VMware Cloud Community
ArielStu
Contributor
Contributor
Jump to solution

Cannot LOGIN SSH from VMA to ESXI 5.1 update1

the command IS        ssh  root@192.168.1.54    '/sbin/shutdown.sh'

i created the public key on the VMA   and  copy it to    /etc/ssh/keys-root/authoraized_keys   on the Esxi 5.1    by  cat   <key_name>.pub  >>  /etc/ssh/keys-root/authoraized

overcame the problems of  interactive keyboard   and  Password  

cannot find how to resolve    Permission denied (publickey).


i generated the key using  command    ->     ssh-keygen 


thanks







Reply
0 Kudos
1 Solution

Accepted Solutions
schepp
Leadership
Leadership
Jump to solution

It's offen a permission Problem on the key files or .ssh dir.

Check /var/log/auth.log on the esxi host for info.

And please post the ls -l output of the keys and the directories they are located in. (On both hosts) If they are set to world readable or something, the authentication will fail.

Regards

View solution in original post

Reply
0 Kudos
8 Replies
schepp
Leadership
Leadership
Jump to solution

Hi,

just to be sure, check your /etc/ssh/keys-root/authorized_keys again, as you misspelled it twice in your post, maybe just a typo?

What permission does the authorized_keys have? Standard permission is 1600

Reply
0 Kudos
ArielStu
Contributor
Contributor
Jump to solution

is written ok in the server   authorized_keys    i just typed wrong in the post,

Even permission  777  on the authorized_keys

also the keys-root  upper folder  has  chmod 777    but  the same  error  Permission denied (publickey).

Reply
0 Kudos
schepp
Leadership
Leadership
Jump to solution

Run SSH in verbose mode so you get more Details:

ssh -vvv root@esxi-server

Reply
0 Kudos
ArielStu
Contributor
Contributor
Jump to solution

Have to define something on  known_hosts  ?   there is no file like this, there are files: see below table

pastedImage_4.png

i copied the last debugs

debug3: check_host_in_hostfile: filename /root/.ssh/known_hosts

debug3: check_host_in_hostfile: filename /etc/ssh/ssh_known_hosts

debug3: check_host_in_hostfile: filename /root/.ssh/known_hosts

debug3: check_host_in_hostfile: filename /etc/ssh/ssh_known_hosts

debug2: no key of type 0 for host 192.168.1.250

debug3: check_host_in_hostfile: filename /root/.ssh/known_hosts2

debug3: check_host_in_hostfile: filename /etc/ssh/ssh_known_hosts2

debug3: check_host_in_hostfile: filename /root/.ssh/known_hosts

debug3: check_host_in_hostfile: filename /etc/ssh/ssh_known_hosts

debug2: no key of type 2 for host 192.168.1.250

The authenticity of host '192.168.1.250 (192.168.1.250)' can't be established.

RSA key fingerprint is 1e:98:fc:2b:1b:0f:37:15:11:61:41:6f:c8:2c:36:3d.

Are you sure you want to continue connecting (yes/no)?

Reply
0 Kudos
schepp
Leadership
Leadership
Jump to solution

So you type yes and what happens then?

Also with which user die you try to login the whole time? root or vi-admin?

Reply
0 Kudos
ArielStu
Contributor
Contributor
Jump to solution

User  root   NOT   vi-admin

type yes and put permanently  the  knowledge of the  ESXi   into the   VMA

then  continue like the below   (copied and paste the last rows) 

asks for password

ROWS: copied and paste

debug1: Host '192.168.1.250' is known and matches the RSA host key.

debug1: Found key in /root/.ssh/known_hosts:2

debug2: bits set: 470/1024

debug1: ssh_rsa_verify: signature correct

debug2: kex_derive_keys

debug2: set_newkeys: mode 1

debug1: SSH2_MSG_NEWKEYS sent

debug1: expecting SSH2_MSG_NEWKEYS

debug2: set_newkeys: mode 0

debug1: SSH2_MSG_NEWKEYS received

debug1: SSH2_MSG_SERVICE_REQUEST sent

debug2: service_accept: ssh-userauth

debug1: SSH2_MSG_SERVICE_ACCEPT received

debug2: key: /root/.ssh/id_rsa (0x7f94fcc8b030)

debug2: key: /root/.ssh/id_dsa ((nil))

debug3: input_userauth_banner

Welcome to vSphere Management Assistant

debug1: Authentications that can continue: publickey,password

debug3: start over, passed a different list publickey,password

debug3: preferred publickey,keyboard-interactive,password

debug3: authmethod_lookup publickey

debug3: remaining preferred: keyboard-interactive,password

debug3: authmethod_is_enabled publickey

debug1: Next authentication method: publickey

debug1: Offering public key: /root/.ssh/id_rsa

debug3: send_pubkey_test

debug2: we sent a publickey packet, wait for reply

debug1: Authentications that can continue: publickey,password

debug1: Trying private key: /root/.ssh/id_dsa

debug3: no such identity: /root/.ssh/id_dsa

debug2: we did not send a packet, disable method

debug3: authmethod_lookup password

debug3: remaining preferred: ,password

debug3: authmethod_is_enabled password

debug1: Next authentication method: password

root@192.168.1.250's password:

thanks!

Reply
0 Kudos
schepp
Leadership
Leadership
Jump to solution

It's offen a permission Problem on the key files or .ssh dir.

Check /var/log/auth.log on the esxi host for info.

And please post the ls -l output of the keys and the directories they are located in. (On both hosts) If they are set to world readable or something, the authentication will fail.

Regards

Reply
0 Kudos
ArielStu
Contributor
Contributor
Jump to solution

Great!

The solution is what you said,  excessive permissions

http://www.daveperrett.com/articles/2010/09/14/ssh-authentication-refused/

Finally we’re getting somewhere - bad ownership or modes for directory /home/dave/.ssh.

SSH doesn’t like it if your home or ~/.ssh directories have group write permissions. Your home directory should be writable only by you, ~/.ssh should be 700, and authorized_keys should be 600 :

Thanks a lot!

Ariel

Reply
0 Kudos