On 08/05/2013 12:40 PM, Pierre Naude wrote: > Hi Olivier, > > No - as per the docs the key is not password protected. > > Also neither of the systems are configured to use ssh-agent > (ForwardAgent is set to no and SSH_AUTH_SOCK never gets set). > > From the command line it works whether I force the key or not: > > [oneadmin@rtfwops1 ~]$ ssh -v -i /var/lib/one/.ssh/id_dsa > oneadmin@rtfwops2 > OpenSSH_5.3p1, OpenSSL 1.0.0-fips 29 Mar 2010 > debug1: Reading configuration data /etc/ssh/ssh_config > debug1: Applying options for * > debug1: Connecting to rtfwops2 [xxx.xxx.xxx.138] port 22. > debug1: Connection established. > debug1: identity file /var/lib/one/.ssh/id_dsa type 2 > debug1: Remote protocol version 2.0, remote software version OpenSSH_5.3 > debug1: match: OpenSSH_5.3 pat OpenSSH* > debug1: Enabling compatibility mode for protocol 2.0 > debug1: Local version string SSH-2.0-OpenSSH_5.3 > debug1: SSH2_MSG_KEXINIT sent > debug1: SSH2_MSG_KEXINIT received > debug1: kex: server->client aes128-ctr hmac-md5 none > debug1: kex: client->server aes128-ctr hmac-md5 none > debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent > debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP > debug1: SSH2_MSG_KEX_DH_GEX_INIT sent > debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY > debug1: Host 'rtfwops2' is known and matches the RSA host key. > debug1: Found key in /var/lib/one/.ssh/known_hosts:1 > debug1: ssh_rsa_verify: signature correct > debug1: SSH2_MSG_NEWKEYS sent > debug1: expecting SSH2_MSG_NEWKEYS > debug1: SSH2_MSG_NEWKEYS received > debug1: SSH2_MSG_SERVICE_REQUEST sent > debug1: SSH2_MSG_SERVICE_ACCEPT received > debug1: Authentications that can continue: > publickey,gssapi-keyex,gssapi-with-mic,password > debug1: Next authentication method: publickey > debug1: Offering public key: /var/lib/one/.ssh/id_dsa > debug1: Server accepts key: pkalg ssh-dss blen 434 > debug1: read PEM private key done: type DSA > debug1: Authentication succeeded (publickey). > debug1: channel 0: new [client-session] > debug1: Requesting [email protected] > <mailto:[email protected]> > debug1: Entering interactive session. > debug1: Sending environment. > debug1: Sending env LANG = en_US.UTF-8 > Last login: Mon Aug 5 11:37:43 2013 from xxx.xxx.xxx.138 > [oneadmin@rtfwops2 ~]$ debug1: client_input_channel_req: channel 0 > rtype exit-status reply 0 > debug1: client_input_channel_req: channel 0 rtype [email protected] > <mailto:[email protected]> reply 0 > debug1: channel 0: forcing write > logout > debug1: channel 0: free: client-session, nchannels 1 > Connection to rtfwops2 closed. > Transferred: sent 2992, received 3064 bytes, in 25.6 seconds > Bytes per second: sent 116.7, received 119.5 > debug1: Exit status 0 > > [oneadmin@rtfwops1 ~]$ ssh -v oneadmin@rtfwops2 > OpenSSH_5.3p1, OpenSSL 1.0.0-fips 29 Mar 2010 > debug1: Reading configuration data /etc/ssh/ssh_config > debug1: Applying options for * > debug1: Connecting to rtfwops2 [xxx.xxx.xxx.138] port 22. > debug1: Connection established. > debug1: identity file /var/lib/one/.ssh/identity type -1 > debug1: identity file /var/lib/one/.ssh/id_rsa type -1 > debug1: identity file /var/lib/one/.ssh/id_dsa type 2 > debug1: Remote protocol version 2.0, remote software version OpenSSH_5.3 > debug1: match: OpenSSH_5.3 pat OpenSSH* > debug1: Enabling compatibility mode for protocol 2.0 > debug1: Local version string SSH-2.0-OpenSSH_5.3 > debug1: SSH2_MSG_KEXINIT sent > debug1: SSH2_MSG_KEXINIT received > debug1: kex: server->client aes128-ctr hmac-md5 none > debug1: kex: client->server aes128-ctr hmac-md5 none > debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent > debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP > debug1: SSH2_MSG_KEX_DH_GEX_INIT sent > debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY > debug1: Host 'rtfwops2' is known and matches the RSA host key.
