Ask Your Question

CentOS - SSH Private Key - Permission denied

asked 2016-03-31 13:22:23 -0500

squeaky369 gravatar image

Error: Permission denied (publickey,gssapi-keyex,gssapi-with-mic)

We are using HP Helion OpenStack 2.0 (I think, nova doesn't work, so I can't find out for sure), anyway, YESTERDAY, I could run any HEAT script (simple or advanced) with my keypair and I could SSH into the instance just fine. Today, I cannot... Even with the scripts that I ran YESTERDAY, will not work.

However, I can go into the web interface in OpenStack, launch an instance from there (without using HEAT) and use the SAME keypair, and it works just fine...

Nothing in the environment changed from yesterday, as far as we know. So I have no idea how to proceed, I've been trying to troubleshoot this for the last 8 hours, no luck yet.

Relivant Information:

  • Permissions on the keypair are 400. I've used several different names including my last name, first name, key, pair, key-pair... So it's not this specific keypair since I've created multiple ones and tried (and updated to match the name) the HEAT script multiple times.

  • Running the script via iTerm on my Mac, and on an instance that still will let me SSH into that is running on the same project.

  • It's in a friendly folder on my computer.

  • I've deleted the 'known_hosts' and started from scratch.

Here is the heat script I am using:

heat_template_version: 2013-05-23

description: Simple template to deploy a single compute instance

    type: OS::Nova::Server
      image: CentOS_7_Stock
      flavor: m1.small
      key_name: keypair
        - network: eb488167-553b-4905-a735-848c49c9a6bf

Can't get anymore basic then that. Here is the ssh verbose log (IP's removed for security):

user-25FVH5:OpenStack user$ ssh -v -i /keypair.pem centos@xx.xx.xx.xx
OpenSSH_6.9p1, LibreSSL 2.1.8
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 21: Applying options for *
debug1: /etc/ssh/ssh_config line 56: Applying options for *
debug1: Connecting to xx.xx.xx.xx [xx.xx.xx.xx] port 22.
debug1: Connection established.
debug1: key_load_public: No such file or directory
debug1: identity file /keypair.pem type -1
debug1: key_load_public: No such file or directory
debug1: identity file /keypair.pem-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.9
debug1: Remote protocol version 2.0, remote software version OpenSSH_6.6.1
debug1: match: OpenSSH_6.6.1 pat OpenSSH_6.6.1* compat 0x04000000
debug1: Authenticating to xx.xx.xx.xx as 'centos'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client <implicit> none
debug1: kex: client->server <implicit> none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:8Rbn8TtKO+zjIj9o6FcrZGul6+mM9BRnOUfRdB85izg
debug1: Host 'xx.xx.xx.xx' is known and matches the ECDSA host key.
debug1: Found key in /Users/pierceg/.ssh/known_hosts:3
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic
debug1: Next authentication method: publickey
debug1: Trying private ...
edit retag flag offensive close merge delete


can you change the permission to 0600 to the key and try ?

Bipin gravatar imageBipin ( 2016-04-02 23:01:01 -0500 )edit

2 answers

Sort by ยป oldest newest most voted

answered 2016-04-05 10:55:58 -0500

squeaky369 gravatar image

Thanks to everyone for the suggestions, but none of them worked. I contacted HP this morning (since they are the provider of our OpenStack and well, we're paying them for support).

Come to find out, when you use a HEAT script, it does not create the standard centos username, it creates a different username: ec2-user.

So now all is well... Thanks everyone! Hope this helps someone else out in the future.

edit flag offensive delete link more

answered 2016-04-05 05:34:15 -0500

Amitabh Sinha gravatar image

updated 2016-04-05 05:40:34 -0500

I was also facing the same issue. I suggest you to do the followings stuffs:- 1. check the mtu size of instance if it is 1500 then set the mtu size to 1450 sudo ip link set mtu 1450 dev eth0 2. Set the permission of key to 0600 chroot 600 key.pem

Hope it will resolve your problem.

edit flag offensive delete link more

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower


Asked: 2016-03-31 13:22:23 -0500

Seen: 2,300 times

Last updated: Apr 05 '16