GPDB : SSH permission denied (public key)

Question

When trying to ssh (from greenplum system user) one of datanode from Master gpdb host.

env - gpdb 4.3.10

Getting error

[gpadmin@mdw ~]$ ssh datanode

Permission denied (publickey,gssapi-keyex,gssapi-with-mic). [gpadmin@mdw ~]$

WE Tried Tried on pivotal docs https://discuss.pivotal.io/hc/en-us/articles/203777546-gpssh-exkeys-Fails-with-Error-Permission-denied-During-Local-Key-Exchange

Also, observed node not able to SSH any of data node/master host.

**Here is verbose mode  -v with SSH info**

debug1: Host 'datanode01' is known and matches the ECDSA host key.
debug1: Found key in /home/gpadmin/.ssh/known_hosts:3
debug1: ssh_ecdsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic
debug1: Next authentication method: gssapi-keyex
debug1: No valid Key exchange context
debug1: Next authentication method: gssapi-with-mic
debug1: Unspecified GSS failure.  Minor code may provide more information
No Kerberos credentials available
debug1: Unspecified GSS failure.  Minor code may provide more information
No Kerberos credentials available
debug1: Unspecified GSS failure.  Minor code may provide more information
debug1: Unspecified GSS failure.  Minor code may provide more information
No Kerberos credentials available
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /home/gpadmin/.ssh/id_rsa
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic
debug1: Trying private key: /home/gpadmin/.ssh/id_dsa
debug1: Trying private key: /home/gpadmin/.ssh/id_ecdsa
debug1: Trying private key: /home/gpadmin/.ssh/id_ed25519
debug1: No more authentication methods to try.
Permission denied (publickey,gssapi-keyex,gssapi-with-mic)

Answer 1

I think the problem isn't the root login as that doc suggests but rather, password authentication is disabled. Try running this on ALL nodes:

sudo sed -i 's/PasswordAuthentication no/PasswordAuthentication yes/' /etc/ssh/sshd_config
sudo service sshd restart
echo "gpadmin:changeme" | sudo chpasswd

Then retry gpssh-exkeys as gpadmin.

gpssh-exkey -f all_hosts

After you exchange the keys, you can disable password authentication again.

sudo sed -i 's/PasswordAuthentication yes/PasswordAuthentication no/' /etc/ssh/sshd_config