Problem scenario
You try to use start-dfs.sh or start-yarn.sh. You received this message: Permission denied (publickey,gssapi-keyex,gssapi-with-mic).
What do you do?
Solution
You need to be able to ssh into the node without any Hadoop components. To help you troubleshoot, consider the following items on the server that is causing the problem (e.g., the DataNode server, but it could be the NameNode server itself):
1. Does the authorized_keys file in /home/hduser/authorized_keys have permissions rw-------? If not you may need to use this command: sudo chmod 600 authorized_keys
2. Does the authorized_keys file in /home/hduser/authorized_keys, on the problematic server, have the content of /home/hduser/id_rsa.pub, on the NameNode server? That is the content of the /home/hduser/id_rsa.pub on the NameNode server needs to be appended to the /home/hduser/authorized_keys file (or exist somewhere among potentially other strings from .pub files) on the NameNode server.
3. On the server that has the problem, is the /home/hduser owned by hduser and associated with the group Hadoop?
There would be a problem if you were in /home/ and ran "ls -lh" and saw this:
drwxr-xr-x 3 root root 4.0K Jan 3 06:11 hduser
To remedy the problem, you would need to be a sudoer user. Then you would run this:
sudo chown -R hduser:hadoop /home/hduser
4. See this posting to set up SSH keys between two Linux servers.