We have a central server (Redhat) that uses 2-factor to get in. We like to ssh as root to servers from this to run scripts etc. We were able to do this to our older Centos 6 Nagios. I just upgraded our test Nagios to the Centos 7 (using OVA file) and imported our config and everything seems to work.
However, I exchanged the public key from our central server to this new Nagios server, and it doesn't even appear to try to use the key. I've checked a few things in /etc/ssh/sshd_config (and bounced ssh) but still no luck.
So...what is the "offical way" to get root to be able to SSH to the Centos 7 Nagios server without needing a password?
ssh to Nagios as root
Re: ssh to Nagios as root
Hi capmarvel ,
The version of ssh and the sshd_config in the OVA image are stock for the operating system; we just did a quick line by line comparison with a stock CentOS7.9 build and they appear to be identical. Additionally I was able to successfully setup passwordless auth for root on the OVA image per the standard method after I corrected my permissions ( I always forget that ). The ssh daemon is very particular about file permissions and the authorized_keys file need to be 600 or it will fail (the default umask is 022).
1572874 4 drwx------ 2 root root 4096 Dec 7 14:45 /root/.ssh
1573001 4 -rw------- 1 root root 746 Dec 7 14:45 /root/.ssh/authorized_keys
1572999 4 -rw-r--r-- 1 root root 177 Dec 7 14:43 /root/.ssh/known_hosts
Beyond that I would recommend reviewing the logs and possibly turning up the log LogLevel in the config to get more information. Generally it is advisable to use individual user accounts with sudo privileges for accountability sake but it certainly should be possible login as root without a password. Let us know how it goes.
Thanks and Best Regards,
Keith
The version of ssh and the sshd_config in the OVA image are stock for the operating system; we just did a quick line by line comparison with a stock CentOS7.9 build and they appear to be identical. Additionally I was able to successfully setup passwordless auth for root on the OVA image per the standard method after I corrected my permissions ( I always forget that ). The ssh daemon is very particular about file permissions and the authorized_keys file need to be 600 or it will fail (the default umask is 022).
1572874 4 drwx------ 2 root root 4096 Dec 7 14:45 /root/.ssh
1573001 4 -rw------- 1 root root 746 Dec 7 14:45 /root/.ssh/authorized_keys
1572999 4 -rw-r--r-- 1 root root 177 Dec 7 14:43 /root/.ssh/known_hosts
Beyond that I would recommend reviewing the logs and possibly turning up the log LogLevel in the config to get more information. Generally it is advisable to use individual user accounts with sudo privileges for accountability sake but it certainly should be possible login as root without a password. Let us know how it goes.
Thanks and Best Regards,
Keith
Re: ssh to Nagios as root
Had perms right on the .ssh files. I even pulled over a /etc/ssh/sshd_config from a Centos 7.9 system where this works and put that in place but no change. (and bounced sshd after putting file in place) The ssh_config is also the same as the other 7.9 system.
I know we've also on some systems touched /etc/security/acccess.conf but none of the docs I've found even mention it (I tried it..didn't help).
Nothing is written to /var/log/secure...it's like it's not even trying to do the ssh connection (I can ssh from that central server, get password prompt, enter password, and get in - so there is connectivity between the 2 servers).
I know we've also on some systems touched /etc/security/acccess.conf but none of the docs I've found even mention it (I tried it..didn't help).
Nothing is written to /var/log/secure...it's like it's not even trying to do the ssh connection (I can ssh from that central server, get password prompt, enter password, and get in - so there is connectivity between the 2 servers).
Re: ssh to Nagios as root
Nevermind.....copied authorized_keys over from that other system and it worked...though the new authorized_keys file looked identical to the old (maybe had control character in the new that I didn't see).
thanks for the help
thanks for the help
Re: ssh to Nagios as root
Hi capmarvel,
Glad you were able to resolve it -- ssh can be frustratingly particular. I'll lock out the thread.
Thanks and Best Regards,
Keith
Glad you were able to resolve it -- ssh can be frustratingly particular. I'll lock out the thread.
Thanks and Best Regards,
Keith