[one-users] SSH key exchange failing for InM
Pierre Naude
pierre.naude at rorotika.com
Mon Aug 5 03:40:02 PDT 2013
Hi Olivier,
No - as per the docs the key is not password protected.
Also neither of the systems are configured to use ssh-agent (ForwardAgent
is set to no and SSH_AUTH_SOCK never gets set).
>From the command line it works whether I force the key or not:
[oneadmin at rtfwops1 ~]$ ssh -v -i /var/lib/one/.ssh/id_dsa oneadmin at rtfwops2
OpenSSH_5.3p1, OpenSSL 1.0.0-fips 29 Mar 2010
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Connecting to rtfwops2 [xxx.xxx.xxx.138] port 22.
debug1: Connection established.
debug1: identity file /var/lib/one/.ssh/id_dsa type 2
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.3
debug1: match: OpenSSH_5.3 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.3
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host 'rtfwops2' is known and matches the RSA host key.
debug1: Found key in /var/lib/one/.ssh/known_hosts:1
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue:
publickey,gssapi-keyex,gssapi-with-mic,password
debug1: Next authentication method: publickey
debug1: Offering public key: /var/lib/one/.ssh/id_dsa
debug1: Server accepts key: pkalg ssh-dss blen 434
debug1: read PEM private key done: type DSA
debug1: Authentication succeeded (publickey).
debug1: channel 0: new [client-session]
debug1: Requesting no-more-sessions at openssh.com
debug1: Entering interactive session.
debug1: Sending environment.
debug1: Sending env LANG = en_US.UTF-8
Last login: Mon Aug 5 11:37:43 2013 from xxx.xxx.xxx.138
[oneadmin at rtfwops2 ~]$ debug1: client_input_channel_req: channel 0 rtype
exit-status reply 0
debug1: client_input_channel_req: channel 0 rtype eow at openssh.com reply 0
debug1: channel 0: forcing write
logout
debug1: channel 0: free: client-session, nchannels 1
Connection to rtfwops2 closed.
Transferred: sent 2992, received 3064 bytes, in 25.6 seconds
Bytes per second: sent 116.7, received 119.5
debug1: Exit status 0
[oneadmin at rtfwops1 ~]$ ssh -v oneadmin at rtfwops2
OpenSSH_5.3p1, OpenSSL 1.0.0-fips 29 Mar 2010
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Connecting to rtfwops2 [xxx.xxx.xxx.138] port 22.
debug1: Connection established.
debug1: identity file /var/lib/one/.ssh/identity type -1
debug1: identity file /var/lib/one/.ssh/id_rsa type -1
debug1: identity file /var/lib/one/.ssh/id_dsa type 2
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.3
debug1: match: OpenSSH_5.3 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.3
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host 'rtfwops2' is known and matches the RSA host key.
debug1: Found key in /var/lib/one/.ssh/known_hosts:1
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue:
publickey,gssapi-keyex,gssapi-with-mic,password
debug1: Next authentication method: publickey
debug1: Trying private key: /var/lib/one/.ssh/identity
debug1: Trying private key: /var/lib/one/.ssh/id_rsa
debug1: Offering public key: /var/lib/one/.ssh/id_dsa
debug1: Server accepts key: pkalg ssh-dss blen 434
debug1: read PEM private key done: type DSA
debug1: Authentication succeeded (publickey).
debug1: channel 0: new [client-session]
debug1: Requesting no-more-sessions at openssh.com
debug1: Entering interactive session.
debug1: Sending environment.
debug1: Sending env LANG = en_US.UTF-8
Last login: Mon Aug 5 12:21:57 2013 from xxx.xxx.xxx.137
[oneadmin at rtfwops2 ~]$
HTH
Pierre
On 5 August 2013 12:19, Olivier Sallou <olivier.sallou at irisa.fr> wrote:
>
> On 08/05/2013 11:59 AM, Pierre Naude wrote:
>
> Good Morning,
>
> I'm busy setting up a proof-of-concept using ONE and have run into a
> problem adding hosts to the server.
>
> My ONE server is a Centos 6.4 installation, and so is the host I'm adding
> to the server.
