[memo] macOS High Sierra にアップデートした後、外部のVPS に公開鍵認証方式で ssh接続できなくなった Permission denied (publickey,gssapi-keyex,gssapi-with-mic)

以下のエラーで接続できない。

[zunermuka ~]$ ssh user0001@example.jp -p xxyyzz
/Users/zunermuka/.ssh/config line X: Unsupported option "rsaauthentication"
Enter passphrase for key '/Users/zunermuka/.ssh/id_rsa':
Permission denied (publickey,gssapi-keyex,gssapi-with-mic).
[zunermuka ~]$ vim /Users/zunermuka/.ssh/config

該当行を削除

https://www.ssh.com/ssh/config/
RSAAuthentication
Specifies whether to try RSA authentication. This is for protocol version 1 only and is deprecated.

これは古い設定のまま使っていたことが原因。
問題なのは以下の部分。

[zunermuka ~]$ ssh user0001@example.jp -p xxyyzz
Enter passphrase for key '/Users/zunermuka/.ssh/id_rsa':
Permission denied (publickey,gssapi-keyex,gssapi-with-mic).

該当ディレクトリ、ファイルのパーミッションは確認済み。
パスフレーズはスキップしていたはずだけれど、これは公開鍵認証周りの設定問題。
接続できないのは問題なので、その場しのぎで対応。

一旦、パスワード入力方式へ変更する

https://secure.sakura.ad.jp/vps/#/login

VPS の VNCコンソールから ログイン

[root ~]$  vim /etc/ssh/sshd_config

公開鍵認証方式からパスワード入力方式にする

PubkeyAuthentication yes
↓
PubkeyAuthentication no

PasswordAuthentication no
↓
PasswordAuthentication yes

sshd を再起動して反映する

[root ~]$  /sbin/service sshd restart

認証鍵ペアを削除する

SAKURA Internet [Virtual Private Server SERVICE]

[zunermuka ~]$ ssh user0001@example.jp -p xxyyzz
user0001@example.jp's password:
[user0001@example.jp .ssh]$ rm /home/user0001/.ssh/authorized_keys

macOS側
[zunermuka ~]$ rm /Users/zunermuka/.ssh/id_rsa
rm: remove regular file '/Users/zunermuka/.ssh/id_rsa'? yes
[zunermuka ~]$ rm /Users/zunermuka/.ssh/id_rsa.pub
rm: remove regular file '/Users/zunermuka/.ssh/id_rsa.pub'? yes

認証鍵ペアを再生成する

[zunermuka ~]$ ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/Users/zunermuka/.ssh/id_rsa):
Enter passphrase (empty for no passphrase): XXXXXXXXXXXXXXXXXX
Enter same passphrase again: XXXXXXXXXXXXXXXXXX
Your identification has been saved in /Users/zunermuka/.ssh/id_rsa.
Your public key has been saved in /Users/zunermuka/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:ZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZ zunermuka@local
The key's randomart image is:

生成した公開鍵を ssh-copy-id で転送、設定する

[zunermuka ~]$ ssh-copy-id -p xxyyzz user0001@example.jp
/usr/local/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/Users/zunermuka/.ssh/id_rsa.pub"
/usr/local/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/local/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
user0001@example.jp's password:

Number of key(s) added: 1

Now try logging into the machine, with:   "ssh -p 'xxyyzz' 'user0001@example.jp'"
and check to make sure that only the key(s) you wanted were added.

[zunermuka ~]$ ssh user0001@example.jp -p xxyyzz
user0001@example.jp's password:

SAKURA Internet [Virtual Private Server SERVICE]

[user0001@example.jp ~]$ ls -la .ssh/

-rw------- 1 user0001 user0001  402  10月 2  9:00 2017 authorized_keys

[user0001@example.jp ~]$ su -
パスワード:

公開鍵認証方式へ戻す

[rooth@example.jp ~]$ vim /etc/ssh/sshd_config

パスワード入力方式から公開鍵認証に戻す

PubkeyAuthentication no
↓
PubkeyAuthentication yes

PasswordAuthentication yes
↓
PasswordAuthentication no

sshd を再起動して反映する

[rooth@example.jp ~]$ /sbin/service sshd restart
[root@example.jp ~]# exit
logout
[user0001@example.jp ~]$ exit
logout
Connection to example.jp closed.

[zunermuka ~]$ ssh user0001@example.jp -p xxyyzz
Enter passphrase for key '/Users/zunermuka/.ssh/id_rsa':

SAKURA Internet [Virtual Private Server SERVICE]

[user0001@example.jp ~]$ exit
logout
Connection to example.jp closed.