cancel
Showing results for 
Search instead for 
Did you mean: 
87951469
Flight Engineer
Flight Engineer
  • 326 Views

Lab Configure and Manage a Server - password requested

Jump to solution

Hello 

The task is: 

  • The student user on the serverb machine must be able to log in to the servera machine by using the review3_key.pub SSH key. 

But after 

ssh-copy-id -i .ssh/review3_key.pub student@servera

when logging in to servera I m still prompted for a password. 

The lab shows as PASS and not fail, but I dont understand why it's asking for a password when the keys have been successfully copied over. 

87951469_0-1758552521048.png

 

 

1 Solution

Accepted Solutions
Travis
Moderator
Moderator
  • 284 Views

The reason is you aren't giving it the "private" key when you are attempting to SSH. By default, SSH is configured to use id_rsa and id_rsa.pub for the public/private key pair. Your .ssh/config file is setup to use SSH keys on workstation and that is what allows lab scripts to work and generally prevents you from SSHing needing a password because the keys are setup.

So just like you specified the "-i <key_name>" you will need to provide the private key with the SSH command. You did a plain SSH without specifying a private key to use so it couldn't match the private key with the public key you copied to serverA. 

You have two choices here ...

  1. Copy the revew3_key to id_rsa as that is the default it looks for ...
  2. Create an entry in the .ssh/config that associates the review3_key to the correct user and for ServerA
  3. Try again with the ssh command, only this time 
    ssh -i .ssh/review3_key servera
Travis Michette, RHCA XIII
https://rhtapps.redhat.com/verify?certId=111-134-086
SENIOR TECHNICAL INSTRUCTOR / CERTIFIED INSTRUCTOR AND EXAMINER
Red Hat Certification + Training

View solution in original post

7 Replies
Cyrille_V
Mission Specialist
Mission Specialist
  • 306 Views

Hi!

One possible reason - wrong permissions of .ssh directory in users's profile in servera., i.e /home/user/.ssh

If permissions are not 700, the ssh server will drop your connecitons nevertheless you copied successfully the pub part of pair.

Do you have access to servera? 

Cyrille_V
Mission Specialist
Mission Specialist
  • 306 Views

Also, have a look on pub file authorized_keys inside .ssh folder. I thinnk should not be world readable, i.e - have to be with mode 640

Chetan_Tiwary_
Community Manager
Community Manager
  • 288 Views

@87951469 Which chapter /section is this lab in RH124 ? Is it from v9.3 course ?

Please check and set the PasswordAuthentication parameter to no in the /etc/ssh/sshd_config file and reload the sshd service. 

PasswordAuthentication no

 Then it will allow users to authenticate with SSH keys only, rather than with their passwords.

0 Kudos
87951469
Flight Engineer
Flight Engineer
  • 156 Views

It is v10.  chapter 20 

0 Kudos
Travis
Moderator
Moderator
  • 285 Views

The reason is you aren't giving it the "private" key when you are attempting to SSH. By default, SSH is configured to use id_rsa and id_rsa.pub for the public/private key pair. Your .ssh/config file is setup to use SSH keys on workstation and that is what allows lab scripts to work and generally prevents you from SSHing needing a password because the keys are setup.

So just like you specified the "-i <key_name>" you will need to provide the private key with the SSH command. You did a plain SSH without specifying a private key to use so it couldn't match the private key with the public key you copied to serverA. 

You have two choices here ...

  1. Copy the revew3_key to id_rsa as that is the default it looks for ...
  2. Create an entry in the .ssh/config that associates the review3_key to the correct user and for ServerA
  3. Try again with the ssh command, only this time 
    ssh -i .ssh/review3_key servera
Travis Michette, RHCA XIII
https://rhtapps.redhat.com/verify?certId=111-134-086
SENIOR TECHNICAL INSTRUCTOR / CERTIFIED INSTRUCTOR AND EXAMINER
Red Hat Certification + Training
87951469
Flight Engineer
Flight Engineer
  • 156 Views

Hi Travis, 

Could you elaborate on how I d go about doing step 2? 

Travis
Moderator
Moderator
  • 280 Views

Oh ... the reason you likely get a "PASS" is because the grading script is specifically providing the private key as part of the SSH checks which you didn't do in the SSH command you had. 

While some of the other items are general troubleshooting points in terms of permissions on keys and how SSH is configured, that is not what is preventing your command from succeeding. The main issue is you aren't giving it the private key that corresponds to the public key you transferred.

Travis Michette, RHCA XIII
https://rhtapps.redhat.com/verify?certId=111-134-086
SENIOR TECHNICAL INSTRUCTOR / CERTIFIED INSTRUCTOR AND EXAMINER
Red Hat Certification + Training
Join the discussion
You must log in to join this conversation.