You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
When I add a server, it automatically remains as a root account waiting to be synchronized, I click on the sync now button and it tells me SSH Auhentication failed.
Checking the log tells me this.
Jun 8 09:33:40 ska syncd.php: Daemon started
Jun 8 09:33:46 ska syncd.php: Sync process spawning for: 1/
Jun 8 09:33:48 ska syncd.php: 2018-06-08T13:33:46+00:00 devel-ol6.inacap.cl: Preparing sync.
Jun 8 09:33:48 ska syncd.php: 2018-06-08T13:33:46+00:00 devel-ol6.inacap.cl: Checking IP address XXX.XXX.XXX.XXX.
Jun 8 09:33:48 ska syncd.php: 2018-06-08T13:33:46+00:00 devel-ol6.inacap.cl: Attempting to connect.
Jun 8 09:33:48 ska syncd.php: 2018-06-08T13:33:46+00:00 devel-ol6.inacap.cl: Public key authentication failed.
Jun 8 09:34:01 ska systemd: Started Session 1047 of user root.
Jun 8 09:34:01 ska systemd: Starting Session 1047 of user root.
I check the destination server and I have the following:
[root@devel-ol6 ~]# cat /etc/passwd |grep keys-sync
keys-sync:x:498:498::/var/local/keys-sync:/bin/sh
[root@devel-ol6 ~]#
[root@devel-ol6 ~]# ls -la /var/local/
total 12
drwxr-xr-x. 3 root root 4096 Jun 7 17:39 .
drwxr-xr-x. 19 root root 4096 Jun 7 16:53 ..
drwx--x--x 2 root root 4096 Jun 8 09:28 keys-sync
[root@devel-ol6 ~]# ls -la /var/local/keys-sync/
total 28
drwx--x--x 2 root root 4096 Jun 8 09:28 .
drwxr-xr-x. 3 root root 4096 Jun 7 17:39 ..
-rw-r--r-- 1 root root 18 Jun 7 17:40 .bash_logout
-rw-r--r-- 1 root root 176 Jun 7 17:40 .bash_profile
-rw-r--r-- 1 root root 124 Jun 7 17:40 .bashrc
-rw-r--r-- 1 keys-sync keys-sync 735 Jun 7 18:24 keys-sync
[root@devel-ol6 ~]#
[root@devel-ol6 ~]# cat /etc/ssh/sshd_config |grep AuthorizedKeysFile
#AuthorizedKeysFile .ssh/authorized_keys
AuthorizedKeysFile /var/local/keys-sync/%u
[root@devel-ol6 ~]# cat /etc/ssh/sshd_config |grep StrictModes
StrictModes no
[root@devel-ol6 ~]#
The sshd service has been restarted.
From the SKA server, login with the keys-sync account and I have access to the destination server without a password.
[root@ska ~]# su - keys-sync
Last login: Fri Jun 8 09:47:33 -04 2018 on pts/0
-sh-4.2$ ssh devel-ol6.inacap.cl
Last login: Fri Jun 8 09:47:42 2018 from XXXXXXXXX
-sh-4.1$ hostname
devel-ol6.inacap.cl
-sh-4.1$ exit
logout
Connection to devel-ol6.inacap.cl closed.
-sh-4.2$ hostname
ska.inacap.cl
-sh-4.2$ exit
logout
[root@ska ~]#
But with the root account I can not enter the destination server without a password and the keys are the same for both accounts.
Since it works when you run it manually but not when it runs from the daemon, it would suggest perhaps that the user that the daemon is running under does not have access to the private key file. Check the permissions and ownership on the private key file versus the user account specified in the systemd service file or the init script.
Thank you very much, indeed the files keys-sync and keys-sync.pub inside the directory config/ did not have read permission for the user keys-sync which is the one that starts the daemon.
Problem Sync from UI
When I add a server, it automatically remains as a root account waiting to be synchronized, I click on the sync now button and it tells me SSH Auhentication failed.
Checking the log tells me this.
I check the destination server and I have the following:
The sshd service has been restarted.
From the SKA server, login with the keys-sync account and I have access to the destination server without a password.
But with the root account I can not enter the destination server without a password and the keys are the same for both accounts.
Now if I run the sync.php manually it works.
I may have something wrong configured but I have not been able to find it, I would appreciate any help in this regard.
Access to the website is under LDAP as recommended in the README.
But the keys-sync account in the UI appears Inactive, do I have to create that account in the Active Directory?
I am currently using my own account to access the UI and create the ska-administrator group where I am a member.
The text was updated successfully, but these errors were encountered: