Welcome to the Linux Foundation Forum!

Lab work 4.2 ssh from anod-master to anod-worker gives Permission denied

Hi,
I am at step on page 2, for ssh into anod-workers from anod-master. however ssh from anod-master gives to anod-worer gives permission denied.

I could go into each node and do it, but i believe this issue needs to be resolved for later parts.

Please advise, thanks

Comments

  • raghuramg
    raghuramg Posts: 73

    Hi @sonimanish0604 ,
    I have emailed you. please ping me in slack. i will help to resolve this issue.

  • raghuramg
    raghuramg Posts: 73

    Workaround for the anod-master and worker node Steps **
    **Note: This step is only for Ubuntu instances, to install anod-master and the worker nodes.

    Step-1: SSH to VM instance from the GCP Console.
    Click SSH > Open in Browser Window.

    Step-2: Add the aarna user public key to the /home//.ssh/authorized_key
    vi /home//.ssh/authorized_keys

    Add the following lines in the file and save it

    ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDgGPLMi26GSHwfHY+IcUe2xgC1PQyMG0wVAA/4Gwyjzowelt76LDOQI29l5xa7JyyGkenmwSHkd3d9IKwpe+jw3w9P5+SLpxXjkMQc5g3VHLKOVguFg/BPQmRqjndqQE6m9ddpVFCaPz6Py1+7LxF5IAnZr+VY5glqCnWhw68XVfxlvQqtJub8lug1eSZh6oa6/+L96mRZXrB8BPJ41PfLQwK7hw0H11JBrNFGYTcyX4Hsn2Z8FL540HjMr+MWF9eRrQaFrB5NTAJHLjxtVPiz6R2N23gzoTkwUmxcgwnvUyOgSdOlRYnMOs8RCxNbbcn68IrBT3tbfVtDF1rFHFDB
    ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDqXaTZf6eQw55I2LOnpXbC8JEw536thBD5QOWKwPsgy0CUojL9+PpLS7x949SXxoF9jrtQ1n67pnHeWXrOFXzrpWNIgmZMrV8KOpteC/0yAvTSY585fMpMz1Q3xrlSk8BIk+LUbyXmSNwNeLTJb3s+iJ28ySgKE99IOisdjPLPtRi3zLhrRw+xg7UjRQTys46jqy/+txoXUIJRwYQx6kusBmiZIpIVbXBnFErwlydNUj9KfPdiGICMUXqOeF1+iacCGMCsVSuRPR74OJAi4CXrHOL+zJcyidIwqz2H7V6ra8MVq6vT+jp/NyOrgJJbgZiQpuNpxWbJ0lXxOgDX1eXf

    Step-3: Open terminal in your local laptop/workstation and try to connect with aarna.pem private key file.
    ssh -i @.

    Step-4: Run below commands to change the aarna file permissions as root user and add aarna public key to authorized_keys under /home/aarna/.ssh/.
    sudo -i
    sudo chown -R aarna:aarna /home/aarna/.ssh
    sudo vi /home/aarna/.ssh/authorized_keys

    Add the following lines in the file and save it

    ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDgGPLMi26GSHwfHY+IcUe2xgC1PQyMG0wVAA/4Gwyjzowelt76LDOQI29l5xa7JyyGkenmwSHkd3d9IKwpe+jw3w9P5+SLpxXjkMQc5g3VHLKOVguFg/BPQmRqjndqQE6m9ddpVFCaPz6Py1+7LxF5IAnZr+VY5glqCnWhw68XVfxlvQqtJub8lug1eSZh6oa6/+L96mRZXrB8BPJ41PfLQwK7hw0H11JBrNFGYTcyX4Hsn2Z8FL540HjMr+MWF9eRrQaFrB5NTAJHLjxtVPiz6R2N23gzoTkwUmxcgwnvUyOgSdOlRYnMOs8RCxNbbcn68IrBT3tbfVtDF1rFHFDB
    ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDqXaTZf6eQw55I2LOnpXbC8JEw536thBD5QOWKwPsgy0CUojL9+PpLS7x949SXxoF9jrtQ1n67pnHeWXrOFXzrpWNIgmZMrV8KOpteC/0yAvTSY585fMpMz1Q3xrlSk8BIk+LUbyXmSNwNeLTJb3s+iJ28ySgKE99IOisdjPLPtRi3zLhrRw+xg7UjRQTys46jqy/+txoXUIJRwYQx6kusBmiZIpIVbXBnFErwlydNUj9KfPdiGICMUXqOeF1+iacCGMCsVSuRPR74OJAi4CXrHOL+zJcyidIwqz2H7V6ra8MVq6vT+jp/NyOrgJJbgZiQpuNpxWbJ0lXxOgDX1eXf

    Step-4: Make sure the file permissions are set to 600. Change the file ownership to aarna user.
    sudo chown -R aarna:aarna /home/aarna/.ssh/authorized_keys
    chmod 600 /home/aarna/.ssh/authorized_keys

    Step-5: Add user aarna to sudoers group.
    sudo usermod -aG sudo aarna
    sudo vi /etc/ssh/sshd_config
    PermitRootLogin no to PermitRootLogin without-password

    Step-6: Add the following in the file /etc/sudoers.
    sudo vi /etc/sudoers
    aarna ALL=(ALL) NOPASSWD: ALL

    Step-7: Add the following to visudo.
    sudo visudo
    %sudo ALL=NOPASSWD: ALL

  • Hi Radhu, I did the steps for each of 6 nodes, and the master. so I got it working. But the documentation is needs lot of re-work.

    Another comment I would add: the course is about Automation, but the tutorials mention a lot of manual steps..

  • raghuramg
    raghuramg Posts: 73

    Hi @sonimanish0604 ,
    Glad that you are able to fix the issue.
    We are in process of updating the documentation with all these fixes. it will be available to users very soon.

  • @sonimanish0604 Regarding your comment about the Automation - we have automation scripts for all the operations that you are doing manually. But for learning experience, the labs mention the manual steps. With automation, it will be very difficult to understand what is going on "under the hoods". This is the reason for the manual steps in the labs.

  • Hi @SriramRupanagunta I do agree with manual steps do help in learning. but I feel the documentation needs serious improvements, as there are several manual steps conducted but not in the documentation.

  • Hi @sonimanish0604 , Yes we agree there are missing steps, and they are added in the new document update (which will be made available by LFN soon). Some of the steps (which you had to do) seem to be a result of change in GCP security policy of disabling SUDO access. These were not needed earlier so we think they may be some recent change.
    We do appreciate your feedback and patience.

  • fcioanca
    fcioanca Posts: 2,160

    Please note that the lab exercises for this course have been updated yesterday. Make sure to access or download the updated files.

Categories

Upcoming Training