Passwordless SSH Help

Community Support
1

Does anyone have any thoughts on this, I am at a complete loss. I am trying to configure Passwordless SSH and know matter how many times I try as oneadmin, it prompts me for a password. I also tried to run “chmod 700 ~oneadmin/.ssh
” and when I run ssh --vv, here is my sshd on KVM node
Protocol 2

HostKey for protocol version 1

#HostKey /etc/ssh/ssh_host_key

HostKeys for protocol version 2

HostKey /etc/ssh/ssh_host_rsa_key
#HostKey /etc/ssh/ssh_host_dsa_key

Lifetime and size of ephemeral version 1 server key

#KeyRegenerationInterval 1h
#ServerKeyBits 1024

Logging

obsoletes QuietMode and FascistLogging

#SyslogFacility AUTH
SyslogFacility AUTHPRIV
LogLevel VERBOSE

Authentication:

#LoginGraceTime 2m
PermitRootLogin yes
StrictModes yes
#MaxAuthTries 6
MaxSessions 1

#RSAAuthentication yes
PubkeyAuthentication yes
AuthorizedKeysFile .ssh/authorized_keys
#AuthorizedKeysCommand none
#AuthorizedKeysCommandRunAs nobody

For this to work you will also need host keys in /etc/ssh/ssh_known_hosts

RhostsRSAAuthentication yes

and here is the message
debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1
debug2: kex_parse_kexinit: ssh-rsa
debug2: kex_parse_kexinit: aes256-ctr,aes192-ctr,aes128-ctr
debug2: kex_parse_kexinit: aes256-ctr,aes192-ctr,aes128-ctr
debug2: kex_parse_kexinit: hmac-sha2-512,hmac-sha2-256,hmac-sha1
debug2: kex_parse_kexinit: hmac-sha2-512,hmac-sha2-256,hmac-sha1
debug2: kex_parse_kexinit: none,zlib@openssh.com
debug2: kex_parse_kexinit: none,zlib@openssh.com
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: mac_setup: setup hmac-sha1
debug1: kex: server->client aes128-ctr hmac-sha1 none
debug2: mac_setup: setup hmac-sha1
debug1: kex: client->server aes128-ctr hmac-sha1 none
debug1: kex: diffie-hellman-group-exchange-sha256 need=20 dh_need=20
debug1: kex: diffie-hellman-group-exchange-sha256 need=20 dh_need=20
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<7680<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug2: bits set: 4140/8192
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Server host key: RSA 72:cf:2e:c9:b3:f8:b2:c3:76:4d:a5:57:c9:85:70:a3
debug1: Host ‘lodbl500a’ is known and matches the RSA host key.
debug1: Found key in /var/lib/one/.ssh/known_hosts:1
debug2: bits set: 4123/8192
debug1: ssh_rsa_verify: signature correct
debug2: kex_derive_keys
debug2: set_newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug2: set_newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug2: key: /var/lib/one/.ssh/id_rsa (0x7fb316c01010),
debug2: key: /var/lib/one/.ssh/id_dsa ((nil)),
debug2: key: /var/lib/one/.ssh/id_ecdsa ((nil)),
debug2: key: /var/lib/one/.ssh/id_ed25519 ((nil)),
hot AHV
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /var/lib/one/.ssh/id_rsa
debug2: we sent a publickey packet, wait for reply
debug1: Authentications that can continue: publickey,password
debug1: Trying private key: /var/lib/one/.ssh/id_dsa
debug1: Trying private key: /var/lib/one/.ssh/id_ecdsa
debug1: Trying private key: /var/lib/one/.ssh/id_ed25519
debug2: we did not send a packet, disable method

2

Sometimes log file of sshd on the server side is more informative about possible cause of error.

