Solved

SSH error "Permission Denied (publickey)" Cloudstack

Posted on 2012-03-23
4
2,532 Views
Last Modified: 2012-06-21
Hi,

I have installed a Cloudstack environment whereby we have a 1 management server and 2 Xenserver hosts. I have recently been advised to update a Cloudstack securty certificate in order to fix a previous issue I was having, however in doing so I have been left unable to ssh in to my console proxy VM, or any other virtual machines for that matter. The error I am recieving is "Permission Denied (publickey)".

# ssh -i /root/.ssh/id_rsa.cloud -p 3922 root@169.254.3.143
Permission denied (publickey).


Shown below is a debug of the ssh connection:
[root@yds-clvm1 /]# ssh -vT -i /root/.ssh/id_rsa.cloud -p 3922 root@169.254.3.143
OpenSSH_4.3p2, OpenSSL 0.9.8e-fips-rhel5 01 Jul 2008
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Connecting to 169.254.3.143 [169.254.3.143] port 3922.
debug1: Connection established.
debug1: permanently_set_uid: 0/0
debug1: identity file /root/.ssh/id_rsa.cloud type -1
debug1: loaded 1 keys
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.5p1 Debian-6
debug1: match: OpenSSH_5.5p1 Debian-6 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_4.3
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-cbc hmac-md5 none
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host '169.254.3.143' is known and matches the RSA host key.
debug1: Found key in /root/.ssh/known_hosts:1
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Trying private key: /root/.ssh/id_rsa.cloud
debug1: read PEM private key done: type RSA
debug1: Authentications that can continue: publickey
debug1: No more authentication methods to try.
Permission denied (publickey).

Before applying the certificate update I was able to access using SSH fine.

This is the update I applied:
http://docs.cloudstack.org/Knowledge_Base/Updating_the_SSL_certificate_for_realhostip_domain

Any help would be great.

Thanks,
Adam
0
Comment
Question by:YorkData
  • 2
4 Comments
 
LVL 11

Expert Comment

by:legolasthehansy
ID: 37757100
Have you tried the toubleshooting section on the link you provided. This looks like a customized setup and you would need to get help from support
0
 
LVL 7

Expert Comment

by:expert1010
ID: 37760935
Check that your public key (/root/.ssh/id_rsa.cloud.pub) is in 169.254.3.143:/root/.ssh/authorized_keys

I've sometimes had problems with wrong ownership on .ssh or .ssh/authorized_keys. Mostly that has been my own fault like copying with wrong user or permissions.
0
 

Accepted Solution

by:
YorkData earned 0 total points
ID: 37861452
Apologies about abandon of question. I was able to revert the connecting sevrer back to a prevous snapshot (VM) and also had to re-build the Xen VM on which the Console Proxy was sitting. Not an ideal solution, or one that will help others however fixed my problem in the end.

Thanks,
Adam
0
 

Author Closing Comment

by:YorkData
ID: 37879972
Fixed my issue.
0

Featured Post

Backup Your Microsoft Windows Server®

Backup all your Microsoft Windows Server – on-premises, in remote locations, in private and hybrid clouds. Your entire Windows Server will be backed up in one easy step with patented, block-level disk imaging. We achieve RTOs (recovery time objectives) as low as 15 seconds.

Join & Write a Comment

If your business is like most, chances are you still need to maintain a fax infrastructure for your staff. It’s hard to believe that a communication technology that was thriving in the mid-80s could still be an essential part of your team’s modern I…
Monitoring systems evolution, cloud technology benefits and cloud cost calculators business utility.
Connecting to an Amazon Linux EC2 Instance from Windows Using PuTTY.
Internet Business Fax to Email Made Easy - With eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now