• State Not Answered
  • Replies 12 replies
  • Subscribers 28 subscribers
  • Views 4841 views
  • Users 0 members are here
Options
Related

Safeguard SPP : Fail To check SSH Key.

hamza bennani
over 3 years ago

Dears,

Could you help me please understand what happen when i try to check SSH key in Safeguard SPP as i always get an error message saying this :

"SSH Server on asset Oracle Linux is configured to run the authorized key command none as account 0

Unable to check SSH Key for account "Account1" on asset Oracle due to an error."

I think maybe safeguard service account is unable to use or run the authorizedkeycommand found in the /etc/ssh/sshd_config file :

#AuthorizedKeysCommand none  (i actually don't know what should be placed here in order for safeguard service account to check SSH Key) ??

#AuthorizedKeysCommandUser none (i presume that i need to put the Safeguard Service Account Name here) ??

What should be set in the /etc/ssh/sshd_config in order for Safeguard to check SSH Keys and specially in the AuthorizedKeyCommand fields.

Please note athat i'm able to Set and Change SSH Keys and Passwords Successfully through the same Safeguard Service Account.

I'm working on a Linux asset : Oracle Linux (OL7) Distribution.

Thank you for your help.

Parents
  • 0 over 3 years ago

    Hi Hamza,

    Safeguard does not require AuthorizedKeysCommand (if you do not use it) to be enabled for the check SSH Key task to work.

    When performing Check SSH Key > Click on the eye icon > click Show More > please check the Operations and\or sshCommunication tabs for more detailed logs. 

    Thanks!

  • 0 over 3 years ago in reply to Tawfiq.Ahmad

    Thank you Ahmad for your reply,

    Here's the sshCommunication Logs, please note that i'm using an account service named : sfg-svc :

