Regarding NFS server and client on CentOS 7

[Mohaddeseh]

Dear experts,

Hello.

Recently, I have tried to setup NFS server and client on CentOS 7 (latest version). However, I have faced a few problems, as listed below.

1- Although I have modified “/etc/fstab” file of our client systems, the NFS shared directory does not mount automatically on every reboot.

2- After adding users, I have some problems:

i) I can not ssh from server to clients, receiving the message of “permission denied”. I used “adduser” and “passwd” commands from root, to create the user and set the password.

ii) I had created a user when installing CentOS. It works. However, whatever I try to do passwordless authentication, it does not work.
When ssh from server to client,1 it needs password. However, ssh from client1 to server is passwordless.
And also it is not possible to ssh between clients without entering password.
The processes I followed was using “ssh-keygen -t rsa” in user environment, and copying “id_rsa.pub” file to “authorized_keys”.

Any help would be highly appreciated.

Regards,
Mohaddeseh

[TrevorH]

For the ssh problem, make sure your key files and .ssh directories have the right permissions. Each $USER/.ssh directory should be chmod 700 and $USER/.ssh/authorized_keys should be chmod 600. Both need to be owned $USER:$USER. You'll also want to make sure that the selinux contexts are correct by running restorecon -RFv $USER/.ssh

[tunk]

How does your fstab entry look like? You may try to add the "bg" option.

[Mohaddeseh]

Dear Tunk,

This is the results of my system for "/etc/fstab/" file on client system:

[root@client01 ~]# cat /etc/fstab

#
# /etc/fstab
# Created by anaconda on Tue Jan 15 10:15:11 2019
#
# Accessible filesystems, by reference, are maintained under '/dev/disk'
# See man pages fstab(5), findfs(8), mount(8) and/or blkid(8) for more info
#
/dev/mapper/centos-root / xfs defaults 0 0
UUID=31b4ec89-e8df-4476-80d0-ad5e13e0e2e8 /boot xfs defaults 0 0
/dev/mapper/centos-home /home xfs defaults 0 0
/dev/mapper/centos-swap swap swap defaults 0 0
192.168.1.101:/home /home nfs rw,sync,hard,intr 0 0

Again thank you so much.

Regards,
Mohaddeseh

[Mohaddeseh]

Dear TrevorH,

I checked your commands.
Here, is the output of them:
the permissions of ".ssh" folder and its content from "srl" user:
drwx------. 2 srl srl 80 Jan 22 12:26 .ssh
-rw-------. 1 srl srl 396 Jan 22 12:23 authorized_keys
-rw-------. 1 srl srl 1675 Jan 22 12:22 id_rsa
-rw-r--r--. 1 srl srl 396 Jan 22 12:22 id_rsa.pub
-rw-r--r--. 1 srl srl 366 Jan 22 12:24 known_hosts

and the results of "restorecon" command:

[srl@server .ssh]$ restorecon -RFv /home/srl/.ssh/
restorecon reset /home/srl/.ssh/authorized_keys context system_u:object_r:ssh_home_t:s0->unconfined_u:object_r:ssh_home_t:s0

Again, when ssh to client01 from server, it needs password.

[srl@server .ssh]$ ssh client01
srl@client01's password:
Last login: Tue Jan 22 12:47:15 2019 from server.hpc
[srl@client01 ~]$

And also trying to make a new user according to the following commands, I had "the permission denied" problem.

