How to access to a VM using ssh from a linux terminal

I am new in Opennebula (Version 4.12), a I have some basic questions…

How to access a virtual machine via ssh?

I have generated a ssh key using ssh-keygen with a linux user and afterwards I have copied this public key into the template SSH KEY, but sometimes it works, but others it doesn’t , any ideas??

Moreover we want to use each user SSH KEY instead filling the template SSH KEY but:

  • If I put the ssh key into User > Setting > Info it doesn’t work either

  • How does the ssh process work in opennebula fro login to a vm? How is the opennebula user’s ssh key moved into the virtual machine and how can i use this ssh key from any linux terminal?

  • Do we need the opennebula user to be the same as the linux user where we created the ssh key?

Thanks in advance

1 Like

Hello Flo,

I’m using ver 5.03 but I think it’s the same: ssh key works for me with these conditions:

  1. the vm image must be contextualized: there are 1 or 2 packages from opennebula that must be installed in the vm image, see http://docs.opennebula.org/4.14/user/virtual_machine_setup/bcont.html
  2. the os in vm must accept root ssh login from a key (configured in sshd config)

As for your questions:

a/
b/ the ssh key is moved from the sunstone user starting the VM by a script from the contextualization package into the root user ssh authorized keys.
c/ AFAIK the ssh key from any sunstone user is only put into the root ssh authorized keys. So any user can start the VM fro sunstone, but he/she only can ssh to rot user

2 Likes

Hi,

In addition to what has already been posted by kitasupport

Also you need to create a virtual network in order to obtain access so its the first thing that u want to check.

it should works… anyways if the problem persists you can post here the log using -v option (verbose), this will help us to urderstand your problem.

as kitad said, this is only used to copy your pk into the authorized keys file inside the vm, this is all related to ssh.

Hi there, I am working with floprod and we are still having problems:

We are using images coming from templates from the marketplace that are already contextualized.

The ssh public key is correctly copied to the vm in /root/.ssh/authorized keys, I can check it if I use a context var PASSWORD and accesing as root.

I’m guessing that maybe the problem is with the default configuration sshd config. For example at Ubuntu16 marketplace image PermitRootLogin is password-porhibited but when I try log ssh to the Debian 8 and Debian 9 of the templates from the marketplace i’m asked for a password.

Or maybe is about the permissions of the vm /root/.ssh/ folrder and files within

Any idea?

it may be anything, try to log in using ssh -vv as i said, this will print you all the info that u need (a permission problem 4example) your ~/.ssh/authorized_keys must be readable of course.

Do u have your key protected with a pass? if this is the case you will need to use the ssh-agent.

It’s about sshd configuration

Using the Debiand 9 I has turned on PermitRootLogin to yes and no problem but with the Ubuntu 16.04 form the marketplace i’m still having issues.

:frowning:

The exact ssh error i’m getting into /var/log/auth.log is:

ssh conection closed by (ssh cliente ip)

And debugging the ssh session from the client i’m getting permission denied

Thanks in advance,

Hello!

this moning i have been checking Ubuntu 16.04, and i do not have any problem…

Here are a couple of things:

  • remember to ensure that your keys have defaults names if u do not want to provide extra options to ssh (i think id_* are default ones)
  • default sshd config has these two variables: PermitRootLogin and PasswordAuthentication. If u want to log in using password u should change that (use VNC if u cannot enter).
  • passwordless ssh sessions check by default: /home/[youruser]>/.ssh/authorized_keys, make sure that this folder exists in the user that u are trying to log in. Opennebula copies the key provided by sunstone/template there ALSO u need to have the right permissions.
  • If u are trying to log with a non-root user one way to perform this is using TEMPLATE/CONTEXT with a variable named USERNAME=“xxx” this will create automatically your user with a home folder.

i cant use right now your version (im in 5.4.0) but u can check the issue manually and see whats happens.
if after that you continue facing issues… im afraid that im not able to help you with only these info, use ssh -vvv and copy the log here. Anyways permision denied problems usually are related to keys/permissions setup.

Cheers .

Thanks, it’s clear that it a ssh problem, I’ll let you know if we solve the situation.

SSH configuration procedure
Do this steps from oneadmin login(physical machine)
SSH Client: Physical Machine IP
SSH Remote Host: In our case, 192.168.108.40

  1. Create Authentication in Physical Machine using ssh-keygen
    ssh-keygen -t rsa
  2. Create .ssh directory in Physical Machine
    ssh root@192.168.108.40 mkdir -p .ssh
  3. Upload Generated public Key from Physical Machine to Remote Host
    cat .ssh/id_rsa.pub | ssh root@192.168.108.40 ‘cat >> .ssh/authorized_keys’
  4. Set Permission on 192.168.108.40 from Physical Machine
    ssh root@192.168.108.40 “chmod 700 .ssh; chmod 640 .ssh/authorized_keys”
  5. Login from Physical machine to remote Host
    ssh root@192.168.108.40