ISSUE: SLAVE1 IS NOT ABLE TO CONNECT WITH SLAVE2 VIA SSH WITHOUT PASSWORD PROMPT. IP AND HOSTNAME MAPPING: 10.74.19.50 MASTER 10.138.22.103 SLAVE1 10.85.62.107 SLAVE2 COMMANDS FOR DOING SSH SETUP: 1) sudo iptables -A INPUT -p tcp --dport ssh -j ACCEPT 2) sudo reboot 3) ssh-keygen -t rsa -f ~/.ssh/id_rsa -P "" 4) ssh-copy-id -i ~/.ssh/id_rsa.pub projadmin@SLAVE2 5) ssh-copy-id -i ~/.ssh/id_rsa.pub admin@SLAVE1 6) ssh-copy-id -i ~/.ssh/id_rsa.pub admin@MASTER ~~ ~~ ~~ Command "ssh-copy-id" is used to copy your SSH public key to remote server for password less authentication. MESSAGE YOU GET WHEN SSH KEYS ARE ALREADY PRESENT ON THE REMOTE SYSTEM: (base) [projadmin@SLAVE2 ~]$ ssh-copy-id -i ~/.ssh/id_rsa.pub admin@SLAVE1 /usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/home/projadmin/.ssh/id_rsa.pub" /usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed /usr/bin/ssh-copy-id: WARNING: All keys were skipped because they already exist on the remote system. (if you think this is a mistake, you may want to use -f option) ~~ ~~ ~~ MESSAGE YOU GET WHEN SSH KEYS ARE COPIED ON THE REMOTE SYSTEM: (base) [admin@SLAVE1 ~]$ ssh-copy-id -i ~/.ssh/id_rsa.pub projadmin@SLAVE2 /usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/home/admin/.ssh/id_rsa.pub" /usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed /usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys IT IS AN OFFENSE TO CONTINUE WITHOUT PROPER AUTHORIZATION. projadmin@SLAVE2's password: Number of key(s) added: 1 Now try logging into the machine, with: "ssh 'projadmin@SLAVE2'" and check to make sure that only the key(s) you wanted were added. LOGIN ATTEMPT 1: (base) [admin@SLAVE1 ~]$ ssh 'projadmin@SLAVE2' The authenticity of host 'slave2 (10.85.62.107)' can't be established. ECDSA key fingerprint is SHA256:+BqTUw27qVUgqcYRErYL8nksgX4XX9cimu/sgk2IkRs. ECDSA key fingerprint is MD5:27:41:cd:39:f2:97:a9:29:6b:e8:8b:f3:e6:aa:cd:8e. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added 'slave2' (ECDSA) to the list of known hosts. IT IS AN OFFENSE TO CONTINUE WITHOUT PROPER AUTHORIZATION. projadmin@slave2's password: Last login: Fri May 1 11:56:39 2020 from SLAVE1 W A R N I N G THIS IS A PRIVATE COMPUTING SYSTEM FOR USE ONLY BY AUTHORIZED USERS. (base) [projadmin@SLAVE2 ~]$ LOGIN ATTEMPT 2: (base) [admin@SLAVE1 ~]$ ssh 'projadmin@SLAVE2' IT IS AN OFFENSE TO CONTINUE WITHOUT PROPER AUTHORIZATION. projadmin@slave2's password: Last login: Fri May 1 12:01:02 2020 from SLAVE1 W A R N I N G THIS IS A PRIVATE COMPUTING SYSTEM FOR USE ONLY BY AUTHORIZED USERS. (base) [projadmin@SLAVE2 ~]$ ~~ ~~ ~~ SSH PUBLIC KEYS ARE STORED IN REMOTE SERVER'S FILE "~/.ssh/authorized_keys". NEXT, WE DISPLAY THAT: (base) [projadmin@SLAVE2 ~]$ cat ~/.ssh/authorized_keys ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDAaG5d2wcXeVGQkTtiHr5EQD5nYPugU1upCAnsei8vuZ1LpoUdrCiFq0jkvnQCOa... admin@MASTER ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDckTRtXhW3JlQ/dgR3cEn70MGUNU29DT438ItypXh+BRnGTSuFayGLLb7XfgR4Fg... projadmin@SLAVE2 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCb/WDdGt0abaEI9aTljhgtRYtzrjjAJu3+GK3wbmjFMTvvlb5729l4kcUwg3IeAv... admin@SLAVE1 NEXT, WE CHECK OUR PUBLIC KEY OF SLAVE1: (base) [admin@SLAVE1 ~]$ cat ~/.ssh/id_rsa.pub ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCb/WDdGt0abaEI9aTljhgtRYtzrjjAJu3+GK3wbmjFMTvvlb5729l4kcUwg3IeAv... admin@SLAVE1 ~~ ~~ ~~ NEXT, WE CHECK SSH CONFIG ON SLAVE2: (base) [admin@SLAVE1 ~]$ cat ~/.ssh/config cat: /home/admin/.ssh/config: No such file or directory (base) [admin@SLAVE1 ~]$ (base) [projadmin@SLAVE2 ~]$ ssh-agent SSH_AUTH_SOCK=/tmp/ssh-1ULxPy4vidVX/agent.5929; export SSH_AUTH_SOCK; SSH_AGENT_PID=5930; export SSH_AGENT_PID; echo Agent pid 5930; NEXT, WE CHECK SSH CONFIG ON SLAVE2: (base) [projadmin@SLAVE2 .ssh]$ ls authorized_keys id_rsa id_rsa.pub known_hosts (base) [projadmin@SLAVE2 .ssh]$ cat known_hosts SLAVE1,10.138.22.103 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTIt...rObCVOxrV5XaKARNHQA= slave1 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTIt...rbCVOxrV5XaKARNHQA= SLAVE2,10.85.62.107 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoY...Xg6hmPnlGbfIiVmVPNdU= slave2 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbm...ArObCVOxrV5XaKARNHQA= 10.74.19.50 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYT...rObCVOxrV5XaKARNHQA= MASTER ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTIt...ArObCVOxrV5XaKARNHQA= master ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTI...hmPnlGbfIiVmVPNdU= localhost ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoY...mPnlGbfIiVmVPNdU= CREATING 'CONFIG' FILE SINCE IT DOES NOT EXIST: (base) [projadmin@SLAVE2 .ssh]$ touch config (base) [projadmin@SLAVE2 .ssh]$ ls authorized_keys config id_rsa id_rsa.pub known_hosts (base) [projadmin@SLAVE2 .ssh]$ vi config (base) [projadmin@SLAVE2 .ssh]$ cat config Host * UseKeychain yes AddKeysToAgent yes IdentityFile ~/.ssh/id_rsa (base) [projadmin@SLAVE2 ~]$ ssh-add -A Could not open a connection to your authentication agent. (base) [projadmin@SLAVE2 ~]$ ~~ ~~ ~~ (base) [projadmin@SLAVE2 ~]$ eval `ssh-agent -s` Agent pid 5182 (base) [projadmin@SLAVE2 ~]$ ssh-add -K ~/.ssh/id_rsa unknown option -- K usage: ssh-add [options] [file ...] Options: -l List fingerprints of all identities. -E hash Specify hash algorithm used for fingerprints. -L List public key parameters of all identities. -k Load only keys and not certificates. -c Require confirmation to sign using identities -t life Set lifetime (in seconds) when adding identities. -d Delete identity. -D Delete all identities. -x Lock agent. -X Unlock agent. -s pkcs11 Add keys from PKCS#11 provider. -e pkcs11 Remove keys provided by PKCS#11 provider. (base) [projadmin@SLAVE2 ~]$ ssh-add -k ~/.ssh/id_rsa Identity added: /home/projadmin/.ssh/id_rsa (/home/projadmin/.ssh/id_rsa) (base) [projadmin@SLAVE2 ~]$ (base) [projadmin@SLAVE2 .ssh]$ eval `ssh-agent -s` Agent pid 5611 (base) [projadmin@SLAVE2 .ssh]$ ssh-add ~/.ssh/id_rsa Identity added: /home/projadmin/.ssh/id_rsa (/home/projadmin/.ssh/id_rsa) ~~ ~~ ~~ LAST RESORT: Deleting the everything in the directory: projadmin@SLAVE2:/home/projadmin/.ssh Copying public key only again from slave1: (base) [admin@SLAVE1 ~]$ ssh-copy-id -i ~/.ssh/id_rsa.pub projadmin@SLAVE2 The issue still exists. Not able to SSH slave2 from slave1 without password prompt. ~~ ~~ ~~ STATUS: ISSUE UNRESOLVED References: 1. SSH Setup: Remote machine still asking for password (Stackoverflow) 2. Copying SSH key to remote server
Tuesday, February 1, 2022
Debugging SSH Setup for two RHEL systems
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment