Mailing List Archive: Xen: Users

ssh from Dom0 to DomU by SSH authorization without password

Index | Next | Previous | View Threaded

jianzhet at yahoo

May 8, 2012, 8:19 AM

Post #1 of 4 (290 views)
Permalink

ssh from Dom0 to DomU by SSH authorization without password

Hi all,

I met a issue in real experiments. I appreciate if you have any idea about this.

Assume
that there is a machine with static IP (129.10.xxx.xxx) installed by Xen
Hypervisor and in that there is a VM created by Xen with the local NAT
network configuration (IP: 192.168.122.xxx, Bcast: 192.168.122.255).

I try to implement remote access VM and data transfer by SSH authorization without password.
It works well when I generate SSH key pair in VM and then remote access any other 129.10.xx.xx machines without password.
But
for generating SSH key pair in 129.10.xx.xx machines and then remote
access VMs, it always prompt interactive request to enter VM's password. (when I want to ssh from Dom0 with 129.10.xx.xx to one of its VMs)

I try to implement the overall monitor from a remote machine with static IP by SSH all the VMs in Xen servers.
Thanks in advance

Best,
Jianzhe

alk at ondore

May 8, 2012, 10:36 AM

Post #2 of 4 (246 views)
Permalink

Re: ssh from Dom0 to DomU by SSH authorization without password [In reply to]

Hello.

El 08/05/12 10:19, Jerry escribió:
> But for generating SSH key pair in 129.10.xx.xx machines and then remote
> access VMs, it always prompt interactive request to enter VM's password.
> (when I want to ssh from Dom0 with 129.10.xx.xx to one of its VMs)

Did you copy the content of 129.10.xx.xx:~/.ssh/id_rsa.pub
into 192.168.122.xxx:~/.ssh/authorized_keys ?

Are the permissions of 129.10.xx.xx:~/.ssh/id_rsa set to 0600?

Try "ssh -v", it's feedback can give a clue why it insists on
interactive authentication.

> I try to implement the overall monitor from a remote machine with static
> IP by SSH all the VMs in Xen servers.
Perfectly suitable use.

--
Alexandre Kouznetsov

_______________________________________________
Xen-users mailing list
Xen-users [at] lists
http://lists.xen.org/xen-users

jianzhet at yahoo

May 8, 2012, 12:16 PM

Post #3 of 4 (239 views)
Permalink

Re: ssh from Dom0 to DomU by SSH authorization without password [In reply to]

Hi Alexandre,

Thanks a lot for your help.
I set all details as you noted.

I just found the reason.
Once I changed the file name of "id_rsa" in physical machine, the ssh authorization to VMs failed.
But ssh authorization works well between physical machines even the file name of id_rsa is changed.
Do you know the reason? Thanks in advance.

Best regards,
Jianzhe

________________________________
From: Alexandre Kouznetsov <alk [at] ondore>
To: xen-users [at] lists
Sent: Tuesday, May 8, 2012 1:36 PM
Subject: Re: [Xen-users] ssh from Dom0 to DomU by SSH authorization without password

Hello.

El 08/05/12 10:19, Jerry escribió:
> But for generating SSH key pair in 129.10.xx.xx machines and then remote
> access VMs, it always prompt interactive request to enter VM's password.
> (when I want to ssh from Dom0 with 129.10.xx.xx to one of its VMs)

Did you copy the content of 129.10.xx.xx:~/.ssh/id_rsa.pub
into 192.168.122.xxx:~/.ssh/authorized_keys ?

Are the permissions of 129.10.xx.xx:~/.ssh/id_rsa set to 0600?

Try "ssh -v", it's feedback can give a clue why it insists on interactive authentication.

> I try to implement the overall monitor from a remote machine with static
> IP by SSH all the VMs in Xen servers.
Perfectly suitable use.

-- Alexandre Kouznetsov

_______________________________________________
Xen-users mailing list
Xen-users [at] lists
http://lists.xen.org/xen-users

alk at ondore

May 8, 2012, 12:30 PM

Post #4 of 4 (237 views)
Permalink

Re: ssh from Dom0 to DomU by SSH authorization without password [In reply to]

El 08/05/12 14:16, Jerry escribió:
> Once I changed the file name of "id_rsa" in physical machine, the ssh
> authorization to VMs failed.
id_rsa file is read by ssh client.
If you change the default name, ssh client will just ignore it, unless
you specify the new name in the command line.

> But ssh authorization works well between physical machines even the file
> name of id_rsa is changed.
Maybe you are changing it on a wrong host?
"id_rsa" and "id_rsa.pub" are relevant on the client side, where you run
the ssh command, "authorized_keys" is relevant on the server side, the
host you are connecting to.

> Do you know the reason?
Beside being a clear offtopic, it's hard to tell. Increase the verbosity
level of your ssh client, compare the output.

Please consider "-i" and "-v" descriptions of "man ssh".

(don't CC me, I read the list)

--
Alexandre Kouznetsov

_______________________________________________
Xen-users mailing list
Xen-users [at] lists
http://lists.xen.org/xen-users

Index | Next | Previous | View Threaded

Interested in having your list archived? Contact Gossamer Threads