Re: [atomic-devel] Can't ssh to root

[Daniel J Walsh <dwalsh redhat com>]

Also a restorecon -R -v /root might help.

On 05/22/2015 07:18 AM, Jeremy Eder wrote:
> Check permissions on all the keys and directories, and look at the content of /root/.ssh/authorized_keys on the atomic system, IIRC atomic (or cloud-init?) puts some stuff there disabling root login and pausing for 10 seconds.
>
> ----- Original Message -----
>> From: "James" <purpleidea gmail com>
>> To: "SGhosh" <sghosh redhat com>, "Giuseppe Scrivano" <gscrivan redhat com>
>> Cc: "atomic-devel" <atomic-devel projectatomic io>
>> Sent: Thursday, May 21, 2015 11:22:14 PM
>> Subject: Re: [atomic-devel] Can't ssh to root
>>
>> On Thu, May 21, 2015 at 10:57 PM, SGhosh <sghosh redhat com> wrote:
>>> #PermitRootLogin yes
>>> ?
>> I believe the commented out values are indeed the defaults, but
>> nevertheless I have the same issue with this set explicitly and sshd
>> restarted.
>> As an aside, I also ran:
>> echo vagrant | passwd --stdin root
>> to ensure a valid root password was possible, even when not set previously.
>>
>> If any know knows why it's not working, I'd appreciate it, otherwise
>> I'll try again tomorrow with a clear head once I can get
>> /var/log/secure back and working again ;)
>>
>> Cheers,
>> James
>>
>>>
>>> On 05/21/2015 05:21 PM, James wrote:
>>>> I'm having trouble SSH-ing to root on an atomic host. To make it easy
>>>> to debug, I can replicate the issue *from* the host.
>>>>
>>>> boot up atomic host. I'm using Fedora 21
>>>>
>>>> $ cat foo
>>>> Host localhost
>>>>    HostName localhost
>>>>    User vagrant
>>>>    Port 22
>>>>    UserKnownHostsFile /dev/null
>>>>    StrictHostKeyChecking no
>>>>    PasswordAuthentication no
>>>>    IdentityFile insecure_private_key
>>>>    IdentitiesOnly yes
>>>>    LogLevel FATAL
>>>>
>>>> $ ssh -v -t -F foo root localhost
>>>> OpenSSH_6.8p1, OpenSSL 1.0.1k-fips 8 Jan 2015
>>>> debug1: Reading configuration data foo
>>>> debug1: foo line 1: Applying options for localhost
>>>> debug1: Connecting to localhost [::1] port 22.
>>>> debug1: Connection established.
>>>> debug1: key_load_public: No such file or directory
>>>> debug1: identity file insecure_private_key type -1
>>>> debug1: key_load_public: No such file or directory
>>>> debug1: identity file insecure_private_key-cert type -1
>>>> debug1: Enabling compatibility mode for protocol 2.0
>>>> debug1: Local version string SSH-2.0-OpenSSH_6.8
>>>> debug1: Remote protocol version 2.0, remote software version OpenSSH_6.8
>>>> debug1: match: OpenSSH_6.8 pat OpenSSH* compat 0x04000000
>>>> debug1: SSH2_MSG_KEXINIT sent
>>>> debug1: SSH2_MSG_KEXINIT received
>>>> debug1: kex: server->client aes128-ctr umac-64-etm openssh com none
>>>> debug1: kex: client->server aes128-ctr umac-64-etm openssh com none
>>>> debug1: kex: curve25519-sha256 libssh org need=16 dh_need=16
