Publickey authentication for the user vcf failing on the SDDC manger
search cancel

Publickey authentication for the user vcf failing on the SDDC manger

book

Article ID: 408489

calendar_today

Updated On:

Products

VMware SDDC Manager

Issue/Introduction

  • Authentication using the publickey on the sddc manager for the vcf user will fail. 
  • The ssh connection test with the verbose flag will report that the connection is falling back to password-based authentication 

ssh -v -i private_key_file vcf@[email protected] 

YYYY-MM-DD HH:MM:SS debug1: Authentication wait for message.
YYYY-MM-DD HH:MM:SS debug1: Received authentication methods the server will allow: publickey,password
YYYY-MM-DD HH:MM:SS debug1: Next authentication method: publickey
YYYY-MM-DD HH:MM:SS debug1: Trying private key: D:\.ssh\private_key_file
YYYY-MM-DD HH:MM:SS debug1: publickey auth failure.
YYYY-MM-DD HH:MM:SS debug1: Authentications that server will allow: publickey,password
YYYY-MM-DD HH:MM:SS debug1: Trying private key: D:\.ssh\private_key_file
YYYY-MM-DD HH:MM:SS debug1: publickey auth failure.
YYYY-MM-DD HH:MM:SS debug1: Authentications that server will allow: publickey,password
YYYY-MM-DD HH:MM:SS debug1: Trying private key: D:\.ssh\private_key_file
YYYY-MM-DD HH:MM:SS debug1: publickey auth failure.
YYYY-MM-DD HH:MM:SS debug1: Authentications that server will allow: publickey,password
YYYY-MM-DD HH:MM:SS debug1: Trying private key: D:\.ssh\private_key_file
YYYY-MM-DD HH:MM:SS debug1: No more algorithms in PubKeyAlgorithm list.
YYYY-MM-DD HH:MM:SS debug1: No more algorithms to try.
YYYY-MM-DD HH:MM:SS debug1: Next authentication method: password 

  • When validating the /etc/sshd_config file, it can be seen that the configuration settings that are required for the publickey authentication are set correctly  

PubkeyAuthentication yes

AuthorizedKeysFile .ssh/authorized_keys

  • The authorized_keys are correctly stored in /home/vcf/.ssh/authorized_keys file. 
  • Reviewing the journalctl log on the sddc manager will report the following message. 

journalctl -u sshd 

[email protected] sshd[852293]: Authentication refused: bad ownership or modes for directory /home/vcf

  • The ls -ltrh on the /home directory will report ownership of the vc directory with IDs rather than the ownership names as indicated below: 

    drwxr-xr-x. 17 4096 Jun 27 14:47 201 40004 vcf 

Environment

VCF 4.x 

VCF 5.x 

 

Cause

This issue occurs because the /home/vcf directory has incorrect ownership, which leads to the failure to access the .ssh/authorized_keys.

 

Resolution

To resolve the issue, correct the ownership of the vcf directory to group vcf and user vcf. 

  • Log in to the SDDC Manager using ssh as the vcf user and elevate to the root user. 
  • Once logged in, navigate to /home/ 
  • Run ls -ltrh to list the ownership of the VCF directory 
  • Run the following command to change the ownership. 

chown vcf:vcf vcf/

  • Re-testing publickey authentication should be successful. 
Powered by Wolken Software