Oneadmin passwordless ssh error

rmm0707 · March 31, 2016, 3:23pm

so I’ve followed the quick start guide for CentOS7.

I have a server and 2 nodes.

I cannot ssh passwordless using oneadmin from the server to either node (all are physically different devices).

So here’s what I’ve done:

(on the server)
ssh-keygen -t rsa
cat .ssh/id_rsa.pub >> .ssh/authorized_keys
[oneadmin@server ~]$ ls -l .ssh
total 24
-rw-------. 1 oneadmin oneadmin 1068 Mar 31 11:33 authorized_keys
-rw-------. 1 oneadmin oneadmin 87 Mar 31 12:11 config
-rw-------. 1 oneadmin oneadmin 668 Mar 28 10:42 id_dsa
-rw-r–r--. 1 oneadmin oneadmin 638 Mar 28 10:42 id_dsa.pub
-rw-------. 1 oneadmin oneadmin 1679 Mar 31 11:25 id_rsa
-rw-r–r--. 1 oneadmin oneadmin 430 Mar 31 11:25 id_rsa.pub
[oneadmin@server ~]$

Here is me trying to login passwordless to node 1, yet it asks for password
[oneadmin@server ~]$ ssh -v node1
OpenSSH_6.6.1, OpenSSL 1.0.1e-fips 11 Feb 2013
debug1: Reading configuration data /var/lib/one/.ssh/config
debug1: /var/lib/one/.ssh/config line 1: Applying options for *
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 56: Applying options for *
debug1: Connecting to node1 [XXX.XXX.XXX.2] port 22.
debug1: fd 3 clearing O_NONBLOCK
debug1: Connection established.
debug1: identity file /var/lib/one/.ssh/id_rsa type 1
debug1: identity file /var/lib/one/.ssh/id_rsa-cert type -1
debug1: identity file /var/lib/one/.ssh/id_dsa type 2
debug1: identity file /var/lib/one/.ssh/id_dsa-cert type -1
debug1: identity file /var/lib/one/.ssh/id_ecdsa type -1
debug1: identity file /var/lib/one/.ssh/id_ecdsa-cert type -1
debug1: identity file /var/lib/one/.ssh/id_ed25519 type -1
debug1: identity file /var/lib/one/.ssh/id_ed25519-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.6.1
debug1: Remote protocol version 2.0, remote software version OpenSSH_6.6.1
debug1: match: OpenSSH_6.6.1 pat OpenSSH_6.6.1* compat 0x04000000
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5-etm@openssh.com none
debug1: kex: client->server aes128-ctr hmac-md5-etm@openssh.com none
debug1: kex: curve25519-sha256@libssh.org need=16 dh_need=16
debug1: kex: curve25519-sha256@libssh.org need=16 dh_need=16
debug1: sending SSH2_MSG_KEX_ECDH_INIT
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ECDSA 61:f3:fe:da:63:03:0c:5e:6e:cc:4f:ec:98:16:bf:87
Warning: Permanently added ‘node1,XXX.XXX.XXX.2’ (ECDSA) to the list of known hosts.
debug1: ssh_ecdsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
debug1: Next authentication method: gssapi-keyex
debug1: No valid Key exchange context
debug1: Next authentication method: gssapi-with-mic
debug1: Unspecified GSS failure. Minor code may provide more information
No Kerberos credentials available

debug1: Unspecified GSS failure. Minor code may provide more information
No Kerberos credentials available

debug1: Unspecified GSS failure. Minor code may provide more information

debug1: Unspecified GSS failure. Minor code may provide more information
No Kerberos credentials available

debug1: Next authentication method: publickey
debug1: Offering RSA public key: /var/lib/one/.ssh/id_rsa
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
debug1: Offering DSA public key: /var/lib/one/.ssh/id_dsa
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
debug1: Trying private key: /var/lib/one/.ssh/id_ecdsa
debug1: Trying private key: /var/lib/one/.ssh/id_ed25519
debug1: Next authentication method: password
oneadmin@node1’s password:
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
Permission denied, please try again.
oneadmin@node1’s password:
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
Permission denied, please try again.
oneadmin@node1’s password:

