Cloudera Community

Support Questions

Find answers, ask questions, and share your expertise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search

ERROR MESSAGE: Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password)

Labels:
avatar
author-rank sridhararao_mut
Explorer

Created ‎11-21-2016 04:47 AM

Hi Team,

I am installing 15node cluster with HDP 2.4 and unable to proceed with below error:

========================== Creating target directory... ==========================

Command start time 2016-11-21 12:12:42

Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password). SSH command execution finished host=xxx, exitcode=255 Command end time 2016-11-21 12:12:42

ERROR: Bootstrap of host hdpmaster01.supermoon.com fails because previous action finished with non-zero exit code (255) ERROR MESSAGE: Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password).

I followed below steps:

  1. Generate public and private SSH keys on the Ambari Server host.

    ssh-keygen

  2. Copy the SSH Public Key (id_rsa.pub) to the root account on your target hosts.

    .ssh/id_rsa

    .ssh/id_rsa.pub

  3. Add the SSH Public Key to the authorized_keys file on your target hosts.

    cat id_rsa.pub >> authorized_keys

  4. Depending on your version of SSH, you may need to set permissions on the .ssh directory (to 700) and the authorized_keys file in that directory (to 600) on the target hosts.

    chmod 700 ~/.ssh

    chmod 600 ~/.ssh/authorized_keys

  5. copy authorizedkeys files to all hosts

  6. ssh is working without password.

  7. selinux is disabled and firewall is off on all nodes and my /etc/hosts file first two lines shows:

  8. 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6

Please help me in resolving issue.

Sridhar

41,259 Views
0 Kudos
14 REPLIES 14

avatar
author-rank sunile_manjee author-rank
Master Guru

Created ‎11-21-2016 04:50 AM

One item I noticed in your comments is your etc host file. your etc hosts file should have lines for all nodes in the cluster

20,748 Views
0 Kudos

avatar
author-rank mqureshi
Super Guru

Created ‎11-21-2016 05:05 AM

@Sridhar M

Are you sure about ssh working on all nodes without password. That is you are able to ssh from your node where Ambari is running to all other nodes without a password using root? Can you please confirm?

Finally in your ambari, when you provide ssh key for root user, you need to provide your private and not public key. Is that how you are doing it?

20,748 Views
0 Kudos

avatar
author-rank sridhararao_mut
Explorer

Created ‎11-21-2016 05:10 AM

1)I am able to login without password from ambari server node.

2)I am using /root/.ssh/id_rs.pub

20,748 Views
0 Kudos

avatar
author-rank mqureshi
Super Guru

Created ‎11-21-2016 05:12 AM

@Sridhar M

Are you saying you are providing /root/.ssh/id_rsa.pub to ambari? If yes, then that's your problem. You need to provide your private key, not public key. You need to provide /root/.ssh/id_rsa to ambari. Notice that it asks you for private key, not public key.

20,748 Views
0 Kudos

avatar
author-rank sridhararao_mut
Explorer

Created ‎11-21-2016 05:15 AM

I provided /root/.ssh/id_rsa and got same error now :

RROR: Bootstrap of host hdpmaster02.supermoon.com fails because previous action finished with non-zero exit code (255)
ERROR MESSAGE: Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password).

STDOUT: 
Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password).
20,749 Views
0 Kudos

avatar
author-rank mqureshi
Super Guru

Created ‎11-21-2016 05:21 AM

Here is the thing. You are able to login without password from outside using "root" user. Right? Then it should not fail with this error. Did you downloaded the id_rsa file and imported into ambari from your machine or did you copied and pasted the content? If you copied and pasted the content then it should include everything in the file including "-----------------BEGIN CERTIFICATE--------------" and "------------------------END CERTIFICATE--------------------"

20,749 Views
0 Kudos

avatar
Former Member

Created ‎11-21-2016 05:24 AM

@Sridhar M

- Please make sure that if you are using non-root user, then that user needs to be able to "sudo" in the hosts without entering a password.

- Check which user is ambari server running? You can find it by running the 

ps -fe | grep ambari-server

.

20,749 Views
0 Kudos

avatar
author-rank sridhararao_mut
Explorer

Created ‎11-21-2016 05:25 AM

root 30660 2914 0 13:25 pts/1 00:00:00 grep --color=auto ambari-server root 56948 1 1 11:18 pts/0 00:01:36 /usr/java/default/bin/java -server -XX:NewRatio=3 -XX:+UseConcMarkSweepGC -XX:-UseGCOverheadLimit -XX:CMSInitiatingOccupancyFraction=60 -XX:+CMSClassUnloadingEnabled -Dsun.zip.disableMemoryMapping=true -Xms512m -Xmx2048m -XX:MaxPermSize=128m -Djava.security.auth.login.config=/etc/ambari-server/conf/krb5JAASLogin.conf -Djava.security.krb5.conf=/etc/krb5.conf -Djavax.security.auth.useSubjectCredsOnly=false -cp /etc/ambari-server/conf:/usr/lib/ambari-server/*:/usr/share/java/postgresql-jdbc.jar org.apache.ambari.server.controller.AmbariServer

20,749 Views
0 Kudos

avatar
Former Member

Created ‎11-21-2016 05:35 AM

@Sridhar M

Can you please do "ls -laZ" and see if it is showing "ssh_home_t" ?

Example:

[root@erie1 ~]# cd /root/.ssh/

[root@erie1 .ssh] # ls -laZ
drwx------. root root system_u:object_r:ssh_home_t:s0  .
dr-xr-x---. root root system_u:object_r:admin_home_t:s0 ..
-rw-------. root root system_u:object_r:ssh_home_t:s0  authorized_keys

.

20,749 Views
0 Kudos
Announcements
What's New @ Cloudera
[RELEASED] Cloudera Streaming Analytics 1.14 for Cloudera Pu...
What's New @ Cloudera
Cloudera Data Engineering 1.23: Access Spark from Your Favor...
What's New @ Cloudera
HBase REST server scaling support is Generally Available
What's New @ Cloudera
New CLI option in the update-database command
What's New @ Cloudera
New Action menu item in the Cloudera Operational Database UI
View More Announcements