In case someone stumbles in a similar problem, here are some steps that can help you with the issue:
First, check your current configuration:
sudo sysrepocfg --export --datastore startup --format xml -m ietf-netconf-server
Check the node , the user you are trying to connect must be listed. Below an example of a config file obtained with the command above, look at the <users> node.
<netconf-server xmlns="urn:ietf:params:xml:ns:yang:ietf-netconf-server">
<listen>
<endpoints>
<endpoint>
<name>default-ssh</name>
<ssh>
<tcp-server-parameters>
<local-address>0.0.0.0</local-address>
</tcp-server-parameters>
<ssh-server-parameters>
<server-identity>
<host-key>
<name>default-key</name>
<public-key>
<central-keystore-reference>genkey</central-keystore-reference>
</public-key>
</host-key>
</server-identity>
<client-authentication>
<users>
<user>
<name>ubuntu</name>
<public-keys>
<use-system-keys xmlns="urn:cesnet:libnetconf2-netconf-server"/>
</public-keys>
</user>
</users>
</client-authentication>
</ssh-server-parameters>
</ssh>
</endpoint>
</endpoints>
</listen>
</netconf-server>
Only the users listed are allowed to authenticate.
Probably Reason 1 - User is Not Listed
Solution: Check user and Configure SSH Properly.
In your case, you are using the root
user, and seems that the method is Interactive, probably in your /etc/sshd_config
you need to enable:
PermitRootLogin yes
PasswordAuthentication yes
For that, edit the current configuration file, the command below is very handy and opens the config in an editor of your preference, edit it to add a tag with the desired authentication method and save it.
sudo sysrepocfg -E vim --datastore running --format xml -m ietf-netconf-server
To check your options for setting the user, see this example netopeer2/example_configuration/ssh_listen.xml
If you want the changes to persist edit also the datastore startup
.
Probably Reason 2 - Key Pairs not configured
Solution: Inform netpeer2-cli
which keys to use.
This doesn't seems to be your case, but maybe this info is useful for other people looking for answers about authentication.
You have to pay attention to the authentication method, and if it is <public-keys/>
, authentication is set to allow the same keys configured in authorized_keys
, note that it is possible to configure inline the keys, but let's assume you are using the system keys, which is a popular choice.
In this case, when you run the netopeer2-cli
, right after getting to the prompt, type auth keys
, you are probably getting something like this as a result:
> auth keys
The keys used for SSH authentication:
(none)
If this is the case you have to set the key pairs that is allowed to login as the configured user, usually your public key is listed in the netconf server user's ~/.ssh/authorized_keys
. In our config above, the user is ubuntu
.
Setup the keys in the netopeer2-cli prompt with:
auth keys add /home/ubuntu/.ssh/id_rsa.pub /home/ubuntu/.ssh/id_rsa
Or any other pair of keys whose public key is listed in the /home/ubuntu/authorized_keys
.
Try again and it must work.