All Products
Search

This Product

    Elastic Compute Service:What do I do if the "No supported authentication methods available (server sent: publickey, gssapi-keyex, gssapi-with-mic)" error message appears when I connect to a Linux ECS instance by using a third-party SSH client?

    Document Center

    Elastic Compute Service:What do I do if the "No supported authentication methods available (server sent: publickey, gssapi-keyex, gssapi-with-mic)" error message appears when I connect to a Linux ECS instance by using a third-party SSH client?

    Last Updated:Aug 21, 2024

    This topic describes the causes of and solutions to the following issue: The "No supported authentication methods available (server sent: publickey, gssapi-keyex, gssapi-with-mic)" error message appears when you connect to a Linux Elastic Compute Service (ECS) instance by using a third-party SSH client.

    Problem description

    When you connect to a Linux ECS instance by using a third-party SSH client, the error messages similar to the following ones appear even if you enter the correct logon credentials: 

    Permission denied (publickey,gssapi-keyex,gssapi-with-mic)
    sshd[10826]: Connection closed by XX.XX.XX.XX
    No supported authentication methods available (server sent: publickey,gssapi-keyex,gssapi-with-mic)

    putty fatal error

    Causes

    The preceding issue occurs when you use a password or a key to connect to the ECS instance.

    • If the issue occurs when you use a password to connect to the ECS instance, password-based logons may be denied on the instance. To resolve the issue, change the value of the PasswordAuthentication parameter to yes. For more information, see the Solution 1: Allow password-based logons section of this topic.

    • If the issue occurs when you use a key to connect to the ECS instance, key-based logons may be denied on the instance or the public key of the SSH key pair may not be added to the .ssh/authorized_keys file of the user account that you use. To resolve the issue, check the /etc/ssh/sshd_config file or upload the public key to the authorized_keys file. For more information, see the Solution 2: Copy and paste the public key to the authorized_keys file section of this topic.

    Solution 1: Allow password-based logons

    1. Connect to the ECS instance by using Virtual Network Computing (VNC).

      For more information, see Connect to an instance by using VNC.

    2. Check the value of the PasswordAuthentication parameter in the /etc/ssh/sshd_config file. 

      sudo cat /etc/ssh/sshd_config

      The following figure shows that the PasswordAuthentication parameter is set to no, which indicates that password-based logons are denied. To allow password-based logons, set the PasswordAuthentication parameter to yes.

      image

    3. Change the value of the PasswordAuthentication parameter from no to yes.

      1. Open the SSH configuration file. 

        sudo vim /etc/ssh/sshd_config

      2. Change the value of the PasswordAuthentication parameter from no to yes.

        image

      3. Press the Esc key, enter :wq, and then press the Enter key to save and close the configuration file.

    4. Run the following command to restart the SSH service: 

      sudo systemctl restart sshd.service

    5. Reconnect to the Linux ECS instance. If you can connect to the Linux ECS instance, the preceding issue is resolved.

    Solution 2: Copy and paste the public key to the authorized_keys file

    1. Connect to the ECS instance by using VNC.

      For more information, see Connect to an instance by using VNC.

    2. Check the value of the PubkeyAuthentication parameter in the /etc/ssh/sshd_config file. 

      sudo cat /etc/ssh/sshd_config

      • If the value of the PubkeyAuthentication parameter is yes, the preceding issue may occur because the public key of the SSH key pair is not added to the .ssh/authorized_keys file of the user account that you use. In this case, proceed to Step 4.

      • If the value of the PubkeyAuthentication parameter is no, key-based logons are denied. To resolve the issue, change the value of the PubkeyAuthentication parameter to yes. In this case, proceed to Step 3.

        image

    3. Change the value of the PubkeyAuthentication parameter from no to yes.

      1. Open the SSH configuration file. 

        sudo vim /etc/ssh/sshd_config

      2. Change the value of the PubkeyAuthentication parameter from no to yes.

        image

      3. Press the Esc key, enter :wq, and then press the Enter key to save and close the configuration file.

      4. Run the following command to restart the SSH service: 

        sudo systemctl restart sshd.service

    4. Copy and paste the public key to the authorized_keys file.

      1. Run the following command to open the authorized_keys file: 

        sudo vim /home/user/.ssh/authorized_keys
        Note

        Replace <user> in the preceding command with the actual username.

      2. Press the I key to enter Insert mode.

      3. Copy and paste the public key that you stored for the SSH key pair to the authorized_keys file.

      4. Press the Esc key, enter :wq, and then press the Enter key to save and close the file.

    5. Reconnect to the Linux ECS instance. If you can connect to the Linux ECS instance, the preceding issue is resolved.