4:25 p.m.
Here is the log I get from the engine node when I do "ssh -t -p 2222
ovirt-vmconsole@ovirt-engine01.int.cloche.ca<mailto:ovirt-vmconsole@ovirt-engine01.int.cloche.ca>-i
.ssh/serialconsolekey connect and I enter a console id":
[root@ovirt-engine01 ~]# tail -f /var/log/messages
Jun 20 09:22:13 ovirt-engine01 sshd[8836]: rexec line 24: Deprecated option
RSAAuthentication
Jun 20 09:22:13 ovirt-engine01 sshd[8836]: reprocess config line 24: Deprecated option
RSAAuthentication
Jun 20 09:22:14 ovirt-engine01 sshd[8836]: Accepted publickey for ovirt-vmconsole from
192.168.30.217 port 55849 ssh2: RSA SHA256:rYFIGj3UaNY28ocnmWqK3UZpznU0bzo6tPR+NpnR6Hw
Jun 20 09:22:14 ovirt-engine01 sshd[8836]: Attempt to write login records by non-root user
(aborting)
Jun 20 09:22:20 ovirt-engine01 ovirt-vmconsole-proxy-shell[8849]: INFO Opening console
'7e2c5638-f97c-45c4-8487-153764db2fc7.sock(a)c200m2-1.int.cloche.ca' on behalf of
'admin_internal-authz'[4907b7e8-dbda-11e8-9a2e-00163e1b3a71]
Jun 20 09:22:20 ovirt-engine01 sshd[8836]: Attempt to write login records by non-root user
(aborting)
Jun 20 09:22:21 ovirt-engine01 sshd[8848]: Received disconnect from 192.168.30.217 port
55849:11: disconnected by user
Jun 20 09:22:21 ovirt-engine01 sshd[8848]: Disconnected from 192.168.30.217 port 55849
3:26 p.m.
New subject: ovirt-vmconsole: Pemission denied (publickey) when I select VM id
On 20 Jun 2019, at 15:25, Jonathan Greg
<jonathan763(a)hotmail.com> wrote:
Here is the log I get from the engine node when I do "ssh -t -p 2222
ovirt-vmconsole@ovirt-engine01.int.cloche.ca<mailto:ovirt-vmconsole@ovirt-engine01.int.cloche.ca>-i
.ssh/serialconsolekey connect and I enter a console id":
[root@ovirt-engine01 ~]# tail -f /var/log/messages
Jun 20 09:22:13 ovirt-engine01 sshd[8836]: rexec line 24: Deprecated option
RSAAuthentication
Jun 20 09:22:13 ovirt-engine01 sshd[8836]: reprocess config line 24: Deprecated option
RSAAuthentication
Jun 20 09:22:14 ovirt-engine01 sshd[8836]: Accepted publickey for ovirt-vmconsole from
192.168.30.217 port 55849 ssh2: RSA SHA256:rYFIGj3UaNY28ocnmWqK3UZpznU0bzo6tPR+NpnR6Hw
Jun 20 09:22:14 ovirt-engine01 sshd[8836]: Attempt to write login records by non-root
user (aborting)
Jun 20 09:22:20 ovirt-engine01 ovirt-vmconsole-proxy-shell[8849]: INFO Opening console
'7e2c5638-f97c-45c4-8487-153764db2fc7.sock(a)c200m2-1.int.cloche.ca' on behalf of
'admin_internal-authz'[4907b7e8-dbda-11e8-9a2e-00163e1b3a71]
Jun 20 09:22:20 ovirt-engine01 sshd[8836]: Attempt to write login records by non-root
user (aborting)
Jun 20 09:22:21 ovirt-engine01 sshd[8848]: Received disconnect from 192.168.30.217 port
55849:11: disconnected by user
Jun 20 09:22:21 ovirt-engine01 sshd[8848]: Disconnected from 192.168.30.217 port 55849
the problem seems to be between the proxy and the target host, you’d need to get logs from
there.
check out logs/issues of the sshd process handling the incoming requests (/usr/sbin/sshd
-f /usr/share/ovirt-vmconsole/ovirt-vmconsole-host/ovirt-vmconsole-host-sshd/sshd_config
-D)
it could be a certificates issue. Is this an older setup or anything regarding host
certificates changed recently/ever?
