisites
- SSH client on the local machine and SSH server on the remote system
- A user account to access the remote server (for password-based login)
- A user account with sudo or root privileges
What is Causing SSH Permission Denied (publickey,gssapi-keyex,gssapi-with-mic)?
The SSH Permission denied error appears when trying to SSH into a server:
Permission denied (publickey,gssapi-keyex,gssapi-with-mic)
Following the Permission denied statement, the bracket contains the attempted authentication methods that failed at the initiation of the connection. The error suggests that the public key is the issue, which is misleading.
One reason for the error may be sshd_config
, the file that contains SSH server configuration. The other possibility is that the authorized_keys
file has insufficient permissions. This file contains the list of public keys for the clients allowed to SSH into the server. Consequently, the system’s inability to read from the file results in the Permission denied error.
How to fix SSH Permission denied
Both solutions contain steps you need to perform on the server-side. Start by opening the terminal on your server and proceed with one of the solutions below.
Solution 1: Enable Password Authentication
If you want to use a password to access the SSH server, a solution for fixing the Permission denied error is to enable password login in the sshd_config
file.
To do this, open the file in a text editor. This example uses the nano editor:
sudo nano /etc/ssh/sshd_config
In the file, find the PasswordAuthentication
line and make sure it ends with yes
.
Find the ChallengeResponseAuthentication
option and disable it by adding no
.
If lines are commented out, remove the hash sign #
to uncomment them.
Save the file and exit.
Restart the SSH service by typing the following command:
sudo systemctl restart sshd
Solution 2: Change File System Permissions
Using the password-based login as the SSH authentication method is not recommended due to security concerns. Therefore, the following solution may be preferable since it troubleshoots the public key authentication method.
First, open the sshd_config
file using a text editor:
sudo nano /etc/ssh/sshd_config
In the file, make sure the following options are set as follows:
PermitRootLogin no
PubkeyAuthentication yes
Note: The steps above are considered best security practices. If you need to use root login, set the relevant line to yes
.
Comment out the GSSAPI-related options by adding the hash sign at the beginning of the line:
#GSSAPIAuthentication yes
#GSSAPICleanupCredentials no
Also, make sure the UsePAM
line is set to yes
:
UsePAM yes
Save the file and restart the sshd service:
systemctl restart sshd
Now navigate to your home folder and check the permissions:
ls -ld
If your owner permissions are not set to read, write, and execute (drwx------
), use the chmod command to change them:
chmod 0700 /home/[your-username]
Now go to the .ssh
folder and recheck the permissions:
ls -ld
This directory should also have read, write, and execute permissions for the file owner. To enforce them, use chmod
again:
chmod 0700 /home/your_home/.ssh
The .ssh
folder contains the authorized_keys
file. Check its permissions with:
ls –ld authorized_keys
The file owner should have read and write permissions. To set them, use:
chmod 0600 /home/[username]/.ssh/authorized_keys
Now try logging in with the key pair again. The output below shows a successful login attempt.
Note: For more information about Linux file permission, read the Linux File Permissions Tutorial.
Conclusion
This tutorial covered the steps necessary to troubleshoot the SSH Permission denied (publickey,gssapi-keyex,gssapi-with-mic) error. By completing the steps in the guide, you should fix the error and successfully SSH into your server.
原创文章,作者:1402239773,如若转载,请注明出处:https://blog.ytso.com/224304.html