8

I've created a user and copied the public key to .ssh/authorized_key for that new user and also I've set the pubkeyauthentication to yes on /etc/ssh/sshd_config after saving the file restarted the sshd service.

When I try to ssh from the new user I am getting error:

Permission denied (publickey,gssapi-keyex,gssapi-with-mic)

Am I missing any step here to ssh from the new user account?

When I check the status for sshd.servive I see error:

AuthorizedKeysCommand /opt/aws/bin/eic_run_authorized_keys xxxx SHA256:84NyibLXFppE4BGIM+1e5iO...status 22
John Rotenstein
  • 241,921
  • 22
  • 380
  • 470
Arunkumar
  • 595
  • 1
  • 9
  • 23

2 Answers2

0

Had the same issue error: AuthorizedKeysCommand /opt/aws/bin/eic_run_authorized_keys ec2-user.

Make sure the file permission is user only (600) in the $HOME/.ssh directory on the SSH client side host.

FYI

To debug:

sudo tail -f /var/log/secure to monitor the reason why SSH refuses the connection.

Make sure $HOME/.ssh/authorized_key content on EC2 instance is correctly match with your ssh private key in the SSH client host.

Make sure correct private key is being used, use -i option to explicitly specify which key you use.

mon
  • 18,789
  • 22
  • 112
  • 205
0

You might want to check the algorithm you are using to generate the key.

I saw exactly the same error message when using the ECDSA algorithm but fixed the problem by using RSA instead (ssh-keygen -t rsa).

If you want to dig deeper you can try

ssh -Q key

to get a list of supported key types.

Jiří Skála
  • 649
  • 9
  • 23
Peter Rhodes
  • 41
  • 7