I don't think that selinux is the issue as I can ssh with password-less without issue if no opennebula installed. I also has tried using "setenforce 0" and still have same issue. (i try diffrent machine)
[oneadmin@mnode lib]$ /usr/sbin/sestatus SELinux status: disabled I has tried both let the opennebula-common created the user or i manually created. same issue. This is how I install opennebula and the component:- yum -y install opennebula-server opennebula-sunstone opennebula-ozones opennebula-gate opennebula-flow opennebula-node-kvm Yes, i have all the file in the ~/.ssh [oneadmin@mnode .ssh]$ ls -l total 16 -rw------- 1 oneadmin oneadmin 406 Oct 2 10:19 authorized_keys -rw------- 1 oneadmin oneadmin 61 Oct 2 03:08 config -rw------- 1 oneadmin oneadmin 1675 Oct 2 10:19 id_rsa -rw------- 1 oneadmin oneadmin 406 Oct 2 10:19 id_rsa.pub I try to ssh -v node01 ... this error come out. however, this error not appear at the first place. -bash-4.1$ ssh -v 10.86.3.101 OpenSSH_5.3p1, OpenSSL 1.0.0-fips 29 Mar 2010 debug1: Reading configuration data /var/lib/one/.ssh/config debug1: Reading configuration data /etc/ssh/ssh_config debug1: Applying options for * debug1: Connecting to 10.86.3.101 [10.86.3.101] port 22. debug1: Connection established. debug1: identity file /var/lib/one/.ssh/identity type -1 debug1: identity file /var/lib/one/.ssh/id_rsa type 1 debug1: identity file /var/lib/one/.ssh/id_dsa type -1 debug1: Remote protocol version 2.0, remote software version OpenSSH_5.3 debug1: match: OpenSSH_5.3 pat OpenSSH* debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_5.3 debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug1: kex: server->client aes128-ctr hmac-md5 none debug1: kex: client->server aes128-ctr hmac-md5 none debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP debug1: SSH2_MSG_KEX_DH_GEX_INIT sent debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY debug1: Host '10.86.3.101' is known and matches the RSA host key. debug1: Found key in /var/lib/one/.ssh/known_hosts:1 debug1: ssh_rsa_verify: signature correct debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug1: SSH2_MSG_NEWKEYS received debug1: SSH2_MSG_SERVICE_REQUEST sent debug1: SSH2_MSG_SERVICE_ACCEPT received debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password debug1: Next authentication method: gssapi-keyex debug1: No valid Key exchange context debug1: Next authentication method: gssapi-with-mic debug1: Unspecified GSS failure. Minor code may provide more information Bad format in credentials cache debug1: Unspecified GSS failure. Minor code may provide more information Bad format in credentials cache debug1: Unspecified GSS failure. Minor code may provide more information debug1: Unspecified GSS failure. Minor code may provide more information Bad format in credentials cache debug1: Next authentication method: publickey debug1: Trying private key: /var/lib/one/.ssh/identity debug1: Offering public key: /var/lib/one/.ssh/id_rsa debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password debug1: Trying private key: /var/lib/one/.ssh/id_dsa debug1: Next authentication method: password Which is better I export /var/lib/one to every workers node or manually export to each workers? Thanks you. Regards & Best Wishes, *.: Amier Anis :.