    [sfg-svc@oralnx ~]$ "))
    Friday, October 23, 2020 10:11:17 AM Debug RECV buf((""))
    Friday, October 23, 2020 10:11:17 AM Debug Send : sudo test -f '/etc/ssh/sshd_config'; echo "SshdConfigPath=$?"
    Friday, October 23, 2020 10:11:18 AM Debug RECV buf(("SshdConfigPath=0
    [sfg-svc@oralnx ~]$ "))
    Friday, October 23, 2020 10:11:18 AM Debug Send : sudo test -r '/etc/ssh/sshd_config'; echo "IsPathReadable=$?"
    Friday, October 23, 2020 10:11:18 AM Debug RECV buf(("IsPathReadable=0
    [sfg-svc@oralnx ~]$ "))
    Friday, October 23, 2020 10:11:18 AM Debug Send : sudo sshd -T | grep -o -i "^UseDNS.*" >/dev/null 2>&1; echo "DnsUsageConfigured=$?"
    Friday, October 23, 2020 10:11:18 AM Debug RECV buf(("DnsUsageConfigured=0
    [sfg-svc@oralnx ~]$ "))
    Friday, October 23, 2020 10:11:18 AM Debug Send : res=`sudo sshd -T | grep -o -i "^UseDNS.*" 2>/dev/null | awk '{print $2}'`; echo UseDns=${res}
    Friday, October 23, 2020 10:11:19 AM Debug RECV buf(("UseDns=no
    [sfg-svc@oralnx ~]$ "))
    Friday, October 23, 2020 10:11:19 AM Debug Send : sudo sshd -T -C user=keygen-sfg,host=10.0.1.80,addr=10.0.1.80 | grep -o -i "^PubkeyAuthentication.*" >/dev/null 2>&1; echo "PubKeyAuthConfigured=$?"
    Friday, October 23, 2020 10:11:19 AM Debug RECV buf(("PubKeyAuthConfigured=0
    [sfg-svc@oralnx ~]$ "))
    Friday, October 23, 2020 10:11:19 AM Debug Send : res=`sudo sshd -T -C user=keygen-sfg,host=10.0.1.80,addr=10.0.1.80 | grep -o -i "^PubkeyAuthentication.*" 2>/dev/null | awk '{print $2}'`; echo PubkeyAuth=${res}
    Friday, October 23, 2020 10:11:19 AM Debug RECV buf(("PubkeyAuth=yes
    [sfg-svc@oralnx ~]$ "))
    Friday, October 23, 2020 10:11:19 AM Debug Send : sudo sshd -T -C user=keygen-sfg,host=10.0.1.80,addr=10.0.1.80  | grep -o -i "^AuthorizedKeysFile.*" >/dev/null 2>&1; echo "KeystoreTemplateConfigured=$?"
    Friday, October 23, 2020 10:11:19 AM Debug RECV buf(("KeystoreTemplateConfigured=0
    [sfg-svc@oralnx ~]$ "))
    Friday, October 23, 2020 10:11:20 AM Debug Send : res=`sudo sshd -T -C user=keygen-sfg,host=10.0.1.80,addr=10.0.1.80 | grep -o -i "^AuthorizedKeysFile.*" 2>/dev/null | awk '{$1=""; print $0}'`; echo KeystoreTemplate=${res}
    Friday, October 23, 2020 10:11:20 AM Debug RECV buf(("KeystoreTemplate= .ssh/authorized_keys
    [sfg-svc@oralnx ~]$ "))
    Friday, October 23, 2020 10:11:20 AM Debug Send : sudo sshd -T | grep -o -i "^AuthorizedKeysCommand.*" >/dev/null 2>&1; echo "AuthorizedKeysCommandConfigured=$?"
    Friday, October 23, 2020 10:11:20 AM Debug RECV buf(("AuthorizedKeysCommandConfigured=0
    [sfg-svc@oralnx ~]$ "))
    Friday, October 23, 2020 10:11:20 AM Debug Send : res=`sudo sshd -T | grep -o -i "^AuthorizedKeysCommand.*" 2>/dev/null | awk '{print $2}'`; echo AuthorizedKeysCommand=${res}
    Friday, October 23, 2020 10:11:20 AM Debug RECV buf(("AuthorizedKeysCommand=none none
    [sfg-svc@oralnx ~]$ "))
    Friday, October 23, 2020 10:11:20 AM Debug Send : sudo sshd -T | grep -o -i "^AuthorizedKeysCommandUser.*" >/dev/null 2>&1; echo "AuthorizedKeysCommandUserConfigured=$?"