This is gine for host match here, but not in your previous log: "Mon Aug 5 11:48:10 2013 [InM][I]: Host key verification failed." Could be known_host issue butit should fail via command line too. > debug1: Found key in /var/lib/one/.ssh/known_hosts:1 > debug1: ssh_rsa_verify: signature correct > debug1: SSH2_MSG_NEWKEYS sent > debug1: expecting SSH2_MSG_NEWKEYS > debug1: SSH2_MSG_NEWKEYS received > debug1: SSH2_MSG_SERVICE_REQUEST sent > debug1: SSH2_MSG_SERVICE_ACCEPT received > debug1: Authentications that can continue: > publickey,gssapi-keyex,gssapi-with-mic,password > debug1: Next authentication method: publickey > debug1: Trying private key: /var/lib/one/.ssh/identity > debug1: Trying private key: /var/lib/one/.ssh/id_rsa > debug1: Offering public key: /var/lib/one/.ssh/id_dsa > debug1: Server accepts key: pkalg ssh-dss blen 434 > debug1: read PEM private key done: type DSA > debug1: Authentication succeeded (publickey). > debug1: channel 0: new [client-session] > debug1: Requesting [email protected] > <mailto:[email protected]> > debug1: Entering interactive session. > debug1: Sending environment. > debug1: Sending env LANG = en_US.UTF-8 > Last login: Mon Aug 5 12:21:57 2013 from xxx.xxx.xxx.137 > [oneadmin@rtfwops2 ~]$ > > HTH > > Pierre > > > > > On 5 August 2013 12:19, Olivier Sallou <[email protected] > <mailto:[email protected]>> wrote: > > > On 08/05/2013 11:59 AM, Pierre Naude wrote: >> Good Morning, >> >> I'm busy setting up a proof-of-concept using ONE and have run >> into a problem adding hosts to the server. >> >> My ONE server is a Centos 6.4 installation, and so is the host >> I'm adding to the server. >> >> I am able to ssh successfully without password from the server to >> the host as root and oneadmin and vice versa (I have also made >> sure the servers can connect to themselves without password). >> >> The problem is that the one server monitoring process is failing >> to ssh passwordlessly from the server to the host: >> >> Debug from the server: >> >> Mon Aug 5 11:48:10 2013 [InM][I]: Monitoring host >> rtfwops2.rorotika (7) >> Mon Aug 5 11:48:10 2013 [InM][I]: Command execution fail: 'if [ >> -x "/var/tmp/one/im/run_probes" ]; then >> /var/tmp/one/im/run_probes kvm 7 rtfwops2.rorotika; >> else exit 42; fi' >> Mon Aug 5 11:48:10 2013 [InM][I]: debug1: Connecting to >> rtfwops2.rorotika [xxx.xxx.xxx.138] port 22. >> Mon Aug 5 11:48:10 2013 [InM][I]: debug1: Connection established. >> Mon Aug 5 11:48:10 2013 [InM][I]: debug1: identity file >> /var/lib/one/.ssh/identity type -1 >> Mon Aug 5 11:48:10 2013 [InM][I]: debug1: identity file >> /var/lib/one/.ssh/id_rsa type -1 >> Mon Aug 5 11:48:10 2013 [InM][I]: debug1: identity file >> /var/lib/one/.ssh/id_dsa type 2 >> Mon Aug 5 11:48:10 2013 [InM][I]: debug1: Remote protocol >> version 2.0, remote software version OpenSSH_5.3 >> Mon Aug 5 11:48:10 2013 [InM][I]: debug1: match: OpenSSH_5.3 pat >> OpenSSH* >> Mon Aug 5 11:48:10 2013 [InM][I]: debug1: Enabling compatibility >> mode for protocol 2.0 >> Mon Aug 5 11:48:10 2013 [InM][I]: debug1: Local version string >> SSH-2.0-OpenSSH_5.3 >> Mon Aug 5 11:48:10 2013 [InM][I]: debug1: SSH2_MSG_KEXINIT sent >> Mon Aug 5 11:48:10 2013 [InM][I]: debug1: SSH2_MSG_KEXINIT received >> Mon Aug 5 11:48:10 2013 [InM][I]: debug1: kex: server->client >> aes128-ctr hmac-md5 none >> Mon Aug 5 11:48:10 2013 [InM][I]: debug1: kex: client->server >> aes128-ctr hmac-md5 none >> Mon Aug 5 11:48:10 2013 [InM][I]: debug1: >> SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent >> Mon Aug 5 11:48:10 2013 [InM][I]: debug1: expecting >> SSH2_MSG_KEX_DH_GEX_GROUP >> Mon Aug 5 11:48:10 2013 [InM][I]: debug1: >> SSH2_MSG_KEX_DH_GEX_INIT sent >> Mon Aug 5 11:48:10 2013 [InM][I]: debug1: expecting >> SSH2_MSG_KEX_DH_GEX_REPLY >> Mon Aug 5 11:48:10 2013 [InM][I]: debug1: read_passphrase: can't >> open /dev/tty: No such device or address > It seems it expects to get your passphrase here. I think your