SSH stuck at asking for password

[dosilyoun]

Checked out master branch

1. docker-compose up
2. ssh-keygen (all default)
3. ssh-copy-id ansible@ubuntu1
4. ssh ubuntu1 -> still asks for password after running the sshd as debug on ubuntu1 it said that /home/ansible/.ssh has incorrect access rights. It has 777 instead of 700. Unfortunately chmod can't change these. Can you help me?

More information: I am on windows :(

[domainfun]

It has 777 instead of 700. Unfortunately chmod can't change these.

What chmod command did you run? Was it chmod 0700 /home/ansible/.ssh? I believe the leading zero is required.

[spurin]

Hi @dosilyoun ,

Could you please tell me more about your setup, in particular the version of windows (start -> run -> winver). Also, what version of Docker do you have

On older versions of Windows/Docker, the volume mounts sometimes don't work as expected.

This sounds like what you're seeing as automatically, when the instances start it also attempts to correct any file permissions, if they are incorrect. Also, you're running a chmod but it's having no impact.

Because of this, when SSH is executing it's flagging the keys as a security risk.

Let me know the details above and we'll see what we can do, alternatively I do also have some workarounds that we could try otherwise.

Also, in case you haven't seen, you can run the lab now via Google Cloud Shell. If you're following along on the course it's in this video - https://youtu.be/yT7NjpvhwVM - Instructions start at 08:00

p.s. @domainfun thanks for your help on this, appreciate you stepping in also!

[dosilyoun]

Hi @spurin!

The windows version is 21H1 build 19043.1586 and The docker version is 4.7.1 (77678). If there is any possibility to solve it on my PC, I go for it. Let's make the Google Cloud Shell as a B plan.

[spurin]

Your windows version looks good! Did you have Docker already installed? Could you try running the latest version of Docker Desktop

[dosilyoun]

@spurin This is the newest version. What do you think?

Docker Desktop 4.7.1 (77678) is currently the newest version available.

[dosilyoun]

@spurin Finally I changed the /home/ansible/.ssh to 700 and /home/ansible/.ssh/authorized_keys to 600 Then I run the sshd with debug on ubuntu1: sudo /usr/sbin/sshd -d -p 22 (sudo is needed because without it, the sshd can't find host_keys). The result is this: ``` debug1: trying public key file /home/ansible/.ssh/authorized_keys debug1: Could not open authorized keys '/home/ansible/.ssh/authorized_keys': Permission denied

[dosilyoun]

@spurin

Finally I got the ssh working.

1. Modify the owners on hosts of .ssh and authorized keys to ansible
2. Then set 700 to .ssh folder and 600 to authorized_keys.

Do you have any idea how it can work out-of-box?

[spurin]

Hi @dosilyoun

Great to hear you've got it working. It should work, out of the box. Was you running a prior version of either windows/Docker and then upgraded?

If so, the directory structure would have retained incorrect permissions.

You could test this if you like by stopping the environment, removing/renaming the ansible_home directory and then restarting (it will get recreated).

Let me know if you give this a try 👍

[Axell87]

Hi there! I have the same problem. Try to reinstall ansible-lab for 3 times and delete all volumes. The sameresult. Try to use different permissions. @spurin, can you give more details about what exactly needs to be done for each of the hosts?

[spurin]

Hi @Axell87

Sorry to hear you're having this issue, in the interim, the google cloud shell environment will be the best whilst we troubleshoot.

Can you please tell me what version of Docker Desktop you're using and if you're on windows, what version (start/run/winver).

Thanks

[Axell87]

One minute! its ok! Thanks @spurin !! I don't know how to use the google cloud shell, so i try to use this in ubuntu1 host Modify the owners on hosts of .ssh and authorized keys to ansible Then set 700 to .ssh folder and 600 to authorized_keys. I do it with root, but nothing heppen as I guess. Rights have not changed. @dosilyoun can you elaborate on what needs to be done?

Docker is: 20.10.17, build 100c701 Windows: 10 Pro 21H2, 19044.1889

my commands are:

root@ubuntu1:/home/ansible# chown -R ansible:ansible /home/ansible/.ssh/
root@ubuntu1:/home/ansible# chmod -R 700 /home/ansible/.ssh/
root@ubuntu1:/home/ansible# chmod -R 600 /home/ansible/.ssh/authorized_keys 

As i understand we can't use chmod in WSL: We explicitly do not change Windows ACLs on them today based on chown/chmod. These commands work with full fidelity on the Linux filesystem in the lxss folder.