    Friday, October 23, 2020 10:11:21 AM Debug RECV buf(("AuthorizedKeysCommandUserConfigured=0
    [sfg-svc@oralnx ~]$ "))
    Friday, October 23, 2020 10:11:21 AM Debug Send : sudo sshd -T | grep -o -i "^AuthorizedKeysCommandUser.*" >/dev/null 2>&1; echo "AuthorizedKeysCommandUser=$?"
    Friday, October 23, 2020 10:11:21 AM Debug RECV buf(("AuthorizedKeysCommandUser=0
    [sfg-svc@oralnx ~]$ "))
    Friday, October 23, 2020 10:11:21 AM Debug Send : sudo none
    Friday, October 23, 2020 10:11:21 AM Debug RECV buf(("**secret**"))
    Friday, October 23, 2020 10:11:21 AM Debug Send : res=`sudo grep -o -i "^Match Host.*" '/etc/ssh/sshd_config' >/dev/null 2>&1`; echo "matchHostConfigured=$?"
    Friday, October 23, 2020 10:11:22 AM Debug RECV buf(("
    "))
    Friday, October 23, 2020 10:11:23 AM Debug RECV buf(("Sorry, try again.
    SUDO password for sfg-svc:"))
    Friday, October 23, 2020 10:11:23 AM Debug Send : **secret**
    Friday, October 23, 2020 10:11:24 AM Debug RECV buf(("
    sudo: none: command not found
    [sfg-svc@oralnx ~]$ "))
    Friday, October 23, 2020 10:11:44 AM Debug RECV buf((""))
    Friday, October 23, 2020 10:11:44 AM Debug Send : sudo test -f '/home/keygen-sfg/.ssh/authorized_keys'; echo "AuthKeysFileExist=$?"
    Friday, October 23, 2020 10:11:44 AM Debug RECV buf(("AuthKeysFileExist=0
    [sfg-svc@oralnx ~]$ "))
    Friday, October 23, 2020 10:11:44 AM Debug Send : sudo test -r '/home/keygen-sfg/.ssh/authorized_keys'; echo "AuthKeysFileExist=$?"
    Friday, October 23, 2020 10:11:44 AM Debug RECV buf(("AuthKeysFileExist=0
    [sfg-svc@oralnx ~]$ "))
    Friday, October 23, 2020 10:11:44 AM Debug Send : res=`sudo cat /home/keygen-sfg/.ssh/authorized_keys 2>/dev/null`; echo "Keys=${res}"
    Friday, October 23, 2020 10:11:45 AM Debug RECV buf(("Keys=ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDIj6kOLXbCUAbw0tbx7IX7VYl2BwRcMSkFKYnk4wBldm/iNHXkVOjIUpE6mmzBKtBdPADfbt3gSeqe9tJW2rnw1BymzsRbPej8FpCXsKbqL382YWdd5i9yb1khgK5Wt/gBY0guvHy+Cz4pkXNEYhx+fkDWLlx1um2CyZt71vPJXRM9XnsL5Hx7qVfHWxqcdroWJ2Dz8DuBm3IRSeDoTACbaFf/1BvPdXp27ckPGN8JId8Exu7GgAoFXWN2tcIWqJXL14MEHRn+yeOBnC/pr8HuFVJHpPkA9AwtKtekqfNA3NSXKzfR7P+pUbyei3QzSCnCDofg8BApOFkjsTKuspsh Safeguard generated on 2020-10-14T11:32:59.5408072Z
    [sfg-svc@oralnx ~]$ "))
    Friday, October 23, 2020 10:11:45 AM Debug Send : sudo test -f '/home/keygen-sfg/.ssh/authorized_keys'; echo "KeystoreIsAFile=$?"
    Friday, October 23, 2020 10:11:45 AM Debug RECV buf(("KeystoreIsAFile=0
    [sfg-svc@oralnx ~]$ "))
    Friday, October 23, 2020 10:11:45 AM Debug Send : res=`sudo ls -l /home/keygen-sfg/.ssh/authorized_keys 2>/dev/null | awk '{print $0}'`; echo KeystorePermissions=${res}
    Friday, October 23, 2020 10:11:45 AM Debug RECV buf(("SUDO password for sfg-svc:"))
    Friday, October 23, 2020 10:11:45 AM Debug Send : **secret**
    Friday, October 23, 2020 10:11:46 AM Debug RECV buf(("
    KeystorePermissions=
    [sfg-svc@oralnx ~]$ "))

