gpssh-exkeys fails with error: "Permission denied" during local key exchange

search cancel

gpssh-exkeys fails with error: "Permission denied" during local key exchange

book

Article ID: 295710

calendar_today

Updated On:

Products

VMware Tanzu Greenplum

Issue/Introduction

Symptoms:

The gpssh-exkeys command returns the following error:

[root@mdw gpadmin]# gpssh-exkeys -f /home/gpadmin/gpconfigs/hostfile_exkeys
[STEP 1 of 5] create local ID and authorize on local host
... /root/.ssh/id_rsa file exists ... key generation skipped
[ERROR mdw.company.com] authentication check failed:
Permission denied (publickey,password).
[ERROR] cannot establish ssh access into the local host?

Environment

Resolution

During the keyexchange, gpssh-exkeys will first attempt to authenticate locally before proceeding to exchange keys with a cluster.

In this case, the error above is caused by PermitRootLogin being set to no in the /etc/ssh/sshd_config. When PermitRootLogin is set to no in the /etc/ssh/sshd_config, follow the steps below to restart sshd.

Comment out PermitRootLogin in /etc/ssh/sshd_config:
```
#PermitRootLogin no
```
Restart sshd:
```
service sshd restart
```

Another reason for this error is related to the permissions of the user in the home directory. Since "StrictModes" is set to no by default in /etc/ssh/sshd_config, the required permissions for SSH are as follows:

chmod g-w /home/your_user
chmod 700 /home/your_user/.ssh
chmod 600 /home/your_user/.ssh/authorized_keys

Feedback

thumb_up Yes

thumb_down No