Permission denied (publickey,gssapi-keyex,gssapi-with-mic)but my Ignition configuration is successfuly applied

Hello everyone!

Id first like to say thank you for everyone contributing to this project, I’ve only just discovered Coreos after reading a Xen-Orchestra blog post detailing Xen’s support for docker environments via coreos.
Which is perfect as I want to run some SNMP monitoring software for a few servers, RAID cards and printers in such an environment.


I’m 3 days in, have tried multiple configurations and am still unable to SSH with my private key.

Below I will detail my procedure with as much information and screenshots as available and hopefully someone can tell me where I am falling over.

  1. Generating the key with Puttygen;
  • 2048 Bits
  • No passhprase

Saving the private key file for loading into putty session under
Connection → SSH → Auth-> Private key selected

Also copying the text box ssh-rsa for the Ignition configuration

  1. File name: coreos.fcc

Have checked the YAML is valid with codebeautify’s yaml-validator.

  1. On a Ubuntu VM I’m executing the following command.

podman run -i --rm --pretty --strict < coreos.fcc > coreos.ign

As a result I’m left with the coreos.ign file

  1. Server is running Cirtix HyperVisior version 8.2
    Loading the BareMetal ISO fedora-coreos-33.20210201.3.0-live.x86_64.iso

Live booting off the image, then running the following.

Reads disk without issues and begins installation.

  • Writing Ignition config
  • Install Complete
  1. On reboot

Ignition: User provided config was applied
Ignition: wrote ssh authorized keys file for user: orthia

I have also tried with username core but still with no such luck!

The error when I try to putty in is

Can provide direct link to config files if required, I’m sure the quoting system doesn’t preserve correct formatting.

Any help will be appreciated,

Your SSH client is likely too old. Fedora 33 and above no longer allow ssh-rsa authentication using a SHA1 message digest, due to security concerns. ssh-rsa keys are fine and can still be used, but the SSH client needs to use them with a newer SHA2-based authentication handshake. You might be able to fix this by upgrading your SSH client, or you could try switching to an ed25519 or ECDSA key.

Hello Benjamin,

Thank you for your prompt reply.
I’m running the latest version of putty Release 0.74 and puttygen Release 0.74

The RSA key generated is a RSA-2 key, I will how ever generate a ed25519 keypair and get back to you!

Hello Benjamin,

:heart_eyes: :couple_with_heart_man_man: :star_struck:

That did it.