[root@server ~]# adduser hosseini
[root@server ~]# passwd hosseini
Changing password for user hosseini.
New password:
Retype new password:
passwd: all authentication tokens updated successfully.
[root@server ~]# su - hosseini
Last failed login: Tue Jan 22 06:30:15 EST 2019 from :1 on :1
There were 4 failed login attempts since the last successful login.
Attempting to create directory /home/hosseini/perl5
[hosseini@server ~]$ ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/hosseini/.ssh/id_rsa):
Created directory '/home/hosseini/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/hosseini/.ssh/id_rsa.
Your public key has been saved in /home/hosseini/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:EhQ/jcsVdE9rvHVuGjlbAa5UPWIjavWDu5yoD1p+7Jc hosseini@server.hpc
The key's randomart image is:
+---[RSA 2048]----+
| o. .o .oo |
| . . o =oB.+ |
| . + =.=.B.+|
| o *...+ =o|
| . S .. * +|
| . . B |
| o. o + o |
| + .+ E |
| . o=o. |
+----[SHA256]-----+
[hosseini@server ~]$ cd .ssh/
[hosseini@server .ssh]$ ls -la
total 8
drwx------. 2 hosseini hosseini 38 Jan 24 07:37 .
drwx------. 8 hosseini hosseini 160 Jan 24 07:37 ..
-rw-------. 1 hosseini hosseini 1675 Jan 24 07:37 id_rsa
-rw-r--r--. 1 hosseini hosseini 401 Jan 24 07:37 id_rsa.pub
[hosseini@server .ssh]$ cp id_rsa.pub authorized_keys
[hosseini@server .ssh]$ ls -la
total 12
drwx------. 2 hosseini hosseini 61 Jan 24 07:38 .
drwx------. 8 hosseini hosseini 160 Jan 24 07:37 ..
-rw-r--r--. 1 hosseini hosseini 401 Jan 24 07:38 authorized_keys
-rw-------. 1 hosseini hosseini 1675 Jan 24 07:37 id_rsa
-rw-r--r--. 1 hosseini hosseini 401 Jan 24 07:37 id_rsa.pub
[hosseini@server .ssh]$ chmod 600 authorized_keys
[hosseini@server .ssh]$ chmod 700 ../.ssh/
[hosseini@server .ssh]$ restorecon -RFv /home/hosseini/.ssh/
[hosseini@server .ssh]$ ssh client01
The authenticity of host 'client01 (192.168.1.102)' can't be established.
ECDSA key fingerprint is SHA256:vPcbgYowTdmSn6eSmphZGJByHX+xoE6q0onqNvhHFDM.
ECDSA key fingerprint is MD5:80:f5:b5:16:f8:34:22:2e:92:44:8a:3a:70:67:32:e7.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'client01,192.168.1.102' (ECDSA) to the list of known hosts.
hosseini@client01's password:
Permission denied, please try again.
hosseini@client01's password:
Permission denied, please try again.

Any help would be appreciated.

Regards,
Mohaddeseh

For the ssh problem, make sure your key files and .ssh directories have the right permissions. Each $USER/.ssh directory should be chmod 700 and $USER/.ssh/authorized_keys should be chmod 600. Both need to be owned $USER:$USER. You'll also want to make sure that the selinux contexts are correct by running restorecon -RFv $USER/.ssh

[hunter86_bg]

For the /etc/fstab either use _netdev or even better:

Code: Select all

192.168.1.101:/home /home nfs rw,sync,hard,intr,x-systemd.automount,x-systemd.idle-timeout=300 0 0

Which will automatically mount your NFS on access and dismount it when idle for more than 300sec.

[TrevorH]

For the ssh problem, look in /var/log/secure on the server that you are trying to connect to for error messages. Your second user's authorized_keys file is chmod 644 not 600.

[Mohaddeseh]

Dear TrevorH,
Thank you for your comments. In order to prvent any error, I did it as follows:

[root@server ~]# ls -la /home/
total 4
drwxrwxrwx. 6 root root 68 Jan 30 09:41 .
dr-xr-xr-x. 17 root root 242 Jan 30 02:40 ..
drwx------. 8 hosseini hosseini 197 Jan 30 09:38 hosseini
drwx------. 8 mohad mohad 197 Jan 30 09:42 mohad
drwx------. 21 srl srl 4096 Jan 30 09:31 srl
-rw-r--r--. 1 root root 0 Jan 22 11:30 te
drwxr-xr-x. 3 root root 95 Jan 22 06:59 test
[root@server ~]# adduser seyed
[root@server ~]# passwd seyed
Changing password for user seyed.
New password:
Retype new password:
passwd: all authentication tokens updated successfully.
[root@server ~]# ls -la /home/
total 4
drwxrwxrwx. 7 root root 81 Jan 30 09:50 .
dr-xr-xr-x. 17 root root 242 Jan 30 02:40 ..
drwx------. 8 hosseini hosseini 197 Jan 30 09:38 hosseini
drwx------. 8 mohad mohad 197 Jan 30 09:42 mohad
drwx------. 8 seyed seyed 181 Jan 30 09:52 seyed
drwx------. 21 srl srl 4096 Jan 30 09:31 srl
-rw-r--r--. 1 root root 0 Jan 22 11:30 te
drwxr-xr-x. 3 root root 95 Jan 22 06:59 test
[root@server ~]# ssh client01
Last login: Wed Jan 30 08:53:05 2019 from server.hpc
[root@client01 ~]# ls -la /home/ (the created user on client01)
total 4
drwxrwxrwx. 7 root root 81 Jan 30 2019 .
dr-xr-xr-x. 17 root root 242 Jan 30 08:21 ..
drwx------. 8 hosseini hosseini 197 Jan 30 2019 hosseini
drwx------. 8 alizadeh alizadeh 197 Jan 30 2019 mohad
drwx------. 8 1003 1004 181 Jan 30 2019 seyed
drwx------. 21 srl srl 4096 Jan 30 09:31 srl
-rw-r--r--. 1 root root 0 Jan 22 11:30 te
drwxr-xr-x. 3 root root 95 Jan 22 06:59 test

