Pradeep KNS wrote:
ssh kns@10.40.1.201 -v
[snip]
SHA256:1BAWa9F52c6u26qe8T9ZQsin3lk+VTFeRYBDtkOzNMU debug1: load_hostkeys: fopen /home/kns/.ssh/known_hosts: No such file or directory debug1: load_hostkeys: fopen /home/kns/.ssh/known_hosts2: No such file or directory debug1: Host '10.40.1.201' is known and matches the ED25519 host key. debug1: Found key in /var/lib/sss/pubconf/known_hosts:2
The SSSD ssh integration was used to to validate that the host's SSH key matched what was received so you avoided the "do you trust this host" prompt. So that's good.
debug1: rekey out after 4294967296 blocks debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug1: SSH2_MSG_NEWKEYS received debug1: rekey in after 4294967296 blocks debug1: Will attempt key: /home/kns/.ssh/id_rsa debug1: Will attempt key: /home/kns/.ssh/id_dsa debug1: Will attempt key: /home/kns/.ssh/id_ecdsa debug1: Will attempt key: /home/kns/.ssh/id_ecdsa_sk debug1: Will attempt key: /home/kns/.ssh/id_ed25519 debug1: Will attempt key: /home/kns/.ssh/id_ed25519_sk debug1: Will attempt key: /home/kns/.ssh/id_xmss debug1: SSH2_MSG_EXT_INFO received debug1: kex_input_ext_info: server-sig-algs=<ssh-ed25519,sk-ssh-ed25519@openssh.com mailto:sk-ssh-ed25519@openssh.com,ssh-rsa,rsa-sha2-256,rsa-sha2-512,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,sk-ecdsa-sha2-nistp256@openssh.com mailto:sk-ecdsa-sha2-nistp256@openssh.com,webauthn-sk-ecdsa-sha2-nistp256@openssh.com mailto:webauthn-sk-ecdsa-sha2-nistp256@openssh.com> debug1: SSH2_MSG_SERVICE_ACCEPT received debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password,keyboard-interactive debug1: Next authentication method: gssapi-with-mic *debug1: Unspecified GSS failure. Minor code may provide more information Server host/10.40.1.201@ALPHA-GREP.COM mailto:10.40.1.201@ALPHA-GREP.COM not found in Kerberos database*
IPA keys on hostnames, not IP addresses, hence this message. You need to use a FQDN. AFAIK there is no workaround.
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password,keyboard-interactive debug1: Next authentication method: publickey debug1: Trying private key: /home/kns/.ssh/id_rsa debug1: Trying private key: /home/kns/.ssh/id_dsa debug1: Trying private key: /home/kns/.ssh/id_ecdsa debug1: Trying private key: /home/kns/.ssh/id_ecdsa_sk debug1: Trying private key: /home/kns/.ssh/id_ed25519 debug1: Trying private key: /home/kns/.ssh/id_ed25519_sk debug1: Trying private key: /home/kns/.ssh/id_xmss debug1: Next authentication method: keyboard-interactive (kns@10.40.1.201 mailto:kns@10.40.1.201) Password:
It failed to do a Kerberos/GSSAPI auth so it fell back to password.
rob