Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

SSH error "Permission Denied (publickey)" Cloudstack

Posted on 2012-03-23
4
Medium Priority
?
2,613 Views
Last Modified: 2012-06-21
Hi,

I have installed a Cloudstack environment whereby we have a 1 management server and 2 Xenserver hosts. I have recently been advised to update a Cloudstack securty certificate in order to fix a previous issue I was having, however in doing so I have been left unable to ssh in to my console proxy VM, or any other virtual machines for that matter. The error I am recieving is "Permission Denied (publickey)".

# ssh -i /root/.ssh/id_rsa.cloud -p 3922 root@169.254.3.143
Permission denied (publickey).


Shown below is a debug of the ssh connection:
[root@yds-clvm1 /]# ssh -vT -i /root/.ssh/id_rsa.cloud -p 3922 root@169.254.3.143
OpenSSH_4.3p2, OpenSSL 0.9.8e-fips-rhel5 01 Jul 2008
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Connecting to 169.254.3.143 [169.254.3.143] port 3922.
debug1: Connection established.
debug1: permanently_set_uid: 0/0
debug1: identity file /root/.ssh/id_rsa.cloud type -1
debug1: loaded 1 keys
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.5p1 Debian-6
debug1: match: OpenSSH_5.5p1 Debian-6 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_4.3
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-cbc hmac-md5 none
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host '169.254.3.143' is known and matches the RSA host key.
debug1: Found key in /root/.ssh/known_hosts:1
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Trying private key: /root/.ssh/id_rsa.cloud
debug1: read PEM private key done: type RSA
debug1: Authentications that can continue: publickey
debug1: No more authentication methods to try.
Permission denied (publickey).

Before applying the certificate update I was able to access using SSH fine.

This is the update I applied:
http://docs.cloudstack.org/Knowledge_Base/Updating_the_SSL_certificate_for_realhostip_domain

Any help would be great.

Thanks,
Adam
0
Comment
Question by:YorkData
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 11

Expert Comment

by:legolasthehansy
ID: 37757100
Have you tried the toubleshooting section on the link you provided. This looks like a customized setup and you would need to get help from support
0
 
LVL 7

Expert Comment

by:expert1010
ID: 37760935
Check that your public key (/root/.ssh/id_rsa.cloud.pub) is in 169.254.3.143:/root/.ssh/authorized_keys

I've sometimes had problems with wrong ownership on .ssh or .ssh/authorized_keys. Mostly that has been my own fault like copying with wrong user or permissions.
0
 

Accepted Solution

by:
YorkData earned 0 total points
ID: 37861452
Apologies about abandon of question. I was able to revert the connecting sevrer back to a prevous snapshot (VM) and also had to re-build the Xen VM on which the Console Proxy was sitting. Not an ideal solution, or one that will help others however fixed my problem in the end.

Thanks,
Adam
0
 

Author Closing Comment

by:YorkData
ID: 37879972
Fixed my issue.
0

Featured Post

The top UI technologies you need to be aware of

An important part of the job as a front-end developer is to stay up to date and in contact with new tools, trends and workflows. That’s why you cannot miss this upcoming webinar to explore the latest trends in UI technologies!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A customer recently asked me about anti-malware and the different deployment options available for his business. Daily news about cyberattacks, zero-day vulnerabilities, and companies that suffered a security breach made him wonder if the endpoint …
Your data is at risk. Probably more today that at any other time in history. There are simply more people with more access to the Web with bad intentions.
This Micro Tutorial will explain how to export DynamoDB tables in Amazon Web Services.
Internet Business Fax to Email Made Easy - With eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…

715 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question