Created attachment 1482807 [details] ssh -vvvv centos7.5-server output Description of problem: I'm using OpenSSH's certificate based authentication without any problem with openssh-7.7p1-2.fc28.x86_64. As soon as I upgrade it to any new package version, authentication starts to fail when connecting a CentOS 7.5 box but it succeed connecting CentOS 6.10. CentOS 7.5 is using the following OpenSSH package: - openssh-7.4p1-16.el7.x86_64 CentOS 6.10 is using the following OpenSSH package: - openssh-5.3p1-123.el6_9.x86_64 Version-Release number of selected component (if applicable): - Fedora 28 x86_64 - OpenSSH packages after openssh-7.7p1-2.fc28.x86_64 How reproducible: Always reproducible. Steps to Reproduce: 1. Using OpenSSH signed certificates, try to connect a remote host running CentOS/RHEL 7.5, configured to just accept certificates authentication, from a Fedora 28 client, using any OpenSSH package higher than openssh-7.7p1-2.fc28.x86_64. Actual results: Authentication fails with "Permission denied (publickey,gssapi-keyex,gssapi-with-mic)." message Expected results: Authentication succeeds. Additional info:
Created attachment 1482809 [details] sshd_config on CentOS 7.5 server
The workaround I'm using is 'sudo dnf downgrade -y openssh', which installs openssh-7.7p1-2.fc28.x86_64, version that is working fine.
*** This bug has been marked as a duplicate of bug 1627875 ***