[one-users] SSH key exchange failing for InM
Olivier Sallou
olivier.sallou at irisa.fr
Mon Aug 5 03:19:52 PDT 2013
On 08/05/2013 11:59 AM, Pierre Naude wrote:
> Good Morning,
>
> I'm busy setting up a proof-of-concept using ONE and have run into a
> problem adding hosts to the server.
>
> My ONE server is a Centos 6.4 installation, and so is the host I'm
> adding to the server.
>
> I am able to ssh successfully without password from the server to the
> host as root and oneadmin and vice versa (I have also made sure the
> servers can connect to themselves without password).
>
> The problem is that the one server monitoring process is failing to
> ssh passwordlessly from the server to the host:
>
> Debug from the server:
>
> Mon Aug 5 11:48:10 2013 [InM][I]: Monitoring host rtfwops2.rorotika (7)
> Mon Aug 5 11:48:10 2013 [InM][I]: Command execution fail: 'if [ -x
> "/var/tmp/one/im/run_probes" ]; then
> /var/tmp/one/im/run_probes kvm 7 rtfwops2.rorotika;
> else exit 42; fi'
> Mon Aug 5 11:48:10 2013 [InM][I]: debug1: Connecting to
> rtfwops2.rorotika [xxx.xxx.xxx.138] port 22.
> Mon Aug 5 11:48:10 2013 [InM][I]: debug1: Connection established.
> Mon Aug 5 11:48:10 2013 [InM][I]: debug1: identity file
> /var/lib/one/.ssh/identity type -1
> Mon Aug 5 11:48:10 2013 [InM][I]: debug1: identity file
> /var/lib/one/.ssh/id_rsa type -1
> Mon Aug 5 11:48:10 2013 [InM][I]: debug1: identity file
> /var/lib/one/.ssh/id_dsa type 2
> Mon Aug 5 11:48:10 2013 [InM][I]: debug1: Remote protocol version
> 2.0, remote software version OpenSSH_5.3
> Mon Aug 5 11:48:10 2013 [InM][I]: debug1: match: OpenSSH_5.3 pat OpenSSH*
> Mon Aug 5 11:48:10 2013 [InM][I]: debug1: Enabling compatibility mode
> for protocol 2.0
> Mon Aug 5 11:48:10 2013 [InM][I]: debug1: Local version string
> SSH-2.0-OpenSSH_5.3
> Mon Aug 5 11:48:10 2013 [InM][I]: debug1: SSH2_MSG_KEXINIT sent
> Mon Aug 5 11:48:10 2013 [InM][I]: debug1: SSH2_MSG_KEXINIT received
> Mon Aug 5 11:48:10 2013 [InM][I]: debug1: kex: server->client
> aes128-ctr hmac-md5 none
> Mon Aug 5 11:48:10 2013 [InM][I]: debug1: kex: client->server
> aes128-ctr hmac-md5 none
> Mon Aug 5 11:48:10 2013 [InM][I]: debug1:
> SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
> Mon Aug 5 11:48:10 2013 [InM][I]: debug1: expecting
> SSH2_MSG_KEX_DH_GEX_GROUP
> Mon Aug 5 11:48:10 2013 [InM][I]: debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
> Mon Aug 5 11:48:10 2013 [InM][I]: debug1: expecting
> SSH2_MSG_KEX_DH_GEX_REPLY
> Mon Aug 5 11:48:10 2013 [InM][I]: debug1: read_passphrase: can't open
> /dev/tty: No such device or address
It seems it expects to get your passphrase here. I think your key is
password protected(and this is fine).
When you made your connection tests, are you sure you used the oneadmin
user key (and not one loaded via ssh-agent or something like that) ?
Olivier
> Mon Aug 5 11:48:10 2013 [InM][I]: Host key verification failed.
> Mon Aug 5 11:48:10 2013 [InM][I]: ExitCode: 255
> Mon Aug 5 11:48:10 2013 [ONE][E]: Error monitoring Host
> rtfwops2.rorotika (7): -
>
> Debug from the host:
>
> Aug 5 11:48:10 rtfwops2 sshd[2301]: debug1: Forked child 11777.
