This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

AWS keypair failing authentication to PA-VM

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

AWS keypair failing authentication to PA-VM

SteveBrown99
L1 Bithead

‎10-05-2022 04:53 PM - edited ‎10-05-2022 05:06 PM

AWS ssh publickey failing while connecting to PA-VM, falls back to password authentication which obviously fails. I suspect some of this behavior is due to macos and openssh deprecating ssh-rsa, PAN-OS 9.1.14 offers ssh-rsa which is rejected by default, -oHostKeyAlgorthms=+ssh-rsa will avoid this issue. Also tried -oPubkeyAcceptedKeyTypes=+ssh-rsa, no difference. Currently using ED25519 keypair instead to see if that makes a difference, it doesn't. Receiving packet type 51 (SSH_MSG_USERAUTH_FAILURE) in response to publickey authentication.

 

permissions on AWSKey.pem 400

 

So what gives? Why can't I connect via ssh publickey to AWS PA-VM?

 

debug1: get_agent_identities: bound agent to hostkey
debug1: get_agent_identities: ssh_fetch_identitylist: agent contains no identities
debug1: Will attempt key: AWSKey.pem ED25519 SHA256:Fb+eyKkBDlwHGAOd4/rw9SRAbkgHk explicit
debug2: pubkey_prepare: done
debug3: send packet: type 5
debug3: receive packet: type 6
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug3: send packet: type 50
debug3: receive packet: type 51
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug3: start over, passed a different list publickey,password,keyboard-interactive
debug3: preferred gssapi-with-mic,publickey,keyboard-interactive,password
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Offering public key: AWSKey.pem ED25519 SHA256:Fb+eyKkBDlwHGAOd4/rw9SRAbcHk explicit
debug3: send packet: type 50
debug2: we sent a publickey packet, wait for reply
debug3: receive packet: type 51
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug2: we did not send a packet, disable method
debug3: authmethod_lookup keyboard-interactive
debug3: remaining preferred: password

0 Likes Likes
0 REPLIES 0
  • 1202 Views
  • 0 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks