Cannot ssh to nodes
547 views
Skip to first unread message
Boyana Norris
Jun 22, 2018, 10:35:27 PM6/22/18
to ware...@lbl.gov
I just configured a cluster with Centos 7.5 and latest Warewulf (stateless). The nodes boot, however, I am unable to ssh successfully to any of them. I have set up ssh keys and imported the /etc/passwd, /etc/groups, and /etc/shadow files into the node configuration. Permissions look fine. I've tried everything relevant from the documentation or discussions here, to no avail -- any suggestions on how to debug this would be greatly appreciated! Thank you!
# ls -al /root/.ssh
total 72
drwx------. 2 root root 4096 Jun 22 19:14 .
dr-xr-x---. 8 root root 275 Jun 22 17:33 ..
-rw-------. 1 root root 780 Jun 22 18:55 authorized_keys
-rw-------. 1 root root 1679 Jun 22 18:33 cluster
-rw-r--r--. 1 root root 392 Jun 22 18:33 cluster.pub
-rw-------. 1 root root 98 Jun 13 16:38 config
-rw-r--r--. 1 root root 9374 Jun 22 18:42 known_hosts
total 72
drwx------. 2 root root 4096 Jun 22 19:14 .
dr-xr-x---. 8 root root 275 Jun 22 17:33 ..
-rw-------. 1 root root 780 Jun 22 18:55 authorized_keys
-rw-------. 1 root root 1679 Jun 22 18:33 cluster
-rw-r--r--. 1 root root 392 Jun 22 18:33 cluster.pub
-rw-------. 1 root root 98 Jun 13 16:38 config
-rw-r--r--. 1 root root 9374 Jun 22 18:42 known_hosts
# wwsh file list
authorized_keys : rw------- 1 root root 780 /root/.ssh/authorized_keys
cluster.pub : rw-r--r-- 1 root root 392 /root/.ssh/cluster.pub
dynamic_hosts : rw-r--r-- 0 root root 55903 /etc/hosts
group : rw------- 1 root root 1158 /etc/group
network : rw-r--r-- 1 root root 20 /etc/sysconfig/network
passwd : rw------- 1 root root 3213 /etc/passwd
shadow : rw------- 1 root root 1769 /etc/shadow
slurm.conf : rw-r--r-- 1 root root 2180 /etc/slurm/slurm.conf
authorized_keys : rw------- 1 root root 780 /root/.ssh/authorized_keys
cluster.pub : rw-r--r-- 1 root root 392 /root/.ssh/cluster.pub
dynamic_hosts : rw-r--r-- 0 root root 55903 /etc/hosts
group : rw------- 1 root root 1158 /etc/group
network : rw-r--r-- 1 root root 20 /etc/sysconfig/network
passwd : rw------- 1 root root 3213 /etc/passwd
shadow : rw------- 1 root root 1769 /etc/shadow
slurm.conf : rw-r--r-- 1 root root 2180 /etc/slurm/slurm.conf
# ssh -i /root/.ssh/cluster -vvv 192.168.10.10
OpenSSH_7.4p1, OpenSSL 1.0.2k-fips 26 Jan 2017
debug1: Reading configuration data /root/.ssh/config
debug1: /root/.ssh/config line 2: Applying options for *
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 58: Applying options for *
debug2: resolving "192.168.10.10" port 22
debug2: ssh_connect_direct: needpriv 0
debug1: Connecting to 192.168.10.10 [192.168.10.10] port 22.
debug1: Connection established.
debug1: permanently_set_uid: 0/0
debug1: identity file /root/.ssh/cluster type 1
debug1: key_load_public: No such file or directory
debug1: identity file /root/.ssh/cluster-cert type -1
debug1: identity file /root/.ssh/cluster type 1
debug1: key_load_public: No such file or directory
debug1: identity file /root/.ssh/cluster-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_7.4
debug1: Remote protocol version 2.0, remote software version RomSShell_4.62
debug1: no match: RomSShell_4.62
debug2: fd 3 setting O_NONBLOCK
debug1: Authenticating to 192.168.10.10:22 as 'root'
debug3: hostkeys_foreach: reading file "/root/.ssh/known_hosts"
debug3: record_hostkey: found key type DSA in file /root/.ssh/known_hosts:32
debug3: load_hostkeys: loaded 1 keys from 192.168.10.10
debug3: order_hostkeyalgs: prefer hostkeyalgs: ssh-dss-...@openssh.com,ssh-dss
debug3: send packet: type 20
debug1: SSH2_MSG_KEXINIT sent
debug3: receive packet: type 20
debug1: SSH2_MSG_KEXINIT received
debug2: local client KEXINIT proposal
debug2: KEX algorithms: curve25519-sha256,curve25519-sha...@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c
debug2: host key algorithms: ssh-dss-...@openssh.com,ssh-dss,ecdsa-sha2-nistp256-cert-v...@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521...@openssh.com,ssh-ed25519-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa
debug2: ciphers ctos: chacha20...@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-g...@openssh.com,aes256...@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc
debug2: ciphers stoc: chacha20...@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-g...@openssh.com,aes256...@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc
debug2: MACs ctos: umac-...@openssh.com,umac-128...@openssh.com,hmac-sha2-256...@openssh.com,hmac-sha2-512...@openssh.com,hmac-sha1-e...@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: MACs stoc: umac-...@openssh.com,umac-128...@openssh.com,hmac-sha2-256...@openssh.com,hmac-sha2-512...@openssh.com,hmac-sha1-e...@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: compression ctos: none,zl...@openssh.com,zlib
debug2: compression stoc: none,zl...@openssh.com,zlib
debug2: languages ctos:
debug2: languages stoc:
debug2: first_kex_follows 0
debug2: reserved 0
debug2: peer server KEXINIT proposal
debug2: KEX algorithms: diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: host key algorithms: ssh-dss
debug2: ciphers ctos: aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc
debug2: ciphers stoc: aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc
debug2: MACs ctos: hmac-sha1
debug2: MACs stoc: hmac-sha1
debug2: compression ctos: none
debug2: compression stoc: none
debug2: languages ctos:
debug2: languages stoc:
debug2: first_kex_follows 0
debug2: reserved 0
debug1: kex: algorithm: diffie-hellman-group14-sha1
debug1: kex: host key algorithm: ssh-dss
debug1: kex: server->client cipher: aes128-cbc MAC: hmac-sha1 compression: none
debug1: kex: client->server cipher: aes128-cbc MAC: hmac-sha1 compression: none
debug1: kex: diffie-hellman-group14-sha1 need=20 dh_need=20
debug1: kex: diffie-hellman-group14-sha1 need=20 dh_need=20
debug1: sending SSH2_MSG_KEXDH_INIT
debug2: bits set: 1044/2048
debug3: send packet: type 30
debug1: expecting SSH2_MSG_KEXDH_REPLY
debug3: receive packet: type 31
debug1: Server host key: ssh-dss SHA256:q6nxZerOBlFZAUdI5xwpmrUkuODylNhyJEHrtS4+2J8
debug3: hostkeys_foreach: reading file "/root/.ssh/known_hosts"
debug3: record_hostkey: found key type DSA in file /root/.ssh/known_hosts:32
debug3: load_hostkeys: loaded 1 keys from 192.168.10.10
debug1: Host '192.168.10.10' is known and matches the DSA host key.
debug1: Found key in /root/.ssh/known_hosts:32
debug2: bits set: 963/2048
debug3: send packet: type 21
debug2: set_newkeys: mode 1
debug1: rekey after 4294967296 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug3: receive packet: type 21
debug1: SSH2_MSG_NEWKEYS received
debug2: set_newkeys: mode 0
debug1: rekey after 4294967296 blocks
debug2: key: /root/.ssh/cluster (0x557782a01030), explicit, agent
debug2: key: /Users/norris/.ssh/id_rsa (0x557782a01080), agent
debug2: key: /root/.ssh/cluster (0x557782a04220), agent
debug2: key: /root/.ssh/cluster (0x557782a01450), explicit
debug3: send packet: type 5
debug3: receive packet: type 6
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug3: send packet: type 50
debug3: receive packet: type 51
debug1: Authentications that can continue: publickey,password
debug3: start over, passed a different list publickey,password
debug3: preferred gssapi-keyex,gssapi-with-mic,publickey,keyboard-interactive,password
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /root/.ssh/cluster
debug3: send_pubkey_test
debug3: send packet: type 50
debug2: we sent a publickey packet, wait for reply
debug3: receive packet: type 51
debug1: Authentications that can continue: publickey,password
debug1: Offering RSA public key: /Users/norris/.ssh/id_rsa
debug3: send_pubkey_test
debug3: send packet: type 50
debug2: we sent a publickey packet, wait for reply
debug3: receive packet: type 51
debug1: Authentications that can continue: publickey,password
debug1: Offering DSA public key: /root/.ssh/cluster
debug3: send_pubkey_test
debug3: send packet: type 50
debug2: we sent a publickey packet, wait for reply
debug3: receive packet: type 60
debug1: Server accepts key: pkalg ssh-dss blen 433
debug2: input_userauth_pk_ok: fp SHA256:inptC7F6PiHK1Ogl9bV4lh7DQa0BXByzH9hrp1CFi3c
debug3: sign_and_send_pubkey: DSA SHA256:inptC7F6PiHK1Ogl9bV4lh7DQa0BXByzH9hrp1CFi3c
debug3: send packet: type 50
debug3: receive packet: type 51
debug1: Authentications that can continue: publickey,password
debug1: Offering RSA public key: /root/.ssh/cluster
debug3: send_pubkey_test
debug3: send packet: type 50
debug2: we sent a publickey packet, wait for reply
debug3: receive packet: type 51
debug1: Authentications that can continue: publickey,password
debug2: we did not send a packet, disable method
debug3: authmethod_lookup password
debug3: remaining preferred: ,password
debug3: authmethod_is_enabled password
debug1: Next authentication method: password
ro...@192.168.10.10's password:
debug3: send packet: type 50
debug2: we sent a password packet, wait for reply
debug3: receive packet: type 51
debug1: Authentications that can continue: publickey,password
Permission denied, please try again.
OpenSSH_7.4p1, OpenSSL 1.0.2k-fips 26 Jan 2017
debug1: Reading configuration data /root/.ssh/config
debug1: /root/.ssh/config line 2: Applying options for *
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 58: Applying options for *
debug2: resolving "192.168.10.10" port 22
debug2: ssh_connect_direct: needpriv 0
debug1: Connecting to 192.168.10.10 [192.168.10.10] port 22.
debug1: Connection established.
debug1: permanently_set_uid: 0/0
debug1: identity file /root/.ssh/cluster type 1
debug1: key_load_public: No such file or directory
debug1: identity file /root/.ssh/cluster-cert type -1
debug1: identity file /root/.ssh/cluster type 1
debug1: key_load_public: No such file or directory
debug1: identity file /root/.ssh/cluster-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_7.4
debug1: Remote protocol version 2.0, remote software version RomSShell_4.62
debug1: no match: RomSShell_4.62
debug2: fd 3 setting O_NONBLOCK
debug1: Authenticating to 192.168.10.10:22 as 'root'
debug3: hostkeys_foreach: reading file "/root/.ssh/known_hosts"
debug3: record_hostkey: found key type DSA in file /root/.ssh/known_hosts:32
debug3: load_hostkeys: loaded 1 keys from 192.168.10.10
debug3: order_hostkeyalgs: prefer hostkeyalgs: ssh-dss-...@openssh.com,ssh-dss
debug3: send packet: type 20
debug1: SSH2_MSG_KEXINIT sent
debug3: receive packet: type 20
debug1: SSH2_MSG_KEXINIT received
debug2: local client KEXINIT proposal
debug2: KEX algorithms: curve25519-sha256,curve25519-sha...@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c
debug2: host key algorithms: ssh-dss-...@openssh.com,ssh-dss,ecdsa-sha2-nistp256-cert-v...@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521...@openssh.com,ssh-ed25519-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa
debug2: ciphers ctos: chacha20...@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-g...@openssh.com,aes256...@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc
debug2: ciphers stoc: chacha20...@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-g...@openssh.com,aes256...@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc
debug2: MACs ctos: umac-...@openssh.com,umac-128...@openssh.com,hmac-sha2-256...@openssh.com,hmac-sha2-512...@openssh.com,hmac-sha1-e...@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: MACs stoc: umac-...@openssh.com,umac-128...@openssh.com,hmac-sha2-256...@openssh.com,hmac-sha2-512...@openssh.com,hmac-sha1-e...@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: compression ctos: none,zl...@openssh.com,zlib
debug2: compression stoc: none,zl...@openssh.com,zlib
debug2: languages ctos:
debug2: languages stoc:
debug2: first_kex_follows 0
debug2: reserved 0
debug2: peer server KEXINIT proposal
debug2: KEX algorithms: diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: host key algorithms: ssh-dss
debug2: ciphers ctos: aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc
debug2: ciphers stoc: aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc
debug2: MACs ctos: hmac-sha1
debug2: MACs stoc: hmac-sha1
debug2: compression ctos: none
debug2: compression stoc: none
debug2: languages ctos:
debug2: languages stoc:
debug2: first_kex_follows 0
debug2: reserved 0
debug1: kex: algorithm: diffie-hellman-group14-sha1
debug1: kex: host key algorithm: ssh-dss
debug1: kex: server->client cipher: aes128-cbc MAC: hmac-sha1 compression: none
debug1: kex: client->server cipher: aes128-cbc MAC: hmac-sha1 compression: none
debug1: kex: diffie-hellman-group14-sha1 need=20 dh_need=20
debug1: kex: diffie-hellman-group14-sha1 need=20 dh_need=20
debug1: sending SSH2_MSG_KEXDH_INIT
debug2: bits set: 1044/2048
debug3: send packet: type 30
debug1: expecting SSH2_MSG_KEXDH_REPLY
debug3: receive packet: type 31
debug1: Server host key: ssh-dss SHA256:q6nxZerOBlFZAUdI5xwpmrUkuODylNhyJEHrtS4+2J8
debug3: hostkeys_foreach: reading file "/root/.ssh/known_hosts"
debug3: record_hostkey: found key type DSA in file /root/.ssh/known_hosts:32
debug3: load_hostkeys: loaded 1 keys from 192.168.10.10
debug1: Host '192.168.10.10' is known and matches the DSA host key.
debug1: Found key in /root/.ssh/known_hosts:32
debug2: bits set: 963/2048
debug3: send packet: type 21
debug2: set_newkeys: mode 1
debug1: rekey after 4294967296 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug3: receive packet: type 21
debug1: SSH2_MSG_NEWKEYS received
debug2: set_newkeys: mode 0
debug1: rekey after 4294967296 blocks
debug2: key: /root/.ssh/cluster (0x557782a01030), explicit, agent
debug2: key: /Users/norris/.ssh/id_rsa (0x557782a01080), agent
debug2: key: /root/.ssh/cluster (0x557782a04220), agent
debug2: key: /root/.ssh/cluster (0x557782a01450), explicit
debug3: send packet: type 5
debug3: receive packet: type 6
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug3: send packet: type 50
debug3: receive packet: type 51
debug1: Authentications that can continue: publickey,password
debug3: start over, passed a different list publickey,password
debug3: preferred gssapi-keyex,gssapi-with-mic,publickey,keyboard-interactive,password
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /root/.ssh/cluster
debug3: send_pubkey_test
debug3: send packet: type 50
debug2: we sent a publickey packet, wait for reply
debug3: receive packet: type 51
debug1: Authentications that can continue: publickey,password
debug1: Offering RSA public key: /Users/norris/.ssh/id_rsa
debug3: send_pubkey_test
debug3: send packet: type 50
debug2: we sent a publickey packet, wait for reply
debug3: receive packet: type 51
debug1: Authentications that can continue: publickey,password
debug1: Offering DSA public key: /root/.ssh/cluster
debug3: send_pubkey_test
debug3: send packet: type 50
debug2: we sent a publickey packet, wait for reply
debug3: receive packet: type 60
debug1: Server accepts key: pkalg ssh-dss blen 433
debug2: input_userauth_pk_ok: fp SHA256:inptC7F6PiHK1Ogl9bV4lh7DQa0BXByzH9hrp1CFi3c
debug3: sign_and_send_pubkey: DSA SHA256:inptC7F6PiHK1Ogl9bV4lh7DQa0BXByzH9hrp1CFi3c
debug3: send packet: type 50
debug3: receive packet: type 51
debug1: Authentications that can continue: publickey,password
debug1: Offering RSA public key: /root/.ssh/cluster
debug3: send_pubkey_test
debug3: send packet: type 50
debug2: we sent a publickey packet, wait for reply
debug3: receive packet: type 51
debug1: Authentications that can continue: publickey,password
debug2: we did not send a packet, disable method
debug3: authmethod_lookup password
debug3: remaining preferred: ,password
debug3: authmethod_is_enabled password
debug1: Next authentication method: password
ro...@192.168.10.10's password:
debug3: send packet: type 50
debug2: we sent a password packet, wait for reply
debug3: receive packet: type 51
debug1: Authentications that can continue: publickey,password
Permission denied, please try again.
Jeff Davis
Jun 22, 2018, 11:14:25 PM6/22/18
to Warewulf
Try not being root... just a normal user.
For root to work you would need to provision his authorized keys.
On Fri, Jun 22, 2018, 10:35 PM Boyana Norris <brnor...@gmail.com> wrote:
I just configured a cluster with Centos 7.5 and latest Warewulf (stateless). The nodes boot, however, I am unable to ssh successfully to any of them. I have set up ssh keys and imported the /etc/passwd, /etc/groups, and /etc/shadow files into the node configuration. Permissions look fine. I've tried everything relevant from the documentation or discussions here, to no avail -- any suggestions on how to debug this would be greatly appreciated! Thank you!# ls -al /root/.ssh
total 72
drwx------. 2 root root 4096 Jun 22 19:14 .
dr-xr-x---. 8 root root 275 Jun 22 17:33 ..
-rw-------. 1 root root 780 Jun 22 18:55 authorized_keys
-rw-------. 1 root root 1679 Jun 22 18:33 cluster
-rw-r--r--. 1 root root 392 Jun 22 18:33 cluster.pub
-rw-------. 1 root root 98 Jun 13 16:38 config
-rw-r--r--. 1 root root 9374 Jun 22 18:42 known_hosts
debug2: KEX algorithms: curve25519-sha256,curve255...@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c
debug2: host key algorithms: ssh-dss-...@openssh.com,ssh-dss,ecdsa-sha2-nistp256-cert-v...@openssh.com,ecdsa-sha2-nis...@openssh.com,ecdsa-sha2-nis...@openssh.com,ssh-ed25519-...@openssh.com,ssh-rsa-...@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa
debug2: ciphers ctos: chacha20...@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-g...@openssh.com,aes25...@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc
debug2: ciphers stoc: chacha20...@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-g...@openssh.com,aes25...@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc
debug2: MACs ctos: umac-...@openssh.com,umac-1...@openssh.com,hmac-sha...@openssh.com,hmac-sha2-5...@openssh.com,hmac-s...@openssh.com,uma...@openssh.com,umac...@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: MACs stoc: umac-...@openssh.com,umac-1...@openssh.com,hmac-sha...@openssh.com,hmac-sha2-5...@openssh.com,hmac-s...@openssh.com,uma...@openssh.com,umac...@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
--
You received this message because you are subscribed to the Google Groups "Warewulf" group.
To unsubscribe from this group and stop receiving emails from it, send an email to warewulf+u...@lbl.gov.
To post to this group, send email to ware...@lbl.gov.
To view this discussion on the web visit https://groups.google.com/a/lbl.gov/d/msgid/warewulf/489bdfa1-9dbe-4bc7-93e1-0e7d43a3f77f%40lbl.gov.
For more options, visit https://groups.google.com/a/lbl.gov/d/optout.
Boyana Norris
Jun 23, 2018, 1:02:19 AM6/23/18
to Warewulf
Thanks, I just tried, and I get a bit farther, but still no success -- ssh keys still did not worked. Password authorization succeeded but the connection was closed anyway. I am wondering whether there is a problem with the /home directory mounting.
bno...@192.168.10.10's password:
debug3: send packet: type 50
debug2: we sent a password packet, wait for reply
debug3: receive packet: type 52
debug1: Authentication succeeded (password).
Authenticated to 192.168.10.10 ([192.168.10.10]:22).
debug1: channel 0: new [client-session]
debug3: ssh_session2_open: channel_new: 0
debug2: channel 0: send open
debug3: send packet: type 90
debug1: Entering interactive session.
debug1: pledge: network
debug3: receive packet: type 91
debug2: callback start
debug2: fd 3 setting TCP_NODELAY
debug3: ssh_packet_set_tos: set IP_TOS 0x10
debug2: client_session2_setup: id 0
debug2: channel 0: request pty-req confirm 1
debug3: send packet: type 98
debug1: Sending environment.
debug3: Ignored env XDG_SESSION_ID
debug3: Ignored env HOSTNAME
debug3: Ignored env SELINUX_ROLE_REQUESTED
debug3: Ignored env TERM
debug3: Ignored env SHELL
debug3: Ignored env HISTSIZE
debug3: Ignored env SSH_CLIENT
debug3: Ignored env SELINUX_USE_CURRENT_RANGE
debug3: Ignored env LMOD_PKG
debug3: Ignored env LMOD_VERSION
debug3: Ignored env SSH_TTY
debug3: Ignored env USER
debug3: Ignored env LS_COLORS
debug3: Ignored env SSH_AUTH_SOCK
debug3: Ignored env LMOD_PREPEND_BLOCK
debug3: Ignored env _ModuleTable001_
debug3: Ignored env MAIL
debug3: Ignored env PATH
debug3: Ignored env LMOD_SETTARG_CMD
debug3: Ignored env PWD
debug1: Sending env LANG = en_US.UTF-8
debug2: channel 0: request env confirm 0
debug3: send packet: type 98
debug3: Ignored env MODULEPATH
debug3: Ignored env _ModuleTable_Sz_
debug3: Ignored env SELINUX_LEVEL_REQUESTED
debug3: Ignored env LMOD_CMD
debug3: Ignored env HISTCONTROL
debug3: Ignored env SHLVL
debug3: Ignored env HOME
debug3: Ignored env SHOST
debug3: Ignored env BASH_ENV
debug3: Ignored env LOGNAME
debug3: Ignored env SSH_CONNECTION
debug3: Ignored env MODULESHOME
debug3: Ignored env LMOD_SETTARG_FULL_SUPPORT
debug3: Ignored env LESSOPEN
debug3: Ignored env LMOD_FULL_SETTARG_SUPPORT
debug3: Ignored env XDG_RUNTIME_DIR
debug3: Ignored env LMOD_DIR
debug3: Ignored env LMOD_COLORIZE
debug3: Ignored env BASH_FUNC_module()
debug3: Ignored env BASH_FUNC_ml()
debug3: Ignored env _
debug2: channel 0: request shell confirm 1
debug3: send packet: type 98
debug2: callback done
debug2: channel 0: open confirm rwindow 1024 rmax 1024
debug3: receive packet: type 99
debug2: channel_input_status_confirm: type 99 id 0
debug2: PTY allocation request accepted on channel 0
debug3: receive packet: type 99
debug2: channel_input_status_confirm: type 99 id 0
debug2: shell request accepted on channel 0
debug3: send packet: type 1
debug1: channel 0: free: client-session, nchannels 1
debug3: channel 0: status: The following connections are open:
#0 client-session (t4 r0 i0/0 o0/0 fd 5/6 cc -1)
Connection to 192.168.10.10 closed by remote host.
Connection to 192.168.10.10 closed.
Transferred: sent 5016, received 2256 bytes, in 0.1 seconds
Bytes per second: sent 53070.9, received 23869.2
debug1: Exit status -1
debug1: Authentication succeeded (password).
Authenticated to 192.168.10.10 ([192.168.10.10]:22).
debug1: channel 0: new [client-session]
debug3: ssh_session2_open: channel_new: 0
debug2: channel 0: send open
debug3: send packet: type 90
debug1: Entering interactive session.
debug1: pledge: network
debug3: receive packet: type 91
debug2: callback start
debug2: fd 3 setting TCP_NODELAY
debug3: ssh_packet_set_tos: set IP_TOS 0x10
debug2: client_session2_setup: id 0
debug2: channel 0: request pty-req confirm 1
debug3: send packet: type 98
debug1: Sending environment.
debug3: Ignored env XDG_SESSION_ID
debug3: Ignored env HOSTNAME
debug3: Ignored env SELINUX_ROLE_REQUESTED
debug3: Ignored env TERM
debug3: Ignored env SHELL
debug3: Ignored env HISTSIZE
debug3: Ignored env SSH_CLIENT
debug3: Ignored env SELINUX_USE_CURRENT_RANGE
debug3: Ignored env LMOD_PKG
debug3: Ignored env LMOD_VERSION
debug3: Ignored env SSH_TTY
debug3: Ignored env USER
debug3: Ignored env LS_COLORS
debug3: Ignored env SSH_AUTH_SOCK
debug3: Ignored env LMOD_PREPEND_BLOCK
debug3: Ignored env _ModuleTable001_
debug3: Ignored env MAIL
debug3: Ignored env PATH
debug3: Ignored env LMOD_SETTARG_CMD
debug3: Ignored env PWD
debug1: Sending env LANG = en_US.UTF-8
debug2: channel 0: request env confirm 0
debug3: send packet: type 98
debug3: Ignored env MODULEPATH
debug3: Ignored env _ModuleTable_Sz_
debug3: Ignored env SELINUX_LEVEL_REQUESTED
debug3: Ignored env LMOD_CMD
debug3: Ignored env HISTCONTROL
debug3: Ignored env SHLVL
debug3: Ignored env HOME
debug3: Ignored env SHOST
debug3: Ignored env BASH_ENV
debug3: Ignored env LOGNAME
debug3: Ignored env SSH_CONNECTION
debug3: Ignored env MODULESHOME
debug3: Ignored env LMOD_SETTARG_FULL_SUPPORT
debug3: Ignored env LESSOPEN
debug3: Ignored env LMOD_FULL_SETTARG_SUPPORT
debug3: Ignored env XDG_RUNTIME_DIR
debug3: Ignored env LMOD_DIR
debug3: Ignored env LMOD_COLORIZE
debug3: Ignored env BASH_FUNC_module()
debug3: Ignored env BASH_FUNC_ml()
debug3: Ignored env _
debug2: channel 0: request shell confirm 1
debug3: send packet: type 98
debug2: callback done
debug2: channel 0: open confirm rwindow 1024 rmax 1024
debug3: receive packet: type 99
debug2: channel_input_status_confirm: type 99 id 0
debug2: PTY allocation request accepted on channel 0
debug3: receive packet: type 99
debug2: channel_input_status_confirm: type 99 id 0
debug2: shell request accepted on channel 0
debug3: send packet: type 1
debug1: channel 0: free: client-session, nchannels 1
debug3: channel 0: status: The following connections are open:
#0 client-session (t4 r0 i0/0 o0/0 fd 5/6 cc -1)
Connection to 192.168.10.10 closed by remote host.
Connection to 192.168.10.10 closed.
Transferred: sent 5016, received 2256 bytes, in 0.1 seconds
Bytes per second: sent 53070.9, received 23869.2
debug1: Exit status -1
debug2: KEX algorithms: curve25519-sha256,curve25519-sha...@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c
debug2: host key algorithms: ssh-dss-...@openssh.com,ssh-dss,ecdsa-sha2-nistp256-cert-v...@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521...@openssh.com,ssh-ed25519-...@openssh.com,ssh-rsa-...@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa
debug2: ciphers ctos: chacha20...@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-g...@openssh.com,aes256...@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc
debug2: ciphers stoc: chacha20...@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-g...@openssh.com,aes256...@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc
debug2: MACs ctos: umac-...@openssh.com,umac-128...@openssh.com,hmac-sha2-256...@openssh.com,hmac-sha2-512...@openssh.com,hmac-sha1-e...@openssh.com,uma...@openssh.com,umac...@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: MACs stoc: umac-...@openssh.com,umac-128...@openssh.com,hmac-sha2-256...@openssh.com,hmac-sha2-512...@openssh.com,hmac-sha1-e...@openssh.com,uma...@openssh.com,umac...@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
Jason Stover
Jun 23, 2018, 2:31:12 AM6/23/18
to ware...@lbl.gov
What does the file [chroot]/root/.ssh/authorized_keys look like? Does
it include cluster.pub ?
