[Freeipa-users] IdM Replica Install SSH failure.

Jesse Johnson jesse.johnson at redhat.com
Wed Apr 22 14:57:07 UTC 2015 

ALL,

I'm attempting to complete a replica install and the system is bombing out on the gssapi portion of the SSH key configuration. I can ssh and selinux is permissive.

Could not SSH into remote host. Error output:
    OpenSSH_6.6.1, OpenSSL 1.0.1e-fips 11 Feb 2013
    debug1: Reading configuration data /etc/ssh/ssh_config
    debug1: /etc/ssh/ssh_config line 56: Applying options for *
    debug1: Connecting to <IDM_master_name> [<IdM_master_ip>] port 22.
    debug1: Connection established.
    debug1: permanently_set_uid: 0/0
    debug1: identity file /root/.ssh/id_rsa type -1
    debug1: identity file /root/.ssh/id_rsa-cert type -1
    debug1: identity file /root/.ssh/id_dsa type -1
    debug1: identity file /root/.ssh/id_dsa-cert type -1
    debug1: identity file /root/.ssh/id_ecdsa type -1
    debug1: identity file /root/.ssh/id_ecdsa-cert type -1
    debug1: identity file /root/.ssh/id_ed25519 type -1
    debug1: identity file /root/.ssh/id_ed25519-cert type -1
    debug1: Enabling compatibility mode for protocol 2.0
    debug1: Local version string SSH-2.0-OpenSSH_6.6.1
    debug1: Remote protocol version 2.0, remote software version OpenSSH_6.6.1
    debug1: match: OpenSSH_6.6.1 pat OpenSSH_6.6.1* compat 0x04000000
    debug1: SSH2_MSG_KEXINIT sent
    debug1: SSH2_MSG_KEXINIT received
    debug1: kex: server->client aes128-ctr hmac-md5-etm at openssh.com none
    debug1: kex: client->server aes128-ctr hmac-md5-etm at openssh.com none
    debug1: kex: curve25519-sha256 at libssh.org need=16 dh_need=16
    debug1: kex: curve25519-sha256 at libssh.org need=16 dh_need=16
    debug1: sending SSH2_MSG_KEX_ECDH_INIT
    debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
    debug1: Server host key: ECDSA <key>
    Warning: Permanently added '<IDM_master_name>,<IdM_master_ip>' (ECDSA) to the list of known hosts.
    debug1: ssh_ecdsa_verify: signature correct
    debug1: SSH2_MSG_NEWKEYS sent
    debug1: expecting SSH2_MSG_NEWKEYS
    debug1: SSH2_MSG_NEWKEYS received
    debug1: Roaming not allowed by server
    debug1: SSH2_MSG_SERVICE_REQUEST sent
    debug1: SSH2_MSG_SERVICE_ACCEPT received
    debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
    debug1: Next authentication method: gssapi-keyex
    debug1: No valid Key exchange context
    debug1: Next authentication method: gssapi-with-mic
    Connection closed by <IdM_master_ip>
Could not SSH to remote host.

Any help would be appreciated.

Jesse P. Johnson CISSP RHC{A,DS,E,SA}
ISC^2: 384989
RH: 120-117-320
C: 757-232-3110

More information about the Freeipa-users mailing list