HI team, once opennebula-common create oneadmin, Is there any issue if i reset the oneadmin password?
Is there any require password-less from workers to management node? On Wed, Oct 2, 2013 at 5:02 PM, Amier Anis <myma...@gmail.com> wrote: > I don't think that selinux is the issue as I can ssh with password-less > without issue if no opennebula installed. > I also has tried using "setenforce 0" and still have same issue. (i try > diffrent machine) > > [oneadmin@mnode lib]$ /usr/sbin/sestatus > SELinux status: disabled > > > I has tried both let the opennebula-common created the user or i manually > created. same issue. > This is how I install opennebula and the component:- > > yum -y install opennebula-server opennebula-sunstone opennebula-ozones > opennebula-gate opennebula-flow opennebula-node-kvm > > > Yes, i have all the file in the ~/.ssh > > [oneadmin@mnode .ssh]$ ls -l > total 16 > -rw------- 1 oneadmin oneadmin 406 Oct 2 10:19 authorized_keys > -rw------- 1 oneadmin oneadmin 61 Oct 2 03:08 config > -rw------- 1 oneadmin oneadmin 1675 Oct 2 10:19 id_rsa > -rw------- 1 oneadmin oneadmin 406 Oct 2 10:19 id_rsa.pub > > I try to ssh -v node01 ... this error come out. however, this error not > appear at the first place. > > -bash-4.1$ ssh -v 10.86.3.101 > > OpenSSH_5.3p1, OpenSSL 1.0.0-fips 29 Mar 2010 > > debug1: Reading configuration data /var/lib/one/.ssh/config > > debug1: Reading configuration data /etc/ssh/ssh_config > > debug1: Applying options for * > > debug1: Connecting to 10.86.3.101 [10.86.3.101] port 22. > > debug1: Connection established. > > debug1: identity file /var/lib/one/.ssh/identity type -1 > > debug1: identity file /var/lib/one/.ssh/id_rsa type 1 > > debug1: identity file /var/lib/one/.ssh/id_dsa type -1 > > debug1: Remote protocol version 2.0, remote software version OpenSSH_5.3 > > debug1: match: OpenSSH_5.3 pat OpenSSH* > > debug1: Enabling compatibility mode for protocol 2.0 > > debug1: Local version string SSH-2.0-OpenSSH_5.3 > > debug1: SSH2_MSG_KEXINIT sent > > debug1: SSH2_MSG_KEXINIT received > > debug1: kex: server->client aes128-ctr hmac-md5 none > > debug1: kex: client->server aes128-ctr hmac-md5 none > > debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent > > debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP > > debug1: SSH2_MSG_KEX_DH_GEX_INIT sent > > debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY > > debug1: Host '10.86.3.101' is known and matches the RSA host key. > > debug1: Found key in /var/lib/one/.ssh/known_hosts:1 > > debug1: ssh_rsa_verify: signature correct > > debug1: SSH2_MSG_NEWKEYS sent > > debug1: expecting SSH2_MSG_NEWKEYS > > debug1: SSH2_MSG_NEWKEYS received > > debug1: SSH2_MSG_SERVICE_REQUEST sent > > debug1: SSH2_MSG_SERVICE_ACCEPT received > > debug1: Authentications that can continue: > publickey,gssapi-keyex,gssapi-with-mic,password > > debug1: Next authentication method: gssapi-keyex > > debug1: No valid Key exchange context > > debug1: Next authentication method: gssapi-with-mic > > debug1: Unspecified GSS failure. Minor code may provide more information > > Bad format in credentials cache > > debug1: Unspecified GSS failure. Minor code may provide more information > > Bad format in credentials cache > > debug1: Unspecified GSS failure. Minor code may provide more information > > debug1: Unspecified GSS failure. Minor code may provide more information > > Bad format in credentials cache > > debug1: Next authentication method: publickey > > debug1: Trying private key: /var/lib/one/.ssh/identity > > debug1: Offering public key: /var/lib/one/.ssh/id_rsa > > debug1: Authentications that can continue: > publickey,gssapi-keyex,gssapi-with-mic,password > > debug1: Trying private key: /var/lib/one/.ssh/id_dsa > > debug1: Next authentication method: password > > > Which is better I export /var/lib/one to every workers node or manually > export to each workers? > > Thanks you. > > Regards & Best Wishes, > > > *.: Amier Anis :.* > Mobile: +6012-260-0819 > On Wed, Oct 2, 2013 at 3:40 PM, Valentin Bud <valentin....@gmail.com>wrote: > >> Hello Amier, >> >> >> On Wed, Oct 2, 2013 at 10:27 AM, Amier Anis <myma...@gmail.com> wrote: >> >>> Hi valentin, >>> >>> Yes, I'm using packaging from opennebula repo and no error during >>> install either i created the oneadmin first before install or automatic >>> created by the installer. >>> >>> yum -y install opennebula-server opennebula-sunstone opennebula-ozones >>> opennebula-gate opennebula-flow opennebula-node-kvm >>> >>> >> The opennebula-common package provides the user oneadmin so no need to >> create it manually. The opennebula-common is required by >> opennebula-server so no need to install it manually. >> >> >>> >>> I also has remove selinux from the system. >>> >>> >>> >>> >>> yum -y remove selinux-policy >>> >>> >> Have you rebooted you system afterwards? >> >> >>> >>> Yes, I already configure >>> ~/.ssh/config >>> >>> [oneadmin@mnode]$ vi ~/.ssh/config >>> Host * >>> StrictHostKeyChecking no >>> UserKnownHostsFile /dev/null >>> ControlMaster auto >>> ControlPath /tmp/%r@%h:%p >>> >> >> This looks OK. >> >> I suggest you remove the packages yum -y remove opennebula-\* and remove >> the oneadmin user, rm -rf /var/lib/one, reboot the machine and start >> from scratch. Let the packages deal with user creation. After that on >> mnode you should have the oneadmin public/private keys in >> ~/.ssh and the public key in ~/.ssh/authorized_keys. You can config ssh >> and try to ssh localhost. >> >> WARNING: don't remove the /var/lib/one directory if you have precious >> data in there. >> >> If that doesn't work config sshd to LogLevel DEBUG3 and watch what the >> logs say. Also take a look at /var/log/audit/audit.log. >> It might shed some light. >> >> Good Will, >> >> >>> >>> Thanks you. >>> >>> *.: Amier Anis :.* >>> Mobile: +6012-260-0819 >>> >>> On Wed, Oct 2, 2013 at 2:58 PM, Valentin Bud <valentin....@gmail.com>wrote: >>> >>>> Hello Amier, >>>> >>>> >>>> On Wed, Oct 2, 2013 at 9:16 AM, Amier Anis <myma...@gmail.com> wrote: >>>> >>>>> *Hi Guys,* >>>>> >>>>> I'm having issue with ssh password less login not function correctly. >>>>> It's work with fresh install CentOS 6.4 before install opennebula. >>>>> Once opennebula started, it doesn't work any more. The workers node can >>>>> login with less password without any issue but management node can't login >>>>> to worker nodes. >>>>> >>>> >>>> I see you're using CentOS as OS. Have you installed OpenNebula from >>>> packages [1]? Have you configured SSH as >>>> pointed in [1]. I mean the >>>> ~/.ssh/config part. >>>> >>>> Another important aspect is SELINUX. Is it on or off? If it on check >>>> the /var/lib/one/.ssh context, it should have ssh_home_t as label. >>>> You can accomplish that using >>>> chcon -R -t ssh_home_t /var/lib/one/.ssh as either oneadmin or root. >>>> >>>> >>>>> >>>>> At first attempt, I install opennebula then setup the ssh-keygen to >>>>> oneadmin (created during installation) and I also hv tried to create >>>>> oneadmin first then install opennebula but both failed >>>>> >>>> >>>>> If the mgmt server can ssh with password less to workers then the mgmt >>>>> server can't ssh to itself as the mgmt server also have the vm. >>>>> >>>> >>>> I suggest you install OpenNebula from packages and work your way up >>>> from there. Don't forget to check the SELINUX context of oneadmin's ~/.ssh >>>> and either SSH to >>>> hosts in advance or configure SSH via ~/.ssh/config to allow >>>> connections without StrictHostKeyChecking. >>>> >>>> >>>>> >>>>> *My Setup* >>>>> >>>>> 1. I only export and share /var/lib/one/datastores to every workers >>>>> 2. authorized_keys has been export to every wokers vice versa. >>>>> 3. declared every hostname in /etc/hosts >>>>> >>>>> Is there any issue or things that i need to look into it. >>>>> >>>>> Thanks you. >>>>> >>>> If you need more help in the future be sure to come back and ask for it >>>> :). Enjoy. >>>> >>>> >>>>> >>>>> >>>>> >>>>> *.: Amier Anis :.* >>>>> Mobile: +6012-260-0819 >>>>> >>>> >>>> [1]: >>>> http://opennebula.org/documentation:rel4.2:ignc#centos_platform_notes >>>> >>>> >>>> Good Will, >>>> -- >>>> Valentin Bud >>>> http://databus.pro | valen...@databus.pro >>>> >>> >>> >> >> >> -- >> Valentin Bud >> http://databus.pro | valen...@databus.pro >> > >
_______________________________________________ Users mailing list Users@lists.opennebula.org http://lists.opennebula.org/listinfo.cgi/users-opennebula.org