Welcome to the Linux Foundation Forum!

LAB 5.2

beekay.verma
beekay.verma Posts: 15
in LFS211 Class Forum

Hey guys,

I tried the lab Exercise 5.2: Make OpenSSH client config changes exactly how it was mentioned but somehow it doesnt connect to **garply ** via ssh and gives this error:

cloud-engineer-student@ubuntu:~$ ssh garply
ssh: Could not resolve hostname garply: Temporary failure in name resolution

what is it that I'm doing wrong? Could someone guide me to right way please. :smile:

Thanks in advance!

Best Answers

  • lee42x
    lee42x Posts: 380
    Answer ✓

    Hi beekay.verma,
    In exercise 5.2.1 you created a configuration file called $HOME/.ssh/config where $HOME is your home directory. The configuration has the line "host garply" which should be the config parameters to be used for for the connection. The ssh command shoud read the configuration file and discover the garply entry then use the hostname and user specified in the config file.

    Please post your $HOME/.ssh/config file.

    Lee

  • lee42x
    lee42x Posts: 380
    Answer ✓

    Please confirm the file location/name and the permissions.

  • lee42x
    lee42x Posts: 380
    Answer ✓

    There is the issue. Must be owned by the user not root.

Answers

  • beekay.verma
    beekay.verma Posts: 15

    @lee42x Thanks for your help!!
    here is the file:

    host garply
    hostname localhost
    user root

    host *
    ForwardX11 yes
    ~
    ~

  • beekay.verma
    beekay.verma Posts: 15

    @lee42x

    Thanks for reply. here it is:

    cloud-engineer-student@ubuntu:~$ ls -la $HOME/.ssh/config
    -rw------- 1 root root 64 Jan 15 00:47 /home/cloud-engineer-student/.ssh/config

  • beekay.verma
    beekay.verma Posts: 15

    @lee42x ahh... such a newbie mistake. thanks for pointing out. :smile:

  • beekay.verma
    beekay.verma Posts: 15

    @lee42x however I now ran into another issue...

    cloud-engineer-student@ubuntu:~$ ssh garply
    root@localhost's password:
    Permission denied, please try again.
    root@localhost's password:
    Permission denied, please try again.
    root@localhost's password:
    root@localhost: Permission denied (publickey,password).

    Should I set root password? I recon I never set any root password during or after installation.

  • beekay.verma
    beekay.verma Posts: 15

    Looks like I was able to do it once update the /etc/ssh/sshd_config file.

    cloud-engineer-student@ubuntu:~$ ssh garply
    root@localhost's password:
    Welcome to Ubuntu 20.04.1 LTS (GNU/Linux 5.8.0-38-generic x86_64)

    14 updates can be installed immediately.
    0 of these updates are security updates.
    To see these additional updates run: apt list --upgradable

    Your Hardware Enablement Stack (HWE) is supported until April 2025.

    The programs included with the Ubuntu system are free software;
    the exact distribution terms for each program are described in the
    individual files in /usr/share/doc/*/copyright.

    Ubuntu comes with ABSOLUTELY NO WARRANTY, to the extent permitted by
    applicable law.

    /usr/bin/xauth: file /root/.Xauthority does not exist
    root@ubuntu:~# hostname
    ubuntu
    root@ubuntu:~# id
    uid=0(root) gid=0(root) groups=0(root)
    root@ubuntu:~# exit
    logout
    Connection to localhost closed.

    @lee42x Thanks for your help!! :smile:

  • beekay.verma
    beekay.verma Posts: 15
    edited January 2021

    please ignore.

  • beekay.verma
    beekay.verma Posts: 15
    edited January 2021

    please ignore

  • beekay.verma
    beekay.verma Posts: 15
    1. Setup ssh keys and fingerprints. If not already done, create a key pair on the local machine:$ ssh-keygenCopy the key to the remote and save the fingerprint$ ssh-copy-id localhost3. Test the password-less connection, if you are prompted for a password fix it now:$ ssh localhostRepeat for all the local interfaces or some remotes$ ssh-copy-id 127.0.0.1

    I tried the lab 5.5 with the steps and getting error on first part somehow saying this from step 1 of ssh-keygen:

    cloud-engineer-student@ubuntu:~$ ssh-keygen
    Generating public/private rsa key pair.
    Enter file in which to save the key (/home/cloud-engineer-student/.ssh/id_rsa):
    /home/cloud-engineer-student/.ssh/id_rsa already exists.
    Overwrite (y/n)? y
    Enter passphrase (empty for no passphrase):
    Enter same passphrase again:
    Your identification has been saved in /home/cloud-engineer-student/.ssh/id_rsa
    Your public key has been saved in /home/cloud-engineer-student/.ssh/id_rsa.pub
    The key fingerprint is:
    SHA256:v#####################XVeno cloud-engineer-student@ubuntu
    The key's randomart image is:
    +---[RSA 3072]----+
    | .... |
    | . . . |
    | .. o |
    | . o o.=+|
    | +. * . .=+|
    | .+.o+ =XB|
    +----[SHA256]-----+
    cloud-engineer-student@ubuntu:~$ ssh-copy-id localhost
    /usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
    /usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
    cloud-engineer-student@localhost's password:
    sh: 1: cannot create .ssh/authorized_keys: Permission denied

  • beekay.verma
    beekay.verma Posts: 15

    I recognized the issue here for the above - ownership:

    ls -ld .ssh
    drwx------ 2 cloud-engineer-student cloud-engineer-student 4096 Jan 19 01:37 .ssh
    cloud-engineer-student@ubuntu:~$ ls -ld .ssh/authorized_keys
    -rw------- 1 root root 1429 Jan 19 00:33 .ssh/authorized_keys
    cloud-engineer-student@ubuntu:~$ sudo chown cloud-engineer-student:cloud-engineer-student .ssh/authorized_keys
    cloud-engineer-student@ubuntu:~$ ssh-copy-id localhost
    /usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed

    /usr/bin/ssh-copy-id: WARNING: All keys were skipped because they already exist on the remote system.
    (if you think this is a mistake, you may want to use -f option)

    cloud-engineer-student@ubuntu:~$ ssh localhost
    Welcome to Ubuntu 20.04.1 LTS (GNU/Linux 5.8.0-38-generic x86_64)

  • lee42x
    lee42x Posts: 380
    edited January 2021

    Great ! Be carful using root to change/configure user's home directory components. You can get extra information using the "-v" flag on the ssh command.

  • ziggysdomain
    ziggysdomain Posts: 3

    @beekay.verma said:
    Looks like I was able to do it once update the /etc/ssh/sshd_config file.

    I'm stuck at this stage. I had initially created $HOME/.ssh/config file as root and then realised my mistake - it should nave been created without sudo, as in 'nano' and not 'sudo nano'. Like beekay I had not generated a root password, so I did this, but am still getting the permission denied error (I did logout and back in). I don't know what beekay means by updating the /etc/ssh/sshd_config file. What do I put in there? Same as $HOME/.ssh/config file?

  • lee42x
    lee42x Posts: 380

    In this exercise we check the /etc/sshd/sshd_config file allows the root user to login via ssh. This has been the default setting for many releases. This exercise will change the root access to be key based eliminating
    the option of using root's password.

    The steps adding an authorized key to root for access to local host are documented a being executed as root, this may not be clear. Here are the steps in question using "sudo".

    [student@main ~]$ sudo su -c 'cat /home/student/.ssh/authorized_keys >> /root/.ssh/authorized_keys '
    [student@main ~]$ sudo chown root.root /root/.ssh/authorized_keys
    [student@main ~]$ sudo chmod 600 /root/.ssh/authorized_keys
    [student@main ~]$ ssh garply

    Things to watch for:
    The "sudo su -c " command is required to use the redirection with sudo.
    Make sure there is only one iteration of "PermitRootLogin" in the /etc/ssh/sshd_config file.

    Let us know if this helps.
    Thank you, Lee

  • lee42x
    lee42x Posts: 380

    The option we are looking for in /etc/ssh/sshd_config file is the "PermitRootLogin".
    Initially we assume , and check, that PermitRootLogin is set to YES.
    We change "PermitRootLogin" so only ssh keys will allow root to login later in the exercise.

  • lee42x
    lee42x Posts: 380

    Step 5.4 you may need to install "xeyes", some distros no longer install xeyes by default.

  • ziggysdomain
    ziggysdomain Posts: 3

    @lee42x said:
    In this exercise we check the /etc/sshd/sshd_config file allows the root user to login via ssh. This has been the default setting for many releases. This exercise will change the root access to be key based eliminating
    the option of using root's password.


    The steps adding an authorized key to root for access to local host are documented a being executed as root, this may not be clear. Here are the steps in question using "sudo".

    [student@main ~]$ sudo su -c 'cat /home/student/.ssh/authorized_keys >> /root/.ssh/authorized_keys '
    [student@main ~]$ sudo chown root.root /root/.ssh/authorized_keys
    [student@main ~]$ sudo chmod 600 /root/.ssh/authorized_keys
    [student@main ~]$ ssh garply

    Things to watch for:
    The "sudo su -c " command is required to use the redirection with sudo.
    Make sure there is only one iteration of "PermitRootLogin" in the /etc/ssh/sshd_config file.

    Let us know if this helps.
    Thank you, Lee

    Thanks. I have repeated the first part of exercise 5.1.1 (including checking the permit root login part in sshd_config file). Now do I replace 5.1.2 with your instructions above?

Categories

Upcoming Training