Attempting to SSH to Ops Manger fails with "Permission denied (publickey)."
search cancel

Attempting to SSH to Ops Manger fails with "Permission denied (publickey)."

book

Article ID: 398354

calendar_today

Updated On:

Products

Operations Manager

Issue/Introduction

When attempting to SSH to the Ops Manager VM, it fails with the following error:

Permission denied (publickey).

This may happen after an upgrade, or during normal operations.

Environment

Operations Manager

Resolution

This error is caused when there is a mismatch between the private key you are using to SSH, and the public key deployed on the Ops Manager VM. First, we will need to validate that the private key being used matches the public key.

To do this:

  1. Go to vSphere, search for the Ops Manager VM itself. Once you have found it, go to Configure -> vApp Options -> Properties. The public key should be there under public_ssh_key.  Take note of this.
  2. With the private key you are using to SSH, run ssh-keygen -y -f key.pem > extract.pub , replacing key.pem with your private key file name.
  3. Open the extract.pub file, and compare to the public_ssh_key taken in step 1. They should match.
  4. If using TKGI Management Console, you can also go to the Deployment Metadata -> Ops Manager VM SSH Private Key. This can be used to generate a new public key with the command in Step 2 for use in your jumpbox.

If the public keys do not match, you will need to generate a new public key from your private key, and set this for Ops Manager to use. Please ensure you have your decryption passphrase for Ops Manager, as you'll need it. To do this:

  1. ssh-keygen -y -f key.pem > public_key_new.pub
  2. Then in vSphere, power off the Ops Manager VM, edit the public_ssh_key in vApp Options (take a copy of the old one for backup) and insert the new public key (public_key_new.pub).
  3. Then power on the VM and confirm you can ssh once the VM is online.

If the public keys match, then there is likely an issue from the location you're attempting to SSH from. You can attempt to delete the entries from ~/.ssh/known_hosts relating to the Ops Manager, and then try again.

Finally, if all of the above fails, you might need to generate a new public/private key pair entirely. Please refer to this article for steps on doing so: Regenerate and install a new ssh key pair for the Ops Manager VM

Powered by Wolken Software