"Permission denied (publickey,gssapi-keyex,gssapi-with-mic)" when attempting to SSH from server 1 to server 2

"Permission denied (publickey,gssapi-keyex,gssapi-with-mic)" when attempting to SSH from server 1 to server 2

I'm trying to ssh from my backup server (CentOS 7) to my production server (CentOS 8), to pull a database backup.

I can't work out what I'm doing wrong. I'm using root on both servers. I've taken the contents of ~/.ssh/id_rsa.pub on BACKUP and put it in ~/.ssh/authorized_keys (owner: root, perms: 644) of PROD.

When I issue this command...

rsync -av -e 'ssh -p 222' root@PROD_IP:/var/www/sites/DB_backup_* /home/DB/

...I get this error:

Permission denied (publickey,gssapi-keyex,gssapi-with-mic).

sshd_config on PROD:

AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE
AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
AcceptEnv XMODIFIERS
AllowUsers mynamehere
AuthorizedKeysFile  .ssh/authorized_keys
ChallengeResponseAuthentication no
ClientAliveCountMax 5
ClientAliveInterval 60
GSSAPIAuthentication yes
GSSAPICleanupCredentials no
HostKey /etc/ssh/ssh_host_ecdsa_key
HostKey /etc/ssh/ssh_host_ed25519_key
HostKey /etc/ssh/ssh_host_rsa_key
PasswordAuthentication no
PermitRootLogin without-password
Port 222
PrintMotd no
Subsystem   sftp    /usr/libexec/openssh/sftp-server
SyslogFacility AUTHPRIV
UseDNS no
UsePAM yes
X11Forwarding yes

(excuse the unusual order - used a quick :sort in vim to get rid of all the comments for the purpose of this post)

What am I doing wrong?

答案1

AllowUsers not including root. was the problem.

Changing

AllowUsers myname

to

AllowUsers myname root

fixed it.

I didn't realise that root needed to be listed in there when the PermitRootLogin declaration strongly implies that root is already allowed!

答案2

Check permissions:

-rw------- 1 user user  822 feb 28  2019 authorized_keys
-rw------- 1 user user   81 dic 14  2018 config
-rw------- 1 user user 1675 dic 14  2018 id_rsa
-rw-r--r-- 1 user user  406 dic 14  2018 id_rsa.pub
-rw-r--r-- 1 user user  222 apr 24  2019 known_hosts

they must be like that

相关内容