Bug #4263

oneuser key does not work for new users

Added by Stefan Kooman over 5 years ago. Updated over 5 years ago.

Status:ClosedStart date:12/22/2015
Priority:NormalDue date:
Assignee:Javi Fontan% Done:

0%

Category:Drivers - Auth
Target version:Release 5.0
Resolution:fixed Pull request:
Affected Versions:OpenNebula 4.14

Description

According to the documentation for creating new users with ssh public key as password, http://docs.opennebula.org/4.14/administration/authentication/ssh_auth.html, I should be able to extract my public key out of the public key file with the command "oneuser key". But this results in the following error:

/usr/lib/one/ruby/opennebula/client.rb:130:in `initialize': ONE_AUTH file not present (RuntimeError)
from /usr/lib/one/ruby/cli/one_helper.rb:379:in `new'
from /usr/lib/one/ruby/cli/one_helper.rb:379:in `get_client'
from /usr/lib/one/ruby/cli/one_helper.rb:437:in `set_client'
from /usr/bin/oneuser:43:in `block (2 levels) in <main>'
from /usr/lib/one/ruby/cli/command_parser.rb:445:in `call'
from /usr/lib/one/ruby/cli/command_parser.rb:445:in `run'
from /usr/lib/one/ruby/cli/command_parser.rb:76:in `initialize'
from /usr/bin/oneuser:36:in `new'
from /usr/bin/oneuser:36:in `<main>'

ONE_AUTH file is not present because we're doing this as a new user (that does not exist yet in opennebula). According to the man page of "onuser" the command "oneuser key" is DEPRECATED and "oneuser login" should be used but this does not work either: oneuser login stefantest --ssh --key .ssh/id_rsa --time 72000
[UserLogin] User couldn't be authenticated, aborting call.

Two things:

1) Update documentation to use the preferred (not DEPRECATED) command
2) Explain how "oneuser login" can be used to extract public key info for new user.

Associated revisions

Revision 0dba682c
Added by Javi Fontan over 5 years ago

bug #4263: take out deprecation warning from oneuser key

oneuser key is needed to extract ssh keys

(cherry picked from commit fa34559632cf85ba0a64b90f811dfe27f92f2d21)

Revision 5c86035e
Added by Javi Fontan over 5 years ago

bug #4263: do not initialize client in oneuser key

(cherry picked from commit 3eb23ec3cb8c9fea35bebb90e2ea1de81af05351)

Revision a45cfe83
Added by Javi Fontan over 5 years ago

bug #4263: take out deprecation warning from oneuser key

oneuser key is needed to extract ssh keys

(cherry picked from commit fa34559632cf85ba0a64b90f811dfe27f92f2d21)

Revision 1f2393f5
Added by Javi Fontan over 5 years ago

bug #4263: do not initialize client in oneuser key

(cherry picked from commit 3eb23ec3cb8c9fea35bebb90e2ea1de81af05351)

History

#1 Updated by Ruben S. Montero over 5 years ago

I cannot reproduce this:

> env | grep ONE_AUTH
> set | grep ONE_AUTH
> echo $ONE_AUTH

>
> oneuser key 
MIIBIjANBgkqhkiG9....

ONE_AUTH is actually not used, can you try just to define it and try again...

#2 Updated by Ruben S. Montero over 5 years ago

  • Category set to Drivers - Auth
  • Target version set to Release 5.0

#3 Updated by Stefan Kooman over 5 years ago

oneuser key
/usr/lib/one/ruby/opennebula/client.rb:130:in `initialize': ONE_AUTH file not present (RuntimeError)
from /usr/lib/one/ruby/cli/one_helper.rb:379:in `new'
from /usr/lib/one/ruby/cli/one_helper.rb:379:in `get_client'
from /usr/lib/one/ruby/cli/one_helper.rb:437:in `set_client'
from /usr/bin/oneuser:43:in `block (2 levels) in <main>'
from /usr/lib/one/ruby/cli/command_parser.rb:445:in `call'
from /usr/lib/one/ruby/cli/command_parser.rb:445:in `run'
from /usr/lib/one/ruby/cli/command_parser.rb:76:in `initialize'
from /usr/bin/oneuser:36:in `new'
from /usr/bin/oneuser:36:in `<main>'

