hi team 

any idea on this?

Sent from my BlackBerry z10.
From: Amier Anis
Sent: Thursday, 3 October 2013 18:35
To: Valentin Bud
Subject: Re: [one-users] ssh password less login not function

HI team,

once opennebula-common create oneadmin, Is there any issue if i reset the oneadmin password?

Is there any require password-less from workers to management node? 



On Wed, Oct 2, 2013 at 5:02 PM, Amier Anis <[email protected]> wrote:
I don't think that selinux is the issue as I can ssh with password-less without issue if no opennebula installed.
I also has tried using "setenforce 0" and still have same issue. (i try diffrent machine)
[oneadmin@mnode lib]$ /usr/sbin/sestatus
SELinux status:                 disabled

I has tried both let the opennebula-common created the user or i manually created. same issue.
This is how I install opennebula and the component:-
yum -y install opennebula-server opennebula-sunstone opennebula-ozones opennebula-gate opennebula-flow opennebula-node-kvm

Yes, i have all the file in the ~/.ssh
[oneadmin@mnode .ssh]$ ls -l
total 16
-rw------- 1 oneadmin oneadmin  406 Oct  2 10:19 authorized_keys
-rw------- 1 oneadmin oneadmin   61 Oct  2 03:08 config
-rw------- 1 oneadmin oneadmin 1675 Oct  2 10:19 id_rsa
-rw------- 1 oneadmin oneadmin  406 Oct  2 10:19 id_rsa.pub

​I try to ssh -v node01 ... this error come out. however, this error not appear at the first place.
-bash-4.1$ ssh -v 10.86.3.101
OpenSSH_5.3p1, OpenSSL 1.0.0-fips 29 Mar 2010
debug1: Reading configuration data /var/lib/one/.ssh/config
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Connecting to 10.86.3.101 [10.86.3.101] port 22.
debug1: Connection established.
debug1: identity file /var/lib/one/.ssh/identity type -1
debug1: identity file /var/lib/one/.ssh/id_rsa type 1
debug1: identity file /var/lib/one/.ssh/id_dsa type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.3
debug1: match: OpenSSH_5.3 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.3
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host '10.86.3.101' is known and matches the RSA host key.
debug1: Found key in /var/lib/one/.ssh/known_hosts:1
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
debug1: Next authentication method: gssapi-keyex
debug1: No valid Key exchange context
debug1: Next authentication method: gssapi-with-mic
debug1: Unspecified GSS failure.  Minor code may provide more information
Bad format in credentials cache
debug1: Unspecified GSS failure.  Minor code may provide more information
Bad format in credentials cache
debug1: Unspecified GSS failure.  Minor code may provide more information
debug1: Unspecified GSS failure.  Minor code may provide more information
Bad format in credentials cache
debug1: Next authentication method: publickey
debug1: Trying private key: /var/lib/one/.ssh/identity
debug1: Offering public key: /var/lib/one/.ssh/id_rsa
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
debug1: Trying private key: /var/lib/one/.ssh/id_dsa
debug1: Next authentication method: password

Which is better I export /var/lib/one to every workers node or manually export to each workers? 

Thanks you.

Regards & Best Wishes,


.: Amier Anis :.
Mobile: +6012-260-0819

On Wed, Oct 2, 2013 at 3:40 PM, Valentin Bud <[email protected]> wrote:
Hello Amier,


On Wed, Oct 2, 2013 at 10:27 AM, Amier Anis <[email protected]> wrote:
Hi valentin,

Yes, I'm using packaging from opennebula repo and no error during install either i created the oneadmin first before install or automatic created by the installer.
yum -y install opennebula-server opennebula-sunstone opennebula-ozones opennebula-gate opennebula-flow opennebula-node-kvm

The opennebula-common package provides the user oneadmin so no need to create it manually. The opennebula-common is required by
opennebula-server so no need to install it manually. 
 

I also has remove selinux from the system.
yum -y remove selinux-policy

Have you rebooted you system afterwards?
 

Yes, I already configure 
~/.ssh/config

[oneadmin@mnode]$ vi ~/.ssh/config
Host *
        StrictHostKeyChecking no
        UserKnownHostsFile /dev/null
  ControlMaster auto
ControlPath /tmp/%r@%h:%p

This looks OK. 

I suggest you remove the packages yum -y remove opennebula-\* and remove the oneadmin user, rm -rf /var/lib/one, reboot the machine and start
from scratch. Let the packages deal with user creation. After that on mnode you should have the oneadmin public/private keys in
~/.ssh and the public key in ~/.ssh/authorized_keys. You can config ssh and try to ssh localhost. 

WARNING: don't remove the /var/lib/one directory if you have precious data in there.

If that doesn't work config sshd to LogLevel DEBUG3 and watch what the logs say. Also take a look at /var/log/audit/audit.log.
It might shed some light.

Good Will,
 

Thanks you.

.: Amier Anis :.
Mobile: +6012-260-0819


On Wed, Oct 2, 2013 at 2:58 PM, Valentin Bud <[email protected]> wrote:
Hello Amier,


On Wed, Oct 2, 2013 at 9:16 AM, Amier Anis <[email protected]> wrote:
Hi Guys,

I'm having issue with ssh password less login not function correctly.
It's work with fresh install CentOS 6.4 before install opennebula. Once opennebula started, it doesn't work any more. The workers node can login with less password without any issue but management node can't login to worker nodes.

I see you're using CentOS as OS. Have you installed OpenNebula from packages [1]? Have you configured SSH as
pointed in [1]. I mean the
~/.ssh/config part.

Another important aspect is SELINUX. Is it on or off? If it on check the /var/lib/one/.ssh context, it should have ssh_home_t as label.
You can accomplish that using
chcon -R -t ssh_home_t /var/lib/one/.ssh as either oneadmin or root.
 

At first attempt, I install opennebula then setup the ssh-keygen to oneadmin (created during installation) and I also hv tried to create oneadmin first then install opennebula but both failed

If the mgmt server can ssh with password less to workers then the mgmt server can't ssh to itself as the mgmt server also have the vm.

I suggest you install OpenNebula from packages and work your way up from there. Don't forget to check the SELINUX context of oneadmin's ~/.ssh and either SSH to
hosts in advance or configure SSH via ~/.ssh/config to allow connections without StrictHostKeyChecking.
 

My Setup
  1. I only export and share /var/lib/one/datastores to every workers
  2. authorized_keys has been export to every wokers vice versa.
  3. declared every hostname in /etc/hosts
Is there any issue or things that i need to look into it.

Thanks you.

If you need more help in the future be sure to come back and ask for it :). Enjoy.
 




.: Amier Anis :.
Mobile: +6012-260-0819


[1]: http://opennebula.org/documentation:rel4.2:ignc#centos_platform_notes


Good Will,
--




_______________________________________________
Users mailing list
[email protected]
http://lists.opennebula.org/listinfo.cgi/users-opennebula.org

Reply via email to