[SOLVED] How todo I provide ssh_public_key the correct way


(Daniel Seichter) #1

I am new to OpenNebula and I am able to run my machines on KVM (migrated from VirtualBox). So far so good.
Now I wanted to try a template provided on the marketplace, but I can’t login.
I tried the following under [SOLVED] How to substitute the value SSH_PUBLIC_KEY with the output of cat ~/.ssh/id_rsa.pub but it still does not work.

What I did (without success):
Imported the Debian 8.2 KVM using Marketplace in Sunstone.
Added into the template my public key of three different users:
First, my local user of my client. After that, I added the public key of a user root. This also does not work so I added the public key of oneadmin (see link above).

Starting the virtual machine I am unable to ssh and also unable to login without passwort using vnc (and unable to login using ssh).

In the documentation I am only to find “provide the public key”, but what public key I have to use? Do I have to add in the template into the context field?

Tried other images of the marketplace, but the same problem.

Using VNC, the machine wants to have a username and password.

Which public rsa key of what user I have to paste where?

Thank you very much for your help!

Daniel


How to log in the VM using vnc?
(Anton Todorov) #2

Hi Daniel,

There are various places where you can add your public key:

in your sunstone user’s settings:
Settings --> Info tabb --> ‘Public SSH key’ box
in you VM template:
Selecet VM template -> Update --> Context tab --> Public Key (Add ssh contextualization must be ticked)

For SSH to work you must enable the networking by selecting a network in the network tab in the template wizard after you import image from the marketplace.

To set a password for the VM from the market place some more preparation is needed. For example to set the root password on VM instantiation:

Create the following text file:

#!/bin/sh

if [ -n "$ROOT_PASSWORD" ]; then
    echo "root:$ROOT_PASSWORD" | chpasswd
fi

Then upload it in the Files & Kernels. Set its name to like set-root-password.sh

Then in the VM template -> Context --> Configuration add User input with the following attributes:
Name: ROOT_PASSWORD
Type: password
Description: any description (optional?)

Then select Files (next under Configuration) and select the imported script.

In the Init scripts field type the file’s name - same as the one you set in Files & Kernels.

With the above configuration in the VM instantiation dialog There will be prompt to set the password for root. (Somewhere on the bottom of the page)

Type an password, start the VM and use it to login in the VNC console.

I hope this crash course will help.

Kind Regards,
Anton Todorov


(Daniel Seichter) #3

Hello Anton,

thank you very much for your detailed description.

Both ways are working now (it was the public ssh key of my user I am working within sunstone, wich let me login now using ssh). It also works like a charm by providing the password script.
I decided to use the “password method”, because all my other virtual machines, I moved from VirtualBox, were set up using passwords, so the same behaviour will be the best way :smile:

Thanks again and have a nice evening!

Daniel


(Schneider) #4

Hi All,
I added the public ssh key to the oneadmin in sunstone. But when I deploy a VM e.g. the Debian 8.2 kvm the template holds the public key. Never the less a root login via the vnc doesn’t work.
What I’m doing wrong.
Thx
Regards
Thomas


(Vialcollet) #5

Hi.
When I try to set the password, I have an error when I instantiate the VM:

[TemplateInstantiate] Error allocating a new virtual machine. Error parsing: set-root-password.sh. syntax error, unexpected RSTRING, expecting VARIABLE at line 1, columns 1:21

Thanks in advance for any direction you could provide me with.


(Anton Todorov) #6

Hi,

@jonny12,
the ssh public key is used to login to the VM via the SSH protocol. For VNC console the root password must be set via the contextualization.

@vialcollect,
please add some more info, like

onetemplate show <templateID> --xml
onevm show <vmID> --xml    (but please strip the PCI info -it is a lot and not related to the issues)

Some more info - like the version of opennebula, what steps are completed, configurations, etc. It is hard to guess what is the overall setup and where the problems could be…

Kind Regards
Anton Todorov


(Schneider) #7

Hi Anton,
now I managed it or moreover I understand how it works. The passwordless login for root only works via the frontend machine as oneadmin user.
So on the frontend machine:

  1. su oneadmin
  2. ssh@192.x.x.x (new machine)
    Then I can admin this machine.
    Thank you for your help.
    Regards
    Thomas

(Vialcollet) #8

Thank you for your answer Anton.
I am testing OpenNebula 4.14.0 on a dedicated server.