Thanks,
michal
_______________________________________________
Users mailing list -- users(a)ovirt.org
To unsubscribe send an email to users-leave(a)ovirt.org
Privacy Statement: https://www.ovirt.org/site/privacy-policy/
oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/
List Archives:
https://lists.ovirt.org/archives/list/users@ovirt.org/message/PHQIKZZPHPJ...
3:23 p.m.
New subject: ovirt-vmconsole: Pemission denied (publickey) when I select VM id
Hi Michal,
Thanks for you reply!
Log from my node :
[root@dl360g9-1 ~]# tail -f -n0 /var/log/messages | grep sshd
Jun 21 10:15:50 dl360g9-1 sshd[35907]: rexec line 25: Deprecated option RSAAuthentication
Jun 21 10:15:50 dl360g9-1 sshd[35907]: Connection from 10.194.16.160 port 40858 on
10.194.16.150 port 2223
Jun 21 10:15:50 dl360g9-1 sshd[35907]: reprocess config line 25: Deprecated option
RSAAuthentication
Jun 21 10:15:50 dl360g9-1 sshd[35907]: User ovirt-vmconsole not allowed because account is
locked
Jun 21 10:15:50 dl360g9-1 sshd[35907]: input_userauth_request: invalid user
ovirt-vmconsole [preauth]
Jun 21 10:15:50 dl360g9-1 sshd[35907]: Connection closed by 10.194.16.160 port 40858
[preauth]
Then I’ve tryto unlock the ovirt-vmconsole account:
[root@dl360g9-1 ~]# passwd -u ovirt-vmconsole -f
Unlocking password for user ovirt-vmconsole.
passwd: Success
[root@dl360g9-1 ~]#
Give another try and got this log:
[root@dl360g9-1 ~]# tail -f -n0 /var/log/messages | grep sshd
Jun 21 10:22:44 dl360g9-1 sshd[36199]: rexec line 25: Deprecated option RSAAuthentication
Jun 21 10:22:44 dl360g9-1 sshd[36199]: Connection from 10.194.16.160 port 40954 on
10.194.16.150 port 2223
Jun 21 10:22:44 dl360g9-1 sshd[36199]: reprocess config line 25: Deprecated option
RSAAuthentication
Jun 21 10:22:44 dl360g9-1 sshd[36199]: User ovirt-vmconsole authorized keys /dev/null is
not a regular file
Jun 21 10:22:44 dl360g9-1 sshd[36199]: Failed publickey for ovirt-vmconsole from
10.194.16.160 port 40954 ssh2: RSA SHA256:FWlv2d+MlM43y0QQvnZUAMHgvLh+rQ8jYtZsWh6KId4
Jun 21 10:22:44 dl360g9-1 sshd[36199]: Accepted certificate ID
"vmconsole-proxy-user" (serial 0) signed by RSA CA
SHA256:vmH4XmKfgYJBpJym9T+WK2y2abk9aniCh6TiuJcB1+U via /etc/pki/ovirt-vmconsole/ca.pub
Jun 21 10:22:44 dl360g9-1 sshd[36199]: Postponed publickey for ovirt-vmconsole from
10.194.16.160 port 40954 ssh2: RSA SHA256:FWlv2d+MlM43y0QQvnZUAMHgvLh+rQ8jYtZsWh6KId4
[preauth]
Jun 21 10:22:44 dl360g9-1 sshd[36199]: Accepted certificate ID
"vmconsole-proxy-user" (serial 0) signed by RSA CA
SHA256:vmH4XmKfgYJBpJym9T+WK2y2abk9aniCh6TiuJcB1+U via /etc/pki/ovirt-vmconsole/ca.pub
Jun 21 10:22:44 dl360g9-1 sshd[36199]: error: key_verify: error in libcrypto
Jun 21 10:22:44 dl360g9-1 sshd[36199]: Failed publickey for ovirt-vmconsole from
10.194.16.160 port 40954 ssh2: RSA-CERT ID vmconsole-proxy-user (serial 0) CA RSA
SHA256:vmH4XmKfgYJBpJym9T+WK2y2abk9aniCh6TiuJcB1+U
Jun 21 10:22:44 dl360g9-1 sshd[36199]: Connection closed by 10.194.16.160 port 40954
[preauth]
So it looks like is wrong with my cert refered in
/usr/share/ovirt-vmconsole/ovirt-vmconsole-host/ovirt-vmconsole-host-sshd/sshd_config on
my nodes. How to retrieve the good certificate and the Hostkey?
