so I’ve followed the quick start guide for CentOS7.
I have a server and 2 nodes.
I cannot ssh passwordless using oneadmin from the server to either node (all are physically different devices).
So here’s what I’ve done:
(on the server)
ssh-keygen -t rsa
cat .ssh/id_rsa.pub >> .ssh/authorized_keys
[oneadmin@server ~]$ ls -l .ssh
total 24
-rw-------. 1 oneadmin oneadmin 1068 Mar 31 11:33 authorized_keys
-rw-------. 1 oneadmin oneadmin 87 Mar 31 12:11 config
-rw-------. 1 oneadmin oneadmin 668 Mar 28 10:42 id_dsa
-rw-r–r--. 1 oneadmin oneadmin 638 Mar 28 10:42 id_dsa.pub
-rw-------. 1 oneadmin oneadmin 1679 Mar 31 11:25 id_rsa
-rw-r–r--. 1 oneadmin oneadmin 430 Mar 31 11:25 id_rsa.pub
[oneadmin@server ~]$
Here is me trying to login passwordless to node 1, yet it asks for password
[oneadmin@server ~]$ ssh -v node1
OpenSSH_6.6.1, OpenSSL 1.0.1e-fips 11 Feb 2013
debug1: Reading configuration data /var/lib/one/.ssh/config
debug1: /var/lib/one/.ssh/config line 1: Applying options for *
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 56: Applying options for *
debug1: Connecting to node1 [XXX.XXX.XXX.2] port 22.
debug1: fd 3 clearing O_NONBLOCK
debug1: Connection established.
debug1: identity file /var/lib/one/.ssh/id_rsa type 1
debug1: identity file /var/lib/one/.ssh/id_rsa-cert type -1
debug1: identity file /var/lib/one/.ssh/id_dsa type 2
debug1: identity file /var/lib/one/.ssh/id_dsa-cert type -1
debug1: identity file /var/lib/one/.ssh/id_ecdsa type -1
debug1: identity file /var/lib/one/.ssh/id_ecdsa-cert type -1
debug1: identity file /var/lib/one/.ssh/id_ed25519 type -1
debug1: identity file /var/lib/one/.ssh/id_ed25519-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.6.1
debug1: Remote protocol version 2.0, remote software version OpenSSH_6.6.1
debug1: match: OpenSSH_6.6.1 pat OpenSSH_6.6.1* compat 0x04000000
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5-etm@openssh.com none
debug1: kex: client->server aes128-ctr hmac-md5-etm@openssh.com none
debug1: kex: curve25519-sha256@libssh.org need=16 dh_need=16
debug1: kex: curve25519-sha256@libssh.org need=16 dh_need=16
debug1: sending SSH2_MSG_KEX_ECDH_INIT
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ECDSA 61:f3:fe:da:63:03:0c:5e:6e:cc:4f:ec:98:16:bf:87
Warning: Permanently added ‘node1,XXX.XXX.XXX.2’ (ECDSA) to the list of known hosts.
debug1: ssh_ecdsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
debug1: Next authentication method: gssapi-keyex
debug1: No valid Key exchange context
debug1: Next authentication method: gssapi-with-mic
debug1: Unspecified GSS failure. Minor code may provide more information
No Kerberos credentials available
debug1: Unspecified GSS failure. Minor code may provide more information
No Kerberos credentials available
debug1: Unspecified GSS failure. Minor code may provide more information
debug1: Unspecified GSS failure. Minor code may provide more information
No Kerberos credentials available
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /var/lib/one/.ssh/id_rsa
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
debug1: Offering DSA public key: /var/lib/one/.ssh/id_dsa
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
debug1: Trying private key: /var/lib/one/.ssh/id_ecdsa
debug1: Trying private key: /var/lib/one/.ssh/id_ed25519
debug1: Next authentication method: password
oneadmin@node1’s password:
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
Permission denied, please try again.
oneadmin@node1’s password:
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
Permission denied, please try again.
oneadmin@node1’s password:
[oneadmin@server ~]$
[oneadmin@server ~]$ onehost show node1
HOST 0 INFORMATION
ID : 0
NAME : node1
CLUSTER : -
STATE : ERROR
IM_MAD : kvm
VM_MAD : kvm
VN_MAD : dummy
LAST MONITORING TIME : 03/31 12:22:13
HOST SHARES
TOTAL MEM : 0K
USED MEM (REAL) : 0K
USED MEM (ALLOCATED) : 0K
TOTAL CPU : 0
USED CPU (REAL) : 0
USED CPU (ALLOCATED) : 0
RUNNING VMS : 0
MONITORING INFORMATION
ERROR=“Thu Mar 31 12:22:13 2016 : Error monitoring Host node1 (0): -“
RESERVED_CPU=”“
RESERVED_MEM=””
VIRTUAL MACHINES
ID USER GROUP NAME STAT UCPU UMEM HOST TIME
[oneadmin@server ~]$
[oneadmin@server ~]$
Also, SELINUX is Permissive on all devices.
I’m not sure what I’m missing here. I’d appreciate any help.