Re: [atomic-devel] Can't ssh to root

[Jeremy Eder <jeder redhat com>]

Check permissions on all the keys and directories, and look at the content of /root/.ssh/authorized_keys on the atomic system, IIRC atomic (or cloud-init?) puts some stuff there disabling root login and pausing for 10 seconds.

----- Original Message -----
> From: "James" <purpleidea gmail com>
> To: "SGhosh" <sghosh redhat com>, "Giuseppe Scrivano" <gscrivan redhat com>
> Cc: "atomic-devel" <atomic-devel projectatomic io>
> Sent: Thursday, May 21, 2015 11:22:14 PM
> Subject: Re: [atomic-devel] Can't ssh to root
> 
> On Thu, May 21, 2015 at 10:57 PM, SGhosh <sghosh redhat com> wrote:
> > #PermitRootLogin yes
> > ?
> 
> I believe the commented out values are indeed the defaults, but
> nevertheless I have the same issue with this set explicitly and sshd
> restarted.
> As an aside, I also ran:
> echo vagrant | passwd --stdin root
> to ensure a valid root password was possible, even when not set previously.
> 
> If any know knows why it's not working, I'd appreciate it, otherwise
> I'll try again tomorrow with a clear head once I can get
> /var/log/secure back and working again ;)
> 
> Cheers,
> James
> 
> >
> >
> > On 05/21/2015 05:21 PM, James wrote:
> >>
> >> I'm having trouble SSH-ing to root on an atomic host. To make it easy
> >> to debug, I can replicate the issue *from* the host.
> >>
> >> boot up atomic host. I'm using Fedora 21
> >>
> >> $ cat foo
> >> Host localhost
> >>    HostName localhost
> >>    User vagrant
> >>    Port 22
> >>    UserKnownHostsFile /dev/null
> >>    StrictHostKeyChecking no
> >>    PasswordAuthentication no
> >>    IdentityFile insecure_private_key
> >>    IdentitiesOnly yes
> >>    LogLevel FATAL
> >>
> >> $ ssh -v -t -F foo root localhost
> >> OpenSSH_6.8p1, OpenSSL 1.0.1k-fips 8 Jan 2015
> >> debug1: Reading configuration data foo
> >> debug1: foo line 1: Applying options for localhost
> >> debug1: Connecting to localhost [::1] port 22.
> >> debug1: Connection established.
> >> debug1: key_load_public: No such file or directory
> >> debug1: identity file insecure_private_key type -1
> >> debug1: key_load_public: No such file or directory
> >> debug1: identity file insecure_private_key-cert type -1
> >> debug1: Enabling compatibility mode for protocol 2.0
> >> debug1: Local version string SSH-2.0-OpenSSH_6.8
> >> debug1: Remote protocol version 2.0, remote software version OpenSSH_6.8
> >> debug1: match: OpenSSH_6.8 pat OpenSSH* compat 0x04000000
> >> debug1: SSH2_MSG_KEXINIT sent
> >> debug1: SSH2_MSG_KEXINIT received
> >> debug1: kex: server->client aes128-ctr umac-64-etm openssh com none
> >> debug1: kex: client->server aes128-ctr umac-64-etm openssh com none
> >> debug1: kex: curve25519-sha256 libssh org need=16 dh_need=16
> >> debug1: kex: curve25519-sha256 libssh org need=16 dh_need=16