* Mobile: +6012-260-0819 On Wed, Oct 2, 2013 at 3:40 PM, Valentin Bud <[email protected]> wrote: > Hello Amier, > > > On Wed, Oct 2, 2013 at 10:27 AM, Amier Anis <[email protected]> wrote: > >> Hi valentin, >> >> Yes, I'm using packaging from opennebula repo and no error during install >> either i created the oneadmin first before install or automatic created by >> the installer. >> >> yum -y install opennebula-server opennebula-sunstone opennebula-ozones >> opennebula-gate opennebula-flow opennebula-node-kvm >> >> > The opennebula-common package provides the user oneadmin so no need to > create it manually. The opennebula-common is required by > opennebula-server so no need to install it manually. > > >> >> I also has remove selinux from the system. >> >> >> >> >> yum -y remove selinux-policy >> >> > Have you rebooted you system afterwards? > > >> >> Yes, I already configure >> ~/.ssh/config >> >> [oneadmin@mnode]$ vi ~/.ssh/config >> Host * >> StrictHostKeyChecking no >> UserKnownHostsFile /dev/null >> ControlMaster auto >> ControlPath /tmp/%r@%h:%p >> > > This looks OK. > > I suggest you remove the packages yum -y remove opennebula-\* and remove > the oneadmin user, rm -rf /var/lib/one, reboot the machine and start > from scratch. Let the packages deal with user creation. After that on > mnode you should have the oneadmin public/private keys in > ~/.ssh and the public key in ~/.ssh/authorized_keys. You can config ssh > and try to ssh localhost. > > WARNING: don't remove the /var/lib/one directory if you have precious data > in there. > > If that doesn't work config sshd to LogLevel DEBUG3 and watch what the > logs say. Also take a look at /var/log/audit/audit.log. > It might shed some light. > > Good Will, > > >> >> Thanks you. >> >> *.: Amier Anis :.* >> Mobile: +6012-260-0819 >> >> On Wed, Oct 2, 2013 at 2:58 PM, Valentin Bud <[email protected]>wrote: >> >>> Hello Amier, >>> >>> >>> On Wed, Oct 2, 2013 at 9:16 AM, Amier Anis <[email protected]> wrote: >>> >>>> *Hi Guys,* >>>> >>>> I'm having issue with ssh password less login not function correctly. >>>> It's work with fresh install CentOS 6.4 before install opennebula. Once >>>> opennebula started, it doesn't work any more. The workers node can login >>>> with less password without any issue but management node can't login to >>>> worker nodes. >>>> >>> >>> I see you're using CentOS as OS. Have you installed OpenNebula from >>> packages [1]? Have you configured SSH as >>> pointed in [1]. I mean the >>> ~/.ssh/config part. >>> >>> Another important aspect is SELINUX. Is it on or off? If it on check the >>> /var/lib/one/.ssh context, it should have ssh_home_t as label. >>> You can accomplish that using >>> chcon -R -t ssh_home_t /var/lib/one/.ssh as either oneadmin or root. >>> >>> >>>> >>>> At first attempt, I install opennebula then setup the ssh-keygen to >>>> oneadmin (created during installation) and I also hv tried to create >>>> oneadmin first then install opennebula but both failed >>>> >>> >>>> If the mgmt server can ssh with password less to workers then the mgmt >>>> server can't ssh to itself as the mgmt server also have the vm. >>>> >>> >>> I suggest you install OpenNebula from packages and work your way up from >>> there. Don't forget to check the SELINUX context of oneadmin's ~/.ssh and >>> either SSH to >>> hosts in advance or configure SSH via ~/.ssh/config to allow connections >>> without StrictHostKeyChecking. >>> >>> >>>> >>>> *My Setup* >>>> >>>> 1. I only export and share /var/lib/one/datastores to every workers >>>> 2. authorized_keys has been export to every wokers vice versa. >>>> 3. declared every hostname in /etc/hosts >>>> >>>> Is there any issue or things that i need to look into it. >>>> >>>> Thanks you. >>>> >>> If you need more help in the future be sure to come back and ask for it >>> :). Enjoy. >>> >>> >>>> >>>> >>>> >>>> *.: Amier Anis :.* >>>> Mobile: +6012-260-0819 >>>> >>> >>> [1]: >>> http://opennebula.org/documentation:rel4.2:ignc#centos_platform_notes >>> >>> >>> Good Will, >>> -- >>> Valentin Bud >>> http://databus.pro | [email protected] >>> >> >> > > > -- > Valentin Bud > http://databus.pro | [email protected] >
_______________________________________________ Users mailing list [email protected] http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
