Re: [atomic-devel] Can't ssh to root

[James <purpleidea gmail com>]

Thanks for all the suggestions.
I've given up on that box, and instead focused my attention to the
newer atomic-fedora-22 boxes.
I've documented the issues (and what needs fixing) here:
https://bugzilla.redhat.com/show_bug.cgi?id=1225630

This should be a 5 minute patch for anyone with commit access.
I highly recommend making these changes in F22.

Cheers,
James

On Tue, May 26, 2015 at 9:30 PM, Daniel J Walsh <dwalsh redhat com> wrote:
> Also a restorecon -R -v /root might help.
>
> On 05/22/2015 07:18 AM, Jeremy Eder wrote:
>> Check permissions on all the keys and directories, and look at the content of /root/.ssh/authorized_keys on the atomic system, IIRC atomic (or cloud-init?) puts some stuff there disabling root login and pausing for 10 seconds.
>>
>> ----- Original Message -----
>>> From: "James" <purpleidea gmail com>
>>> To: "SGhosh" <sghosh redhat com>, "Giuseppe Scrivano" <gscrivan redhat com>
>>> Cc: "atomic-devel" <atomic-devel projectatomic io>
>>> Sent: Thursday, May 21, 2015 11:22:14 PM
>>> Subject: Re: [atomic-devel] Can't ssh to root
>>>
>>> On Thu, May 21, 2015 at 10:57 PM, SGhosh <sghosh redhat com> wrote:
>>>> #PermitRootLogin yes
>>>> ?
>>> I believe the commented out values are indeed the defaults, but
>>> nevertheless I have the same issue with this set explicitly and sshd
>>> restarted.
>>> As an aside, I also ran:
>>> echo vagrant | passwd --stdin root
>>> to ensure a valid root password was possible, even when not set previously.
>>>
>>> If any know knows why it's not working, I'd appreciate it, otherwise
>>> I'll try again tomorrow with a clear head once I can get
>>> /var/log/secure back and working again ;)
>>>
>>> Cheers,
>>> James
>>>
>>>>
>>>> On 05/21/2015 05:21 PM, James wrote:
>>>>> I'm having trouble SSH-ing to root on an atomic host. To make it easy
>>>>> to debug, I can replicate the issue *from* the host.
>>>>>
>>>>> boot up atomic host. I'm using Fedora 21
>>>>>
>>>>> $ cat foo
>>>>> Host localhost
>>>>>    HostName localhost
>>>>>    User vagrant
>>>>>    Port 22
>>>>>    UserKnownHostsFile /dev/null
>>>>>    StrictHostKeyChecking no
>>>>>    PasswordAuthentication no
>>>>>    IdentityFile insecure_private_key
>>>>>    IdentitiesOnly yes
>>>>>    LogLevel FATAL
>>>>>
>>>>> $ ssh -v -t -F foo root localhost
>>>>> OpenSSH_6.8p1, OpenSSL 1.0.1k-fips 8 Jan 2015
>>>>> debug1: Reading configuration data foo
>>>>> debug1: foo line 1: Applying options for localhost
>>>>> debug1: Connecting to localhost [::1] port 22.
>>>>> debug1: Connection established.
>>>>> debug1: key_load_public: No such file or directory
>>>>> debug1: identity file insecure_private_key type -1
>>>>> debug1: key_load_public: No such file or directory
>>>>> debug1: identity file insecure_private_key-cert type -1
>>>>> debug1: Enabling compatibility mode for protocol 2.0
>>>>> debug1: Local version string SSH-2.0-OpenSSH_6.8
>>>>> debug1: Remote protocol version 2.0, remote software version OpenSSH_6.8
>>>>> debug1: match: OpenSSH_6.8 pat OpenSSH* compat 0x04000000
>>>>> debug1: SSH2_MSG_KEXINIT sent
>>>>> debug1: SSH2_MSG_KEXINIT received
