On 06/20/17 23:51, Frédéric Bron wrote: >> OK..... The only other way I could reproduce the error is if the key that was >> copied into authorized_keys isn't the correct key for the sending system or if I >> managed to copy into authorized_keys in such a way that it was mangled. For example, >> each key needs to be on a single line with no CR/LF sequence. If I managed to >> violate that I also get the error. > also I regenerated a key pair with no improvement: > > $ ssh-keygen -t rsa > Generating public/private rsa key pair. > Enter file in which to save the key (/home/fred/.ssh/id_rsa): > Enter passphrase (empty for no passphrase): > Enter same passphrase again: > Your identification has been saved in /home/fred/.ssh/id_rsa. > Your public key has been saved in /home/fred/.ssh/id_rsa.pub. > The key fingerprint is: > ... > The key's randomart image is: > +---[RSA 2048]----+ > ... > +----[SHA256]-----+ > > $ cp id_rsa.pub authorized_keys > > $ ssh localhost > Permission denied (publickey,gssapi-keyex,gssapi-with-mic). > OK... Well you didn't show the part where you change the permissions on authorized_keys but I'll assume you did.... I still can't reproduce doing it this way on a new VM. How about checking the selinux contexts? [egreshko@f26-b14 .ssh]$ ll -Z * -rw-------. 1 egreshko egreshko unconfined_u:object_r:ssh_home_t:s0 398 Jun 21 01:35 authorized_keys -rw-------. 1 egreshko egreshko unconfined_u:object_r:ssh_home_t:s0 1675 Jun 21 01:34 id_rsa -rw-r--r--. 1 egreshko egreshko unconfined_u:object_r:ssh_home_t:s0 398 Jun 21 01:34 id_rsa.pub -rw-r--r--. 1 egreshko egreshko unconfined_u:object_r:ssh_home_t:s0 171 Jun 21 01:35 known_hosts -- Fedora Users List - The place to go to speculate endlessly
Attachment:
signature.asc
Description: OpenPGP digital signature
_______________________________________________ users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx
