SSH authorized_keys: Permission denied
Satya Vegulla
with reference to this post
https://groups.google.com/forum/#!searchin/security-onion/asking$20password|sort:relevance/security-onion/-scFibM9MwA/HBGa95djgeYJ
When I am trying to make that automatic using key authentication. (rule update)
Getting the below issue as permission denied.
Tried putting the ssh username and server name manually as well.
Even ensured SSH Username is part of Sudo group.
xxxx@xxxxx:/# ssh-copy-id -i "$KEY".pub $SSH_USERNAME@$SERVERNAME
$SSH_USERNAME@$SERVERNAME's password:
bash: /home/xxxxxxxxx/.ssh/authorized_keys: Permission denied
Regards,
Satya.
Wes
Satya,
Are you running this command as root?
Thanks,
Wes
Satya Vegulla
HI Wes,
Yes, I am running with root.
Regards,
Satya.
Wes
Please post the exact steps you took to arrive at this error.
Thanks,
Wes
Satya Vegulla
Hi Wes,
Apologies for delaying.
As there were multiple issues to be fixed in this sensor and aligned with the change windows, we have rebuilded this sensor, However everything went smooth, at the end after adding the sensor to the masters salt configuration,
rule update is not changing to salt update.
$ ls -l /etc/cron.d/
total 44
-rw-r--r-- 1 root root 288 Jun 20 2010 anacron
-rw-r--r-- 1 root root 258 Aug 28 20:39 bro
-rw-r--r-- 1 root root 224 Jan 1 2014 capme
-rw-r--r-- 1 root root 209 Oct 12 23:06 elsa
-rw-r--r-- 1 root root 308 May 25 2013 nsm-watchdog
-rw-r--r-- 1 root root 544 Sep 12 2012 php5
-rw-r--r-- 1 root root 384 Oct 12 23:06 rule-update (this part is not changing to salt-update)
-rw-r--r-- 1 root root 234 Aug 28 20:39 sensor-clean
-rw-r--r-- 1 root root 823 Aug 13 18:34 sensor-newday
-rw-r--r-- 1 root root 248 Oct 19 2012 sguil-db-purge
-rw-r--r-- 1 root root 403 Oct 13 2013 squert-ip2c
And also when trying this (rule update without password)
https://groups.google.com/forum/#!searchin/security-onion/asking$20password|sort:relevance/security-onion/-scFibM9MwA/HBGa95djgeYJ
pubic Key is getting added to the authorized keys, but still asking for password.
Which also results in ELSA processing its required updates to master.
Request your suggestion here.
Thanks,
Satya
Wes Lambert
then salt should have disabled the rule-update cron job in favor of
its own method of distributing rules to the sensors. However, if you
manually run rule-update and get prompted for the password then that
may be indicative of other problems...
do that, it authenticates using the username and ssh key stored in
/root/.ssh/ on the sensor. This would be the username that you
entered during Setup on the sensor that it used to connect to the
server.
Are you able to manually ssh from the sensor to the server using that
username and its password?
--
Follow Security Onion on Twitter!
https://twitter.com/securityonion
---
You received this message because you are subscribed to the Google Groups "security-onion" group.
To unsubscribe from this group and stop receiving emails from it, send an email to security-onion+unsubscribe@googlegroups.com.
To post to this group, send email to security-onion@googlegroups.com.
Visit this group at https://groups.google.com/group/security-onion.
For more options, visit https://groups.google.com/d/optout.
Satya Vegulla
>
> To post to this group, send email to securit...@googlegroups.com.
> Visit this group at https://groups.google.com/group/security-onion.
>
> For more options, visit https://groups.google.com/d/optout.
also see the Securityonion.pub key getting copied to the authorized keys in the destination server (Master).(when using this command "ssh-copy-id -i "$KEY".pub $SSH_USERNAME@$SERVERNAME")
But at the time of logging in when giving "ssh -i "$KEY" $SSH_USERNAME@$SERVERNAME" command, it still prompts for a password, rather than logging with the help of the key.
Thanks,
Satya.
Wes
Does it match what is present on the sensor, in /root/.ssh/securityonion.pub?
Thanks,
Wes
Satya Vegulla
Yes it does, key residing in both the locations is same,
in fact when i repeat the command to copy the key, same key is getting appended in authorized keys.
Also tried generating new key pair in sensor and cleared the existing keys in authorized keys in master, then repeated the process, but the result seems to be the same.
Thanks,
Satya.
Wes
Have you tried ensuring permissions are correct and that you are trying to login with the correct user?
https://unix.stackexchange.com/questions/36540/why-am-i-still-getting-a-password-prompt-with-ssh-with-public-key-authentication
Thanks,
Wes
Satya Vegulla
I Ensured there are sufficient permissions for the authorized keys.
Checked sosetup.log couldnt find much different.
But actually when sensor installation was in process, we initially gave the wrong master IP, then after the setup was finished, we updated manually the actual master IP, where-all required.
Assuming the above may not be impacting this issue, but just want to confirm.
Regards,
Satya.
Wes
Thanks,
Wes
Satya Vegulla
We did re-run the setup, but the rule update part remains the same.
Is there anything we can do?
Thanks,
Satya.
Wes
Thanks,
Wes
Satya Vegulla
Thanks for your time.
Now we see the authentication happening through the key.
Issue was permissions applied to .ssh/ and Authorized keys and also the owner for the folder of the user account for the sensor in the master.
Thanks,
Satya.