>>>>> debug1: kex: server->client aes128-ctr umac-64-etm openssh com none
>>>>> debug1: kex: client->server aes128-ctr umac-64-etm openssh com none
>>>>> debug1: kex: curve25519-sha256 libssh org need=16 dh_need=16
>>>>> debug1: kex: curve25519-sha256 libssh org need=16 dh_need=16
>>>>> debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
>>>>> debug1: Server host key: ecdsa-sha2-nistp256
>>>>> SHA256:bZ890jxWtxfs31anyYZyo5ZO8uCqJ0RIm8ErlRIp0i0
>>>>> Warning: Permanently added 'localhost' (ECDSA) to the list of known hosts.
>>>>> debug1: SSH2_MSG_NEWKEYS sent
>>>>> debug1: expecting SSH2_MSG_NEWKEYS
>>>>> debug1: SSH2_MSG_NEWKEYS received
>>>>> debug1: Roaming not allowed by server
>>>>> debug1: SSH2_MSG_SERVICE_REQUEST sent
>>>>> debug1: SSH2_MSG_SERVICE_ACCEPT received
>>>>> debug1: Authentications that can continue:
>>>>> publickey,gssapi-keyex,gssapi-with-mic,password
>>>>> debug1: Next authentication method: publickey
>>>>> debug1: Trying private key: insecure_private_key
>>>>> debug1: Authentications that can continue:
>>>>> publickey,gssapi-keyex,gssapi-with-mic,password
>>>>> debug1: No more authentication methods to try.
>>>>> Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password).
>>>>>
>>>>>
>>>>> $ cat insecure_private_key
>>>>> -----BEGIN RSA PRIVATE KEY-----
>>>>> MIIEogIBAAKCAQEA6NF8iallvQVp22WDkTkyrtvp9eWW6A8YVr+kz4TjGYe7gHzI
>>>>> w+niNltGEFHzD8+v1I2YJ6oXevct1YeS0o9HZyN1Q9qgCgzUFtdOKLv6IedplqoP
>>>>> kcmF0aYet2PkEDo3MlTBckFXPITAMzF8dJSIFo9D8HfdOV0IAdx4O7PtixWKn5y2
>>>>> hMNG0zQPyUecp4pzC6kivAIhyfHilFR61RGL+GPXQ2MWZWFYbAGjyiYJnAmCP3NO
>>>>> Td0jMZEnDkbUvxhMmBYSdETk1rRgm+R4LOzFUGaHqHDLKLX+FIPKcF96hrucXzcW
>>>>> yLbIbEgE98OHlnVYCzRdK8jlqm8tehUc9c9WhQIBIwKCAQEA4iqWPJXtzZA68mKd
>>>>> ELs4jJsdyky+ewdZeNds5tjcnHU5zUYE25K+ffJED9qUWICcLZDc81TGWjHyAqD1
>>>>> Bw7XpgUwFgeUJwUlzQurAv+/ySnxiwuaGJfhFM1CaQHzfXphgVml+fZUvnJUTvzf
>>>>> TK2Lg6EdbUE9TarUlBf/xPfuEhMSlIE5keb/Zz3/LUlRg8yDqz5w+QWVJ4utnKnK
>>>>> iqwZN0mwpwU7YSyJhlT4YV1F3n4YjLswM5wJs2oqm0jssQu/BT0tyEXNDYBLEF4A
>>>>> sClaWuSJ2kjq7KhrrYXzagqhnSei9ODYFShJu8UWVec3Ihb5ZXlzO6vdNQ1J9Xsf
>>>>> 4m+2ywKBgQD6qFxx/Rv9CNN96l/4rb14HKirC2o/orApiHmHDsURs5rUKDx0f9iP
>>>>> cXN7S1uePXuJRK/5hsubaOCx3Owd2u9gD6Oq0CsMkE4CUSiJcYrMANtx54cGH7Rk
>>>>> EjFZxK8xAv1ldELEyxrFqkbE4BKd8QOt414qjvTGyAK+OLD3M2QdCQKBgQDtx8pN
>>>>> CAxR7yhHbIWT1AH66+XWN8bXq7l3RO/ukeaci98JfkbkxURZhtxV/HHuvUhnPLdX
>>>>> 3TwygPBYZFNo4pzVEhzWoTtnEtrFueKxyc3+LjZpuo+mBlQ6ORtfgkr9gBVphXZG
>>>>> YEzkCD3lVdl8L4cw9BVpKrJCs1c5taGjDgdInQKBgHm/fVvv96bJxc9x1tffXAcj
>>>>> 3OVdUN0UgXNCSaf/3A/phbeBQe9xS+3mpc4r6qvx+iy69mNBeNZ0xOitIjpjBo2+
>>>>> dBEjSBwLk5q5tJqHmy/jKMJL4n9ROlx93XS+njxgibTvU6Fp9w+NOFD/HvxB3Tcz
>>>>> 6+jJF85D5BNAG3DBMKBjAoGBAOAxZvgsKN+JuENXsST7F89Tck2iTcQIT8g5rwWC
>>>>> P9Vt74yboe2kDT531w8+egz7nAmRBKNM751U/95P9t88EDacDI/Z2OwnuFQHCPDF
>>>>> llYOUI+SpLJ6/vURRbHSnnn8a/XG+nzedGH5JGqEJNQsz+xT2axM0/W/CRknmGaJ
>>>>> kda/AoGANWrLCz708y7VYgAtW2Uf1DPOIYMdvo6fxIB5i9ZfISgcJ/bbCUkFrhoH
>>>>> +vq/5CIWxCPp0f85R4qxxQ5ihxJ0YDQT9Jpx4TMss4PSavPaBH3RXow5Ohe+bYoQ
>>>>> NE5OgEXk2wVfZczCZpigBKbKZHNYcelXtTt/nP3rsCuGcM4h53s=
>>>>> -----END RSA PRIVATE KEY-----
>>>>>
>>>>>
>>>>> journalctl -f tells me nothing interesting.
>>>>>
>>>>> Cheers,
>>>>> James
>>>>>
>>>
>