search

xenserver / xscontainer

Support for Docker and Container Management
BSD 2-Clause "Simplified" License
25 stars 14 forks source link

xscontainer-prepare-vm not working when ~/.ssh/authorized_keys exist #60

Open HeMaN-NL opened 2 years ago

HeMaN-NL commented 2 years ago

I tried to prepare an Ubuntu VM with docker etc installed for container view/management in XCP-NG/XOA.

xscontainer-prepare-vm -v 75c67428-b0f3-1e6e-5aa8-3583cab504dd -u the_real_username

At first attempts it failed (said success but could not connect to the vm for monitoring).

[19:15 xcp-ng-01 ~]# xscontainer-prepare-vm -v 75c67428-b0f3-1e6e-5aa8-3583cab504dd -u the_real_username
Would you like to push a pool-specific public SSH key into the ~/.ssh/authorized_keys file of the specified VM and therefore authorize hosts in the pool to interact with the containers inside the VM?
Answer y/n:
y
Attempting to push the public xscontainer key to the_real_username@192.168.10.62.
the_real_username@192.168.10.62's password:
Success.
Attempting to refresh the state of the VM
Failure diagnosis: Unable to verify key-based authentication. Please prepare the VM to install a key.

After I renamed the already existing ~/.ssh/authorized_keys on the VM (I already use this for passwordless ssh loging to the vm) the command completed succesfully and created a new ~/.ssh/authorized_keys file.

[19:19 xcp-ng-01 ~]# xscontainer-prepare-vm -v 75c67428-b0f3-1e6e-5aa8-3583cab504dd -u the_real_username
Would you like to push a pool-specific public SSH key into the ~/.ssh/authorized_keys file of the specified VM and therefore authorize hosts in the pool to interact with the containers inside the VM?
Answer y/n:
y
Attempting to push the public xscontainer key to the_real_username@192.168.10.62.
the_real_username@192.168.10.62's password:
Success.
Attempting to refresh the state of the VM
Success.
Enabling monitoring for the VM.
Success.

=> If there is already an existing ~/.ssh/authorized_keys the xscontainer-prepare-vm is not able to add the host ssh-key to the existing file

ravinmiist commented 1 year ago

I had this issue and doing the above did not work. I attempted this on both Debian and Ubuntu (latest at the time of writing). In review the logs on the docker server I noticed this: Sep 02 13:41:09 docker-1 sshd[2484]: error: kex_exchange_identification: Connection closed by remote host Sep 02 13:41:09 docker-1 sshd[2484]: Connection closed by 172.16.2.31 port 47752

Based on this I found that I needed to add the following to the sshd_config file on the docker host and restart sshd: PubkeyAcceptedAlgorithms=+ssh-rsa

After the restart the prepare-vm was successful and it finished without any further issues.