Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Unable to connect with SSH (Permission denied (publickey)) #411

Closed
jnbdz opened this issue Mar 8, 2021 · 2 comments
Closed

Unable to connect with SSH (Permission denied (publickey)) #411

jnbdz opened this issue Mar 8, 2021 · 2 comments

Comments

@jnbdz
Copy link

jnbdz commented Mar 8, 2021

Describe the bug
I am unable to SSH into my server after running ssh_hardening and os_hardening roles in ansible.

Expected behavior
I am expecting to be able to login

Actual behavior

Here is the command I use: ssh goin@172.105.0.00

The error I get:

goin@172.105.0.00: Permission denied (publickey).

The Playbook I use

---
- name: 'Provision Image'
  hosts: all
  gather_facts: true
  become: true
  become_user: root
  become_method: sudo
  collections:
    - devsec.hardening
  tasks:
    - name: install vim
      apt:
        name: 'vim'
        state: present

    - name: install curl
      apt:
       name: 'curl'
       state: present

    - name: install git
      apt:
       name: 'git'
       state: present

    - name: Add ssh public key to authorized_keys
      shell: 'echo "$(</root/.bob/secrets/id_rsa.pub)" >> /root/.ssh/authorized_keys'
      args:
        executable: /bin/bash
      register: result
      ignore_errors: True
    - debug: var=result

    - name: Echo authorized
      command: 'cat /root/.ssh/authorized_keys'
      register: echoauth
      ignore_errors: True
    - debug: var=echoauth

    - name: Echo etc ssh sshd_config
      command: 'cat /etc/ssh/sshd_config'
      register: echosshdconfig
      ignore_errors: True
    - debug: var=echosshdconfig

    - name: List files in .ssh
      command: 'ls -la /root/.ssh'
      register: lsssh
    - debug: var=lsssh

    - name: Echo id_rsa.pub
      command: 'cat /root/.bob/secrets/id_rsa.pub'
      register: echorsa
      ignore_errors: True
    - debug: var=echorsa

    - import_role:
        name: os_hardening

    - import_role:
        name: ssh_hardening

    - name: Add goin user
      user:
        name: goin
        comment: Go In
        shell: /bin/bash
        password: bobtest
        groups: sudo
        append: yes

    - name: Add goin user in sshd_config
      shell: 'echo "AllowUsers goin" >> /etc/ssh/sshd_config'
      args:
        executable: /bin/bash
      register: addsshd
      ignore_errors: True
    - debug: var=addsshd

    - name: Echo etc ssh sshd_config two
      command: 'cat /etc/ssh/sshd_config'
      register: echosshdconfigtwo
      ignore_errors: True
    - debug: var=echosshdconfigtwo

    - name: List files in .ssh
      command: 'ls -la /root/.ssh'
      register: lssshtwo
    - debug: var=lssshtwo

    - name: List users
      command: 'cat /etc/shadow'
      register: shadow
    - debug: var=shadow

    - name: List users two
      command: 'cat /etc/passwd'
      register: passwd
    - debug: var=passwd

    - name: Who
      command: 'who'
      register: who
    - debug: var=who

OS / Environment

I am using this container: https://github.com/hashicorp/docker-hub-images/blob/master/packer/Dockerfile-light

Here is what I added with my Dockerfile:

FROM hashicorp/packer:light
MAINTAINER Jean-Nicolas Boulay

RUN apk add jq curl ansible openssh

RUN ansible-galaxy collection install devsec.hardening

COPY ./entry.sh ./home/

WORKDIR /home/

ENTRYPOINT ["/home/entry.sh"]

Creating an image on Linode cloud service with the help of Packer.

Ansible Version

ansible 2.9.14
  config file = None
  configured module search path = ['/root/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/lib/python3.8/site-packages/ansible
  executable location = /usr/bin/ansible
  python version = 3.8.5 (default, Feb 19 2021, 09:27:16) [GCC 9.3.0]

Role Version

I am guessing the most recent one. I rebuild the container image Sun Mar 7.

Additional context

I ssh outside the container. I did try inside.

The public and private keys are also added inside the container and I use ssh-add on the private key.

Is there a step I am missing?

I don't know what else to add.
@rndmh3ro
Copy link
Member

rndmh3ro commented Mar 8, 2021
edited

You add the public key to root's authorized keys:

shell: 'echo "$(</root/.bob/secrets/id_rsa.pub)" >> /root/.ssh/authorized_keys'

Yet you connect with user goin. Try adding the key to the goin user.

BTW: You can replace this task:

    - name: Add goin user in sshd_config
      shell: 'echo "AllowUsers goin" >> /etc/ssh/sshd_config'
      args:
        executable: /bin/bash
      register: addsshd
      ignore_errors: True

with the variable ssh_allow_users.

@jnbdz
Copy link
Author

jnbdz commented Mar 8, 2021

Thank you @rndmh3ro you are right. It now works!

@jnbdz jnbdz closed this as completed Mar 8, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@jnbdz @rndmh3ro