AWS keypair failing authentication to PA-VM

Showing results for 
Show  only  | Search instead for 
Did you mean: 

AWS keypair failing authentication to PA-VM

L1 Bithead

AWS ssh publickey failing while connecting to PA-VM, falls back to password authentication which obviously fails. I suspect some of this behavior is due to macos and openssh deprecating ssh-rsa, PAN-OS 9.1.14 offers ssh-rsa which is rejected by default, -oHostKeyAlgorthms=+ssh-rsa will avoid this issue. Also tried -oPubkeyAcceptedKeyTypes=+ssh-rsa, no difference. Currently using ED25519 keypair instead to see if that makes a difference, it doesn't. Receiving packet type 51 (SSH_MSG_USERAUTH_FAILURE) in response to publickey authentication.


permissions on AWSKey.pem 400


So what gives? Why can't I connect via ssh publickey to AWS PA-VM?


debug1: get_agent_identities: bound agent to hostkey
debug1: get_agent_identities: ssh_fetch_identitylist: agent contains no identities
debug1: Will attempt key: AWSKey.pem ED25519 SHA256:Fb+eyKkBDlwHGAOd4/rw9SRAbkgHk explicit
debug2: pubkey_prepare: done
debug3: send packet: type 5
debug3: receive packet: type 6
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug3: send packet: type 50
debug3: receive packet: type 51
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug3: start over, passed a different list publickey,password,keyboard-interactive
debug3: preferred gssapi-with-mic,publickey,keyboard-interactive,password
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Offering public key: AWSKey.pem ED25519 SHA256:Fb+eyKkBDlwHGAOd4/rw9SRAbcHk explicit
debug3: send packet: type 50
debug2: we sent a publickey packet, wait for reply
debug3: receive packet: type 51
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug2: we did not send a packet, disable method
debug3: authmethod_lookup keyboard-interactive
debug3: remaining preferred: password

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!