Hey everyone! I’m having an issue where, after I clone a template in Proxmox of Rocky v9.4 VM, I can no longer SSH into the machine using a password. I could before I turned it into a template, but I suspect I messed something up by turning it into a template. Here’s some extra information because the VM had been customized before turning it into a Proxmox template:
Background
OS: RockyLinux 9.4 with the CIS Benchmark Server 1 security policy enabled (this also means the partitions are slightly different than default)
Installed & Configured: Fail2Ban, firewalld, cloud-init
What I’ve tried
- Every combination of
/etc/ssh/sshd_config
that I can think of - Disabling fail2ban & firewalld, but neither of them were putting anything in their logs about blocking my IP since my subnet is set within fail2ban’s
ignoreip
setting - Making sure that my user had 700-level permissions on /root/.ssh & /home/user1/.ssh
- SSHing from a separate machine on the same trusted subnet
SSH -v Output from workstation (more available upon request)
Authorized uses only. All activity may be monitored and reported.
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic
debug1: Next authentication method: publickey
debug1: get_agent_identities: agent returned 2 keys
debug1: Will attempt key: /Users/user1/.ssh/id_rsa
debug1: Will attempt key: /Users/user1/.ssh/id_ecdsa
debug1: Will attempt key: /Users/user1/.ssh/id_ecdsa_sk
debug1: Will attempt key: /Users/user1/.ssh/id_ed25519 ED25519 SHA256: ~publickey~
debug1: Will attempt key: /Users/user1/.ssh/id_ed25519_sk
debug1: Will attempt key: /Users/user1/.ssh/id_xmss
debug1: Will attempt key: /Users/user1/.ssh/id_dsa
debug1: Trying private key: /Users/user1/.ssh/id_rsa
debug1: Trying private key: /Users/user1/.ssh/id_ecdsa
debug1: Trying private key: /Users/user1/.ssh/id_ecdsa_sk
debug1: Offering public key: /Users/user1/.ssh/id_ed25519 ED25519 SHA256: ~publickey~
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic
debug1: Trying private key: /Users/user1/.ssh/id_ed25519_sk
debug1: Trying private key: /Users/user1/.ssh/id_xmss
debug1: Trying private key: /Users/user1/.ssh/id_dsa
debug1: No more authentication methods to try.
user1@xxx.xxx.xxx.xxx: Permission denied (publickey,gssapi-keyex,gssapi-with-mic).
Something to note: I did what I do for my Ubuntu templates where I delete all SSH hostkeys, remove the machine-id, apt/dnf clean, autoremove, and cloud-init clean. This doesn’t happen with the Ubuntu templates, but I’ve also never used the CIS Server 1 policies so it could be that causing issues.