Bug 1731755
Summary: | Root login does not work - PasswordAuthentication is not set to true | |||
---|---|---|---|---|
Product: | Red Hat OpenStack | Reporter: | Cristian Muresanu <cmuresan> | |
Component: | openstack-tripleo-heat-templates | Assignee: | OSP Team <rhos-maint> | |
Status: | CLOSED CURRENTRELEASE | QA Contact: | Jeremy Agee <jagee> | |
Severity: | medium | Docs Contact: | ||
Priority: | medium | |||
Version: | 13.0 (Queens) | CC: | amoralej, apevec, cmuresan, dwilde, emacchi, gcharot, hrybacki, lhh, mburns, mschuppe, owalsh | |
Target Milestone: | --- | Keywords: | Triaged, ZStream | |
Target Release: | --- | |||
Hardware: | Unspecified | |||
OS: | Linux | |||
Whiteboard: | ||||
Fixed In Version: | Doc Type: | If docs needed, set a value | ||
Doc Text: | Story Points: | --- | ||
Clone Of: | ||||
: | 1741670 (view as bug list) | Environment: | ||
Last Closed: | 2023-02-20 17:08:21 UTC | Type: | Bug | |
Regression: | --- | Mount Type: | --- | |
Documentation: | --- | CRM: | ||
Verified Versions: | Category: | --- | ||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | ||
Cloudforms Team: | --- | Target Upstream Version: | ||
Embargoed: | ||||
Bug Depends On: | 1741670, 1741671, 1741672 | |||
Bug Blocks: |
Description
Cristian Muresanu
2019-07-21 19:56:09 UTC
heat-cfntools-1.3.0-2.el7ost.noarch Thu Jul 4 10:23:16 2019 openstack-heat-api-10.0.3-3.el7ost.noarch Thu Jul 4 10:41:14 2019 openstack-heat-api-cfn-10.0.3-3.el7ost.noarch Thu Jul 4 10:41:22 2019 openstack-heat-common-10.0.3-3.el7ost.noarch Thu Jul 4 10:41:03 2019 openstack-heat-engine-10.0.3-3.el7ost.noarch Thu Jul 4 10:41:34 2019 openstack-tripleo-heat-templates-8.3.1-18.el7ost.noarch Thu Jul 4 10:23:28 2019 puppet-heat-12.4.1-0.20190214021237.a7ed720.el7ost.noarch Thu Jul 4 10:23:14 2019 python2-heatclient-1.14.1-1.el7ost.noarch Thu Jul 4 10:23:20 2019 python-heat-agent-1.5.4-1.el7ost.noarch Thu Jul 4 10:23:21 2019 Would need to change SshServerOptions to enable password auth (https://github.com/openstack/tripleo-heat-templates/blob/stable/queens/puppet/services/sshd.yaml#L41) e.g: parameter_defaults: SshServerOptions: HostKey: - '/etc/ssh/ssh_host_rsa_key' - '/etc/ssh/ssh_host_ecdsa_key' - '/etc/ssh/ssh_host_ed25519_key' SyslogFacility: 'AUTHPRIV' AuthorizedKeysFile: '.ssh/authorized_keys' PasswordAuthentication: 'yes' ChallengeResponseAuthentication: 'no' GSSAPIAuthentication: 'yes' GSSAPICleanupCredentials: 'no' UsePAM: 'yes' UseDNS: 'no' X11Forwarding: 'yes' UsePrivilegeSeparation: 'sandbox' AcceptEnv: - 'LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES' - 'LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT' - 'LC_IDENTIFICATION LC_ALL LANGUAGE' - 'XMODIFIERS' Subsystem: 'sftp /usr/libexec/openssh/sftp-server' If the client side is stack@undercloud you also will need to disable pub key auth when connecting: (undercloud) [stack@undercloud-0 ~]$ ssh root.24.8 Warning: Permanently added '192.168.24.8' (ECDSA) to the list of known hosts. Please login as the user "heat-admin" rather than the user "root". Connection to 192.168.24.8 closed. (undercloud) [stack@undercloud-0 ~]$ ssh -o PubkeyAuthentication=no root.24.8 Warning: Permanently added '192.168.24.8' (ECDSA) to the list of known hosts. root.24.8's password: Last login: Wed Aug 7 12:35:11 2019 from 192.168.24.1 [root@overcloud-computelocal-0 ~]# |