Deploying SciDB in Ubuntu VMWare


#1

I have installed Ubuntu 14.04 in VMWare Fusion (on my MAC). I am following the on-line installation instructions to load the CE version. I am stuck on 4.2 Configure passwordless SSH. I have setup passwordless ssh to all nodes and am attempting to run "deployment/deploy.sh access root “” “” localhost ".

I am running as “scidb” user. My root password is set and I can su to root with this password, but the deploy.sh script will not take it. I enter the password (only once) when executing the deployment/deploy.sh command. It give me these messages:

Source path: /opt/scidb/15.7/scidbtrunk
Script common path: /opt/scidb/15.7/scidbtrunk/deployment/common
Build path: /opt/scidb/15.7/scidbtrunk
SciDB version: 15.7
Executing: access root localhost

Enter root’s password (only once): provide access by ~/.ssh/id_rsa.pub to root@localhost
spawn ssh -o StrictHostKeyChecking=no root@localhost rm -rf /tmp/root/deployment && mkdir -p /tmp/root
root@localhost’s password:
Permission denied, please try again.
root@localhost’s password:
Permission denied, please try again.
root@localhost’s password:
Permission denied (publickey,password).

Can anyone help? Thanks - Lynn


#2

Hi Lynn,

Try this as “scidb” user.

ssh root@localhost date

It should ask for root password and then printout date.
If not then something is configured in your /etc/ssh/sshd_config that is not letting root login by ssh.

Let me know and we can proceed from there.


#3

I am also getting Permission denied when running “ssh root@localhost date”. It prompts for password, then denies. (though I can “su - root” and it takes the password). My /etc/ssh/sshd_config file looks like this:

Package generated configuration file

See the sshd_config(5) manpage for details

What ports, IPs and protocols we listen for

Port 22

Use these options to restrict which interfaces/protocols sshd will bind to

#ListenAddress ::
#ListenAddress 0.0.0.0
Protocol 2

HostKeys for protocol version 2

HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_dsa_key
HostKey /etc/ssh/ssh_host_ecdsa_key
HostKey /etc/ssh/ssh_host_ed25519_key
#Privilege Separation is turned on for security
UsePrivilegeSeparation yes

Lifetime and size of ephemeral version 1 server key

KeyRegenerationInterval 3600
ServerKeyBits 1024

Logging

SyslogFacility AUTH
LogLevel INFO

Authentication:

LoginGraceTime 120
PermitRootLogin without-password
StrictModes yes

RSAAuthentication yes
PubkeyAuthentication yes
#AuthorizedKeysFile %h/.ssh/authorized_keys

Don’t read the user’s ~/.rhosts and ~/.shosts files

IgnoreRhosts yes

For this to work you will also need host keys in /etc/ssh_known_hosts

RhostsRSAAuthentication no

similar for protocol version 2

HostbasedAuthentication no

Uncomment if you don’t trust ~/.ssh/known_hosts for RhostsRSAAuthentication

#IgnoreUserKnownHosts yes

To enable empty passwords, change to yes (NOT RECOMMENDED)

PermitEmptyPasswords no

Change to yes to enable challenge-response passwords (beware issues with

some PAM modules and threads)

ChallengeResponseAuthentication no

Change to no to disable tunnelled clear text passwords

#PasswordAuthentication yes

Kerberos options

#KerberosAuthentication no
#KerberosGetAFSToken no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes

GSSAPI options

#GSSAPIAuthentication no
#GSSAPICleanupCredentials yes

X11Forwarding yes
X11DisplayOffset 10
PrintMotd no
PrintLastLog yesTCPKeepAlive yes
#UseLogin no

#MaxStartups 10:30:60
#Banner /etc/issue.net

Allow client to pass locale environment variables

AcceptEnv LANG LC_*

Subsystem sftp /usr/lib/openssh/sftp-server

Set this to ‘yes’ to enable PAM authentication, account processing,

and session processing. If this is enabled, PAM authentication will

be allowed through the ChallengeResponseAuthentication and

PasswordAuthentication. Depending on your PAM configuration,

PAM authentication via ChallengeResponseAuthentication may bypass

the setting of “PermitRootLogin without-password”.

If you just want the PAM account and session checks to run without

PAM authentication, then enable this but set PasswordAuthentication

and ChallengeResponseAuthentication to ‘no’.

UsePAM yes


#4

You need to change:
PermitRootLogin without-password
to
PermitRootLogin yes
(and restart sshd)

The setting you have means password authentication is disabled for root, meaning only ssh in with keys is allowed for root. Which is OK once you have setup the keys. You have a chicken and egg case.


#5

Thank you ! That worked!