[one-users] ssh password less login not function

Amier Anis mymabma at gmail.com
Thu Oct 3 03:35:54 PDT 2013


HI team,

once opennebula-common create oneadmin, Is there any issue if i reset the
oneadmin password?

Is there any require password-less from workers to management node?



On Wed, Oct 2, 2013 at 5:02 PM, Amier Anis <mymabma at gmail.com> wrote:

> I don't think that selinux is the issue as I can ssh with password-less
> without issue if no opennebula installed.
> I also has tried using "setenforce 0" and still have same issue. (i try
> diffrent machine)
>
> [oneadmin at mnode lib]$ /usr/sbin/sestatus
> SELinux status:                 disabled
>
>
> I has tried both let the opennebula-common created the user or i manually
> created. same issue.
> This is how I install opennebula and the component:-
>
> yum -y install opennebula-server opennebula-sunstone opennebula-ozones
> opennebula-gate opennebula-flow opennebula-node-kvm
>
>
> Yes, i have all the file in the ~/.ssh
>
> [oneadmin at mnode .ssh]$ ls -l
> total 16
> -rw------- 1 oneadmin oneadmin  406 Oct  2 10:19 authorized_keys
> -rw------- 1 oneadmin oneadmin   61 Oct  2 03:08 config
> -rw------- 1 oneadmin oneadmin 1675 Oct  2 10:19 id_rsa
> -rw------- 1 oneadmin oneadmin  406 Oct  2 10:19 id_rsa.pub
>
> ​I try to ssh -v node01 ... this error come out. however, this error not
> appear at the first place.
>
> -bash-4.1$ ssh -v 10.86.3.101
>
> OpenSSH_5.3p1, OpenSSL 1.0.0-fips 29 Mar 2010
>
> debug1: Reading configuration data /var/lib/one/.ssh/config
>
> debug1: Reading configuration data /etc/ssh/ssh_config
>
> debug1: Applying options for *
>
> debug1: Connecting to 10.86.3.101 [10.86.3.101] port 22.
>
> debug1: Connection established.
>
> debug1: identity file /var/lib/one/.ssh/identity type -1
>
> debug1: identity file /var/lib/one/.ssh/id_rsa type 1
>
> debug1: identity file /var/lib/one/.ssh/id_dsa type -1
>
> debug1: Remote protocol version 2.0, remote software version OpenSSH_5.3
>
> debug1: match: OpenSSH_5.3 pat OpenSSH*
>
> debug1: Enabling compatibility mode for protocol 2.0
>
> debug1: Local version string SSH-2.0-OpenSSH_5.3
>
> debug1: SSH2_MSG_KEXINIT sent
>
> debug1: SSH2_MSG_KEXINIT received
>
> debug1: kex: server->client aes128-ctr hmac-md5 none
>
> debug1: kex: client->server aes128-ctr hmac-md5 none
>
> debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
>
> debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
>
> debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
>
> debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
>
> debug1: Host '10.86.3.101' is known and matches the RSA host key.
>
> debug1: Found key in /var/lib/one/.ssh/known_hosts:1
>
> debug1: ssh_rsa_verify: signature correct
>
> debug1: SSH2_MSG_NEWKEYS sent
>
> debug1: expecting SSH2_MSG_NEWKEYS
>
> debug1: SSH2_MSG_NEWKEYS received
>
> debug1: SSH2_MSG_SERVICE_REQUEST sent
>
> debug1: SSH2_MSG_SERVICE_ACCEPT received
>
> debug1: Authentications that can continue:
> publickey,gssapi-keyex,gssapi-with-mic,password
>
> debug1: Next authentication method: gssapi-keyex
>
> debug1: No valid Key exchange context
>
> debug1: Next authentication method: gssapi-with-mic
>
> debug1: Unspecified GSS failure.  Minor code may provide more information
>
> Bad format in credentials cache
>
> debug1: Unspecified GSS failure.  Minor code may provide more information
>
> Bad format in credentials cache
>
> debug1: Unspecified GSS failure.  Minor code may provide more information
>
> debug1: Unspecified GSS failure.  Minor code may provide more information
>
> Bad format in credentials cache
>
> debug1: Next authentication method: publickey
>
> debug1: Trying private key: /var/lib/one/.ssh/identity
>
> debug1: Offering public key: /var/lib/one/.ssh/id_rsa
>
> debug1: Authentications that can continue:
> publickey,gssapi-keyex,gssapi-with-mic,password
>
> debug1: Trying private key: /var/lib/one/.ssh/id_dsa
>
> debug1: Next authentication method: password​
>
>
> Which is better I export /var/lib/one to every workers node or manually
> export to each workers?
>
> Thanks you.
>
> Regards & Best Wishes,
>
>
> *.: Amier Anis :.*
> Mobile: +6012-260-0819
> On Wed, Oct 2, 2013 at 3:40 PM, Valentin Bud <valentin.bud at gmail.com>wrote:
>
>> Hello Amier,
>>
>>
>> On Wed, Oct 2, 2013 at 10:27 AM, Amier Anis <mymabma at gmail.com> wrote:
>>
>>> Hi valentin,
