ssh between two virtual computers..

English Network/Internet
1

hello colleagues …
my scenario is as follows:
My notebook has Opensuse Leap 42.1 x64 installed zero w / XFCE + VMWare Workstation 11

two virtual PCs with Leap 42.1 installed with LXDE

two pcs with card in bridge mode, getting ip from my wifi via dhcp.

one communicates with another alert by ping.

each virtual has installed ssh + firewall disabled.

on each virtual activated sshd with the commands:

keygen -t rsa ssh-and set a password.
Key: /root/.ssh/ id_rsa and created id_rsa_pub

systemctl status sshd = active (running)

when performing ssh test:

ssh root @ ip, it asks if I want to store, I confirm and enter the password, he insists 3 times I get:

Permission denied (publickey, keyboard-interactive).

already deactivated the firewall on virtual imagining that this could be influencing (before tried with the active firewall and the permission granted to the service).

I tried a few sites but I could not put into operation …

Can someone help me?

Thanks,

2

On Fri, 29 Jan 2016 16:26:01 +0000, rogeriopaju wrote:

> when performing ssh test:
>
> ssh root @ ip, it asks if I want to store, I confirm and enter the
> password, he insists 3 times I get:
>
> Permission denied (publickey, keyboard-interactive).

Check the sshd configuration file - it’s probably set to disallow root.

Jim


Jim Henderson
openSUSE Forums Administrator
Forum Use Terms & Conditions at http://tinyurl.com/openSUSE-T-C

3

Thank you Jim, but there is no option to “root” in the file…

bellow my ssh_config:

$OpenBSD: ssh_config,v 1.28 2013/09/16 11:35:43 sthen Exp $

This is the ssh client system-wide configuration file. See

ssh_config(5) for more information. This file provides defaults for

users, and the values can be changed in per-user configuration files

or on the command line.

Configuration data is parsed as follows:

1. command line options

2. user-specific file

3. system-wide file

Any configuration value is only changed the first time it is set.

Thus, host-specific definitions should be at the beginning of the

configuration file, and defaults at the end.

Site-wide defaults for some commonly used options. For a comprehensive

list of available options, their meanings and defaults, please see the

ssh_config(5) man page.

#Host *

ForwardAgent no

ForwardX11 no

If you do not trust your remote host (or its administrator), you

should not forward X11 connections to your local X11-display for

security reasons: Someone stealing the authentification data on the

remote side (the “spoofed” X-server by the remote sshd) can read your

keystrokes as you type, just like any other X11 client could do.

Set this to “no” here for global effect or in your own ~/.ssh/config

file if you want to have the remote X11 authentification data to

expire after two minutes after remote login.

ForwardX11Trusted yes

RhostsRSAAuthentication no

RSAAuthentication yes

PasswordAuthentication no

HostbasedAuthentication no

GSSAPIAuthentication no

GSSAPIDelegateCredentials no

GSSAPIKeyExchange no

GSSAPITrustDNS no

BatchMode no

CheckHostIP yes

AddressFamily any

ConnectTimeout 0

StrictHostKeyChecking ask

IdentityFile ~/.ssh/identity

IdentityFile ~/.ssh/id_rsa

IdentityFile ~/.ssh/id_dsa

Port 22

Protocol 2

Cipher 3des

Ciphers aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc

MACs hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160

EscapeChar ~

Tunnel no

TunnelDevice any:any

PermitLocalCommand no

VisualHostKey no

ProxyCommand ssh -q -W %h:%p gateway.example.com

Set this to ‘yes’ to enable support for the deprecated ‘gssapi’ authentication

mechanism to OpenSSH 3.8p1. The newer ‘gssapi-with-mic’ mechanism is included

in this release. The use of ‘gssapi’ is deprecated due to the presence of

potential man-in-the-middle attacks, which ‘gssapi-with-mic’ is not susceptible to.

GSSAPIEnableMITMAttack no

This enables sending locale enviroment variables LC_* LANG, see ssh_config(5).

SendEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
SendEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
SendEnv LC_IDENTIFICATION LC_ALL

RekeyLimit 1G 1h

4

At least for testing purposes,
Try ssh with a normal User (not root) password).

Also,
What kind of virtual network is configured? (NAT, Host-only, Bridging).

Also, may not make a diff but when you generated your keys, did you configure specifying the IP address as the name (not the machine name)?

TSU

5

ssh_config is not sshd_config.

grep -i permitroot /etc/ssh/sshd_config 
PermitRootLogin no

As hendersj said, check your sshd_config on the server for allowing root.
And do not forget to restart sshd.

6

gentlemen…
what a shame!!
I spent a day racking their brains to find that: at the time I put the password, I’m not putting the user’s password, but the “passphrase” …
everything is working with firewall, etc …

I apologize colleagues !!
By occupy their attention.

That the IT world is like this: when you are more rushed, you err on the essentials.

7

Apologise Sauerland](https://forums.opensuse.org/member.php/56271-Sauerland),

i found the information:

#PermitRootlogin yes

but as I mentioned, I switched the password “passphrase”…

when tsu2 asked me to test with another user, it was that I realized the mistake…

thanks.

8

On Fri, 29 Jan 2016 19:56:01 +0000, rogeriopaju wrote:

> gentlemen…
> what a shame!!
> I spent a day racking their brains to find that: at the time I put the
> password, I’m not putting the user’s password, but the “passphrase” …
> everything is working with firewall, etc …
>
> I apologize colleagues !!
> By occupy their attention.

Glad you got it sortd out. :slight_smile:

Jim


Jim Henderson
openSUSE Forums Administrator
Forum Use Terms & Conditions at http://tinyurl.com/openSUSE-T-C