Linux SSH Authentication


Hi,

Again failed in task i am able t login all apps with user thor without password .why it was failed ?

We will check and update you

Hi @dineshtobe

As per details shared in the question you are asked to setup passwordless SSH authentication for thor user (on jump host) to all app servers through their respective sudo users (for example tony for stapp01) but seems like you have created user thor on all apps and have done the required settings for that user.

Hi inderpreet,

User thor was already created on all app server, i have not created.

Hi @dineshtobe

You are right thor user exists on app servers but still as per question you were supposed to make passwordless SSH access for sudo users on all app server.

I am marking this task as Pending for you so you can give it an another try.

thanks @Inderpreet , let me check and update you

Thanks @Inderpreet it is completed

Hi @Inderpreet,

Could you please explain what went wrong, here I did passwordless authentication for user thor via the sudo users of all app servers, and i am able to login to all the app servers via user thor
But still, I am got marked as failed for the task.

Hi @nsuriya239

thor user is for jump host only and sudo users for other apps are different for example tony for stapp01. Please refer documentation for details. You must have to setup password-less SSH access for thor user on jump host to respective sudo users on all apps i.e

thor@jump_host /$ ssh tony@stapp01 (hostname or IP both will work)

Okay, thanks for quick response @Inderpreet :slightly_smiling_face:. The question could be clearer, which could be misunderstood by the users as like I did.

thor@jump_host /$ sudo ssh-copy-id -i ~/.ssh/id_rsa.pub thor@172.16.238.10
/bin/ssh-copy-id: INFO: Source of key(s) to be installed: “/home/thor/.ssh/id_rsa.pub”/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed – if you are prompted now it is to install the new keys
thor@172.16.238.10’s password:
Permission denied, please try again.

thor@172.16.238.10’s password:

Number of key(s) added: 1

Now try logging into the machine, with: “ssh ‘thor@172.16.238.10’”
and check to make sure that only the key(s) you wanted were added.

thor@jump_host /$ sudo ssh-copy-id -i ~/.ssh/id_rsa.pub thor@172.16.238.11
/bin/ssh-copy-id: INFO: Source of key(s) to be installed: “/home/thor/.ssh/id_rsa.pub”
The authenticity of host ‘172.16.238.11 (172.16.238.11)’ can’t be established.
ECDSA key fingerprint is SHA256:xxB+skT5QFTyjTsf9vz0Ey39CKx+wyPsZrT0i2lBcv8.
ECDSA key fingerprint is MD5:7a:4a:d2:c8:46:c0:8d:68:1e:75:30:3b:73:51:ed:9e.
Are you sure you want to continue connecting (yes/no)? yes
/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed – if you are prompted now it is to install the new keysthor@172.16.238.11’s password:

Number of key(s) added: 1

Now try logging into the machine, with: “ssh ‘thor@172.16.238.11’”
and check to make sure that only the key(s) you wanted were added.

thor@jump_host /$ sudo ssh-copy-id -i ~/.ssh/id_rsa.pub thor@172.16.238.12
/bin/ssh-copy-id: INFO: Source of key(s) to be installed: “/home/thor/.ssh/id_rsa.pub”
The authenticity of host ‘172.16.238.12 (172.16.238.12)’ can’t be established.
ECDSA key fingerprint is SHA256:RSDQpf7xEw1/lSO7X1hIueJsFix3zwzc0oL5bYpJ8t4.
ECDSA key fingerprint is MD5:94:4e:4f:30:99:5c:f9:62:35:10:ff:74:2f:95:a0:0e.
Are you sure you want to continue connecting (yes/no)? yes
/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed – if you are prompted now it is to install the new keys
thor@172.16.238.12’s password:

Number of key(s) added: 1

Now try logging into the machine, with: “ssh ‘thor@172.16.238.12’”
and check to make sure that only the key(s) you wanted were added.

thor@jump_host / ssh thor@172.16.238.10 [thor@stapp01 ~] quit
-bash: quit: command not found
[thor@stapp01 ~] exit logout Connection to 172.16.238.10 closed. thor@jump_host / ssh thor@172.16.238.11
[thor@stapp02 ~] exit logout Connection to 172.16.238.11 closed. thor@jump_host / ssh thor@172.16.238.12
[thor@stapp03 ~] exit logout Connection to 172.16.238.12 closed. thor@jump_host / thor@jump_host /$

but it says thor needs passwordless ssh access for me…what did i do wrong?

@labheshp add thor’s key (from jump host) to respective sudo users of apps. (for example tony for app server 1)

@Inderpreet

Please advise what was incorrect in my case or missing steps

@Inderpreet
SSH_Passwordless1

@Inderpreet I have made the same mistake, I have created the user thor as passwordless authentication user and my task get failed.
Request you to please update the task scenario with clear instruction so that it will be easy for us to give it a try and accomplish the task.
I have done all the things right but still my task fails.

@Ali

Your ssh commands for example sudo ssh banner@172.16.238.12, its actually making ssh connection using user root from jump host since you used sudo. You should have tried without sudo so that you could test if user thor is able to ssh without any password.

@Inderpreet

Your right, i used /root/.ssh config … rather than using ~/ .ssh/id…

The ~/.ssh would be local to the user you are logged in and want to install the
keys on banner@IP

2

Not sure why this task is marked as failed. I tested passwordless SSH and Sudo to all App Servers without password, and they all work perfectly.

Going by the question, user thor is required to have passwordless SSH to all app Servers. Please advise

We have to make it a password less authentication sudo user of app servers like tony for app server 1 steve for app server 2 so on. Not a thor user of app server 1. Hope you got it my point.

Thanks, I got the point, however, it wasn’t very clear as to whether the Passwordless SSH is required for thor or the respective user.

@mmumshad , can I have this task reset, so that I can redo it. I set up passwordless SSH for thor instead of the respective users for the app servers.

Thanks