>
> I am able to ssh successfully without password from the server to the
> host as root and oneadmin and vice versa (I have also made sure the servers
> can connect to themselves without password).
>
> The problem is that the one server monitoring process is failing to ssh
> passwordlessly from the server to the host:
>
> Debug from the server:
>
> Mon Aug 5 11:48:10 2013 [InM][I]: Monitoring host rtfwops2.rorotika (7)
> Mon Aug 5 11:48:10 2013 [InM][I]: Command execution fail: 'if [ -x
> "/var/tmp/one/im/run_probes" ]; then
> /var/tmp/one/im/run_probes kvm 7 rtfwops2.rorotika;
> else exit 42; fi'
> Mon Aug 5 11:48:10 2013 [InM][I]: debug1: Connecting to rtfwops2.rorotika
> [xxx.xxx.xxx.138] port 22.
> Mon Aug 5 11:48:10 2013 [InM][I]: debug1: Connection established.
> Mon Aug 5 11:48:10 2013 [InM][I]: debug1: identity file
> /var/lib/one/.ssh/identity type -1
> Mon Aug 5 11:48:10 2013 [InM][I]: debug1: identity file
> /var/lib/one/.ssh/id_rsa type -1
> Mon Aug 5 11:48:10 2013 [InM][I]: debug1: identity file
> /var/lib/one/.ssh/id_dsa type 2
> Mon Aug 5 11:48:10 2013 [InM][I]: debug1: Remote protocol version 2.0,
> remote software version OpenSSH_5.3
> Mon Aug 5 11:48:10 2013 [InM][I]: debug1: match: OpenSSH_5.3 pat OpenSSH*
> Mon Aug 5 11:48:10 2013 [InM][I]: debug1: Enabling compatibility mode for
> protocol 2.0
> Mon Aug 5 11:48:10 2013 [InM][I]: debug1: Local version string
> SSH-2.0-OpenSSH_5.3
> Mon Aug 5 11:48:10 2013 [InM][I]: debug1: SSH2_MSG_KEXINIT sent
> Mon Aug 5 11:48:10 2013 [InM][I]: debug1: SSH2_MSG_KEXINIT received
> Mon Aug 5 11:48:10 2013 [InM][I]: debug1: kex: server->client aes128-ctr
> hmac-md5 none
> Mon Aug 5 11:48:10 2013 [InM][I]: debug1: kex: client->server aes128-ctr
> hmac-md5 none
> Mon Aug 5 11:48:10 2013 [InM][I]: debug1:
> SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
> Mon Aug 5 11:48:10 2013 [InM][I]: debug1: expecting
> SSH2_MSG_KEX_DH_GEX_GROUP
> Mon Aug 5 11:48:10 2013 [InM][I]: debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
> Mon Aug 5 11:48:10 2013 [InM][I]: debug1: expecting
> SSH2_MSG_KEX_DH_GEX_REPLY
> Mon Aug 5 11:48:10 2013 [InM][I]: debug1: read_passphrase: can't open
> /dev/tty: No such device or address
>
> It seems it expects to get your passphrase here. I think your key is
> password protected (and this is fine).
> When you made your connection tests, are you sure you used the oneadmin
> user key (and not one loaded via ssh-agent or something like that) ?
>
> Olivier
>
> Mon Aug 5 11:48:10 2013 [InM][I]: Host key verification failed.
> Mon Aug 5 11:48:10 2013 [InM][I]: ExitCode: 255
> Mon Aug 5 11:48:10 2013 [ONE][E]: Error monitoring Host rtfwops2.rorotika
> (7): -
>
> Debug from the host:
>
> Aug 5 11:48:10 rtfwops2 sshd[2301]: debug1: Forked child 11777.