> >> debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
> >> debug1: Server host key: ecdsa-sha2-nistp256
> >> SHA256:bZ890jxWtxfs31anyYZyo5ZO8uCqJ0RIm8ErlRIp0i0
> >> Warning: Permanently added 'localhost' (ECDSA) to the list of known hosts.
> >> debug1: SSH2_MSG_NEWKEYS sent
> >> debug1: expecting SSH2_MSG_NEWKEYS
> >> debug1: SSH2_MSG_NEWKEYS received
> >> debug1: Roaming not allowed by server
> >> debug1: SSH2_MSG_SERVICE_REQUEST sent
> >> debug1: SSH2_MSG_SERVICE_ACCEPT received
> >> debug1: Authentications that can continue:
> >> publickey,gssapi-keyex,gssapi-with-mic,password
> >> debug1: Next authentication method: publickey
> >> debug1: Trying private key: insecure_private_key
> >> debug1: Authentications that can continue:
> >> publickey,gssapi-keyex,gssapi-with-mic,password
> >> debug1: No more authentication methods to try.
> >> Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password).
> >>
> >>
> >> $ cat insecure_private_key
> >> -----BEGIN RSA PRIVATE KEY-----
> >> MIIEogIBAAKCAQEA6NF8iallvQVp22WDkTkyrtvp9eWW6A8YVr+kz4TjGYe7gHzI
> >> w+niNltGEFHzD8+v1I2YJ6oXevct1YeS0o9HZyN1Q9qgCgzUFtdOKLv6IedplqoP
> >> kcmF0aYet2PkEDo3MlTBckFXPITAMzF8dJSIFo9D8HfdOV0IAdx4O7PtixWKn5y2
> >> hMNG0zQPyUecp4pzC6kivAIhyfHilFR61RGL+GPXQ2MWZWFYbAGjyiYJnAmCP3NO
> >> Td0jMZEnDkbUvxhMmBYSdETk1rRgm+R4LOzFUGaHqHDLKLX+FIPKcF96hrucXzcW
> >> yLbIbEgE98OHlnVYCzRdK8jlqm8tehUc9c9WhQIBIwKCAQEA4iqWPJXtzZA68mKd
> >> ELs4jJsdyky+ewdZeNds5tjcnHU5zUYE25K+ffJED9qUWICcLZDc81TGWjHyAqD1
> >> Bw7XpgUwFgeUJwUlzQurAv+/ySnxiwuaGJfhFM1CaQHzfXphgVml+fZUvnJUTvzf
> >> TK2Lg6EdbUE9TarUlBf/xPfuEhMSlIE5keb/Zz3/LUlRg8yDqz5w+QWVJ4utnKnK
> >> iqwZN0mwpwU7YSyJhlT4YV1F3n4YjLswM5wJs2oqm0jssQu/BT0tyEXNDYBLEF4A
> >> sClaWuSJ2kjq7KhrrYXzagqhnSei9ODYFShJu8UWVec3Ihb5ZXlzO6vdNQ1J9Xsf
> >> 4m+2ywKBgQD6qFxx/Rv9CNN96l/4rb14HKirC2o/orApiHmHDsURs5rUKDx0f9iP
> >> cXN7S1uePXuJRK/5hsubaOCx3Owd2u9gD6Oq0CsMkE4CUSiJcYrMANtx54cGH7Rk
> >> EjFZxK8xAv1ldELEyxrFqkbE4BKd8QOt414qjvTGyAK+OLD3M2QdCQKBgQDtx8pN
> >> CAxR7yhHbIWT1AH66+XWN8bXq7l3RO/ukeaci98JfkbkxURZhtxV/HHuvUhnPLdX
> >> 3TwygPBYZFNo4pzVEhzWoTtnEtrFueKxyc3+LjZpuo+mBlQ6ORtfgkr9gBVphXZG
> >> YEzkCD3lVdl8L4cw9BVpKrJCs1c5taGjDgdInQKBgHm/fVvv96bJxc9x1tffXAcj
> >> 3OVdUN0UgXNCSaf/3A/phbeBQe9xS+3mpc4r6qvx+iy69mNBeNZ0xOitIjpjBo2+
> >> dBEjSBwLk5q5tJqHmy/jKMJL4n9ROlx93XS+njxgibTvU6Fp9w+NOFD/HvxB3Tcz
> >> 6+jJF85D5BNAG3DBMKBjAoGBAOAxZvgsKN+JuENXsST7F89Tck2iTcQIT8g5rwWC
> >> P9Vt74yboe2kDT531w8+egz7nAmRBKNM751U/95P9t88EDacDI/Z2OwnuFQHCPDF
> >> llYOUI+SpLJ6/vURRbHSnnn8a/XG+nzedGH5JGqEJNQsz+xT2axM0/W/CRknmGaJ
> >> kda/AoGANWrLCz708y7VYgAtW2Uf1DPOIYMdvo6fxIB5i9ZfISgcJ/bbCUkFrhoH
> >> +vq/5CIWxCPp0f85R4qxxQ5ihxJ0YDQT9Jpx4TMss4PSavPaBH3RXow5Ohe+bYoQ
> >> NE5OgEXk2wVfZczCZpigBKbKZHNYcelXtTt/nP3rsCuGcM4h53s=
> >> -----END RSA PRIVATE KEY-----
> >>
> >>
> >> journalctl -f tells me nothing interesting.
> >>
> >> Cheers,
> >> James
> >>
> >
> 
>