VMware Cloud Community
grob115
Enthusiast
Enthusiast
‎08-24-2010 08:12 AM

ssh key pairs doesn't work on VMs

I have tried to generate a private-public RSA key pair so the remote box I'm accessing via ssh or sftp won't ask me to type in password each time. I have made the following conclusion:

Works

-Physical Box SSH to Physical Box

-VM SSH to Physical Box

Doesn't work

Physical Box SSH to VM

Steps

1) On the client box (pressing Enter for all the questions): ssh-keygen -t rsa

2) Upload the ~/.ssh/id_rsa.pub key to the server box under the user's ~/.ssh/authorized_keys

Has anyone encountered this scenario? I have generated the keys many times but still doesn't work if I SSH to a server that is a VM.

0 Kudos
4 Replies
jbWiseMo
Enthusiast
Enthusiast
‎08-24-2010 08:30 AM

Haven't tried this specifically, but here are a few things to check:

  1. Did the sshd in the VM succesfully generate its host rsa key?

  2. Does /proc/sys/kernel/random/entropy_avail in the VM show a reasonably large amount of available entropy for session keys (> 500)?

0 Kudos
grob115
Enthusiast
Enthusiast
‎08-25-2010 06:59 AM

Interesting. Never knew about the need for entropy but thanks for pointing this out. Is this required on the server generating the private/public key pair (ie the one that will be doing the remoting)? Or this is required on the server being remoted into?

The VMs have anywhere between 2200 - 3500. The one I need to do the remoting has 2200 but only 186 after I generated the key pair. The one being remoted into has 3000.

I'm trying to increase it by following instructions here but I got the message "RNDADDENTROPY failed: Operation not permitted"

How much do I need? Would the entropy be reduced again when I do SSH after the key pair have been generated?

0 Kudos
AWo
Immortal
Immortal
‎08-25-2010 01:29 PM

Virtualization makes no difference to how public-private keys work.

If VM SSH to physical box works but not vice versa your key distribution is wrong.

For VM -> PB

you need the not-password-protected private key on the guest and the public one on the physical box.

For PB-> VM

you need the not-password-protected private key on the pb and the public one on the guest.


AWo

VCP 3 & 4

\[:o]===\[o:]

=Would you like to have this posting as a ringtone on your cell phone?=

=Send "Posting" to 911 for only $999999,99!=

vExpert 2009/10/11 [:o]===[o:] [: ]o=o[ :] = Save forests! rent firewood! =
0 Kudos
grob115
Enthusiast
Enthusiast
‎08-26-2010 08:33 AM

I hear what you're saying and I agree that VM shouldn't make a difference. I do see the entropy level get really low on the VM that is generating the key pair. What number should I be seeing? Tried to search for this online but weren't able to find an answer.

0 Kudos