Pradeep KNS wrote: > ssh kns@10.40.1.201 -v [snip]
> SHA256:1BAWa9F52c6u26qe8T9ZQsin3lk+VTFeRYBDtkOzNMU > debug1: load_hostkeys: fopen /home/kns/.ssh/known_hosts: No such file or > directory > debug1: load_hostkeys: fopen /home/kns/.ssh/known_hosts2: No such file > or directory > debug1: Host '10.40.1.201' is known and matches the ED25519 host key. > debug1: Found key in /var/lib/sss/pubconf/known_hosts:2 The SSSD ssh integration was used to to validate that the host's SSH key matched what was received so you avoided the "do you trust this host" prompt. So that's good. > debug1: rekey out after 4294967296 blocks > debug1: SSH2_MSG_NEWKEYS sent > debug1: expecting SSH2_MSG_NEWKEYS > debug1: SSH2_MSG_NEWKEYS received > debug1: rekey in after 4294967296 blocks > debug1: Will attempt key: /home/kns/.ssh/id_rsa > debug1: Will attempt key: /home/kns/.ssh/id_dsa > debug1: Will attempt key: /home/kns/.ssh/id_ecdsa > debug1: Will attempt key: /home/kns/.ssh/id_ecdsa_sk > debug1: Will attempt key: /home/kns/.ssh/id_ed25519 > debug1: Will attempt key: /home/kns/.ssh/id_ed25519_sk > debug1: Will attempt key: /home/kns/.ssh/id_xmss > debug1: SSH2_MSG_EXT_INFO received > debug1: kex_input_ext_info: > server-sig-algs=<ssh-ed25519,sk-ssh-ed25...@openssh.com > <mailto:sk-ssh-ed25...@openssh.com>,ssh-rsa,rsa-sha2-256,rsa-sha2-512,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,sk-ecdsa-sha2-nistp...@openssh.com > <mailto:sk-ecdsa-sha2-nistp...@openssh.com>,webauthn-sk-ecdsa-sha2-nistp...@openssh.com > <mailto:webauthn-sk-ecdsa-sha2-nistp...@openssh.com>> > debug1: SSH2_MSG_SERVICE_ACCEPT received > debug1: Authentications that can continue: > publickey,gssapi-keyex,gssapi-with-mic,password,keyboard-interactive > debug1: Next authentication method: gssapi-with-mic > *debug1: Unspecified GSS failure. Minor code may provide more information > Server host/10.40.1....@alpha-grep.com > <mailto:10.40.1....@alpha-grep.com> not found in Kerberos database* IPA keys on hostnames, not IP addresses, hence this message. You need to use a FQDN. AFAIK there is no workaround. > debug1: Authentications that can continue: > publickey,gssapi-keyex,gssapi-with-mic,password,keyboard-interactive > debug1: Next authentication method: publickey > debug1: Trying private key: /home/kns/.ssh/id_rsa > debug1: Trying private key: /home/kns/.ssh/id_dsa > debug1: Trying private key: /home/kns/.ssh/id_ecdsa > debug1: Trying private key: /home/kns/.ssh/id_ecdsa_sk > debug1: Trying private key: /home/kns/.ssh/id_ed25519 > debug1: Trying private key: /home/kns/.ssh/id_ed25519_sk > debug1: Trying private key: /home/kns/.ssh/id_xmss > debug1: Next authentication method: keyboard-interactive > (kns@10.40.1.201 <mailto:kns@10.40.1.201>) Password: It failed to do a Kerberos/GSSAPI auth so it fell back to password. rob _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
