Google Cloud Engine Permission denied (publickey, gssapi-keyex, gssapi-with-mic)

I had the same problem and debugged it for about 16 hours. However, that I found a solution, I would like you to have a stake in my odyssey.

I ran GitLab on the Google Compute Engine, declared as a one-click installation.

Well, finally, when I tried to clone a private repository, I received an error message:

 Permission denied (publickey,gssapi-keyex,gssapi-with-mic). 

I was looking for a private / public key pair and I did not find anything unusual.

Then I thought that there might be something wrong with sshd on the server since I received a debug message:

 debug1: ssh_rsa_verify: signature correct [...] debug1: Roaming not allowed by server 

So, I checked a lot of different sshd , but nothing fixed the problem.

Finally, I started server-side debugging and found an error:

 sshd[7364]: debug1: Could not open authorized keys '/var/opt/gitlab/.ssh/authorized_keys': Permission denied 

Finally, it was a road to happiness. Since the file existed and sshd knew which file it should load. However, somehow there was a problem with the resolution .

So, I checked if the files in the remote .ssh folder were in chmod . I did not find anything unusual.

And here is the solution:

SELinux had a problem with the location of the .ssh folder and was not ready to grant ssh daemon permission. Executing a command

restorecon -Rv /var/opt/gitlab/.ssh/

or

semanage fcontext -a -t ssh_home_t "/var/opt/gitlab/.ssh/authorized_keys"

One of the two teams solved the problem. I will be glad if anyone can check which of both of them!

Therefore, you do not need to deactivate SELinux !

Disable selinux.

 setenforce 0 

Also set SELINUX to the permission file in / etc / selinux / config.

Then go to this answer: fooobar.com/questions/802565 / ...

Decision:

1. change the permission of the private key to 0600 for instance 1
2. ssh -i /home/user/.ssh/id_rsa user2@instance-2