>>>
>>> Yes, I'm using packaging from opennebula repo and no error during
>>> install either i created the oneadmin first before install or automatic
>>> created by the installer.
>>>
>>> yum -y install opennebula-server opennebula-sunstone opennebula-ozones
>>> opennebula-gate opennebula-flow opennebula-node-kvm
>>>
>>>
>> The opennebula-common package provides the user oneadmin so no need to
>> create it manually. The opennebula-common is required by
>> opennebula-server so no need to install it manually.
>>
>>
>>>
>>> I also has remove selinux from the system.
>>>>>>>>>>>>
>>> yum -y remove selinux-policy
>>>
>>>
>> Have you rebooted you system afterwards?
>>
>>
>>>
>>> Yes, I already configure
>>> ~/.ssh/config
>>>
>>> [oneadmin at mnode]$ vi ~/.ssh/config
>>>  Host *
>>>         StrictHostKeyChecking no
>>>         UserKnownHostsFile /dev/null
>>>   ControlMaster auto
>>> ControlPath /tmp/%r@%h:%p
>>>
>>
>> This looks OK.
>>
>> I suggest you remove the packages yum -y remove opennebula-\* and remove
>> the oneadmin user, rm -rf /var/lib/one, reboot the machine and start
>> from scratch. Let the packages deal with user creation. After that on
>> mnode you should have the oneadmin public/private keys in
>> ~/.ssh and the public key in ~/.ssh/authorized_keys. You can config ssh
>> and try to ssh localhost.
>>
>> WARNING: don't remove the /var/lib/one directory if you have precious
>> data in there.
>>
>> If that doesn't work config sshd to LogLevel DEBUG3 and watch what the
>> logs say. Also take a look at /var/log/audit/audit.log.
>> It might shed some light.
>>
>> Good Will,
>>
>>
>>>
>>> Thanks you.
>>>
>>> *.: Amier Anis :.*
>>> Mobile: +6012-260-0819
>>>
>>> On Wed, Oct 2, 2013 at 2:58 PM, Valentin Bud <valentin.bud at gmail.com>wrote:
>>>
>>>> Hello Amier,
>>>>
>>>>
>>>> On Wed, Oct 2, 2013 at 9:16 AM, Amier Anis <mymabma at gmail.com> wrote:
>>>>
>>>>> *Hi Guys,*
>>>>>
>>>>> I'm having issue with ssh password less login not function correctly.
>>>>> It's work with fresh install CentOS 6.4 before install opennebula.
>>>>> Once opennebula started, it doesn't work any more. The workers node can
>>>>> login with less password without any issue but management node can't login
>>>>> to worker nodes.
>>>>>
>>>>
>>>> I see you're using CentOS as OS. Have you installed OpenNebula from
>>>> packages [1]? Have you configured SSH as
>>>> pointed in [1]. I mean the
>>>> ~/.ssh/config part.
>>>>
>>>> Another important aspect is SELINUX. Is it on or off? If it on check
>>>> the /var/lib/one/.ssh context, it should have ssh_home_t as label.
>>>> You can accomplish that using
>>>> chcon -R -t ssh_home_t /var/lib/one/.ssh as either oneadmin or root.
>>>>
>>>>
>>>>>
>>>>> At first attempt, I install opennebula then setup the ssh-keygen to
>>>>> oneadmin (created during installation) and I also hv tried to create
>>>>> oneadmin first then install opennebula but both failed
>>>>>
>>>>
>>>>> If the mgmt server can ssh with password less to workers then the mgmt
>>>>> server can't ssh to itself as the mgmt server also have the vm.
>>>>>
>>>>
>>>> I suggest you install OpenNebula from packages and work your way up
>>>> from there. Don't forget to check the SELINUX context of oneadmin's ~/.ssh
>>>> and either SSH to
>>>> hosts in advance or configure SSH via ~/.ssh/config to allow
>>>> connections without StrictHostKeyChecking.
>>>>
>>>>
>>>>>
>>>>> *My Setup*
>>>>>
>>>>>    1. I only export and share /var/lib/one/datastores to every workers
>>>>>    2. authorized_keys has been export to every wokers vice versa.
>>>>>    3. declared every hostname in /etc/hosts
>>>>>
>>>>> Is there any issue or things that i need to look into it.
>>>>>
>>>>> Thanks you.
>>>>>
>>>> If you need more help in the future be sure to come back and ask for it
>>>> :). Enjoy.
>>>>
>>>>
>>>>>
>>>>>
>>>>>
>>>>> *.: Amier Anis :.*
>>>>> Mobile: +6012-260-0819
>>>>>
>>>>
>>>> [1]:
>>>> http://opennebula.org/documentation:rel4.2:ignc#centos_platform_notes
>>>>
>>>>
>>>> Good Will,
>>>> --
>>>> Valentin Bud
>>>> http://databus.pro | valentin at databus.pro
>>>>
>>>
>>>
>>
>>
>> --
>> Valentin Bud
>> http://databus.pro | valentin at databus.pro
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opennebula.org/pipermail/users-opennebula.org/attachments/20131003/33332baf/attachment-0002.htm>


More information about the Users mailing list