Here is my template:

<VMTEMPLATE> <ID>0</ID> <UID>0</UID> <GID>0</GID> <UNAME>oneadmin</UNAME> <GNAME>oneadmin</GNAME> <NAME>Ubuntu 14.04 - KVM</NAME> <PERMISSIONS> <OWNER_U>1</OWNER_U> <OWNER_M>1</OWNER_M> <OWNER_A>0</OWNER_A> <GROUP_U>0</GROUP_U> <GROUP_M>0</GROUP_M> <GROUP_A>0</GROUP_A> <OTHER_U>0</OTHER_U> <OTHER_M>0</OTHER_M> <OTHER_A>0</OTHER_A> </PERMISSIONS> <REGTIME>1447629089</REGTIME> <TEMPLATE> <CONTEXT> <FILES_DS><![CDATA[$FILE[IMAGE_ID=2]]]></FILES_DS> <NETWORK><![CDATA[YES]]></NETWORK> <ROOT_PASSWORD><![CDATA[$ROOT_PASSWORD]]></ROOT_PASSWORD> <SSH_PUBLIC_KEY><![CDATA[$USER[SSH_PUBLIC_KEY]]]></SSH_PUBLIC_KEY> </CONTEXT> <CPU><![CDATA[1]]></CPU> <DISK> <IMAGE><![CDATA[Ubuntu-14.04]]></IMAGE> <IMAGE_UNAME><![CDATA[oneadmin]]></IMAGE_UNAME> </DISK> <FROM_APP><![CDATA[53e7c1b28fb81d6a69000003]]></FROM_APP> <FROM_APP_NAME><![CDATA[Ubuntu 14.04 - KVM]]></FROM_APP_NAME> <GRAPHICS> <LISTEN><![CDATA[0.0.0.0]]></LISTEN> <TYPE><![CDATA[vnc]]></TYPE> </GRAPHICS> <LOGO><![CDATA[images/logos/ubuntu.png]]></LOGO> <MEMORY><![CDATA[768]]></MEMORY> <NIC> <NETWORK><![CDATA[Main]]></NETWORK> <NETWORK_UNAME><![CDATA[oneadmin]]></NETWORK_UNAME> </NIC> <OS> <ARCH><![CDATA[x86_64]]></ARCH> </OS> <USER_INPUTS> <ROOT_PASSWORD><![CDATA[M|password|Root Password]]></ROOT_PASSWORD> </USER_INPUTS> </TEMPLATE> </VMTEMPLATE>

For my VM I can’t provide with anything as instanciation fails…


(Anton Todorov) #9

Hi @vialcollet,

I would like to suggest to update OpenNebula to 4.14.2 which is mostly bug-fix release and solves the bug that you are hitting.

Kind Regards,
Anton Todorov


(Vialcollet) #10

Thanks for your help @atodorov_storpool. I will do so and report the result.
Thanks again!


(Vialcollet) #11

Ok this is now working fine.
Thanks a lot.


(dagu92) #12

Hi all, i want to login to the centos kvm downloaded from the marketplace, and so i copy the id_rsa.pub in the contextualization of the template but when the vm is running it require an username and password again…what i’m doing wrong. thank you very much for any help.


(Luke Camilleri) #13

Hi Florin_Tanasache1, the centOS image will have they ssh key of the user who as far as i know owns the VM. once you place the ssh key in the contextualization of the VM make sure you shut it down and start it again since as far as i know it needs to be injected during bootup.

When this is done you need to ssh to the centos KVM vm from the machine that has the private key associated with the public key that you just placed in the VM via the contextualization. This machine is most probably your front-end. Then #ssh root@IP-of-the-centos-KVM-VM


(dagu92) #14

thanks for your response, but it does not work. Moreover i cannot ping the vm centos-kvm from my frontend (in my case the frontend is the host having the vms). can i use vnc to do this? sorry, but i’m newbie with opennebula


(Luke Camilleri) #15

An ssh key as the name implies is used only by the SSH protocol. When you use VNC that is a console session, just like having a keyboard and a mouse attached to a physical machine.


(dagu92) #16

ok, now after i changed the network interface i can ssh to the centos and a have access to the root of machine. thank you very much. However, if i want to use the vnc console what have i do? which are the credentials in order to access the machine?


(Luke Camilleri) #17

The root password has public key authentication enabled so the easiest way would be:

1- SSH to the vm using the root username

Create a new user by:

2- useradd centos

3- passwd centos à type a password here

4- try using this user via the console (VNC)

the steps above are not specific to OpenNebula, but mainly Linux administration, I am just saying to make sure that you understand that this is not an OpenNebula “problem”


(dagu92) #18

yes, i know, but i thought that vnc could work differently. Many thanks!