1 2 Previous Next 18 Replies Latest reply: Jan 22, 2012 8:25 AM by Marek Goldmann RSS

BoxGrinder & CentOS Login

Baron R Newbie

Hi,

 

I'm trying out BoxGrinder on CentOS v5.5 i386, but I'm having trouble logging into my ec2 instance. I configured an appliance, and built it and tested it under VMWare with no problem. I can ssh into the vmware image, etc.. Then, I tried switching to use the ec2/s3 plugins to upload and register my AMI. When I launch the instance, the server starts ok, but I can't SSH into the box. I tried launching the instance with and without my Amazon keypair. I also tried launching one of amazon's quickstart ec2 instances, and verified I can SSH into them using my private key, so I'm guessing there's something wrong with my appliance or what i'm doing.

 

When I try to SSH in, I'm getting the error:

Permission denied (publickey,gssapi-with-mic).

 

Or...when in verbose mode:

OpenSSH_5.2p1, OpenSSL 0.9.8l 5 Nov 2009
debug1: Reading configuration data /etc/ssh_config
debug1: Connecting to ec2-184-73-88-252.compute-1.amazonaws.com [184.73.88.252] port 22.
debug1: Connection established.
debug1: identity file breznik.pem type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_4.3
debug1: match: OpenSSH_4.3 pat OpenSSH_4*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.2
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host 'ec2-184-73-88-252.compute-1.amazonaws.com' is known and matches the RSA host key.
debug1: Found key in /Users/baron/.ssh/known_hosts:36
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,gssapi-with-mic
debug1: Next authentication method: publickey
debug1: Trying private key: breznik.pem
debug1: read PEM private key done: type RSA
debug1: Authentications that can continue: publickey,gssapi-with-mic
debug1: No more authentication methods to try.
Permission denied (publickey,gssapi-with-mic).

 

Is there something I'm doing wrong or just not doing that I should be?

 

Thanks,

Baron

  • 1. Re: BoxGrinder & CentOS Login
    Marek Goldmann Master

    Hi Baron,

     

    What exactly command do you use to connect to instance?

     

    --Marek

  • 2. Re: BoxGrinder & CentOS Login
    Baron R Newbie

    Hi Marek,

     

    I'm trying:

    ssh -i /path/to/private.key.pem root@ec2.public.dns.hostname

     

    Thanks,

    Baron

  • 3. Re: BoxGrinder & CentOS Login
    Marek Goldmann Master

    What is the output from AWS Console Log for this instance?

     

    --Marek

  • 4. Re: BoxGrinder & CentOS Login
    Baron R Newbie

    Here it is:

     

        Linux version 2.6.21.7-2.fc8xen (mockbuild@xenbuilder1.fedora.redhat.com) (gcc version 4.1.2 20070925 (Red Hat 4.1.2-33)) #1 SMP Fri Feb 15 12:39:36 EST 2008

    BIOS-provided physical RAM map:

    sanitize start

    sanitize bail 0

    copy_e820_map() start: 0000000000000000 size: 000000006ac00000 end: 000000006ac00000 type: 1

    Xen: 0000000000000000 - 000000006ac00000 (usable)

    980MB HIGHMEM available.

    727MB LOWMEM available.

    NX (Execute Disable) protection: active

    Zone PFN ranges:

      DMA             0 ->   186366

      Normal     186366 ->   186366

      HighMem    186366 ->   437248

    early_node_map[1] active PFN ranges

        0:        0 ->   437248

    ACPI in unprivileged domain disabled

    Detected 2660.057 MHz processor.

    Built 1 zonelists.  Total pages: 433833

    Kernel command line:  root=/dev/sda1 ro 4

    Enabling fast FPU save and restore... done.

    Enabling unmasked SIMD FPU exception support... done.

    Initializing CPU#0

    CPU 0 irqstacks, hard=c136c000 soft=c134c000

    PID hash table entries: 4096 (order: 12, 16384 bytes)

    Xen reported: 2659.994 MHz processor.

