Ssh into lxc vm fails - Permission denied (publickey)

codingfreak · May 10, 2024, 4:44pm

Hi All,
As shown below, I do have a lxc vm named v2, standard ubuntu 22.04 based with ip address assigned.
When I try to ssh into it from host-machine it fails saying Permission denied (publickey). Any suggestion would be of great help

$ lxc list
+-----------+---------+---------------------+-----------------------------------------------+-----------------+-----------+
|   NAME    |  STATE  |        IPV4         |                     IPV6                      |      TYPE       | SNAPSHOTS |
+-----------+---------+---------------------+-----------------------------------------------+-----------------+-----------+
| ml01-vm   | RUNNING |                     |                                               | VIRTUAL-MACHINE | 0         |
+-----------+---------+---------------------+-----------------------------------------------+-----------------+-----------+
| v2        | RUNNING | 10.76.30.219 (eth0) | fd42:4aec:b51c:d679:216:3eff:fe23:ca5d (eth0) | VIRTUAL-MACHINE | 0         |
+-----------+---------+---------------------+-----------------------------------------------+-----------------+-----------+

ip@op1:~$ 
ip@op1:~$ ping 10.76.30.219
PING 10.76.30.219 (10.76.30.219) 56(84) bytes of data.
64 bytes from 10.76.30.219: icmp_seq=1 ttl=64 time=0.683 ms
64 bytes from 10.76.30.219: icmp_seq=2 ttl=64 time=0.310 ms
64 bytes from 10.76.30.219: icmp_seq=3 ttl=64 time=0.306 ms
^C
--- 10.76.30.219 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2051ms
rtt min/avg/max/mdev = 0.306/0.433/0.683/0.176 ms

ip@op1:~$ ssh ubuntu@10.76.30.219
ubuntu@10.76.30.219: Permission denied (publickey).

ip@op1:~$ lxc exec v2 -- sudo --user ubuntu --login
ubuntu@v2:~$ 
ubuntu@v2:~$ cat /etc/ssh/sshd_config | grep Password
PasswordAuthentication yes
#PermitEmptyPasswords no
# PasswordAuthentication.  Depending on your PAM configuration,
# PAM authentication, then enable this but set PasswordAuthentication

sdeziel1 · May 10, 2024, 5:02pm

That’s doesn’t seems like an issue with LXD more one with SSH. Did you add your key to the ubuntu user of that instance? This is not something LXD does automatically, you need to use cloud-init for that or do manually (using lxc exec for example).

codingfreak · May 10, 2024, 5:34pm

Well I havent added any key but I do have user named ubuntu with password set via lxc exec.
Also in sshd_config, " PasswordAuthentication yes" is enabled to accept the password.

Unlike virt-manager, in lxc vm we need to provide key for ssh login ?

sdeziel1 · May 10, 2024, 5:49pm

This shouldn’t have anything to do with the virtualization provider. You checked the main sshd_config file but that doesn’t cover the included snippets.

sshd -T | grep passwordauthentication will tell you the effective value for that setting.

grep -ri passwordauthentication /etc/ssh/ will show you all the files/snippet altering that param.

In server images, cloud-init disables password authentication in the file /etc/ssh/sshd_config.d/60-cloudimg-settings.conf.

HTH,
Simon

codingfreak · May 11, 2024, 9:12pm

Thanks for the details @sdeziel1

I was not aware that ubuntu cloud images have SSH password login block enabled by default.
I understand now that it is nothing to do with LXD or any virtualization software as the whole magic is done inside the cloud-image.

Now I need to figure out how to overcome this so that I can do SSH login into the system without relying on lxc console or lxc exec

sdeziel1 · May 15, 2024, 9:12am

@codingfreak, as a source of inspiration, here’s what I typically put in my default profile:

$ lxc profile show default
name: default
description: Default LXD profile
config:
  cloud-init.user-data: |-
    #cloud-config
    ssh_import_id:
    - lp:sdeziel

See Ubuntu Manpage: ssh-import-id - retrieve one or more public keys from a public keyserver and append them for how ssh-import-id works as it can import from Launchpad (lp:) and GitHub (gh:).