3

try following command

SSH to root user of node2 from server
scp /root/.ssh/id_rsa.pub root@node02:/root/.ssh/authorized_keys

SSH to root user of server from node2
copy content of cat /root/.ssh/id_rsa.pub command from node02 and add it to /root/.ssh/authorized_keys file in server machine

SSH to oneadmin from server machine
ssh-keyscan … >> /var/lib/one/.ssh/known_hosts
scp -rp /var/lib/one/.ssh :/var/lib/one/

4

Thank you. We solved this by changing the permissions in var/lib. I appreciate the assistance. However, I was not able to add a KVM host. I made changes to the libvirtd.conf file to add oneadmin. I restart the libvirtd service and it fails
[root@devcloud-sb libvirt]# sudo service libvirtd status
Redirecting to /bin/systemctl status libvirtd.service
● libvirtd.service - Virtualization daemon
Loaded: loaded (/usr/lib/systemd/system/libvirtd.service; enabled; vendor preset: enabled)
Active: failed (Result: start-limit) since Fri 2016-07-29 06:31:01 EDT; 4min 34s ago
Docs: man:libvirtd(8)
http://libvirt.org
Process: 23057 ExecStart=/usr/sbin/libvirtd $LIBVIRTD_ARGS (code=exited, status=1/FAILURE)
Main PID: 23057 (code=exited, status=1/FAILURE)
CGroup: /system.slice/libvirtd.service
├─2567 /sbin/dnsmasq --conf-file=/var/lib/libvirt/dnsmasq/default.conf --leasefile-ro --dh…
└─2568 /sbin/dnsmasq --conf-file=/var/lib/libvirt/dnsmasq/default.conf --leasefile-ro --dh…

Jul 29 06:31:01 devcloud-sb systemd[1]: Failed to start Virtualization daemon.
Jul 29 06:31:01 devcloud-sb systemd[1]: Unit libvirtd.service entered failed state.
Jul 29 06:31:01 devcloud-sb systemd[1]: libvirtd.service failed.
Jul 29 06:31:01 devcloud- libvirtd[23057]: 2016-07-29 10:31:01.370+0000: 23057: info : li…om)
Jul 29 06:31:01 devcloud-sb libvirtd[23057]: 2016-07-29 10:31:01.370+0000: 23057: error : m…onf
Jul 29 06:31:01 devcloud-sb systemd[1]: libvirtd.service holdoff time over, scheduling restart.
Jul 29 06:31:01 devcloud-sb systemd[1]: start request repeated too quickly for libvirtd.service
Jul 29 06:31:01 devcloud-sb systemd[1]: Failed to start Virtualization daemon.
Jul 29 06:31:01 devcloud-sb systemd[1]: Unit libvirtd.service entered failed state.
Jul 29 06:31:01 devcloud-sb systemd[1]: libvirtd.service failed.
Hint: Some lines were ellipsized, use -l to show in full

5

Is this the correct config libvirtd.conf?
unix_sock_group = “oneadmin”

/etc/libvirt/qemu.conf
vnc_listen = "0.0.0.0"
user = "oneadmin"
group = "cloud"
dynamic_ownership = 1

6

Here is what I get when the libvirtd service is running
[Z0][ONE][E]: Error monitoring Host kvmerror: failed to connect to the hypervisor
error: Failed to connect socket to ‘/var/run/libvirt/libvirt-sock’: Permission denied
ERROR MESSAGE --8<------
Error executing kvm.rb
ERROR MESSAGE ------>8–
ARCH=x86_64
MODELNAME=“Intel® Xeon® CPU E5-2680 v3 @ 2.50GHz”

[Z0][ONE][E]: Error monitoring (1): error: failed to connect to the hypervisor
error: Failed to connect socket to ‘/var/run/libvirt/libvirt-sock’: Permission denied
ERROR MESSAGE --8<------
Error executing kvm.rb
ERROR MESSAGE ------>8–
ARCH=x86_64
MODELNAME="Intel® Xeon® CPU E5-2680 v3 @ 2.50GHz