    Console: colour dummy device 80x25

    Dentry cache hash table entries: 131072 (order: 7, 524288 bytes)

    Inode-cache hash table entries: 65536 (order: 6, 262144 bytes)

    Software IO TLB disabled

    vmalloc area: ee000000-f4ffe000, maxmem 2d7fe000

    Memory: 1711020k/1748992k available (2071k kernel code, 28636k reserved, 1080k data, 188k init, 1003528k highmem)

    virtual kernel memory layout:

        fixmap  : 0xf5315000 - 0xf57fe000   (5028 kB)

        pkmap   : 0xf5000000 - 0xf5200000   (2048 kB)

        vmalloc : 0xee000000 - 0xf4ffe000   ( 111 MB)

        lowmem  : 0xc0000000 - 0xed7fe000   ( 727 MB)

          .init : 0xc1319000 - 0xc1348000   ( 188 kB)

          .data : 0xc1205e6e - 0xc1313fd4   (1080 kB)

          .text : 0xc1000000 - 0xc1205e6e   (2071 kB)

    Checking if this processor honours the WP bit even in supervisor mode... Ok.

    Calibrating delay using timer specific routine.. 6652.85 BogoMIPS (lpj=13305700)

    Security Framework v1.0.0 initialized

    SELinux:  Initializing.

    selinux_register_security:  Registering secondary module capability

    Capability LSM initialized as secondary

    Mount-cache hash table entries: 512

    CPU: L1 I cache: 32K, L1 D cache: 32K

    CPU: L2 cache: 6144K

    Checking 'hlt' instruction... OK.

    SMP alternatives: switching to UP code

    Freeing SMP alternatives: 13k freed

    Brought up 1 CPUs

    NET: Registered protocol family 16

    Brought up 1 CPUs

    PCI: Fatal: No config space access function found

    PCI: setting up Xen PCI frontend stub

    Setting up standard PCI resources

    ACPI: Interpreter disabled.

    Linux Plug and Play Support v0.97 (c) Adam Belay

    pnp: PnP ACPI: disabled

    xen_mem: Initialising balloon driver.

    usbcore: registered new interface driver usbfs

    usbcore: registered new interface driver hub

    usbcore: registered new device driver usb

    PCI: System does not support PCI

    PCI: System does not support PCI

    NetLabel: Initializing

    NetLabel:  domain hash size = 128

    NetLabel:  protocols = UNLABELED CIPSOv4

    NetLabel:  unlabeled traffic allowed by default

    NET: Registered protocol family 2

    IP route cache hash table entries: 32768 (order: 5, 131072 bytes)

    TCP established hash table entries: 131072 (order: 8, 1572864 bytes)

    TCP bind hash table entries: 65536 (order: 7, 524288 bytes)

    TCP: Hash tables configured (established 131072 bind 65536)

    TCP reno registered

    checking if image is initramfs... it is

    Freeing initrd memory: 6775k freed

    audit: initializing netlink socket (disabled)

    audit(1283195367.802:1): initialized

    highmem bounce pool size: 64 pages

    VFS: Disk quotas dquot_6.5.1

    Dquot-cache hash table entries: 1024 (order 0, 4096 bytes)

    ksign: Installing public key data

    Loading keyring

    io scheduler noop registered

    io scheduler anticipatory registered

    io scheduler deadline registered

    io scheduler cfq registered (default)

    pci_hotplug: PCI Hot Plug PCI Core version: 0.5

    rtc: IRQ 8 is not free.

    Non-volatile memory driver v1.2

    Linux agpgart interface v0.102 (c) Dave Jones

    RAMDISK driver initialized: 16 RAM disks of 16384K size 4096 blocksize

    input: Macintosh mouse button emulation as /class/input/input0

    Xen virtual console successfully installed as xvc0

    Linux version 2.6.21.7-2.fc8xen (mockbuild@xenbuilder1.fedora.redhat.com) (gcc version 4.1.2 20070925 (Red Hat 4.1.2-33)) #1 SMP Fri Feb 15 12:39:36 EST 2008

    BIOS-provided physical RAM map:

    sanitize start

    sanitize bail 0

    copy_e820_map() start: 0000000000000000 size: 000000006ac00000 end: 000000006ac00000 type: 1

    Xen: 0000000000000000 - 000000006ac00000 (usable)

    980MB HIGHMEM available.

    727MB LOWMEM available.

    NX (Execute Disable) protection: active

    Zone PFN ranges:

      DMA             0 ->   186366

      Normal     186366 ->   186366

      HighMem    186366 ->   437248

    early_node_map[1] active PFN ranges

        0:        0 ->   437248

    ACPI in unprivileged domain disabled

    Detected 2660.057 MHz processor.

