Publickey, gssapi-with-mic, Unspecified GSS failure, publickeytoken
In the latest MHA configuration, the error message Permission denied (publickey, gssapi-with-mic, password) is displayed. When using ssh-v, the Unspecified GSS failure error occurs. This is mainly caused by the use of the GSSAPI authentication function. This is also the reason if you encounter a slow use of scp. Let's continue.
1. Fault
# Masterha_check_ssh -- conf =/etc/app1.cnf
Wed Apr 8 14:33:26 2015-[warning] Global configuration file/etc/masterha_default.cnf not found. Skipping.
...............
Permission denied (publickey, gssapi-with-mic, password ).
Wed Apr 8 14:33:26 2015-[error] [/usr/lib/perl5/site_perl/5.8.8/MHA/SSHCheck. pm, ln86] SSH connection from
Root @ vdbsrv1 (192.168.1.6: 22) to root @ vdbsrv2 (192.168.1.7: 22) failed!
### It takes about 20 s to ssh to another host
# Time ssh 192.168.1.7 date
Wed Apr 15 21:33:53 CST 2015
Real 0m20. 245 s
User 0m0. 013 s
Sys 0m0. 007 s
### Use the-v parameter for ssh connection
# Ssh-v 192.168.1.7
OpenSSH_4.3p2, OpenSSL 0.9.8e-fips-rhel5 01 Jul 2008
Debug1: Reading configuration data/etc/ssh/ssh_config
Debug1: Applying options *
Debug1: Connecting to 192.168.1.7 [192.168.1.7] port 22.
Debug1: Connection established.
Debug1: permanently_set_uid: 0/0
Debug1: identity file/root/. ssh/identity type-1
Debug1: identity file/root/. ssh/id_rsa type 1
Debug1: identity file/root/. ssh/id_dsa type-1
Debug1: loaded 3 keys
Debug1: Remote protocol version 2.0, remote software version OpenSSH_4.3
Debug1: match: OpenSSH_4.3 pat OpenSSH *
Debug1: Enabling compatibility mode for protocol 2.0
Debug1: Local version string SSH-2.0-OpenSSH_4.3
Debug1: SSH2_MSG_KEXINIT sent
Debug1: SSH2_MSG_KEXINIT initialized ed
Debug1: kex: server-> client aes128-ctr hmac-md5 none
Debug1: kex: client-> server aes128-ctr hmac-md5 none
Debug1: SSH2_MSG_KEX_DH_GEX_REQUEST (1024 <1024) sent
Debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
Debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
Debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
Debug1: Host '192. 168.1.7 'is known and matches the RSA host key.
Debug1: Found key in/root/. ssh/known_hosts: 1
Debug1: ssh_rsa_verify: signature correct
Debug1: SSH2_MSG_NEWKEYS sent
Debug1: expecting SSH2_MSG_NEWKEYS
Debug1: SSH2_MSG_NEWKEYS received ed
Debug1: SSH2_MSG_SERVICE_REQUEST sent
Debug1: SSH2_MSG_SERVICE_ACCEPT received ed
Debug1: Authentications that can continue: publickey, gssapi-with-mic, password
Debug1: Next authentication method: gssapi-with-mic
Debug1: Unspecified GSS failure. Minor code may provide more information
No credentials cache found
Debug1: Unspecified GSS failure. Minor code may provide more information
No credentials cache found
Debug1: Unspecified GSS failure. Minor code may provide more information
No credentials cache found
Debug1: Next authentication method: publickey
Debug1: Trying private key:/root/. ssh/identity
Debug1: Offering public key:/root/. ssh/id_rsa
Debug1: Server accepts key: pkalg ssh-rsa blen 277
Debug1: read PEM private key done: type RSA
Debug1: Authentication succeeded (publickey ).
Debug1: channel 0: new [client-session]
Debug1: Entering interactive session.
Debug1: Sending environment.
Debug1: Sending env LANG = en_US.UTF-8
Last login: Wed Apr 15 16:56:12 2015 from 192.168.1.124
2. troubleshooting
### View GSSAPI options on the target end
[Root @ vdbsrv2 ~] # Grep GSSAPI/etc/ssh/sshd_config
# GSSAPI options
# GSSAPIAuthentication no
GSSAPIAuthentication yes ### enable GSSAPI Authentication
# GSSAPICleanupCredentials yes
GSSAPICleanupCredentials yes
### Author: Leshami
### Blog: http://blog.csdn.net/leshami
[Root @ vdbsrv2 ~] # Cp/etc/ssh/sshd_config/etc/ssh/sshd_config.bk
[Root @ vdbsrv2 ~] # Vi/etc/ssh/sshd_config ### disable this authentication method
[Root @ vdbsrv2 ~] # Grep GSSAPI/etc/ssh/sshd_config ### view the closed result
# GSSAPI options
GSSAPIAuthentication no
# GSSAPIAuthentication yes
# GSSAPICleanupCredentials yes
GSSAPICleanupCredentials yes
### Restart the sshd service
[Root @ vdbsrv2 ~] # Service sshd restart
Stopping sshd: [OK]
Starting sshd: [OK]
### Test again. No exception is reported when only 0.191 s or ssh-v is used.
[Root @ vdbsrv1 ~] # Time ssh 192.168.1.7 date
Wed Apr 15 21:48:10 CST 2015
Real 0m0. 191 s
User 0m0. 014 s
Sys 0m0. 003 s