One think you could try doing, as long as the default cron wasn't
removed... Create a authorized_keys file Warewulf that has
cluster.pub in it. Import that file with
"--path=/root/.ssh/authorized_keys" and add it to the node with:
wwsh provision set [node] --fileadd=[name]
Wait around for 5-10 min or so. Then try running:
ssh -i /root/.ssh/cluster 192.168.10.10
If you tail the apache access_log you should see a request from the
node come in that's something like: /WW/file?fileid=[id] ... Where
[id] is the ID of the file. You can get this by running:
wwsh object dump [file name]
-J
>>> debug2: MACs stoc: umac-...@openssh.com,umac-1...@openssh.com,hmac-sha...@openssh.com,hmac-sha...@openssh.com,hmac-s...@openssh.com,uma...@openssh.com,umac...@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
> To view this discussion on the web visit https://groups.google.com/a/lbl.gov/d/msgid/warewulf/4e1649e2-d79a-40c1-85bc-6c8e23157847%40lbl.gov.
it include cluster.pub ?
One think you could try doing, as long as the default cron wasn't
removed... Create a authorized_keys file Warewulf that has
cluster.pub in it. Import that file with
"--path=/root/.ssh/authorized_keys" and add it to the node with:
wwsh provision set [node] --fileadd=[name]
Wait around for 5-10 min or so. Then try running:
ssh -i /root/.ssh/cluster 192.168.10.10
If you tail the apache access_log you should see a request from the
node come in that's something like: /WW/file?fileid=[id] ... Where
[id] is the ID of the file. You can get this by running:
wwsh object dump [file name]
-J
>>> debug2: KEX algorithms: curve25519-sha256,curve255...@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c
>>> debug2: host key algorithms: ssh-dss-...@openssh.com,ssh-dss,ecdsa-sha2-nistp256-cert-v...@openssh.com,ecdsa-sha2-nis...@openssh.com,ecdsa-sha2-nis...@openssh.com,ssh-ed25519-...@openssh.com,ssh-rsa-...@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa
>>> debug2: ciphers ctos: chacha20...@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-g...@openssh.com,aes25...@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc
>>> debug2: ciphers stoc: chacha20...@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-g...@openssh.com,aes25...@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc
>>> debug2: MACs ctos: umac-...@openssh.com,umac-1...@openssh.com,hmac-sha...@openssh.com,hmac-sha...@openssh.com,hmac-s...@openssh.com,uma...@openssh.com,umac...@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
>>> debug2: host key algorithms: ssh-dss-...@openssh.com,ssh-dss,ecdsa-sha2-nistp256-cert-v...@openssh.com,ecdsa-sha2-nis...@openssh.com,ecdsa-sha2-nis...@openssh.com,ssh-ed25519-...@openssh.com,ssh-rsa-...@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa
>>> debug2: ciphers ctos: chacha20...@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-g...@openssh.com,aes25...@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc
>>> debug2: ciphers stoc: chacha20...@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-g...@openssh.com,aes25...@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc
>>> debug2: MACs stoc: umac-...@openssh.com,umac-1...@openssh.com,hmac-sha...@openssh.com,hmac-sha...@openssh.com,hmac-s...@openssh.com,uma...@openssh.com,umac...@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
Jeff Davis
Jun 23, 2018, 8:31:15 AM6/23/18
to Warewulf
Try running wwinit ssh
To view this discussion on the web visit https://groups.google.com/a/lbl.gov/d/msgid/warewulf/CAGfAqt_6mdZAe3Q8jwY%3DJ3WBi77th7Cku7_H%3D2bpOyaLbyQuow%40mail.gmail.com.
Boyana Norris
Jun 23, 2018, 10:43:09 AM6/23/18
to Warewulf
Jason, I had done all these things (and checked permissions in the file list), but I did it again, with --path as you suggested, with the same result, ssh keys or password still don't work for root. I don't see any new messages in the apache access log as a result, could that be a problem?