    Built 1 zonelists.  Total pages: 433833

    Kernel command line:  root=/dev/sda1 ro 4

    Enabling fast FPU save and restore... done.

    Enabling unmasked SIMD FPU exception support... done.

    Initializing CPU#0

    CPU 0 irqstacks, hard=c136c000 soft=c134c000

    PID hash table entries: 4096 (order: 12, 16384 bytes)

    Xen reported: 2659.994 MHz processor.

    Console: colour dummy device 80x25

    Dentry cache hash table entries: 131072 (order: 7, 524288 bytes)

    Inode-cache hash table entries: 65536 (order: 6, 262144 bytes)

    Software IO TLB disabled

    vmalloc area: ee000000-f4ffe000, maxmem 2d7fe000

    Memory: 1711020k/1748992k available (2071k kernel code, 28636k reserved, 1080k data, 188k init, 1003528k highmem)

    virtual kernel memory layout:

        fixmap  : 0xf5315000 - 0xf57fe000   (5028 kB)

        pkmap   : 0xf5000000 - 0xf5200000   (2048 kB)

        vmalloc : 0xee000000 - 0xf4ffe000   ( 111 MB)

        lowmem  : 0xc0000000 - 0xed7fe000   ( 727 MB)

          .init : 0xc1319000 - 0xc1348000   ( 188 kB)

          .data : 0xc1205e6e - 0xc1313fd4   (1080 kB)

          .text : 0xc1000000 - 0xc1205e6e   (2071 kB)

    Checking if this processor honours the WP bit even in supervisor mode... Ok.

    Calibrating delay using timer specific routine.. 6652.85 BogoMIPS (lpj=13305700)

    Security Framework v1.0.0 initialized

    SELinux:  Initializing.

    selinux_register_security:  Registering secondary module capability

    Capability LSM initialized as secondary

    Mount-cache hash table entries: 512

    CPU: L1 I cache: 32K, L1 D cache: 32K

    CPU: L2 cache: 6144K

    Checking 'hlt' instruction... OK.

    SMP alternatives: switching to UP code

    Freeing SMP alternatives: 13k freed

    Brought up 1 CPUs

    NET: Registered protocol family 16

    Brought up 1 CPUs

    PCI: Fatal: No config space access function found

    PCI: setting up Xen PCI frontend stub

    Setting up standard PCI resources

    ACPI: Interpreter disabled.

    Linux Plug and Play Support v0.97 (c) Adam Belay

    pnp: PnP ACPI: disabled

    xen_mem: Initialising balloon driver.

    usbcore: registered new interface driver usbfs

    usbcore: registered new interface driver hub

    usbcore: registered new device driver usb

    PCI: System does not support PCI

    PCI: System does not support PCI

    NetLabel: Initializing

    NetLabel:  domain hash size = 128

    NetLabel:  protocols = UNLABELED CIPSOv4

    NetLabel:  unlabeled traffic allowed by default

    NET: Registered protocol family 2

    IP route cache hash table entries: 32768 (order: 5, 131072 bytes)

    TCP established hash table entries: 131072 (order: 8, 1572864 bytes)

    TCP bind hash table entries: 65536 (order: 7, 524288 bytes)

    TCP: Hash tables configured (established 131072 bind 65536)

    TCP reno registered

    checking if image is initramfs... it is

    Freeing initrd memory: 6775k freed

    audit: initializing netlink socket (disabled)

    audit(1283195367.802:1): initialized

    highmem bounce pool size: 64 pages

    VFS: Disk quotas dquot_6.5.1

    Dquot-cache hash table entries: 1024 (order 0, 4096 bytes)

    ksign: Installing public key data

    Loading keyring

    io scheduler noop registered

    io scheduler anticipatory registered

    io scheduler deadline registered

    io scheduler cfq registered (default)

    pci_hotplug: PCI Hot Plug PCI Core version: 0.5

    rtc: IRQ 8 is not free.