> Aug 5 11:48:10 rtfwops2 sshd[11777]: Set /proc/self/oom_score_adj to 0
> Aug 5 11:48:10 rtfwops2 sshd[11777]: debug1: rexec start in 5 out 5
> newsock 5 pipe 7 sock 8
> Aug 5 11:48:10 rtfwops2 sshd[11777]: debug1: inetd sockets after dupping:
> 3, 3
> Aug 5 11:48:10 rtfwops2 sshd[11777]: Connection from 172.28.200.137 port
> 52989
> Aug 5 11:48:10 rtfwops2 sshd[11777]: debug1: Client protocol version 2.0;
> client software version Open
> SSH_5.3
> Aug 5 11:48:10 rtfwops2 sshd[11777]: debug1: match: OpenSSH_5.3 pat
> OpenSSH*
> Aug 5 11:48:10 rtfwops2 sshd[11777]: debug1: Enabling compatibility mode
> for protocol 2.0
> Aug 5 11:48:10 rtfwops2 sshd[11777]: debug1: Local version string
> SSH-2.0-OpenSSH_5.3
> Aug 5 11:48:10 rtfwops2 sshd[11778]: debug1: permanently_set_uid: 74/74
> Aug 5 11:48:10 rtfwops2 sshd[11778]: debug1: list_hostkey_types:
> ssh-rsa,ssh-dss
> Aug 5 11:48:10 rtfwops2 sshd[11778]: debug1: SSH2_MSG_KEXINIT sent
> Aug 5 11:48:10 rtfwops2 sshd[11778]: debug1: SSH2_MSG_KEXINIT received
> Aug 5 11:48:10 rtfwops2 sshd[11778]: debug1: kex: client->server
> aes128-ctr hmac-md5 none
> Aug 5 11:48:10 rtfwops2 sshd[11778]: debug1: kex: server->client
> aes128-ctr hmac-md5 none
> Aug 5 11:48:10 rtfwops2 sshd[11778]: debug1: SSH2_MSG_KEX_DH_GEX_REQUEST
> received
> Aug 5 11:48:10 rtfwops2 sshd[11778]: debug1: SSH2_MSG_KEX_DH_GEX_GROUP
> sent
> Aug 5 11:48:10 rtfwops2 sshd[11778]: debug1: expecting
> SSH2_MSG_KEX_DH_GEX_INIT
> Aug 5 11:48:10 rtfwops2 sshd[11778]: debug1: SSH2_MSG_KEX_DH_GEX_REPLY
> sent
> Aug 5 11:48:10 rtfwops2 sshd[11778]: debug1: SSH2_MSG_NEWKEYS sent
> Aug 5 11:48:10 rtfwops2 sshd[11778]: debug1: expecting SSH2_MSG_NEWKEYS
> Aug 5 11:48:10 rtfwops2 sshd[11778]: Connection closed by xxx.xxx.xxx.137
> Aug 5 11:48:10 rtfwops2 sshd[11778]: debug1: do_cleanup
> Aug 5 11:48:10 rtfwops2 sshd[11777]: debug1: do_cleanup
>
> When I run a script from onadmin's cron on the server it can also ssh
> successfully without password - I don't think this is a key issue.
>
> Any suggestions?
>
> Thanks
>
> Pierre
>
> --
> Pierre Naude
> Rorotika Technologies
>
> e-mail: pierre.naude at rorotika.com
> Tel.: +27-11-568-0805
> Cell.: +27-82-901-9609
> Skype: pierre_naude
> Google Hangouts: pierre.naude at rorotika.com
>
>
> _______________________________________________
> Users mailing listUsers at lists.opennebula.orghttp://lists.opennebula.org/listinfo.cgi/users-opennebula.org
>
>
> --
> Olivier Sallou
> IRISA / University of Rennes 1
> Campus de Beaulieu, 35000 RENNES - FRANCE
> Tel: 02.99.84.71.95
>
> gpg key id: 4096R/326D8438 (keyring.debian.org)
> Key fingerprint = 5FB4 6F83 D3B9 5204 6335 D26D 78DC 68DB 326D 8438
>
>
>
--
Pierre Naude
Rorotika Technologies
e-mail: pierre.naude at rorotika.com
Tel.: +27-11-568-0805
Cell.: +27-82-901-9609
Skype: pierre_naude
Google Hangouts: pierre.naude at rorotika.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opennebula.org/pipermail/users-opennebula.org/attachments/20130805/541ff6f0/attachment-0002.htm>
More information about the Users
mailing list