LFS263 / Lab 4.1: Cannot ssh as aarna into VM - Keyfiles?

gonzalez2020

Hi,
In the lab part of the course, section 4.1- I am supposed to ssh into the aarna account on the openstack VM on GCP.
I am using the keyfiles provided in this discussion: https://forum.linuxfoundation.org/discussion/856828/dont-have-the-ssh-credentials-needed-for-the-aarna-account

However, I get a "permission denied" error trying to log in using the following command:
ssh -i aarna.pem aarna@external_VM_IP_address

->Please help out here. Are the keyfiles still up to date?

Thanks & regards
Roberto

-----shell output----
ssh -i aarna.pem aarna@...
Permission denied (publickey,gssapi-keyex,gssapi-with-mic).

gonzalez2020

Addendum - please also see:

1) Tried the same from Putty using the .ppk file - Putty returns this:
Using username "aarna".
Server refused our key

2) A verbose ssh output from my Linux machine below.

user@debian:$ ssh -v -i aarna.pem aarna@IP
OpenSSH_7.4p1 Debian-10+deb9u7, OpenSSL 1.0.2u 20 Dec 2019
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug1: Connecting to IP[IP] port 22.
debug1: Connection established.
debug1: key_load_public: No such file or directory
debug1: identity file aarna.pem type -1
debug1: key_load_public: No such file or directory
debug1: identity file aarna.pem-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_7.4p1 Debian-10+deb9u7
debug1: Remote protocol version 2.0, remote software version OpenSSH_7.4
debug1: match: OpenSSH_7.4 pat OpenSSH* compat 0x04000000
debug1: Authenticating to IP:22 as 'aarna'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: curve25519-sha256
debug1: kex: host key algorithm: ecdsa-sha2-nistp256
debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: compression: none
debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:sVrJZqfJqvdOylCCyJnganFqW//iNa93ln/Bz9AM1EY
debug1: Host 'IP' is known and matches the ECDSA host key.
debug1: Found key in /home/user/.ssh/known_hosts:2
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<rsa-sha2-256,rsa-sha2-512>
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic
debug1: Next authentication method: gssapi-keyex
debug1: No valid Key exchange context
debug1: Next authentication method: gssapi-with-mic
debug1: Unspecified GSS failure. Minor code may provide more information
No Kerberos credentials available (default cache: FILE:/tmp/krb5cc_1000)

debug1: Unspecified GSS failure. Minor code may provide more information
No Kerberos credentials available (default cache: FILE:/tmp/krb5cc_1000)

debug1: Next authentication method: publickey
debug1: Trying private key: aarna.pem
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic
debug1: No more authentication methods to try.
Permission denied (publickey,gssapi-keyex,gssapi-with-mic).

gonzalez2020

Hi,

this is SOLVED now - I imported the public key from the aarna.ppk file into the GCP, and appended the name "aarna" as comment, so the machine recognizes the user and the key. This now works.

Regards