stefantest@test-oned2:~$ mkdir .one
stefantest@test-oned2:~$ touch .one/one_auth
stefantest@test-oned2:~$ oneuser key
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAul5ZxWaOBaQoYV5HyDtASJWv54f87L/h9Ptzf5I16McwULnf04O24ApzsyH+cr1+4GNFCnByKhIoB5V/yATOzLTP7kuSFjgJ6d15t6w7nCPw4iwm5N+GZaZpWGmuzHQ8Mw+MP8R/oTs4o0zRK9CrblEOG4m7k70R+VESaeXEciJ5/iYlGCeT0771GW8eFETqIJB6zXb1BumtDe/Bip5v/vPtugEiS5JhTNhS9cvokFoDkGVZ7JcnydPlpP6muS8qT5QLnn+2u1+SwxVhnmKwTPLdEctBdR/ojiXeFIhrk17kqURoQgNuabG8hyLLdGVnagNKZ8m85y+DdW6SesbvuwIDAQAB

It's not used but it should be present ... but as it's deprecated, how can this be done with oneuser login?

One other thing. What operation is oneuser key doing on the public key?

cat .ssh/id_rsa.pub
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC6XlnFZo4FpChhXkfIO0BIla/nh/zsv+H0+3N/kjXoxzBQud/Tg7bgCnOzIf5yvX7gY0UKcHIqEigHlX/IBM7MtM/uS5IWOAnp3Xm3rDucI/DiLCbk34ZlpmlYaa7MdDwzD4w/xH+hOzijTNEr0KtuUQ4bibuTvRH5URJp5cRyInn+JiUYJ5PTvvUZbx4UROogkHrNdvUG6a0N78GKnm/+8+26ASJLkmFM2FL1y+iQWgOQZVnslyfJ0+Wk/qa5LypPlAuef7a7X5LDFWGeYrBM8t0Ry0F1H+iOJd4UiGuTXuSpRGhCA25psbyHIst0ZWdqA0pnybznL4N1bpJ6xu+7

oneuser key
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAul5ZxWaOBaQoYV5HyDtASJWv54f87L/h9Ptzf5I16McwULnf04O24ApzsyH+cr1+4GNFCnByKhIoB5V/yATOzLTP7kuSFjgJ6d15t6w7nCPw4iwm5N+GZaZpWGmuzHQ8Mw+MP8R/oTs4o0zRK9CrblEOG4m7k70R+VESaeXEciJ5/iYlGCeT0771GW8eFETqIJB6zXb1BumtDe/Bip5v/vPtugEiS5JhTNhS9cvokFoDkGVZ7JcnydPlpP6muS8qT5QLnn+2u1+SwxVhnmKwTPLdEctBdR/ojiXeFIhrk17kqURoQgNuabG8hyLLdGVnagNKZ8m85y+DdW6SesbvuwIDAQAB

#4 Updated by Ruben S. Montero over 5 years ago

One other thing. What operation is oneuser key doing on the public key?

public key is extracted in a format compatible with openssl. The public key does not contain
"---- BEGIN/END PUBLIC KEY ----" if it is included and it is in a single line

#5 Updated by Ruben S. Montero over 5 years ago

This issue is to fix the ONE_AUTH check that is not needed and to keep oneuser key as a tool to extract the public key

#6 Updated by Ruben S. Montero over 5 years ago

  • Status changed from Pending to New

#7 Updated by Javi Fontan over 5 years ago

  • Assignee set to Javi Fontan

#8 Updated by Ruben S. Montero over 5 years ago

  • Status changed from New to Closed
  • Resolution set to fixed

Also available in: Atom PDF