> Aug 5 11:48:10 rtfwops2 sshd[11777]: Set /proc/self/oom_score_adj to 0
> Aug 5 11:48:10 rtfwops2 sshd[11777]: debug1: rexec start in 5 out 5
> newsock 5 pipe 7 sock 8
> Aug 5 11:48:10 rtfwops2 sshd[11777]: debug1: inetd sockets after
> dupping: 3, 3
> Aug 5 11:48:10 rtfwops2 sshd[11777]: Connection from 172.28.200.137
> port 52989
> Aug 5 11:48:10 rtfwops2 sshd[11777]: debug1: Client protocol version
> 2.0; client software version Open
> SSH_5.3
> Aug 5 11:48:10 rtfwops2 sshd[11777]: debug1: match: OpenSSH_5.3 pat
> OpenSSH*
> Aug 5 11:48:10 rtfwops2 sshd[11777]: debug1: Enabling compatibility
> mode for protocol 2.0
> Aug 5 11:48:10 rtfwops2 sshd[11777]: debug1: Local version string
> SSH-2.0-OpenSSH_5.3
> Aug 5 11:48:10 rtfwops2 sshd[11778]: debug1: permanently_set_uid: 74/74
> Aug 5 11:48:10 rtfwops2 sshd[11778]: debug1: list_hostkey_types:
> ssh-rsa,ssh-dss
> Aug 5 11:48:10 rtfwops2 sshd[11778]: debug1: SSH2_MSG_KEXINIT sent
> Aug 5 11:48:10 rtfwops2 sshd[11778]: debug1: SSH2_MSG_KEXINIT received
> Aug 5 11:48:10 rtfwops2 sshd[11778]: debug1: kex: client->server
> aes128-ctr hmac-md5 none
> Aug 5 11:48:10 rtfwops2 sshd[11778]: debug1: kex: server->client
> aes128-ctr hmac-md5 none
> Aug 5 11:48:10 rtfwops2 sshd[11778]: debug1:
> SSH2_MSG_KEX_DH_GEX_REQUEST received
> Aug 5 11:48:10 rtfwops2 sshd[11778]: debug1:
> SSH2_MSG_KEX_DH_GEX_GROUP sent
> Aug 5 11:48:10 rtfwops2 sshd[11778]: debug1: expecting
> SSH2_MSG_KEX_DH_GEX_INIT
> Aug 5 11:48:10 rtfwops2 sshd[11778]: debug1:
> SSH2_MSG_KEX_DH_GEX_REPLY sent
> Aug 5 11:48:10 rtfwops2 sshd[11778]: debug1: SSH2_MSG_NEWKEYS sent
> Aug 5 11:48:10 rtfwops2 sshd[11778]: debug1: expecting SSH2_MSG_NEWKEYS
> Aug 5 11:48:10 rtfwops2 sshd[11778]: Connection closed by xxx.xxx.xxx.137
> Aug 5 11:48:10 rtfwops2 sshd[11778]: debug1: do_cleanup
> Aug 5 11:48:10 rtfwops2 sshd[11777]: debug1: do_cleanup
>
> When I run a script from onadmin's cron on the server it can also ssh
> successfully without password - I don't think this is a key issue.
>
> Any suggestions?
>
> Thanks
>
> Pierre
>
> --
> Pierre Naude
> Rorotika Technologies
>
> e-mail: pierre.naude at rorotika.com <mailto:pierre.naude at rorotika.com>
> Tel.: +27-11-568-0805
> Cell.: +27-82-901-9609
> Skype: pierre_naude
> Google Hangouts: pierre.naude at rorotika.com
> <mailto:pierre.naude at rorotika.com>
>
>
> _______________________________________________
> Users mailing list
> Users at lists.opennebula.org
> http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
--
Olivier Sallou
IRISA / University of Rennes 1
Campus de Beaulieu, 35000 RENNES - FRANCE
Tel: 02.99.84.71.95
gpg key id: 4096R/326D8438 (keyring.debian.org)
Key fingerprint = 5FB4 6F83 D3B9 5204 6335 D26D 78DC 68DB 326D 8438
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opennebula.org/pipermail/users-opennebula.org/attachments/20130805/a44084d1/attachment-0002.htm>
More information about the Users
mailing list