# wwsh object dump authorized_keys
Object #0: OBJECT REF Warewulf::File=HASH(0x3411020) {
"CHECKSUM" (8) => "8ebba7e30f180c5849b64f761d4f57a0" (32)
"FILETYPE" (8) => 32768
"FORMAT" (6) => "data" (4)
"GID" (3) => 0
"MODE" (4) => 384
"NAME" (4) => "authorized_keys" (15)
"ORIGIN" (6) => "/root/.ssh/authorized_keys" (26)
"PATH" (4) => "/root/.ssh/authorized_keys" (26)
"SIZE" (4) => 780
"UID" (3) => 0
"_ID" (3) => 1300
"_TIMESTAMP" (10) => 1529763706
"_TYPE" (5) => "file" (4)
}
# wwsh object dump authorized_keys
Object #0: OBJECT REF Warewulf::File=HASH(0x3411020) {
"CHECKSUM" (8) => "8ebba7e30f180c5849b64f761d4f57a0" (32)
"FILETYPE" (8) => 32768
"FORMAT" (6) => "data" (4)
"GID" (3) => 0
"MODE" (4) => 384
"NAME" (4) => "authorized_keys" (15)
"ORIGIN" (6) => "/root/.ssh/authorized_keys" (26)
"PATH" (4) => "/root/.ssh/authorized_keys" (26)
"SIZE" (4) => 780
"UID" (3) => 0
"_ID" (3) => 1300
"_TIMESTAMP" (10) => 1529763706
"_TYPE" (5) => "file" (4)
}
>>> debug2: KEX algorithms: curve25519-sha256,curve25519-sha...@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c
>>> debug2: host key algorithms: ssh-dss-...@openssh.com,ssh-dss,ecdsa-sha2-nistp256-cert-v...@openssh.com,ecdsa-sha2-nistp384...@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-ed25519-...@openssh.com,ssh-rsa-...@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa
>>> debug2: ciphers ctos: chacha20...@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-g...@openssh.com,aes256...@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc
>>> debug2: ciphers stoc: chacha20...@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-g...@openssh.com,aes256...@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc
>>> debug2: MACs ctos: umac-...@openssh.com,umac-128-e...@openssh.com,hmac-sha2-256-e...@openssh.com,hmac-sha2-512-e...@openssh.com,hmac-s...@openssh.com,uma...@openssh.com,umac...@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
>>> debug2: MACs stoc: umac-...@openssh.com,umac-128-e...@openssh.com,hmac-sha2-256-e...@openssh.com,hmac-sha2-512-e...@openssh.com,hmac-s...@openssh.com,uma...@openssh.com,umac...@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
Boyana Norris
Jun 23, 2018, 10:45:39 AM6/23/18
to Warewulf
There is no ssh module when I run wwinit, but ssh_keys works:
# wwinit ssh_keys
ssh_keys: Checking ssh keys for root OK
ssh_keys: Checking root's ssh config OK
ssh_keys: Checking for default RSA1 host key for nodes OK
ssh_keys: Checking for default RSA host key for nodes OK
ssh_keys: Checking for default DSA host key for nodes OK
ssh_keys: Checking for default ECDSA host key for nodes OK
Done.
Try running wwinit ssh
>>> debug2: KEX algorithms: curve25519-sha256,curve25519-sha...@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c
>>> debug2: host key algorithms: ssh-dss-...@openssh.com,ssh-dss,ecdsa-sha2-nistp256-cert-v...@openssh.com,ecdsa-sha2-nistp384...@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-ed25519-...@openssh.com,ssh-rsa-...@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa
>>> debug2: ciphers ctos: chacha20...@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-g...@openssh.com,aes256...@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc
>>> debug2: ciphers stoc: chacha20...@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-g...@openssh.com,aes256...@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc
>>> debug2: MACs ctos: umac-...@openssh.com,umac-128-e...@openssh.com,hmac-sha2-256-e...@openssh.com,hmac-sha2-512-e...@openssh.com,hmac-s...@openssh.com,uma...@openssh.com,umac...@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
>>> debug2: MACs stoc: umac-...@openssh.com,umac-128-e...@openssh.com,hmac-sha2-256-e...@openssh.com,hmac-sha2-512-e...@openssh.com,hmac-s...@openssh.com,uma...@openssh.com,umac...@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
Jeff Davis
Jun 23, 2018, 11:48:48 AM6/23/18
to Warewulf
That's what I meant. It should work. I'm away from my computer so I'm out of ideas. Sorry.
Try running wwinit ssh
>>> debug2: KEX algorithms: curve25519-sha256,curve255...@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c
>>> debug2: host key algorithms: ssh-dss-...@openssh.com,ssh-dss,ecdsa-sha2-nistp256-cert-v...@openssh.com,ecdsa-sha2-nis...@openssh.com,ecdsa-sha2-nis...@openssh.com,ssh-ed25519-...@openssh.com,ssh-rsa-...@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa
>>> debug2: ciphers ctos: chacha20...@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-g...@openssh.com,aes25...@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc
>>> debug2: ciphers stoc: chacha20...@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-g...@openssh.com,aes25...@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc
>>> debug2: MACs ctos: umac-...@openssh.com,umac-1...@openssh.com,hmac-sha...@openssh.com,hmac-sha...@openssh.com,hmac-s...@openssh.com,uma...@openssh.com,umac...@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
>>> debug2: MACs stoc: umac-...@openssh.com,umac-1...@openssh.com,hmac-sha...@openssh.com,hmac-sha...@openssh.com,hmac-s...@openssh.com,uma...@openssh.com,umac...@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
To view this discussion on the web visit https://groups.google.com/a/lbl.gov/d/msgid/warewulf/c5367335-b812-45cb-aa0a-1a53466d346d%40lbl.gov.
Reply all
Reply to author
Forward
0 new messages