The error SSH Permission Denied (publickey,gssapi-keyex,gssapi-with-mic,password) looks after permission-related settings change on the SSH server. Usual scenarios include the creation of new users or a new package installation.
This article will explain how to troubleshoot the SSH Permission Denied (publickey,gssapi-keyex,gssapi-with-mic, password) error and reconnect to your SSH server.
Table of Contents
Prerequisites
- The local machine has an SSH client, and the remote system has an SSH server.
- A user account to connect to a remote server (for password-based login)
- A user account with sudo or root access.
Symptoms of Permission Denied (publickey,gssapi-keyex,gssapi-with-mic,password)
You receive the following error when using the Transfer Tool to connect to a remote server. Where BASIS_IP is the remote server’s IP address:
The remote basic certificate check failed due to an error (The password you provided is incorrect, or the SSH key is not permitted access: Permission denied (publickey,gssapi-keyex,gssapi-with-mic) and response: Connecting to SOURCE_IP:22 as root…using method password.
Plesk relocation fails with the following error message in Plesk:
- It could not get basic information about resellers, clients, and domain data from source servers
- stderr: Permission denied (publickey,gssapi-with-mic,password).
- rsync: connection unexpectedly closed (0 bytes received so far) [sender]
- rsync error: unexplained error (code 255) at io. c(605) [sender=3.0.9]
- One of the subsequent error messages appears in the logfile /var/log/secure (CentOS/RHEL) or /var/log/auth.log (Debian/Ubuntu) on the source server:
“Authentication declined: bad ownership or modes for directory /root/.ssh”
“Authentication declined: bad ownership or modes for file /root/.ssh/authorized_keys.”
What is Causing Permission Denied (publickey,gssapi-keyex,gssapi-with-mic,password)?
When attempting SSH into a server, the following error occurs: SHH Permission denied (publickey,gssapi-keyex,gssapi-with-mic, password).
Following are the Permission denied statements. During connection setup, the bracket contains the failed authentication methods used. The error indicates that the problem is with the public key, which is false.
Could be one of the causes for the error is the file containing SSH server configuration, sshd_config. Another possibility is that the permissions on the authorized keys file are insufficient. This file holds a list of public keys for clients permitted to SSH into the server. As a result of the system’s inability to read from the file, the Permission denied error occurs.
How to fix SSH Permission Denied (publickey,gssapi-keyex,gssapi-with-mic,password)?
You need to perform on the server side; both solutions contain steps. Initiate by opening the terminal on your server and continue with one of the methods below.
Method 1: Allow Password Verification
If you want to access the SSH server using a password, the solution for fixing the Permission denied error is to allow password login in the sshd_config folder.
- To do this using a password, open the file in a text editor. This illustration uses the nano editor in chief: sudo nano /etc/ssh/sshd_config
sudo nano /etc/ssh/sshd_config
- In the folder, find the PasswordAuthentication mark and ensure it ends with yes.
- Find the ChallengeResponseAuthentication option and deactivate it by addition no.
Note: If lines state out, remove the hash mark to uncomment them.
· Save the file and exit.
· By typing the following command, restart the SSH service:
“sudo systemctl resume sshd”
Method 2: Modification Folder System Permissions
Due to security concerns Using the password-based login as the SSH authentication method not recommend. Since it troubleshoots the public key verification method, therefore, the following solution may be preferable
To do this, first, open the sshd_config file via a text editor file:
sudo nano /etc/ssh/sshd_config
In the folder, make sure the subsequent options are customary as follows:
PermitRootLogin no
PubkeyAuthentication yes
Statement out the GSSAPI-related options by the accumulation of the hash sign at the beginning of the line:
GSSAPIAuthentication yes
GSSAPICleanupCredentials no
Also, make sure the UsePAM line is usual to yes:
UsePAM yes
Save the file and resume the sshd service:
systemctl restart sshd
Now navigate to your home folder and check the permissions:
ls -ld
If your owner approvals are not set to read, write, and execute (drwx——), use the chmod command to change them:
chmod 0700 /home/[your-username]
Now go to the .ssh folder and recheck the permissions:
ls -ld
This directory should also have read, write, and execute permissions for the file owner. To enforce them, use chmod again:
chmod 0700 /home/your_home/.ssh
The .ssh folder contains the authorized_keys file. Check its permissions with:
ls -ld authorized_keys
The file owner should have read and write permissions. To set them, use:
chmod 0600 /home/[username]/.ssh/authorized_keys
Now try logging in with the key pair again. The output below shows a successful login attempt.
Conclusion
Following these methods, you can fix Permission denied publickey,gssapi-keyex,gssapi-with-mic,password error troubleshoot the SSH Permission denied. This method covers the necessary step to troubleshoot the SSH Permission denied error