[root@server ~]# su - seyed
Attempting to create directory /home/seyed/perl5
[seyed@server ~]$ ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/home/seyed/.ssh/id_rsa):
Created directory '/home/seyed/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/seyed/.ssh/id_rsa.
Your public key has been saved in /home/seyed/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:UTa0kts5f/bpsFbXbsvLe5Excued5s87CU6yYZ9YDNU seyed@server.hpc
The key's randomart image is:
+---[RSA 2048]----+
| .= . |
| + o . E |
| + . . |
| = o . +.|
| S + o o.O|
| * = *=|
| . @.O.+|
| o B=*=|
| ...@%|
+----[SHA256]-----+
[seyed@server ~]$ chmod 700 .ssh/
[seyed@server ~]$ cp .ssh/id_rsa.pub .ssh/authorized_keys
[seyed@server ~]$ chmod 600 .ssh/authorized_keys
[seyed@server ~]$ ls -la
total 16
drwx------. 8 seyed seyed 160 Jan 30 09:50 .
drwxrwxrwx. 7 root root 81 Jan 30 09:50 ..
-rw-r--r--. 1 seyed seyed 18 Oct 30 13:07 .bash_logout
-rw-r--r--. 1 seyed seyed 193 Oct 30 13:07 .bash_profile
-rw-r--r--. 1 seyed seyed 231 Oct 30 13:07 .bashrc
drwxrwxr-x. 3 seyed seyed 18 Jan 30 09:50 .cache
drwxrwxr-x. 3 seyed seyed 18 Jan 30 09:50 .config
-rw-r--r--. 1 seyed seyed 334 Oct 30 10:41 .emacs
drwxrwxr-x. 3 seyed seyed 19 Jan 30 09:50 .local
drwxr-xr-x. 4 seyed seyed 39 Jan 21 07:57 .mozilla
drwxrwxr-x. 2 seyed seyed 6 Jan 30 09:50 perl5
drwx------. 2 seyed seyed 61 Jan 30 09:51 .ssh
[seyed@server ~]$ ls -la .ssh/
total 12
drwx------. 2 seyed seyed 61 Jan 30 09:51 .
drwx------. 8 seyed seyed 160 Jan 30 09:50 ..
-rw-------. 1 seyed seyed 398 Jan 30 09:51 authorized_keys
-rw-------. 1 seyed seyed 1675 Jan 30 09:50 id_rsa
-rw-r--r--. 1 seyed seyed 398 Jan 30 09:50 id_rsa.pub
[seyed@server ~]$ ssh client01
The authenticity of host 'client01 (192.168.1.102)' can't be established.
ECDSA key fingerprint is SHA256:vPcbgYowTdmSn6eSmphZGJByHX+xoE6q0onqNvhHFDM.
ECDSA key fingerprint is MD5:80:f5:b5:16:f8:34:22:2e:92:44:8a:3a:70:67:32:e7.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'client01,192.168.1.102' (ECDSA) to the list of known hosts.
seyed@client01's password:
Permission denied, please try again.
seyed@client01's password:
Permission denied, please try again.
seyed@client01's password:
Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password).
[seyed@server ~]$

The output of "/var/log/secure/" file is as following:
Jan 30 09:50:08 server useradd[14407]: new group: name=seyed, GID=1004
Jan 30 09:50:08 server useradd[14407]: new user: name=seyed, UID=1003, GID=1004, home=/home/seyed, shell=/bin/bash
Jan 30 09:50:31 server passwd: pam_unix(passwd:chauthtok): password changed for seyed
Jan 30 09:50:31 server passwd: gkr-pam: couldn't update the login keyring password: no old password was entered
Jan 30 09:50:37 server su: pam_unix(su-l:session): session opened for user seyed by root(uid=0)
Jan 30 09:52:57 server su: pam_unix(su-l:session): session closed for user seyed

I am also tying to hve paswordless login from server to client01.
Any help would be appreciated too much.

Regards,
Mohaddeseh

For the ssh problem, look in /var/log/secure on the server that you are trying to connect to for error messages. Your second user's authorized_keys file is chmod 644 not 600.

[TrevorH]

You need to look at /var/log/secure on the server you are trying to ssh _to_ - in this case client01.

