0

I'm getting this error while trying to run a Rundeck job as a non-root user, the public key is however added to the authorized_keys of the user in the corresponding home directory

Note: the same set of keys are working fine to execute jobs as non-root users on other servers

SSH_MSG_KEXDH_INIT sent expecting SSH_MSG_KEXDH_REPLY ssh_rsa_verify: signature true Permanently added '' (RSA) to the list of known hosts. SSH_MSG_NEWKEYS sent SSH_MSG_NEWKEYS received SSH_MSG_SERVICE_REQUEST sent SSH_MSG_SERVICE_ACCEPT received Authentications that can continue: publickey,password,keyboard-interactive Next authentication method: publickey Authentications that can continue: password,keyboard-interactive Next authentication method: password Authentications that can continue: keyboard-interactive Next authentication method: keyboard-interactive Login trials exceeds 1 Disconnecting from port 22 SSH command execution error: AuthenticationFailure: Authentication failure connecting to node: "targetnode". Make sure your resource definitions and credentials are up to date. Failed: AuthenticationFailure: Authentication failure connecting to node: "targetnode". Make sure your resource definitions and credentials are up to date. [workflow] finishExecuteNodeStep(targetnode): NodeDispatch: AuthenticationFailure: Authentication failure connecting to node: "targetnode". Make sure your resource definitions and credentials are up to date.

Following is a snap from /var/log/debug on targetnode

Nov 19 11:42:08 targetnode sshd[17870]: [ID 800047 auth.error] error: PAM: Authentication failed for non-rootuser from rundeck_host Nov 19 11:42:08 targetnode sshd[17870]: [ID 800047 auth.error] error: Received disconnect from rundeck_host port 58894:3: com.jcraft.jsch.JSchException: Auth cancel [preauth] Nov 19 11:42:08 targetnode sshd[17870]: [ID 800047 auth.info] Disconnected from authenticating user non-rootuser rundeck_host port 58894 [preauth]

Can you please help/guide what I'm missing here?

Kampai
  • 22,848
  • 21
  • 95
  • 95
Charlie
  • 39
  • 1
  • 7
  • Possible duplicate. Check this: https://stackoverflow.com/a/36262262/10426011 – MegaDrive68k Nov 19 '19 at 13:47
  • No that post did not help me. – Charlie Nov 19 '19 at 14:25
  • It is able to establish the connection, and it is looking at the correct key location.. Using ssh key storage path: keys/tdn/stag/tdn_stag_rundeck.key Starting SSH Connection: non-rootuser@targetnode Using stored private key data. Set timeout to 0 Connecting to targetnode:22 Connecting to targetnode port 22 Connection established – Charlie Nov 19 '19 at 14:26
  • 1
    Issue is fixed, after aligning the permissions as below .ssh directory: 700 (drwx------) public key (.pub file): 644 (-rw-r--r--) private key (id_rsa): 600 (-rw-------) lastly your home directory should not be writeable by the group or others (at most 755 (drwxr-xr-x)). – Charlie Nov 20 '19 at 12:12
  • Amazing Charlie! Please post your solution as answer :-) – MegaDrive68k Nov 20 '19 at 12:56

1 Answers1

0

Not enough details on what you tried or not, so I'll give some background on how rundeck ssh works. rundeck is using rundeck user. To ssh a remote server it will use rundeck user, unless specified otherwise (in resource file). Either way, you need to copy rundeck's public key to the authorized_keys. If you are using default rundeck user, you'll need rundeck user on the remote host, and copy rundeck's pub key to authorized_keys under rundeck home dir in the remote host. If you are using another user to ssh (i.e ssh User1@remoteHost) you'll need to copy rundeck's pub key to the authorized keys under User1 home dir in remoteHost.

Hope that helps.

Maayana
  • 76
  • 7
  • all of those that you have mentioned was done...the issue was with the home directory of "non-rundeck" user...it should have been 755 whereas it was 777 and rundeck was NOT okay with it. Once the permissions were changed to 755 on that home directory, deployments from Rundeck are going through! Thank you for your inputs! – Charlie Dec 03 '19 at 10:44