So, how i can fix it and start lab?

[spurin]

Hi @Axell87

Unfortunately, the issue you're facing is a Docker/WSL issue where the permissions are not working as expected.

It's frustrating as it's one I can't fix as its system specific.

As the permissions are not being honoured, they are stuck as wide open - rwxrwxrwx ... ssh, doesn't like wide open permissions so it's blocking its use.

Alternatively, you can launch the lab for free using Google Cloud Shell. All you need is a google account and it's a one button click to launch. See https://diveinto.com/p/playground

Then, follow the tutorial on the right hand side 👍

Edit: looking at your OS and Docker version it appears to be current. Have you customised your WSL environment in any way? Also, are you running in a WSL terminal or the command prompt?

[Axell87]

Hello @spurin ! Thanks for you answers! I update WSL with latest update files: wsl_update_x64 , enable WSL2, instead of WSL. Enable to use WSL2 in OS. I usually do that. I run WSL with ubuntu WSL terminal in Visual Studio Code. Sorry for language.

[spurin]

@Axell87 can you please share a screenshot of Docker Settings, Resources, WSL Integration

Also, please share the output of

wsl.exe -l -v

[Axell87]

@spurin sure!!!

[spurin]

Can you try toggling off Ubuntu WSL 2 support.

In the diveintoansible-lab directory, rename ansible_home to something else (or remove it).

Then, using a standard command prompt, can you cd to the diveintoansible-lab directory and run -

docker-compose down -v docker-compose up

When it's running see if the permissions are as expected

[Axell87]

Ok!! i'l try it tommorow and answer!! Thanks a lot!

[spurin]

Hi @Axell87

This may actually be quite simple, where have you checked out the diveintoansible-lab?

If you haven't already, can you check it out to /Users/yourname (whatever your username is) and try it from there.

Thanks

James

[Axell87]

@spurin screenshots attached below

1. I enable Hyper-V (because of errors) and disable WSL2.0 option.
2. /Users/yourname - can't find docker-compose file So i go to diveintoansible-lab-master and do commands from here
3. Recreate all of machines from scratch
4. I don't see new ansible_home directory
5. Now i cant get into ubuntu-c because of wrong login\password. very strange...

[spurin]

Hi @Axell87

Please re-enable the WSL2 option but leave everything else as it is, then

docker-compose rm docker-compose up

It may be better to move this issue to Slack if you have that? You could ping me there. Here's an invite link http://community.diveinto.com

[Axell87]

to Slack if you have that? - i don't have but i try to join.

2. Screens, i enable WSL2
3. I have a new catalog ansible_home directory but still can't log in

UNIX users directories in a new ansible_home directory - empty!

[spurin]

Hi @Axell87

Are you running the command prompt as an admin user?

The diveintoansible-lab folder needs to be in a standard user account and when running it from the command prompt, this needs to be using a standard command prompt as the same user.

[Axell87]

I am the only one user on machine and i am administrator. I run PS in visual studio code, on screens before. Should i run it from CMD (as administrator)?? or i can run it from WSL console? I can do it also without visual studio code. The same commands?

docker-compose rm
docker-compose up

or i can remove disks too with -v

If i have free tile i also try to do the same with Windows 11 OS. May be it will work fine with docker for desktop and ansible.

[Axell87]

W11 21H2 (22000.856) - the same result.

[spurin]

Hi @Axell87

If you're able to ping me via email, firstname@surname.com, I'll schedule a video session to troubleshoot this. I suspect it's WSL related still but going back and forth for this on GitHub will be tedious, let's fix and report back afterwards.

• James

[basireddym]

I'm using wsl to set up the lab, but I'm facing the similar issue. Unable to change owner, permission. even from the root user, I could not change them.

[spurin]

Hi @basireddym

In the lab setup video I put a warning about using a WSL shell for setup but, I'm not too sure why this is being missed.

From what I've found, there's an issue with the WSL Docker integration and it breaks permissions. Unfortunately it seems that once this is done, the bad permissions will remain until the lab is completely removed and started again, outside of WSL.

Could you please do the following -

1. Check that the lab is checked out to a location in C:\Users\YourUser
2. Using a command prompt, cd to the lab
3. Run docker-compose rm
4. Delete ansible_home if it exists
5. From the command prompt, run from a command prompt as your user docker-compose up
6. Check permissions

Please let me know how you get on.