[Mohaddeseh]

Dear TrevorH,

Running the following commands:

scp /etc/passwd client01:/etc/passwd
scp /etc/gshadow client01:/etc/gshadow
scp /etc/shadow client01:/etc/shadow
scp /etc/group client01:/etc/group

the problem of "permission denied" during ssh to client was resolved.
However, I can not ssh to it, without entering password, while it is possible vice-versa. ( Please have a look at the following)

[root@server ~]# su - seyed
Last login: Wed Jan 30 11:42:28 EST 2019 from client01.hpc on pts/3
[seyed@server ~]$ ssh client01
seyed@client01's password:
Last login: Wed Jan 30 11:17:19 2019 from server.hpc
[seyed@client01 ~]$ ssh server
Last login: Wed Jan 30 11:42:44 2019
[seyed@server ~]$ ls -la .ssh
total 16
drwx------. 2 seyed seyed 80 Jan 30 09:51 .
drwx------. 8 seyed seyed 181 Jan 30 09:52 ..
-rw-------. 1 seyed seyed 398 Jan 30 09:51 authorized_keys
-rw-------. 1 seyed seyed 1675 Jan 30 09:50 id_rsa
-rw-r--r--. 1 seyed seyed 398 Jan 30 09:50 id_rsa.pub
-rw-r--r--. 1 seyed seyed 366 Jan 30 11:42 known_hosts
[seyed@server ~]$ ls -la
total 20
drwx------. 8 seyed seyed 181 Jan 30 09:52 .
drwxrwxrwx. 8 root root 93 Jan 30 11:22 ..
-rw-------. 1 seyed seyed 186 Jan 30 11:42 .bash_history
-rw-r--r--. 1 seyed seyed 18 Oct 30 13:07 .bash_logout
-rw-r--r--. 1 seyed seyed 193 Oct 30 13:07 .bash_profile
-rw-r--r--. 1 seyed seyed 231 Oct 30 13:07 .bashrc
drwxrwxr-x. 3 seyed seyed 18 Jan 30 09:50 .cache
drwxrwxr-x. 3 seyed seyed 18 Jan 30 09:50 .config
-rw-r--r--. 1 seyed seyed 334 Oct 30 10:41 .emacs
drwxrwxr-x. 3 seyed seyed 19 Jan 30 09:50 .local
drwxr-xr-x. 4 seyed seyed 39 Jan 21 07:57 .mozilla
drwxrwxr-x. 2 seyed seyed 6 Jan 30 09:50 perl5
drwx------. 2 seyed seyed 80 Jan 30 09:51 .ssh
[seyed@server ~]$

Please help me to solve this problem.

Again thank you very much.

Regards,
Mohaddeseh

Dear TrevorH,
Thank you for your comments. In order to prvent any error, I did it as follows:

[root@server ~]# ls -la /home/
total 4
drwxrwxrwx. 6 root root 68 Jan 30 09:41 .
dr-xr-xr-x. 17 root root 242 Jan 30 02:40 ..
drwx------. 8 hosseini hosseini 197 Jan 30 09:38 hosseini
drwx------. 8 mohad mohad 197 Jan 30 09:42 mohad
drwx------. 21 srl srl 4096 Jan 30 09:31 srl
-rw-r--r--. 1 root root 0 Jan 22 11:30 te
drwxr-xr-x. 3 root root 95 Jan 22 06:59 test
[root@server ~]# adduser seyed
[root@server ~]# passwd seyed
Changing password for user seyed.
New password:
Retype new password:
passwd: all authentication tokens updated successfully.
[root@server ~]# ls -la /home/
total 4
drwxrwxrwx. 7 root root 81 Jan 30 09:50 .
dr-xr-xr-x. 17 root root 242 Jan 30 02:40 ..
drwx------. 8 hosseini hosseini 197 Jan 30 09:38 hosseini
drwx------. 8 mohad mohad 197 Jan 30 09:42 mohad
drwx------. 8 seyed seyed 181 Jan 30 09:52 seyed
drwx------. 21 srl srl 4096 Jan 30 09:31 srl
-rw-r--r--. 1 root root 0 Jan 22 11:30 te
drwxr-xr-x. 3 root root 95 Jan 22 06:59 test
[root@server ~]# ssh client01
Last login: Wed Jan 30 08:53:05 2019 from server.hpc
[root@client01 ~]# ls -la /home/ (the created user on client01)
total 4
drwxrwxrwx. 7 root root 81 Jan 30 2019 .
dr-xr-xr-x. 17 root root 242 Jan 30 08:21 ..
drwx------. 8 hosseini hosseini 197 Jan 30 2019 hosseini
drwx------. 8 alizadeh alizadeh 197 Jan 30 2019 mohad
drwx------. 8 1003 1004 181 Jan 30 2019 seyed
drwx------. 21 srl srl 4096 Jan 30 09:31 srl
-rw-r--r--. 1 root root 0 Jan 22 11:30 te
drwxr-xr-x. 3 root root 95 Jan 22 06:59 test

