KVM Password Prompting

I recently created a copy of OpenNebula on a CentOS 6.6 box. I didn’t follow the quickstart guides as I wanted to be able to add ESX, vCenter and KVM hosts to my cloud. After the host was setup and running I went back through the quickstart guide for the KVM setup. I followed the guide exactly with both my Nebula host and my KVM host. Unfortunately, the KVM host prompts me for a oneadmin password.

Below I have attached the relevant snippet of the logs:

Command execution fail: scp -r /var/lib/one/remotes/. X.X.X.X:/var/tmp/one
Tue Feb 24 15:48:58 2015 [Z0][InM][I]: Warning: Permanently added ‘X.X.X.X’ (RSA) to the list of known hosts.
Tue Feb 24 15:48:58 2015 [Z0][InM][I]: Permission denied, please try again.
Tue Feb 24 15:48:58 2015 [Z0][InM][I]: Permission denied, please try again.
Tue Feb 24 15:48:58 2015 [Z0][InM][I]: Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password).
Tue Feb 24 15:48:58 2015 [Z0][InM][I]: lost connection
Tue Feb 24 15:48:58 2015 [Z0][InM][I]: ExitCode: 1

When this failed I tried to do ssh-copy-id, which also failed. Is there any suggestions on what to try next? I tried to manually move the files over, but the issue of Nebula being unable to log on without a password is still an issue and I’m not sure why it is occuring.

Hi.

As user oneadmin, you can perform an ssh to the dom0 without pass?

if that works… the scp maywork

check if you can perform ssh, if not… beware that $HOME/.ssh/authorized_keys have the public key from the opennebula server

Please check too if sshd_config… sometimes there are some info that make ssh or scp not work.

here can see one config for our servers:

[root@serverdom0 ~]# cat /etc/ssh/sshd_config

SyslogFacility AUTHPRIV
PasswordAuthentication yes
ChallengeResponseAuthentication no
GSSAPIAuthentication no

UsePAM yes
X11Forwarding yes
Subsystem       sftp    /usr/libexec/openssh/sftp-server
AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE
AcceptEnv XMODIFIERS
AcceptEnv INTERACTIVE INTERACTIVE_MEMORY
AcceptEnv OMP_NUM_THREADS LOADEDMODULES
AcceptEnv TMPDIR

HostbasedAuthentication yes
IgnoreUserKnownHosts yes

AllowUsers root oneadmin

Thats my humble info, maybe can not help :sunny:

I attempted to ssh to the KVM box but I still run into the issue where it wants the password

bash-4.1$ ssh e6500
Warning: Permanently added ‘e6500,10.81.49.15’ (RSA) to the list of known hosts.
oneadmin@e6500’s password:

I have rebuilt the KVM box thinking I might have done something wrong. But this still failed.

I then copied the configuration from your server to see if it made a difference and it did not. I tried to apply the configuration on both the nebula server and the remote KVM.

I suspect that there is a bad configuration somewhere in the nebula box, but I am not familiar enough with the process to know for sure. If you need any logs/config files please let me know.

Would ssh-copy-id work instead as a workaround?

Hi Dan.

im never used ssh-copy-id, but i think is an script to perform the id_dsa copy from the master to the dom0.

as oneadmin in the master node:

  1. Can you confirm that have the file (~/.ssh/id_rsa.pub) maybe the full route is /home/oneadmin/.ssh/

its possible that id_rsa.pub not exist and/or have the file id_dsa.pub

if you have the file (for example id_rsa.pub) you must have your PRIVATE key (the same name but whitout .pub extension) ( please never share here your PRIVATE key or the contend )

If have the file perform the command:

ssh-copy-id -i ~/.ssh/id_rsa.pub e6500

the ssh-copy id will ask for the password, you may know of course and give it

after that, the command just will copy your id_rsa.pub to the remote file ~/.ssh/authorized_keys

at now you must be able to perfom the ssh without pass :smile: (I Hope!)