Disclaimer: This article may contain information about third-party products. Such information is for reference only. Alibaba Cloud does not make a guarantee in any form of the performance and reliability of the third-party products, and potential impacts of operations on these products.
Problem description
When you log on to the Linux ECS instance through the SSH client and enter the correct account password, an error message similar to the following appears.
- Permission denied (publickey,gssapi-keyex,gssapi-with-mic).
- sshd[10826]: Connection closed by XX.XX.XX.XX.
- Disconnected: No supported authentication methods available.
Cause
The default value of parameter PasswordAuthentication
in the SSH service is yes
. Set its value to no
to disable password authentication login, which causes such failures. You need to modify the PasswordAuthentication
configuration to resolve this issue.
Note: This topic describes one of the causes of the problem.
Solution
Take note of the following items:
- Before you perform high-risk operations such as modifying the specifications or data of an Alibaba Cloud instance, we recommend that you check the disaster recovery and fault tolerance capabilities of the instance to ensure data security.
- Before you modify the specifications or data of an Alibaba Cloud instance, such as an Elastic Compute Service (ECS) instance or an ApsaraDB RDS instance, we recommend that you create snapshots or enable backups for the instance. For example, you can enable log backups for an ApsaraDB RDS instance.
- If you have granted specific users the permissions on sensitive information, such as usernames and passwords, or submitted sensitive information in the Alibaba Cloud Management Console, we recommend that you modify the sensitive information at the earliest opportunity.
This topic uses CentOS 6.8 as an example. We recommend that you create a snapshot to back up data before you modify the configuration file. For more information about how to create a snapshot, see Create a snapshot.
- Connect to and log on to a Linux instance. For more information about how to connect to a Linux instance, see Connect to a Linux instance by using a management terminal.
- Run the following command to view the SSH service configuration:
cat /etc/ssh/sshd_config
The system display is similar to the following. Make sure that the following configurations are included. - Run the following command and press the i key to edit the SSH service configuration file, set the parameter
PasswordAuthentication
toyes
, or add# beforePasswordAuthentication
the parameter, press the Esc key to exit the edit mode, and enter:wq
to save and exit.vi /etc/ssh/sshd_config
The system display is similar to the following. - Run the following command to restart the SSH service:
Note: If you use a CentOS 7 or later image, run the
systemctl restart sshd
command to restart SSH.service ssh restart
- Use the SSH client to log on to the Linux instance again.
References
For more information about how to troubleshoot SSH client logon failures, see the Linux ECS instance failure troubleshooting guide.
Applicable scope
- ECS