[oneadmin@server ~]$

[oneadmin@server ~]$ onehost show node1
HOST 0 INFORMATION
ID : 0
NAME : node1
CLUSTER : -
STATE : ERROR
IM_MAD : kvm
VM_MAD : kvm
VN_MAD : dummy
LAST MONITORING TIME : 03/31 12:22:13

HOST SHARES
TOTAL MEM : 0K
USED MEM (REAL) : 0K
USED MEM (ALLOCATED) : 0K
TOTAL CPU : 0
USED CPU (REAL) : 0
USED CPU (ALLOCATED) : 0
RUNNING VMS : 0

MONITORING INFORMATION
ERROR=“Thu Mar 31 12:22:13 2016 : Error monitoring Host node1 (0): -“
RESERVED_CPU=”“
RESERVED_MEM=””

VIRTUAL MACHINES

ID USER     GROUP    NAME            STAT UCPU    UMEM HOST             TIME

[oneadmin@server ~]$
[oneadmin@server ~]$

Also, SELINUX is Permissive on all devices.

I’m not sure what I’m missing here. I’d appreciate any help.

knawnd · March 31, 2016, 3:27pm

Just a quick guess: what are permissions on ~oneadmin/.ssh dir ?
I normally do ‘chmod 700 ~user/.ssh’.

rmm0707 · March 31, 2016, 3:28pm

They are 600 as per documentation.

knawnd · March 31, 2016, 4:53pm

Have you tried to change ~user/.ssh directory permissions to 700 to check if that fixs the problem?

rmm0707 · March 31, 2016, 4:54pm

Would I only need to change it on the server? Or on the node(s) as well?

knawnd · March 31, 2016, 4:59pm

On the host you try to connect to. In case of opennebula oneadmin user needs to have passwordless access from front-end node (FN) to cloud node (CN). So try to run ‘chmod 700 ~oneadmin/.ssh’ on the CN and then try to connect as oneadmin user from FN to that CN.

rmm0707 · March 31, 2016, 5:02pm

got it at 700, still same condition.

[oneadmin@node1 ~]$ ls -al
total 28
drwxr-xr-x. 5 oneadmin oneadmin 4096 Mar 31 11:38 .
drwxr-xr-x. 43 root root 4096 Mar 31 03:06 …
-rw-------. 1 oneadmin oneadmin 525 Mar 31 12:11 .bash_history
-rw-r–r--. 1 oneadmin oneadmin 18 Mar 28 12:48 .bash_logout
-rw-r–r--. 1 oneadmin oneadmin 193 Mar 28 12:48 .bash_profile
-rw-r–r--. 1 oneadmin oneadmin 231 Mar 28 12:48 .bashrc
drwxrwxr-x. 3 oneadmin oneadmin 17 Mar 31 10:33 .cache
drwxrwxr-x. 3 oneadmin oneadmin 17 Mar 31 10:33 .config
drwx------. 2 oneadmin oneadmin 4096 Mar 31 12:10 .ssh
[oneadmin@node1 ~]$

rmm0707 · March 31, 2016, 5:31pm

one thing I should note, the password for oneadmin on the nodes doesn’t work.

when I do try to ssh to the node from the server, it asks me for the password, but I can’t log in. Shouldn’t the password for oneadmin@node be the same as the password for oneadmin@server?

knawnd · March 31, 2016, 6:15pm

Are there any hints in the output of ‘journalctl -eu sshd’ command on the host you are trying to connect to?

rmm0707 · March 31, 2016, 6:16pm

output of that command says “no journals found”

Topic		Replies	Views
Passwordless SSH Help Community Support	5	2322	July 29, 2016
/var/lib/one/.ssh/id_rsa (No such file or directory) Community Support release	1	120	December 7, 2023
Configure Passwordless SSH on Ubuntu 14.04 Community Support	5	2427	July 11, 2016
Adding Node "Connect as oneadmin" Community Support	0	195	April 4, 2020
Can't ssh into VMs Community Support	11	1123	February 17, 2022

Oneadmin passwordless ssh error

Related Topics