HostCertificate /etc/pki/ovirt-vmconsole/host-ssh_host_rsa-cert.pub
HostKey /etc/pki/ovirt-vmconsole/host-ssh_host_rsa
Jonathan Gregoire
________________________________
De : Michal Skrivanek <michal.skrivanek(a)redhat.com>
Envoyé : 21 juin 2019 08:26
À : Jonathan Greg
Cc : users(a)ovirt.org
Objet : Re: [ovirt-users] Re: ovirt-vmconsole: Pemission denied (publickey) when I select
VM id
On 20 Jun 2019, at 15:25, Jonathan Greg
<jonathan763(a)hotmail.com> wrote:
Here is the log I get from the engine node when I do "ssh -t -p 2222
ovirt-vmconsole@ovirt-engine01.int.cloche.ca<mailto:ovirt-vmconsole@ovirt-engine01.int.cloche.ca>-i
.ssh/serialconsolekey connect and I enter a console id":
[root@ovirt-engine01 ~]# tail -f /var/log/messages
Jun 20 09:22:13 ovirt-engine01 sshd[8836]: rexec line 24: Deprecated option
RSAAuthentication
Jun 20 09:22:13 ovirt-engine01 sshd[8836]: reprocess config line 24: Deprecated option
RSAAuthentication
Jun 20 09:22:14 ovirt-engine01 sshd[8836]: Accepted publickey for ovirt-vmconsole from
192.168.30.217 port 55849 ssh2: RSA SHA256:rYFIGj3UaNY28ocnmWqK3UZpznU0bzo6tPR+NpnR6Hw
Jun 20 09:22:14 ovirt-engine01 sshd[8836]: Attempt to write login records by non-root
user (aborting)
Jun 20 09:22:20 ovirt-engine01 ovirt-vmconsole-proxy-shell[8849]: INFO Opening console
'7e2c5638-f97c-45c4-8487-153764db2fc7.sock(a)c200m2-1.int.cloche.ca' on behalf of
'admin_internal-authz'[4907b7e8-dbda-11e8-9a2e-00163e1b3a71]
Jun 20 09:22:20 ovirt-engine01 sshd[8836]: Attempt to write login records by non-root
user (aborting)
Jun 20 09:22:21 ovirt-engine01 sshd[8848]: Received disconnect from 192.168.30.217 port
55849:11: disconnected by user
Jun 20 09:22:21 ovirt-engine01 sshd[8848]: Disconnected from 192.168.30.217 port 55849
the problem seems to be between the proxy and the target host, you’d need to get logs from
there.
check out logs/issues of the sshd process handling the incoming requests (/usr/sbin/sshd
-f /usr/share/ovirt-vmconsole/ovirt-vmconsole-host/ovirt-vmconsole-host-sshd/sshd_config
-D)
it could be a certificates issue. Is this an older setup or anything regarding host
certificates changed recently/ever?
Thanks,
michal
_______________________________________________
Users mailing list -- users(a)ovirt.org
To unsubscribe send an email to users-leave(a)ovirt.org
Privacy Statement:
https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ovi...
oVirt Code of Conduct:
https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ovi...
List Archives:
https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.o...
1981
days inactive
1983
days old
2 comments
3 participants
participants (3)
-
Jonathan Greg -
Jonathan Gregoire
-
Michal Skrivanek