No SSH access and no cluster accession possible

Hello community

How do I grant access on the new node SSH (accession before cluster)?

Standard steps according to the instructions:
(Proxmox VM with image NS8-Rocky-Linux-9-NS8-Stable-2.Qcow2)

First start, then logging in by console (password changed), new user created with “Useradd -G Wheel Myuser”, then award this a password with “Passwd Myuser”.

Error message:
“Permission Denied (Publickey, Gssapi-Keyex, GSSAPI-WITH-MIC)”

I then edited the corresponding SSH configs (as usual in other environments) so that I can initially store the key via “SSH-Copy-ID”. Despite the restart of the SSHD and the whole nod, it didn’t work (?)

What is different here or what do I overlook Rockylinux?

Note 1:
With the image I wanted to “practice” the establishment of a cluster (add to the Master Node), but that didn’t work either. The new node indicates me that it would have been successfully joined, on the master it is also climbed, but as “not connected”. Tries several times to start the new node from the image every time and also reset the master after 3 trials to its last snaphot (before the first clustering attempt) and today’s core update to 2.5.1. Not successful.

Note 2:
The masternode is a current on Top Debian installation. I have read that you should avoid mixing different distribution, but it is not that it does not work (and so far it has always been talking about freedom of choice between the distribution below)

Addition:
To determine the cause, I used the provided RockyLinux image as a basis and imported the previous cluster data there (with certain problems, see: https://community.nethserver.org/t/after-a-restore-more-or-old- instances-are-back/22938)

Here too, adding a node was not possible, “success” was reported on the node, the node was displayed on the leader as “added”, but also as “unreachable”.

I tried this several times, always checking and sometimes changing my name definition and resolution (including the leader, of course) - no improvement.

Only when I created a bare NS8 cluster (leader) from the RockyLinux image was I able to add a node. So it works in the lab scenario, but not with my “working data” or the experimental instances that I have tried so far: CrowdSec, Imapsync, Mail, Nextcloud, SOGo, collabora and a Samba AD with a share. In addition, I have set up more than 10 virtual host entries and an SMB repo as a backup.

Note 3:
The image is displayed in the VM with approx. 40GB, but my proxmox host shows me “0”. I didn’t have that with the previous images.

Because of the SSH access, I ask for information on how the usual way in NS8 would be.

The other is more used to report unusual behavior (errors).

Greetings Yummiweb

Hi,

I have exactly the same problem with SSH and the same Error message.

Permission denied (publickey,gssapi-keyex,gssapi-with-mic).

Have you found a solution yet?

okay, so this is a VM. and you are trying to key to shell in.
are you trying to shell in as root? Neither Rocky or Debian enable this out of the gate.

In Debian, you can create a user with

adduser myuser

and follow through the steps as provided including password.

now, change to that user from root as such:

su - myuser

and you will become that user. Type

ssh-keygen

and you’ll get your ~/.ssh folder created as needed. This is the NS8 VM we are doing this on, right? so you need your id_dsa.pub from your local desktop.
at this point, you should be able to just copy paste your id_dsa.pub from your desktop into ~/.ssh/authorized_keys and save it with 0600 perms.
you can always change the permission later as such:

chmod 600 ~/.ssh/authorized_keys

after this, you can easily shell into your VM from your desktop via

ssh myuser@the.Ns8.vm

and after you accept the key, vioala, you are on the VM. simple.
now, there are thousands of ways to do this. for me this works, and it’s what I learned to do years ago.

Good luck!

Thank you very much for your support. I had thought that it would work under Rocky Linux as with Nethserver 7 and CentOS 7 directly as root.

It has been reported that the pre-built image fails to configure if it cannot access internet during the first boot.

For this reason I tried to clarify the installation requirements about network access: Clarify network requirements by DavidePrincipi · Pull Request #65 · NethServer/ns8-docs · GitHub

It was definitely the case that the Internet was not available when I first booted because I had forgotten to release the VM in the firewall.
Does this mean that I have to start all over again?

Yes, and if the .qcow file was modified you oughta download it again!

Okay, better now than later when everything is ready.

Thank you for helping, but for me it is unfortunately not a useful solution.

There are good reasons no root not to allow SSH access and no password registration. But this must be turned off - at least for the inital configuration - so that you can make the key transmission directly (and conveniently) via “ssh-copy-id”. Just as this function is intended. After that, you can switch to “safe” again.

Usually, an entry in the/etc/ssh/sshd_config is sufficient:
“Permitrootlogin Yes” and sometimes you also have to activate the port Definition “#Port 22” > “Port 22” (or if you wish). Then “service sshd restart” (or depending on the system) and the initial registration is possible.

In the console I have no copy and paste (unfortunately) and would have to type in the public key in the “~/.sh/authorized_keys” by hand, that cannot be the solution.

Hence my question whether this is a special behavior of this VM template or the typical behavior of the Linux substructure used in the template. In Debian it works as described by me, not here. I would like to know how to turn it off, my Linux, my rules.

Greeting
Yummiweb

It may be MY Linux I’m running, but it still require I use passwords with a length of 7 CHRs!

Even for a box which never uses Internet, and “only” controlls a drilling machine. It doesn’t even have LAN…