Reply
  • 0 over 3 years ago in reply to Tawfiq.Ahmad

    Thank you Ahmad for your reply,

    Here's the sshCommunication Logs, please note that i'm using an account service named : sfg-svc :

    [sfg-svc@oralnx ~]$ "))
    Friday, October 23, 2020 10:11:17 AM Debug RECV buf((""))
    Friday, October 23, 2020 10:11:17 AM Debug Send : sudo test -f '/etc/ssh/sshd_config'; echo "SshdConfigPath=$?"
    Friday, October 23, 2020 10:11:18 AM Debug RECV buf(("SshdConfigPath=0
    [sfg-svc@oralnx ~]$ "))
    Friday, October 23, 2020 10:11:18 AM Debug Send : sudo test -r '/etc/ssh/sshd_config'; echo "IsPathReadable=$?"
    Friday, October 23, 2020 10:11:18 AM Debug RECV buf(("IsPathReadable=0
    [sfg-svc@oralnx ~]$ "))
    Friday, October 23, 2020 10:11:18 AM Debug Send : sudo sshd -T | grep -o -i "^UseDNS.*" >/dev/null 2>&1; echo "DnsUsageConfigured=$?"
    Friday, October 23, 2020 10:11:18 AM Debug RECV buf(("DnsUsageConfigured=0
    [sfg-svc@oralnx ~]$ "))
    Friday, October 23, 2020 10:11:18 AM Debug Send : res=`sudo sshd -T | grep -o -i "^UseDNS.*" 2>/dev/null | awk '{print $2}'`; echo UseDns=${res}
    Friday, October 23, 2020 10:11:19 AM Debug RECV buf(("UseDns=no
    [sfg-svc@oralnx ~]$ "))
    Friday, October 23, 2020 10:11:19 AM Debug Send : sudo sshd -T -C user=keygen-sfg,host=10.0.1.80,addr=10.0.1.80 | grep -o -i "^PubkeyAuthentication.*" >/dev/null 2>&1; echo "PubKeyAuthConfigured=$?"
    Friday, October 23, 2020 10:11:19 AM Debug RECV buf(("PubKeyAuthConfigured=0
    [sfg-svc@oralnx ~]$ "))
    Friday, October 23, 2020 10:11:19 AM Debug Send : res=`sudo sshd -T -C user=keygen-sfg,host=10.0.1.80,addr=10.0.1.80 | grep -o -i "^PubkeyAuthentication.*" 2>/dev/null | awk '{print $2}'`; echo PubkeyAuth=${res}
    Friday, October 23, 2020 10:11:19 AM Debug RECV buf(("PubkeyAuth=yes
    [sfg-svc@oralnx ~]$ "))
    Friday, October 23, 2020 10:11:19 AM Debug Send : sudo sshd -T -C user=keygen-sfg,host=10.0.1.80,addr=10.0.1.80  | grep -o -i "^AuthorizedKeysFile.*" >/dev/null 2>&1; echo "KeystoreTemplateConfigured=$?"
    Friday, October 23, 2020 10:11:19 AM Debug RECV buf(("KeystoreTemplateConfigured=0
    [sfg-svc@oralnx ~]$ "))
    Friday, October 23, 2020 10:11:20 AM Debug Send : res=`sudo sshd -T -C user=keygen-sfg,host=10.0.1.80,addr=10.0.1.80 | grep -o -i "^AuthorizedKeysFile.*" 2>/dev/null | awk '{$1=""; print $0}'`; echo KeystoreTemplate=${res}
    Friday, October 23, 2020 10:11:20 AM Debug RECV buf(("KeystoreTemplate= .ssh/authorized_keys
    [sfg-svc@oralnx ~]$ "))
    Friday, October 23, 2020 10:11:20 AM Debug Send : sudo sshd -T | grep -o -i "^AuthorizedKeysCommand.*" >/dev/null 2>&1; echo "AuthorizedKeysCommandConfigured=$?"
    Friday, October 23, 2020 10:11:20 AM Debug RECV buf(("AuthorizedKeysCommandConfigured=0
    [sfg-svc@oralnx ~]$ "))
    Friday, October 23, 2020 10:11:20 AM Debug Send : res=`sudo sshd -T | grep -o -i "^AuthorizedKeysCommand.*" 2>/dev/null | awk '{print $2}'`; echo AuthorizedKeysCommand=${res}
    Friday, October 23, 2020 10:11:20 AM Debug RECV buf(("AuthorizedKeysCommand=none none
    [sfg-svc@oralnx ~]$ "))