>>>> debug1: kex: curve25519-sha256 libssh org need=16 dh_need=16
>>>> debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
>>>> debug1: Server host key: ecdsa-sha2-nistp256
>>>> SHA256:bZ890jxWtxfs31anyYZyo5ZO8uCqJ0RIm8ErlRIp0i0
>>>> Warning: Permanently added 'localhost' (ECDSA) to the list of known hosts.
>>>> debug1: SSH2_MSG_NEWKEYS sent
>>>> debug1: expecting SSH2_MSG_NEWKEYS
>>>> debug1: SSH2_MSG_NEWKEYS received
>>>> debug1: Roaming not allowed by server
>>>> debug1: SSH2_MSG_SERVICE_REQUEST sent
>>>> debug1: SSH2_MSG_SERVICE_ACCEPT received
>>>> debug1: Authentications that can continue:
>>>> publickey,gssapi-keyex,gssapi-with-mic,password
>>>> debug1: Next authentication method: publickey
>>>> debug1: Trying private key: insecure_private_key
>>>> debug1: Authentications that can continue:
>>>> publickey,gssapi-keyex,gssapi-with-mic,password
>>>> debug1: No more authentication methods to try.
>>>> Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password).
>>>>
>>>>
>>>> $ cat insecure_private_key
>>>> -----BEGIN RSA PRIVATE KEY-----
>>>> MIIEogIBAAKCAQEA6NF8iallvQVp22WDkTkyrtvp9eWW6A8YVr+kz4TjGYe7gHzI
>>>> w+niNltGEFHzD8+v1I2YJ6oXevct1YeS0o9HZyN1Q9qgCgzUFtdOKLv6IedplqoP
>>>> kcmF0aYet2PkEDo3MlTBckFXPITAMzF8dJSIFo9D8HfdOV0IAdx4O7PtixWKn5y2
>>>> hMNG0zQPyUecp4pzC6kivAIhyfHilFR61RGL+GPXQ2MWZWFYbAGjyiYJnAmCP3NO
>>>> Td0jMZEnDkbUvxhMmBYSdETk1rRgm+R4LOzFUGaHqHDLKLX+FIPKcF96hrucXzcW
>>>> yLbIbEgE98OHlnVYCzRdK8jlqm8tehUc9c9WhQIBIwKCAQEA4iqWPJXtzZA68mKd
>>>> ELs4jJsdyky+ewdZeNds5tjcnHU5zUYE25K+ffJED9qUWICcLZDc81TGWjHyAqD1
>>>> Bw7XpgUwFgeUJwUlzQurAv+/ySnxiwuaGJfhFM1CaQHzfXphgVml+fZUvnJUTvzf
>>>> TK2Lg6EdbUE9TarUlBf/xPfuEhMSlIE5keb/Zz3/LUlRg8yDqz5w+QWVJ4utnKnK
>>>> iqwZN0mwpwU7YSyJhlT4YV1F3n4YjLswM5wJs2oqm0jssQu/BT0tyEXNDYBLEF4A
>>>> sClaWuSJ2kjq7KhrrYXzagqhnSei9ODYFShJu8UWVec3Ihb5ZXlzO6vdNQ1J9Xsf
>>>> 4m+2ywKBgQD6qFxx/Rv9CNN96l/4rb14HKirC2o/orApiHmHDsURs5rUKDx0f9iP
>>>> cXN7S1uePXuJRK/5hsubaOCx3Owd2u9gD6Oq0CsMkE4CUSiJcYrMANtx54cGH7Rk
>>>> EjFZxK8xAv1ldELEyxrFqkbE4BKd8QOt414qjvTGyAK+OLD3M2QdCQKBgQDtx8pN
>>>> CAxR7yhHbIWT1AH66+XWN8bXq7l3RO/ukeaci98JfkbkxURZhtxV/HHuvUhnPLdX
>>>> 3TwygPBYZFNo4pzVEhzWoTtnEtrFueKxyc3+LjZpuo+mBlQ6ORtfgkr9gBVphXZG
>>>> YEzkCD3lVdl8L4cw9BVpKrJCs1c5taGjDgdInQKBgHm/fVvv96bJxc9x1tffXAcj
>>>> 3OVdUN0UgXNCSaf/3A/phbeBQe9xS+3mpc4r6qvx+iy69mNBeNZ0xOitIjpjBo2+
>>>> dBEjSBwLk5q5tJqHmy/jKMJL4n9ROlx93XS+njxgibTvU6Fp9w+NOFD/HvxB3Tcz
>>>> 6+jJF85D5BNAG3DBMKBjAoGBAOAxZvgsKN+JuENXsST7F89Tck2iTcQIT8g5rwWC
>>>> P9Vt74yboe2kDT531w8+egz7nAmRBKNM751U/95P9t88EDacDI/Z2OwnuFQHCPDF
>>>> llYOUI+SpLJ6/vURRbHSnnn8a/XG+nzedGH5JGqEJNQsz+xT2axM0/W/CRknmGaJ
>>>> kda/AoGANWrLCz708y7VYgAtW2Uf1DPOIYMdvo6fxIB5i9ZfISgcJ/bbCUkFrhoH
>>>> +vq/5CIWxCPp0f85R4qxxQ5ihxJ0YDQT9Jpx4TMss4PSavPaBH3RXow5Ohe+bYoQ
>>>> NE5OgEXk2wVfZczCZpigBKbKZHNYcelXtTt/nP3rsCuGcM4h53s=
>>>> -----END RSA PRIVATE KEY-----
>>>>
>>>>
>>>> journalctl -f tells me nothing interesting.
>>>>
>>>> Cheers,
>>>> James
>>>>
>>