SSH – Unspecified GSS failure



Recently came across a problem with one system authentication to another via ssh.

I added the public ssh key to ~/.ssh/authorized_keys entry. Changed ownership to the proper user and also [cci]chmod 600 ~/.ssh/authorized_keys[/cci]. Still no dice.

Using [cci]ssh -vvvv[/cci] the following error returned on pubkey authentication:

[cc]debug1: Unspecified GSS failure. Minor code may provide more information
Credentials cache file ‘/tmp/krb5cc_0’ not found[/cc]

Well, that is pretty non-specific.

Since permission problems are the number one issue I have with getting ssh authentication working, and how I thought I set permissions right, my mind then wondered if SELinux permissions were causing a problem. Most providers disable SELinux right off the bat because of the ‘problems’ it causes, but some don’t. It turned out, this one has [cci]SELINUX=enforcing[/cci]. So, let’s fix the SELinux permissions:

[cc]/sbin/restorecon -r /root/.ssh[/cc]

This sets the context as follows:

[cc]# ls -Z authorized_keys
-rw——-. root root unconfined_u:object_r:ssh_home_t:s0 authorized_keys[/cc]

SSH should now authenticate.