    Friday, October 23, 2020 10:11:20 AM Debug Send : sudo sshd -T | grep -o -i "^AuthorizedKeysCommandUser.*" >/dev/null 2>&1; echo "AuthorizedKeysCommandUserConfigured=$?"
    Friday, October 23, 2020 10:11:21 AM Debug RECV buf(("AuthorizedKeysCommandUserConfigured=0
    [sfg-svc@oralnx ~]$ "))
    Friday, October 23, 2020 10:11:21 AM Debug Send : sudo sshd -T | grep -o -i "^AuthorizedKeysCommandUser.*" >/dev/null 2>&1; echo "AuthorizedKeysCommandUser=$?"
    Friday, October 23, 2020 10:11:21 AM Debug RECV buf(("AuthorizedKeysCommandUser=0
    [sfg-svc@oralnx ~]$ "))
    Friday, October 23, 2020 10:11:21 AM Debug Send : sudo none
    Friday, October 23, 2020 10:11:21 AM Debug RECV buf(("**secret**"))
    Friday, October 23, 2020 10:11:21 AM Debug Send : res=`sudo grep -o -i "^Match Host.*" '/etc/ssh/sshd_config' >/dev/null 2>&1`; echo "matchHostConfigured=$?"
    Friday, October 23, 2020 10:11:22 AM Debug RECV buf(("
    "))
    Friday, October 23, 2020 10:11:23 AM Debug RECV buf(("Sorry, try again.
    SUDO password for sfg-svc:"))
    Friday, October 23, 2020 10:11:23 AM Debug Send : **secret**
    Friday, October 23, 2020 10:11:24 AM Debug RECV buf(("
    sudo: none: command not found
    [sfg-svc@oralnx ~]$ "))
    Friday, October 23, 2020 10:11:44 AM Debug RECV buf((""))
    Friday, October 23, 2020 10:11:44 AM Debug Send : sudo test -f '/home/keygen-sfg/.ssh/authorized_keys'; echo "AuthKeysFileExist=$?"
    Friday, October 23, 2020 10:11:44 AM Debug RECV buf(("AuthKeysFileExist=0
    [sfg-svc@oralnx ~]$ "))
    Friday, October 23, 2020 10:11:44 AM Debug Send : sudo test -r '/home/keygen-sfg/.ssh/authorized_keys'; echo "AuthKeysFileExist=$?"
    Friday, October 23, 2020 10:11:44 AM Debug RECV buf(("AuthKeysFileExist=0
    [sfg-svc@oralnx ~]$ "))
    Friday, October 23, 2020 10:11:44 AM Debug Send : res=`sudo cat /home/keygen-sfg/.ssh/authorized_keys 2>/dev/null`; echo "Keys=${res}"
    Friday, October 23, 2020 10:11:45 AM Debug RECV buf(("Keys=ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDIj6kOLXbCUAbw0tbx7IX7VYl2BwRcMSkFKYnk4wBldm/iNHXkVOjIUpE6mmzBKtBdPADfbt3gSeqe9tJW2rnw1BymzsRbPej8FpCXsKbqL382YWdd5i9yb1khgK5Wt/gBY0guvHy+Cz4pkXNEYhx+fkDWLlx1um2CyZt71vPJXRM9XnsL5Hx7qVfHWxqcdroWJ2Dz8DuBm3IRSeDoTACbaFf/1BvPdXp27ckPGN8JId8Exu7GgAoFXWN2tcIWqJXL14MEHRn+yeOBnC/pr8HuFVJHpPkA9AwtKtekqfNA3NSXKzfR7P+pUbyei3QzSCnCDofg8BApOFkjsTKuspsh Safeguard generated on 2020-10-14T11:32:59.5408072Z
    [sfg-svc@oralnx ~]$ "))
    Friday, October 23, 2020 10:11:45 AM Debug Send : sudo test -f '/home/keygen-sfg/.ssh/authorized_keys'; echo "KeystoreIsAFile=$?"
    Friday, October 23, 2020 10:11:45 AM Debug RECV buf(("KeystoreIsAFile=0
    [sfg-svc@oralnx ~]$ "))
    Friday, October 23, 2020 10:11:45 AM Debug Send : res=`sudo ls -l /home/keygen-sfg/.ssh/authorized_keys 2>/dev/null | awk '{print $0}'`; echo KeystorePermissions=${res}
    Friday, October 23, 2020 10:11:45 AM Debug RECV buf(("SUDO password for sfg-svc:"))
    Friday, October 23, 2020 10:11:45 AM Debug Send : **secret**
    Friday, October 23, 2020 10:11:46 AM Debug RECV buf(("
    KeystorePermissions=
    [sfg-svc@oralnx ~]$ "))

Children