Access Denied Authentication That Can Continue Publickey Gssapi keyex Gssapi with mic Password
Here is an issue hit by one of our trainees from OracleCloud certification (1Zo-160) course. He was trying to copy a file from the on-premise database to Cloud instance but it was failing with error Permission denied. So let me walk you through the issue and the fix.
Before proceeding further, let me first walk you through the different ways to connect to Oracle cloud instance. You can connect to Oracle Cloud instance using below three methods.
- SSH: You can connect to your cloud instance using SSH keys (Private and Public Keys) and Port 22. You have to generate Private and Public key pair (using PuttyGen) on your local PC and then create one cloud instance using that Public key. Then connect to the Cloud instance using private key (via Putty) and SSH Port 22.
- IPSec VPN: You can set up a VPN connection to establish a secure communication channel between your data center and your cloud instance. You can use either a supported third-party VPN device or Corente Services Gateway (an Oracle-provided IPsec solution) installed on a host.
- Fast Connect: This option allows you to access your instances through a direct connection from your on-premises. Transferring data over a direct connection provides better privacy and ensures consistent performance with dedicated bandwidth and controlled latency in your network traffic.
Now let's look into the issue that trainee was hitting.
Issue:
Trainee was using first method that is SSH to connect to Cloud instance. He was trying to copy a file from on-premise database to cloud instance using scp command as shown below.
oracle@dba12c]$ scp -v –i oracleclouddba.ppk /tmp/test.txt oracle@128.140.230.121:/tmp/test.txt
Executing: program /usr/bin/ssh host 128.140.230.121, user oracle, command scp -v -d -t /tmp/test.txt
OpenSSH_5.3p1, OpenSSL 1.0.1e-fips 11 Feb 2013
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Connecting to 128.140.230.121 [128.140.230.121] port 22.
debug1: Connection established.
debug1: identity file /home/oracle/.ssh/identity type -1
debug1: identity file /home/oracle/.ssh/identity-cert type -1
debug1: identity file /home/oracle/.ssh/id_dsa type -1
debug1: identity file /home/oracle/.ssh/id_dsa-cert type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.3
debug1: match: OpenSSH_5.3 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.3
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-sha1 none
debug1: kex: client->server aes128-ctr hmac-sha1 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<2048<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host '129.150.204.101' is known and matches the RSA host key.
debug1: Found key in /home/oracle/.ssh/known_hosts:2
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic
debug1: Next authentication method: gssapi-keyex
debug1: No valid Key exchange context
debug1: Next authentication method: gssapi-with-mic
debug1: Unspecified GSS failure. Minor code may provide more information
Credentials cache file '/tmp/krb5cc_54321' not found
debug1: Unspecified GSS failure. Minor code may provide more information
Credentials cache file '/tmp/krb5cc_54321' not found
debug1: Next authentication method: publickey
debug1: Trying private key: /home/oracle/.ssh/identity
debug1: Offering public key: /home/oracle/.ssh/id_rsa
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic
debug1: Trying private key: /home/oracle/.ssh/id_dsa
debug1: Trying private key: /home/oracle/.ssh/id_ecdsa
debug1: No more authentication methods to try.
Permission denied (publickey,gssapi-keyex,gssapi-with-mic).
lost connection
Cause:
The trainee was using the extension ".ppk" for private key while Copying the file. Extension ".ppk" is only for windows and putty but if you do scp you need open ssh format.
Fix:
Please make sure to follow below points before copying on Cloud instance:
1. We need to convert the private key (.ppk) file as it will not work on Linux. We will use this converted open ssh file while copying the data on cloud from source. Steps to concert private file via puttygen are below
- Open Puttygen and click on conversion and Import file to import your private file.
- Click on conversions and then Export OpenSSH Key.
- Now give any name to the file without any Extension and select All Files(*) under save as and save the file.
2. After copying converted open ssh file on your server, give permission 600 to the file before running scp command.
If you want to learn more about Oracle Cloud and troubleshooting like above then check our Oracle Database Cloud Service (DBCS) Certification (1Z0-160),where we cover each and every topic required to clear your 1z0-160 certification with both a theoretical and practical approach.
Source: https://k21academy.com/oracle-database-cloud/oracle-database-cloud-permission-denied-publickeygssapi-keyexgssapi-with-mic/
0 Response to "Access Denied Authentication That Can Continue Publickey Gssapi keyex Gssapi with mic Password"
Post a Comment