Palo Alto VM GCP not using ssh key and forcing password authentication

Artman1000 — Mon, 16 Sep 2024 00:06:59 GMT

I have tried multiple BYOL images in Google Cloud and re-generate SSH keys. It keeps asking to authenticate the admin user with no known passwords. It's ignoring the keys I guess. Is there something missing from my config when I deploy via Terraform?

ebug1: Found key in /Users/arthurgreenwald/.ssh/known_hosts:1

debug3: send packet: type 21

debug2: ssh_set_newkeys: mode 1

debug1: rekey out after 134217728 blocks

debug1: SSH2_MSG_NEWKEYS sent

debug1: expecting SSH2_MSG_NEWKEYS

debug3: receive packet: type 21

debug1: SSH2_MSG_NEWKEYS received

debug2: ssh_set_newkeys: mode 0

debug1: rekey in after 134217728 blocks

debug2: KEX algorithms: sntrup761x25519-sha512@openssh.com,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com

debug2: host key algorithms: rsa-sha2-512-cert-v01@openssh.com,rsa-sha2-256-cert-v01@openssh.com,rsa-sha2-512,rsa-sha2-256,ssh-ed25519-cert-v01@openssh.com,ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,sk-ssh-ed25519-cert-v01@openssh.com,sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,ssh-ed25519,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,sk-ssh-ed25519@openssh.com,sk-ecdsa-sha2-nistp256@openssh.com

debug2: ciphers ctos: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com

debug2: ciphers stoc: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com

debug2: MACs ctos: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1

debug2: MACs stoc: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1

debug2: compression ctos: none,zlib@openssh.com,zlib

debug2: compression stoc: none,zlib@openssh.com,zlib

debug2: languages ctos:

debug2: languages stoc:

debug2: first_kex_follows 0

debug2: reserved 0

debug3: send packet: type 5

debug3: receive packet: type 7

debug1: SSH2_MSG_EXT_INFO received

debug3: kex_input_ext_info: extension server-sig-algs

debug1: kex_ext_info_client_parse: server-sig-algs=<ssh-ed25519,ssh-rsa,rsa-sha2-256,rsa-sha2-512,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521>

debug3: receive packet: type 6

debug2: service_accept: ssh-userauth

debug1: SSH2_MSG_SERVICE_ACCEPT received

debug3: send packet: type 50

debug3: receive packet: type 51

debug1: Authentications that can continue: publickey,password,keyboard-interactive

debug3: start over, passed a different list publickey,password,keyboard-interactive

debug3: preferred publickey,keyboard-interactive,password

debug3: authmethod_lookup publickey

debug3: remaining preferred: keyboard-interactive,password

debug3: authmethod_is_enabled publickey

debug1: Next authentication method: publickey

debug3: ssh_get_authentication_socket_path: path '/private/tmp/com.apple.launchd.ZNH6LsrogL/Listeners'

debug1: get_agent_identities: bound agent to hostkey

debug1: get_agent_identities: ssh_fetch_identitylist: agent contains no identities

debug1: Will attempt key: id_rsa RSA SHA256:k2DHDAMxAZL++FB8pVn+WjCEUKQMHFjwhVcsUlVofGE explicit

debug2: pubkey_prepare: done

debug1: Offering public key: id_rsa RSA SHA256:k2DHDAMxAZL++FB8pVn+WjCEUKQMHFjwhVcsUlVofGE explicit

debug3: send packet: type 50

debug2: we sent a publickey packet, wait for reply

debug3: receive packet: type 51

debug1: Authentications that can continue: publickey,password,keyboard-interactive

debug2: we did not send a packet, disable method

debug3: authmethod_lookup keyboard-interactive

debug3: remaining preferred: password

debug3: authmethod_is_enabled keyboard-interactive

debug1: Next authentication method: keyboard-interactive

debug2: userauth_kbdint

debug3: send packet: type 50

debug2: we sent a keyboard-interactive packet, wait for reply

debug3: receive packet: type 60

debug2: input_userauth_info_req: entering

debug2: input_userauth_info_req: num_prompts 1

(admin@X.X.X.X) Password:

Re: Palo Alto VM GCP not using ssh key and forcing password authentication

JayGolf — Mon, 16 Sep 2024 23:03:07 GMT

Hi @Artman1000 ,

Try specifying the private key for login. ssh -i /path/to/private-key-file admin@x.x.x.x

I'd also verify the ssh key metadata entered is the correct one.

Re: Palo Alto VM GCP not using ssh key and forcing password authentication

Artman1000 — Sat, 21 Sep 2024 11:45:40 GMT

Thanks Jay, unfortunately, it seems with the Terraform code from the registry that I need to specific the public code in the terraform.tfvars file once I did that it worked as you showed for SSH connection

topic Re: Palo Alto VM GCP not using ssh key and forcing password authentication in General Topics

Palo Alto VM GCP not using ssh key and forcing password authentication

Re: Palo Alto VM GCP not using ssh key and forcing password authentication

Re: Palo Alto VM GCP not using ssh key and forcing password authentication