public-key-authentication-login-ssh-keys-without-password CWP-CentOS 8 Stream
Followed your guide below which all went well (CWP- CentOS 8 Stream) but receiving this error when login in via putty or bitvise - Is there something I'm missing in the sshd_config file?
Authentication failed. The key has been rejected. Remaining authentication methods: 'gssapi-keyex,gssapi-with-mic
Here is my sshd_config file.
$OpenBSD: sshd_config,v 1.103 2018/04/09 20:41:22 tj Exp $
This is the sshd server system-wide configuration file. See
sshd_config(5) for more information.
This sshd was compiled with PATH=/usr/local/bin:/usr/bin:/usr/local/sbin:/usr/sbin
The strategy used for options in the default sshd_config shipped with
OpenSSH is to specify options with their default value where
possible, but leave them commented. Uncommented options override the
If you want to change the port on a SELinux system, you have to tell
SELinux about this change.
semanage port -a -t ssh_port_t -p tcp #PORTNUMBER
Ciphers and keying
#RekeyLimit default none
This system is following system-wide crypto policy. The changes to
crypto properties (Ciphers, MACs, ...) will not have any effect here.
They will be overridden by command-line options passed to the server
on command line.
Please, check manual pages for update-crypto-policies(8) and sshd_config(5).
The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2
but this is overridden so installations will only check .ssh/authorized_keys
For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
Change to yes if you don't trust ~/.ssh/known_hosts for
Don't read the user's ~/.rhosts and ~/.shosts files
To disable tunneled clear text passwords, change to no here!
Change to no to disable s/key passwords
Set this to 'yes' to enable PAM authentication, account processing,
and session processing. If this is enabled, PAM authentication will
be allowed through the ChallengeResponseAuthentication and
PasswordAuthentication. Depending on your PAM configuration,
PAM authentication via ChallengeResponseAuthentication may bypass
the setting of "PermitRootLogin without-password".
If you just want the PAM account and session checks to run without
PAM authentication, then enable this but set PasswordAuthentication
and ChallengeResponseAuthentication to 'no'.
WARNING: 'UsePAM no' is not supported in Fedora and may cause several
It is recommended to use pam_motd in /etc/pam.d/sshd instead of PrintMotd,
as it is more configurable and versatile than the built-in version.
no default banner path
Accept locale-related environment variables
AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE
override default of no subsystems
Subsystem sftp /usr/libexec/openssh/sftp-server
Example of overriding settings on a per-user basis
#Match User anoncvs
ForceCommand cvs server
Just noticed this is the ssh logs
sshd: WARNING: 'UsePAM no' is not supported in Fedora and may cause several problems
Changed it back to yes, still no go.
sandeep last edited by sandeep
@galactus hi when you login via key is there any error message or anything in the log ?
i tried this in centos vps server and it still works for me.
So in putty terminal window says (Using username "root")
Then putty popup dialogue box says "No supported authentification methods available (server sent: gssapi-keyex, gssapi-with-mic)
This is the ssh server status log:
May 03 07:33:50 panel.server.site systemd: sshd.service: Succeeded.
May 03 07:33:50 panel.server.site systemd: Stopped OpenSSH server daemon.
May 03 07:33:50 panel.server.site systemd: Starting OpenSSH server daemon...
May 03 07:33:50 panel.server.site sshd: Server listening on 0.0.0.0 port 24367.
May 03 07:33:50 panel.server.site sshd: Server listening on :: port 24367.
May 03 07:33:50 panel.server.site systemd: Started OpenSSH server daemon.
May 03 07:34:10 panel.server.site sshd: Connection closed by authenticating user root 220.127.116.11 port 52223 [preauth]
Whenever you're not busy, my login details are still in ticket #137716 at bottom of post near Jose.N if easier for you to login and test. Either way is fine. Thank you.
One thing that just came to mind, just before I found and tried your ssh key login guide,
I tried the SSH Key Access Generator in CWP server settings and generated new keys and Add Pub key to authorized. I tested that and it didn't work, maybe that or something else I did screwed it up?
Shortly after that I used your guide and had no errors in the procedures until the final test of login via putty.
@galactus if you didn't have any other keys added you can delete .ssh directory
rm -rf ~/.ssh
and try to add the keys again (follow the tutorial again) and please don't use windows notepad and other only use
vito add the keys in the server.
@sandeep Thanks, will try that now.
sandeep last edited by sandeep
@galactus let me know if this time it works else I'll check your server
@sandeep Btw do you usually save Key passphrase with your prv key when using putty key gen? I did previously
@sandeep Still the same problem and error message.
I checked authorized_keys file and the public key I generated is definitely in there.
@sabdeep I even checked this guide which is generally the same as yours.
Reinstalled all the certs and tried again, still not working. Not sure what I'm missing.
@galactus will check your server later today
@sandeep Thank you Sandeep, no rush as I know you're probably extremely busy and recovering.
@galactus I've tried it and it works on your server
pub and putty private ppk keys are in
/root/galactusin your server download it
@sandeep Thanks for checking Sandeep, did you need to change anything or did it just work for you? I reverted earlier to a clean snapshot incase I screwed something up somewhere.
@sandeep Tested working perfectly my side with bitvise and putty clients. Thanks very much, really appreciate it.
@galactus i didn't changed anything other than adding key and edited sshd config.