[one-users] ssh password less login not function

Valentin Bud valentin.bud at gmail.com
Wed Oct 2 00:40:08 PDT 2013


Hello Amier,


On Wed, Oct 2, 2013 at 10:27 AM, Amier Anis <mymabma at gmail.com> wrote:

> Hi valentin,
>
> Yes, I'm using packaging from opennebula repo and no error during install
> either i created the oneadmin first before install or automatic created by
> the installer.
>
> yum -y install opennebula-server opennebula-sunstone opennebula-ozones
> opennebula-gate opennebula-flow opennebula-node-kvm
>
>
The opennebula-common package provides the user oneadmin so no need to
create it manually. The opennebula-common is required by
opennebula-server so no need to install it manually.


>
> I also has remove selinux from the system.
>
> yum -y remove selinux-policy
>
>
Have you rebooted you system afterwards?


>
> Yes, I already configure
> ~/.ssh/config
>
> [oneadmin at mnode]$ vi ~/.ssh/config
>  Host *
>         StrictHostKeyChecking no
>         UserKnownHostsFile /dev/null
>   ControlMaster auto
> ControlPath /tmp/%r@%h:%p
>

This looks OK.

I suggest you remove the packages yum -y remove opennebula-\* and remove
the oneadmin user, rm -rf /var/lib/one, reboot the machine and start
from scratch. Let the packages deal with user creation. After that on mnode
you should have the oneadmin public/private keys in
~/.ssh and the public key in ~/.ssh/authorized_keys. You can config ssh and
try to ssh localhost.

WARNING: don't remove the /var/lib/one directory if you have precious data
in there.

If that doesn't work config sshd to LogLevel DEBUG3 and watch what the logs
say. Also take a look at /var/log/audit/audit.log.
It might shed some light.

Good Will,


>
> Thanks you.
>
> *.: Amier Anis :.*
> Mobile: +6012-260-0819
>
> On Wed, Oct 2, 2013 at 2:58 PM, Valentin Bud <valentin.bud at gmail.com>wrote:
>
>> Hello Amier,
>>
>>
>> On Wed, Oct 2, 2013 at 9:16 AM, Amier Anis <mymabma at gmail.com> wrote:
>>
>>> *Hi Guys,*
>>>
>>> I'm having issue with ssh password less login not function correctly.
>>> It's work with fresh install CentOS 6.4 before install opennebula. Once
>>> opennebula started, it doesn't work any more. The workers node can login
>>> with less password without any issue but management node can't login to
>>> worker nodes.
>>>
>>
>> I see you're using CentOS as OS. Have you installed OpenNebula from
>> packages [1]? Have you configured SSH as
>> pointed in [1]. I mean the
>> ~/.ssh/config part.
>>
>> Another important aspect is SELINUX. Is it on or off? If it on check the
>> /var/lib/one/.ssh context, it should have ssh_home_t as label.
>> You can accomplish that using
>> chcon -R -t ssh_home_t /var/lib/one/.ssh as either oneadmin or root.
>>
>>
>>>
>>> At first attempt, I install opennebula then setup the ssh-keygen to
>>> oneadmin (created during installation) and I also hv tried to create
>>> oneadmin first then install opennebula but both failed
>>>
>>
>>> If the mgmt server can ssh with password less to workers then the mgmt
>>> server can't ssh to itself as the mgmt server also have the vm.
>>>
>>
>> I suggest you install OpenNebula from packages and work your way up from
>> there. Don't forget to check the SELINUX context of oneadmin's ~/.ssh and
>> either SSH to
>> hosts in advance or configure SSH via ~/.ssh/config to allow connections
>> without StrictHostKeyChecking.
>>
>>
>>>
>>> *My Setup*
>>>
>>>    1. I only export and share /var/lib/one/datastores to every workers
>>>    2. authorized_keys has been export to every wokers vice versa.
>>>    3. declared every hostname in /etc/hosts
>>>
>>> Is there any issue or things that i need to look into it.
>>>
>>> Thanks you.
>>>
>> If you need more help in the future be sure to come back and ask for it
>> :). Enjoy.
>>
>>
>>>
>>>
>>>
>>> *.: Amier Anis :.*
>>> Mobile: +6012-260-0819
>>>
>>
>> [1]:
>> http://opennebula.org/documentation:rel4.2:ignc#centos_platform_notes
>>
>>
>> Good Will,
>> --
>> Valentin Bud
>> http://databus.pro | valentin at databus.pro
>>
>
>


-- 
Valentin Bud
http://databus.pro | valentin at databus.pro
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opennebula.org/pipermail/users-opennebula.org/attachments/20131002/4bff3bd3/attachment-0002.htm>


More information about the Users mailing list