[root@server ~]# su - seyed
Attempting to create directory /home/seyed/perl5
[seyed@server ~]$ ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/home/seyed/.ssh/id_rsa):
Created directory '/home/seyed/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/seyed/.ssh/id_rsa.
Your public key has been saved in /home/seyed/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:UTa0kts5f/bpsFbXbsvLe5Excued5s87CU6yYZ9YDNU seyed@server.hpc
The key's randomart image is:
+---[RSA 2048]----+
| .= . |
| + o . E |
| + . . |
| = o . +.|
| S + o o.O|
| * = *=|
| . @.O.+|
| o B=*=|
| ...@%|
+----[SHA256]-----+
[seyed@server ~]$ chmod 700 .ssh/
[seyed@server ~]$ cp .ssh/id_rsa.pub .ssh/authorized_keys
[seyed@server ~]$ chmod 600 .ssh/authorized_keys
[seyed@server ~]$ ls -la
total 16
drwx------. 8 seyed seyed 160 Jan 30 09:50 .
drwxrwxrwx. 7 root root 81 Jan 30 09:50 ..
-rw-r--r--. 1 seyed seyed 18 Oct 30 13:07 .bash_logout
-rw-r--r--. 1 seyed seyed 193 Oct 30 13:07 .bash_profile
-rw-r--r--. 1 seyed seyed 231 Oct 30 13:07 .bashrc
drwxrwxr-x. 3 seyed seyed 18 Jan 30 09:50 .cache
drwxrwxr-x. 3 seyed seyed 18 Jan 30 09:50 .config
-rw-r--r--. 1 seyed seyed 334 Oct 30 10:41 .emacs
drwxrwxr-x. 3 seyed seyed 19 Jan 30 09:50 .local
drwxr-xr-x. 4 seyed seyed 39 Jan 21 07:57 .mozilla
drwxrwxr-x. 2 seyed seyed 6 Jan 30 09:50 perl5
drwx------. 2 seyed seyed 61 Jan 30 09:51 .ssh
[seyed@server ~]$ ls -la .ssh/
total 12
drwx------. 2 seyed seyed 61 Jan 30 09:51 .
drwx------. 8 seyed seyed 160 Jan 30 09:50 ..
-rw-------. 1 seyed seyed 398 Jan 30 09:51 authorized_keys
-rw-------. 1 seyed seyed 1675 Jan 30 09:50 id_rsa
-rw-r--r--. 1 seyed seyed 398 Jan 30 09:50 id_rsa.pub
[seyed@server ~]$ ssh client01
The authenticity of host 'client01 (192.168.1.102)' can't be established.
ECDSA key fingerprint is SHA256:vPcbgYowTdmSn6eSmphZGJByHX+xoE6q0onqNvhHFDM.
ECDSA key fingerprint is MD5:80:f5:b5:16:f8:34:22:2e:92:44:8a:3a:70:67:32:e7.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'client01,192.168.1.102' (ECDSA) to the list of known hosts.
seyed@client01's password:
Permission denied, please try again.
seyed@client01's password:
Permission denied, please try again.
seyed@client01's password:
Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password).
[seyed@server ~]$

The output of "/var/log/secure/" file is as following:
Jan 30 09:50:08 server useradd[14407]: new group: name=seyed, GID=1004
Jan 30 09:50:08 server useradd[14407]: new user: name=seyed, UID=1003, GID=1004, home=/home/seyed, shell=/bin/bash
Jan 30 09:50:31 server passwd: pam_unix(passwd:chauthtok): password changed for seyed
Jan 30 09:50:31 server passwd: gkr-pam: couldn't update the login keyring password: no old password was entered
Jan 30 09:50:37 server su: pam_unix(su-l:session): session opened for user seyed by root(uid=0)
Jan 30 09:52:57 server su: pam_unix(su-l:session): session closed for user seyed

I am also tying to hve paswordless login from server to client01.
Any help would be appreciated too much.

Regards,
Mohaddeseh

For the ssh problem, look in /var/log/secure on the server that you are trying to connect to for error messages. Your second user's authorized_keys file is chmod 644 not 600.