key > is password protected(and this is fine). > When you made your connection tests, are you sure you used the > oneadmin user key (and not one loaded via ssh-agent or something > like that) ? > > Olivier > >> Mon Aug 5 11:48:10 2013 [InM][I]: Host key verification failed. >> Mon Aug 5 11:48:10 2013 [InM][I]: ExitCode: 255 >> Mon Aug 5 11:48:10 2013 [ONE][E]: Error monitoring Host >> rtfwops2.rorotika (7): - >> >> Debug from the host: >> >> Aug 5 11:48:10 rtfwops2 sshd[2301]: debug1: Forked child 11777. >> Aug 5 11:48:10 rtfwops2 sshd[11777]: Set >> /proc/self/oom_score_adj to 0 >> Aug 5 11:48:10 rtfwops2 sshd[11777]: debug1: rexec start in 5 >> out 5 newsock 5 pipe 7 sock 8 >> Aug 5 11:48:10 rtfwops2 sshd[11777]: debug1: inetd sockets after >> dupping: 3, 3 >> Aug 5 11:48:10 rtfwops2 sshd[11777]: Connection from >> 172.28.200.137 port 52989 >> Aug 5 11:48:10 rtfwops2 sshd[11777]: debug1: Client protocol >> version 2.0; client software version Open >> SSH_5.3 >> Aug 5 11:48:10 rtfwops2 sshd[11777]: debug1: match: OpenSSH_5.3 >> pat OpenSSH* >> Aug 5 11:48:10 rtfwops2 sshd[11777]: debug1: Enabling >> compatibility mode for protocol 2.0 >> Aug 5 11:48:10 rtfwops2 sshd[11777]: debug1: Local version >> string SSH-2.0-OpenSSH_5.3 >> Aug 5 11:48:10 rtfwops2 sshd[11778]: debug1: >> permanently_set_uid: 74/74 >> Aug 5 11:48:10 rtfwops2 sshd[11778]: debug1: list_hostkey_types: >> ssh-rsa,ssh-dss >> Aug 5 11:48:10 rtfwops2 sshd[11778]: debug1: SSH2_MSG_KEXINIT sent >> Aug 5 11:48:10 rtfwops2 sshd[11778]: debug1: SSH2_MSG_KEXINIT >> received >> Aug 5 11:48:10 rtfwops2 sshd[11778]: debug1: kex: client->server >> aes128-ctr hmac-md5 none >> Aug 5 11:48:10 rtfwops2 sshd[11778]: debug1: kex: server->client >> aes128-ctr hmac-md5 none >> Aug 5 11:48:10 rtfwops2 sshd[11778]: debug1: >> SSH2_MSG_KEX_DH_GEX_REQUEST received >> Aug 5 11:48:10 rtfwops2 sshd[11778]: debug1: >> SSH2_MSG_KEX_DH_GEX_GROUP sent >> Aug 5 11:48:10 rtfwops2 sshd[11778]: debug1: expecting >> SSH2_MSG_KEX_DH_GEX_INIT >> Aug 5 11:48:10 rtfwops2 sshd[11778]: debug1: >> SSH2_MSG_KEX_DH_GEX_REPLY sent >> Aug 5 11:48:10 rtfwops2 sshd[11778]: debug1: SSH2_MSG_NEWKEYS sent >> Aug 5 11:48:10 rtfwops2 sshd[11778]: debug1: expecting >> SSH2_MSG_NEWKEYS >> Aug 5 11:48:10 rtfwops2 sshd[11778]: Connection closed by >> xxx.xxx.xxx.137 >> Aug 5 11:48:10 rtfwops2 sshd[11778]: debug1: do_cleanup >> Aug 5 11:48:10 rtfwops2 sshd[11777]: debug1: do_cleanup >> >> When I run a script from onadmin's cron on the server it can also >> ssh successfully without password - I don't think this is a key >> issue. >> >> Any suggestions? >> >> Thanks >> >> Pierre >> >> -- >> Pierre Naude >> Rorotika Technologies >> >> e-mail: [email protected] <mailto:[email protected]> >> Tel.: +27-11-568-0805 >> Cell.: +27-82-901-9609 >> Skype: pierre_naude >> Google Hangouts: [email protected] >> <mailto:[email protected]> >> >> >> _______________________________________________ >> Users mailing list >> [email protected] <mailto:[email protected]> >> http://lists.opennebula.org/listinfo.cgi/users-opennebula.org > > -- > Olivier Sallou > IRISA / University of Rennes 1 > Campus de Beaulieu, 35000 RENNES - FRANCE > Tel: 02.99.84.71.95 > > gpg key id: 4096R/326D8438 (keyring.debian.org > <http://keyring.debian.org>) > Key fingerprint = 5FB4 6F83 D3B9 5204 6335 D26D 78DC 68DB 326D 8438 > > > > > -- > Pierre Naude > Rorotika Technologies > > e-mail: [email protected] <mailto:[email protected]> > Tel.: +27-11-568-0805 > Cell.: +27-82-901-9609 > Skype: pierre_naude > Google Hangouts: [email protected] > <mailto:[email protected]> -- Olivier Sallou IRISA / University of Rennes 1 Campus de Beaulieu, 35000 RENNES - FRANCE Tel: 02.99.84.71.95 gpg key id: 4096R/326D8438 (keyring.debian.org) Key fingerprint = 5FB4 6F83 D3B9 5204 6335 D26D 78DC 68DB 326D 8438
_______________________________________________ Users mailing list [email protected] http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