    Non-volatile memory driver v1.2

    Linux agpgart interface v0.102 (c) Dave Jones

    RAMDISK driver initialized: 16 RAM disks of 16384K size 4096 blocksize

    input: Macintosh mouse button emulation as /class/input/input0

    Xen virtual console successfully installed as xvc0

    Event-channel device installed.

    usbcore: registered new interface driver hiddev

    usbcore: registered new interface driver usbhid

    drivers/usb/input/hid-core.c: v2.6:USB HID core driver

    PNP: No PS/2 controller found. Probing ports directly.

    i8042.c: No controller found.

    mice: PS/2 mouse device common for all mice

    TCP bic registered

    Initializing XFRM netlink socket

    NET: Registered protocol family 1

    NET: Registered protocol family 17

    Using IPI No-Shortcut mode

    XENBUS: Device with no driver: device/vif/0

    XENBUS: Device with no driver: device/vbd/2049

    XENBUS: Device with no driver: device/vbd/2050

    XENBUS: Device with no driver: device/vbd/2051

    drivers/rtc/hctosys.c: unable to open rtc device (rtc0)

    Freeing unused kernel memory: 188k freed

    Write protecting the kernel read-only data: 795k

    Red Hat nash version 6.0.19 starting
    Mounting proc filesystem
    Mounting sysfs filesystem
    Creating /dev
    Creating initial device nodes
    Setting up hotplug.
    Creating block device nodes.
    Loading xennet.ko module
    netfront: Initialising virtual ethernet driver.

    netfront: device eth0 has flipping receive path.

    Loading xenblk.ko module
    xen-vbd: registered block device major 8

    Loading ehci-hcd.ko module
    Loading ohci-hcd.ko module
    Loading uhci-hcd.ko module
    USB Universal Host Controller Interface driver v3.0

    Loading mbcache.ko module
    Loading jbd.ko module
    Loading ext3.ko module
    Creating root device.
    Mounting root filesystem.
    kjournald starting.  Commit interval 5 seconds

    EXT3-fs: mounted filesystem with ordered data mode.

    Setting up other filesystems.
    Setting up new root fs
    no fstab.sys, mounting internal defaults
    Switching to new root and running init.
    unmounting old /dev
    unmounting old /proc
    unmounting old /sys

    INIT: version 2.86 booting

              Welcome to  CentOS release 5.5 (Final)
              Press 'I' to enter interactive startup.
    Setting clock : Mon Aug 30 15:09:45 EDT 2010 [  OK  ]

    Starting udev: [  OK  ]

    Setting hostname localhost.localdomain:  [  OK  ]

    No devices found
    Setting up Logical Volume Management: File descriptor 7 (/sys/kernel/hotplug) leaked on lvm.static invocation. Parent PID 222: /bin/bash
    [  OK  ]

    Checking filesystems
    Checking all file systems.
    [/sbin/fsck.ext3 (1) -- /] fsck.ext3 -a /dev/sda1
    /dev/sda1: clean, 21206/1310720 files, 245659/2621440 blocks
    [/sbin/fsck.ext3 (1) -- /mnt] fsck.ext3 -a /dev/sda2
    ext2fs_check_if_mount: No such file or directory while determining whether /dev/sda2 is mounted.

    /dev/sda2: clean, 11/19546112 files, 661385/39088128 blocks
    [  OK  ]

    Remounting root filesystem in read-write mode:  [  OK  ]

    Mounting local filesystems:  [  OK  ]

    Enabling /etc/fstab swaps:  [  OK  ]

    INIT: Entering runlevel: 4

    Entering non-interactive startup
    Bringing up loopback interface:  [  OK  ]

    Bringing up interface eth0: 
    Determining IP information for eth0... done.
    [  OK  ]

    Mounting other filesystems:  [  OK  ]

    Generating SSH1 RSA host key: [  OK  ]

    Generating SSH2 RSA host key: [  OK  ]

    Generating SSH2 DSA host key: [  OK  ]

    Starting sshd: [  OK  ]

    Starting motd:  [  OK  ]
  • 5. Re: BoxGrinder & CentOS Login
    Marek Goldmann Master

    You make my life hard Everything looks clean. Do you have maybe other services starting on boot? If yes - it is possible they hang on boot somehow?

     

    FYI: on EC2 – root password is hashed and it is not possible to log in using password authentication. The only way is to use key authorization.

