We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Describe the bug I am unable to SSH into my server after running ssh_hardening and os_hardening roles in ansible.
Expected behavior I am expecting to be able to login
Actual behavior
Here is the command I use: ssh goin@172.105.0.00
ssh goin@172.105.0.00
The error I get:
goin@172.105.0.00: Permission denied (publickey).
The Playbook I use
--- - name: 'Provision Image' hosts: all gather_facts: true become: true become_user: root become_method: sudo collections: - devsec.hardening tasks: - name: install vim apt: name: 'vim' state: present - name: install curl apt: name: 'curl' state: present - name: install git apt: name: 'git' state: present - name: Add ssh public key to authorized_keys shell: 'echo "$(</root/.bob/secrets/id_rsa.pub)" >> /root/.ssh/authorized_keys' args: executable: /bin/bash register: result ignore_errors: True - debug: var=result - name: Echo authorized command: 'cat /root/.ssh/authorized_keys' register: echoauth ignore_errors: True - debug: var=echoauth - name: Echo etc ssh sshd_config command: 'cat /etc/ssh/sshd_config' register: echosshdconfig ignore_errors: True - debug: var=echosshdconfig - name: List files in .ssh command: 'ls -la /root/.ssh' register: lsssh - debug: var=lsssh - name: Echo id_rsa.pub command: 'cat /root/.bob/secrets/id_rsa.pub' register: echorsa ignore_errors: True - debug: var=echorsa - import_role: name: os_hardening - import_role: name: ssh_hardening - name: Add goin user user: name: goin comment: Go In shell: /bin/bash password: bobtest groups: sudo append: yes - name: Add goin user in sshd_config shell: 'echo "AllowUsers goin" >> /etc/ssh/sshd_config' args: executable: /bin/bash register: addsshd ignore_errors: True - debug: var=addsshd - name: Echo etc ssh sshd_config two command: 'cat /etc/ssh/sshd_config' register: echosshdconfigtwo ignore_errors: True - debug: var=echosshdconfigtwo - name: List files in .ssh command: 'ls -la /root/.ssh' register: lssshtwo - debug: var=lssshtwo - name: List users command: 'cat /etc/shadow' register: shadow - debug: var=shadow - name: List users two command: 'cat /etc/passwd' register: passwd - debug: var=passwd - name: Who command: 'who' register: who - debug: var=who
OS / Environment
I am using this container: https://github.com/hashicorp/docker-hub-images/blob/master/packer/Dockerfile-light
Here is what I added with my Dockerfile:
FROM hashicorp/packer:light MAINTAINER Jean-Nicolas Boulay RUN apk add jq curl ansible openssh RUN ansible-galaxy collection install devsec.hardening COPY ./entry.sh ./home/ WORKDIR /home/ ENTRYPOINT ["/home/entry.sh"]
Creating an image on Linode cloud service with the help of Packer.
Ansible Version
ansible 2.9.14 config file = None configured module search path = ['/root/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules'] ansible python module location = /usr/lib/python3.8/site-packages/ansible executable location = /usr/bin/ansible python version = 3.8.5 (default, Feb 19 2021, 09:27:16) [GCC 9.3.0]
Role Version
I am guessing the most recent one. I rebuild the container image Sun Mar 7.
Additional context
I ssh outside the container. I did try inside.
The public and private keys are also added inside the container and I use ssh-add on the private key.
ssh-add
Is there a step I am missing?
I don't know what else to add.
The text was updated successfully, but these errors were encountered:
You add the public key to root's authorized keys:
shell: 'echo "$(</root/.bob/secrets/id_rsa.pub)" >> /root/.ssh/authorized_keys'
Yet you connect with user goin. Try adding the key to the goin user.
goin
BTW: You can replace this task:
- name: Add goin user in sshd_config shell: 'echo "AllowUsers goin" >> /etc/ssh/sshd_config' args: executable: /bin/bash register: addsshd ignore_errors: True
with the variable ssh_allow_users.
ssh_allow_users
Sorry, something went wrong.
Thank you @rndmh3ro you are right. It now works!
No branches or pull requests
Describe the bug
I am unable to SSH into my server after running ssh_hardening and os_hardening roles in ansible.
Expected behavior
I am expecting to be able to login
Actual behavior
Here is the command I use:
ssh goin@172.105.0.00
The error I get:
The Playbook I use
OS / Environment
I am using this container: https://github.com/hashicorp/docker-hub-images/blob/master/packer/Dockerfile-light
Here is what I added with my Dockerfile:
Creating an image on Linode cloud service with the help of Packer.
Ansible Version
Role Version
I am guessing the most recent one. I rebuild the container image Sun Mar 7.
Additional context
I ssh outside the container. I did try inside.
The public and private keys are also added inside the container and I use
ssh-add
on the private key.Is there a step I am missing?
I don't know what else to add.
The text was updated successfully, but these errors were encountered: