ssh: handshake failed: ssh: unable to authenticate, attempted methods [none publickey], no supported methods remain #2696
Comments
|
Did you copy the SSH keys to the host? Did you successfully test using SSH on the command line (If so, how), what type of SSH key is generated? Is it passphrase protected or not? |
|
Howdy, Nothing I could think of worked to fix this issue:
The thing that finally worked in both cases was to use an ed25519 SSH key, NOT an rsa key. |
|
What OS were you using? Some don't accept RSA by default anymore. |
|
We're using Fedora 34. Using the |
|
@WillNilges What is in the log of sshd on the server when RKE attempts to login and fails? If it works manually, it sounds like a Golang library (version) issue or something. |
|
https://www.reddit.com/r/Fedora/comments/jhxbdh/no_ssh_public_key_auth_after_upgrade_to_fedora_33/ Figured it out. It's a Fedora issue, not an RKE issue. The sshd service was giving my co-worker these logs: He's currently in the process of replacing his keys. Though, because he's on Windows, there's some wackyness with the way that keys are being handled. He's got an ed25519 key, and that's the one his rke config is pointed to, but for some reason, as you can see, it's defaulting to the RSA key still. I told him to yeet the key out of his SSH directory so there's no way it'll be used. Will keep you posted. |
|
So what's the solution?
This is blocking for us to continue with Rancher. |
|
@WillNilges What was your workaround to make it work? |
Can you post your complete ignition config? I think there are several places where keys are mentioned, and you have to be sure that they're all correct. Also post logs from your I see that you're trying to set up with |
|
This issue/PR has been automatically marked as stale because it has not had activity (commit/comment/label) for 60 days. It will be closed in 14 days if no further activity occurs. Thank you for your contributions. |
|
As @WillNilges said, changing to ed25519 method helped to get past this error. |
|
I change RSA to ed25519 method helped to get past this error OpenSSh version on host which run RKE is |
RKE version: rke version v1.2.12
**Docker version: (
docker version,docker infopreferred)**20.10.8Operating system and kernel: (
cat /etc/os-release,uname -rpreferred) Centos 7Type/provider of hosts: (VirtualBox/Bare-metal/AWS/GCE/DO) Vmware
cluster.yml file:
nodes:
- address: 192.168.198.135
user: xp
role:
- controlplane
- etcd
- worker
ssh_key_path: /home/xp/.ssh/id_rsa
Steps to Reproduce:
STEP1:ssh-keygen
STEP2: rke --debug up
Results:
DEBU[0000] Checking if cluster version [1.20.10-rancher1-1] needs to have kube-api audit log enabled
DEBU[0000] Cluster version [1.20.10-rancher1-1] needs to have kube-api audit log enabled
DEBU[0000] Enabling kube-api audit log for cluster version [v1.20.10-rancher1-1]
DEBU[0000] Host: 192.168.198.135 has role: controlplane
DEBU[0000] Host: 192.168.198.135 has role: etcd
DEBU[0000] Host: 192.168.198.135 has role: worker
INFO[0000] Building Kubernetes cluster
INFO[0000] [dialer] Setup tunnel for host [192.168.198.135]
DEBU[0000] Connecting to Docker API for host [192.168.198.135]
DEBU[0010] FIXME: Got an status-code for which error does not match any expected type!!!: -1 module=api status_code=-1
WARN[0010] Failed to set up SSH tunneling for host [192.168.198.135]: Can't retrieve Docker Info: error during connect: Get "http://%2Fvar%2Frun%2Fdocker.sock/v1.24/info": Unable to access node with address [192.168.198.135:22] using SSH. Please check if you are able to SSH to the node using the specified SSH Private Key and if you have configured the correct SSH username. Error: ssh: handshake failed: ssh: unable to authenticate, attempted methods [none publickey], no supported methods remain
WARN[0010] Removing host [192.168.198.135] from node lists
FATA[0010] Cluster must have at least one etcd plane host: failed to connect to the following etcd host(s) [192.168.198.135]
The text was updated successfully, but these errors were encountered: