SSH Secure Copy Denied/Timed Out

Question

I'm relatively new to the Linux game. I have an SSH connection established with a remote host and attempting to secure copy (scp) from remote host to my local machine. I'm running Linux Ubuntu on Oracle VM.

When I run ssh-v:

OpenSSH_7.6p1 Ubuntu-4ubuntu0.3, OpenSSL 1.0.2n  7 Dec 2017
debug1: Reading configuration data /home/USER/.ssh/config
debug1: /home/USER/.ssh/config line 1: Applying options for novagpvm01
debug1: Connecting to HOSTNAME [HOSTIP] port 22.
debug1: Connection established.
debug1: identity file /home/USER/.ssh/id_rsa type 0
debug1: key_load_public: No such file or directory
debug1: identity file /home/USER/.ssh/id_rsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/USER/.ssh/id_dsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/USER/.ssh/id_dsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/USER/.ssh/id_ecdsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/USER/.ssh/id_ecdsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/USER/.ssh/id_ed25519 type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/USER/.ssh/id_ed25519-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_7.6p1 Ubuntu-4ubuntu0.3
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.3
debug1: match: OpenSSH_5.3 pat OpenSSH_5* compat 0x0c000000
debug1: Authenticating to HOSTNAME:22 as 'USER'
debug1: Offering GSSAPI proposal: gss-gex-sha1-toWM8Slw8Ew8Mqkay+al2g==,gss-group1-sha1-
toWM5Slw5Ew8Mqkay+al2g==,gss-group14-sha1-toWM5Slw5Ew8Mqkay+al2g==,gss-gex-sha1- 
eipGX3TCiTUrx573bT1o1Q==,gss-group1-sha1-eipGX3TCiQSrx573bT1o1Q==,gss-group14-sha1-
eipGX3TCiTUrx573bT1o1Q==
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: gss-gex-sha1-toWM8Slw8Ew8Mqkay+al2g==
debug1: kex: host key algorithm: ssh-rsa
debug1: kex: server->client cipher: aes128-ctr MAC: umac-64@openssh.com compression: none
debug1: kex: client->server cipher: aes128-ctr MAC: umac-64@openssh.com compression: none
debug1: Doing group exchange
debug1: Calling gss_init_sec_context
debug1: Delegating credentials
debug1: Received GSSAPI_COMPLETE
debug1: Calling gss_init_sec_context
debug1: Delegating credentials
debug1: Rekey has happened - updating saved versions
debug1: rekey after 4294967296 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey after 4294967296 blocks
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: gssapi-keyex,gssapi-with-mic
debug1: Next authentication method: gssapi-keyex
debug1: Authentication succeeded (gssapi-keyex).
Authenticated to HOSTNAME ([HOSTIP]:22).
debug1: Local connections to LOCALHOST:5901 forwarded to remote address localhost:5904
debug1: Local forwarding listening on 127.0.0.1 port 5901.
debug1: channel 0: new [port listener]
debug1: Local forwarding listening on ::1 port 5901.
bind: Cannot assign requested address
debug1: channel 1: new [client-session]
debug1: Requesting no-more-sessions@openssh.com
debug1: Entering interactive session.
debug1: pledge: exec
debug1: Requesting X11 forwarding with authentication spoofing.
debug1: Requesting authentication agent forwarding.

So the above indicates and established SSH. When I run the secure copy (on my local), which is formated as such:

scp -r -v USER1@HOSTNAME:FOLDERPATH ~/home/USER/folder

I get the following error:

debug1: Authentications that can continue: gssapi-keyex,gssapi-with-mic
debug3: start over, passed a different list gssapi-keyex,gssapi-with-mic
debug3: preferred publickey,keyboard-interactive,password
debug1: No more authentication methods to try.
user@domain: Permission denied (gssapi-keyex,gssapi-with-mic).

I have reviewed the config file on both the host and local and they are what has been recommended from previous posts and the host. I attempt to use my IP address and I get a connection timed out error. It doesn't appear to be a key error either as I get the following:

debug1: Server host key: ssh-rsa SHA256:xn0AoXgnMHKa8f9z9a9bClSHotypJqbIz8Vrw6MxNTc
debug3: hostkeys_foreach: reading file "/home/user/.ssh/known_hosts"
debug3: record_hostkey: found key type RSA in file /home/user/.ssh/known_hosts:1
debug3: load_hostkeys: loaded 1 keys from host.com
debug3: hostkeys_foreach: reading file "/home/user/.ssh/known_hosts"
debug3: record_hostkey: found key type RSA in file /home/user/.ssh/known_hosts:2
debug3: load_hostkeys: loaded 1 keys from XXX.XXX.XX.XX
debug1: Host 'host.com' is known and matches the RSA host key.
debug1: Found key in /home/user/.ssh/known_hosts:1

I'm running out of ideas and would really appreciate some guidance. Thank you!

Answer 1

The default key exchange algorithm used is incompatible. If you check you manpage of ssh_config like

$ man ssh_config

and look for GSSAPIKexAlgorithms, you find possible options to use. You apply them like

$ scp -o GSSAPIKexAlgorithms=gss-nistp256-sha256- -r -v USER1@HOSTNAME:FOLDERPATH ~/home/USER/folder

Answer 2

My bad, sorry. This one is the problem:

debug1: Local forwarding listening on ::1 port 5901.
bind: Cannot assign requested address
debug1: channel 1: new [client-session]

Looks like you are trying to rebind a the ssh process to ::1 port 5901 (usually used for vnc), and that it's already being used by another process.

sudo netstat -anp | grep 5901

or

ss -tunap | grep 5901

should identify the process.