     

    --Marek

  • 6. Re: BoxGrinder & CentOS Login
    Baron R Newbie

    Here's my appliance file if it helps:

     

    name: test-base
    version: 1
    release: 0
    summary: Test Base Server
    os:
      name: centos
      version: 5
      password: *****
    hardware:
      partitions:
         /:
           size: 3
    repos:
      - name: "local-repo"
        baseurl: "file:///mnt/centos"
        ephemeral: true
    packages:
      includes:
         - acpid
         - bash
         - chkconfig
         - dhclient
         - e2fsprogs
         - grub
         - iputils
         - kernel-PAE
         - passwd
         - policycoreutils
         - ntp
         - openssh-server
         - rootfiles
         - vim-minimal
         - which
         - yum

     

    Since I'm getting a response from sshd, I don't think it is hanging. Is there a specific released version of centos that BoxGrinder was tested/found to work with? I'd like to narrow down where things are breaking down if possible.

     

    Thanks for the tip on EC2 passwords - I didn't know they did that, but I was just trying in a 'something must work' mode I prefer the key-based login anyways.

     

    Thanks,

    Baron

  • 7. Re: BoxGrinder & CentOS Login
    Marek Goldmann Master
    Since I'm getting a response from sshd, I don't think it is hanging. Is there a specific released version of centos that BoxGrinder was tested/found to work with? I'd like to narrow down where things are breaking down if possible.

    I'll try tomorrow to reproduce the bug with a CentOS JEOS and will let you know.

    Thanks for the tip on EC2 passwords - I didn't know they did that, but I was just trying in a 'something must work' mode I prefer the key-based login anyways.

    Nah, this is our approach to secure the AMI's. Content of this file is put into /etc/rc.local file and executed on boot.

     

    You can adjust your image and remove the unecessary content:

     

    yum install guestfish
    

     

    guestfish -i build/.../ec2-plugin/test-base.ec2
    vi /etc/rc.local
    quit
    

     

    --Marek

  • 8. Re: BoxGrinder & CentOS Login
    Marek Goldmann Master

    Confirming the problem. I've created BGBUILD-49.

     

    --Marek

  • 9. Re: BoxGrinder & CentOS Login
    Marek Goldmann Master

    I found the problem - add curl to the package list, and everything will be OK.

     

    --Marek

  • 10. Re: BoxGrinder & CentOS Login
    Baron R Newbie

    Awesome! Just tried it out and verified that it works now. Thanks!

  • 11. Re: BoxGrinder & CentOS Login
    kaos monk Newbie

    Hello,

     

    Sorry for bumping a year old thread, but I am experiencing the same problem here.

    I've downloaded your Fedora 15 meta appliance and tried to build Centos 6. Everything went pretty well, I managed to get it running on VirtualBox and I can log in at the server. Then I've trid to create EC2 AMI and upload it and that went well too. Then I've run an instance out of it and let Amazon create a key pair for me. But I seem not to be able to log in at the instance, as I am getting permission denied. The output of 'ssh -vvv -i /path/to/key.pem root@instance.public.dns' looks quite normal and even a AWS Console log looks just fine.

    Then I've read that we need curl and have builded up another image but still I am failling to log in.

     

    Are there any known issues with building CentOS 6.2 in regards to this matter?

     

    Thanks!

  • 12. Re: BoxGrinder & CentOS Login
    Marek Goldmann Master

    Could you please share with us the exact comamnds you run to achieve what you described above?

     

    Thanks!

     

    --Marek

  • 13. Re: BoxGrinder & CentOS Login
    kaos monk Newbie

    Here's my .appl file:

     

      

    name: centos6.2

    summary: centos 6.2 x86_64 AMI

    packages:

    includes:

    • bash
    • yum
    • openssh-server
    • openssh-clients
    • curl
    • php

    os:

    name: centos

    version: 6

    hardware:

    partitions:

        “/”:

           size : 10

     

    Command I used to build and upload AMI:

     

      

    boxgrinder-build centos6.2.appl –p ec2 –d ami

     

    After the upload finishes, I've converted raw image to vdi compatible one with

     

    vboxmanage convertdd centos.bin centos.vdi

     

    And that's just fine, everything works like a charm. The same image is uploaded to my bucket at S3 and I can run instances out of it. But I cannot log in at those instances and am getting permission denied. I am not sure though if this is Amazon or boxgrinder related issue.

  • 14. Re: BoxGrinder & CentOS Login
    Marek Goldmann Master

    Which boxgrinder version you use?

     

    rpm -qa | grep boxgrinder
    

     

    I see also that you use old syntax for packages section. Not sure where it comes from, because we use new one since a year or more.

     

    --Marek

1 2 Previous Next