<div dir="ltr"><div><div><div>Hi Olivier,<br><br></div>No - as per the docs the key is not password protected. <br><br></div><div>Also neither of the systems are configured to use ssh-agent (ForwardAgent is set to no and SSH_AUTH_SOCK never gets set). </div>
<div><br></div>From the command line it works whether I force the key or not:<br><br><font size="1"><span style="font-family:courier new,monospace">[oneadmin@rtfwops1 ~]$ ssh -v -i /var/lib/one/.ssh/id_dsa oneadmin@rtfwops2<br>
OpenSSH_5.3p1, OpenSSL 1.0.0-fips 29 Mar 2010<br>debug1: Reading configuration data /etc/ssh/ssh_config<br>debug1: Applying options for *<br>debug1: Connecting to rtfwops2 [xxx.xxx.xxx.138] port 22.<br>debug1: Connection established.<br>
debug1: identity file /var/lib/one/.ssh/id_dsa type 2<br>debug1: Remote protocol version 2.0, remote software version OpenSSH_5.3<br>debug1: match: OpenSSH_5.3 pat OpenSSH*<br>debug1: Enabling compatibility mode for protocol 2.0<br>
debug1: Local version string SSH-2.0-OpenSSH_5.3<br>debug1: SSH2_MSG_KEXINIT sent<br>debug1: SSH2_MSG_KEXINIT received<br>debug1: kex: server->client aes128-ctr hmac-md5 none<br>debug1: kex: client->server aes128-ctr hmac-md5 none<br>
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent<br>debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP<br>debug1: SSH2_MSG_KEX_DH_GEX_INIT sent<br>debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY<br>debug1: Host 'rtfwops2' is known and matches the RSA host key.<br>
debug1: Found key in /var/lib/one/.ssh/known_hosts:1<br>debug1: ssh_rsa_verify: signature correct<br>debug1: SSH2_MSG_NEWKEYS sent<br>debug1: expecting SSH2_MSG_NEWKEYS<br>debug1: SSH2_MSG_NEWKEYS received<br>debug1: SSH2_MSG_SERVICE_REQUEST sent<br>
debug1: SSH2_MSG_SERVICE_ACCEPT received<br>debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password<br>debug1: Next authentication method: publickey<br>debug1: Offering public key: /var/lib/one/.ssh/id_dsa<br>
debug1: Server accepts key: pkalg ssh-dss blen 434<br>debug1: read PEM private key done: type DSA<br>debug1: Authentication succeeded (publickey).<br>debug1: channel 0: new [client-session]<br>debug1: Requesting <a href="mailto:no-more-sessions@openssh.com">no-more-sessions@openssh.com</a><br>
debug1: Entering interactive session.<br>debug1: Sending environment.<br>debug1: Sending env LANG = en_US.UTF-8<br>Last login: Mon Aug 5 11:37:43 2013 from xxx.xxx.xxx.138<br>[oneadmin@rtfwops2 ~]$ debug1: client_input_channel_req: channel 0 rtype exit-status reply 0<br>
debug1: client_input_channel_req: channel 0 rtype <a href="mailto:eow@openssh.com">eow@openssh.com</a> reply 0<br>debug1: channel 0: forcing write<br>logout<br>debug1: channel 0: free: client-session, nchannels 1<br>Connection to rtfwops2 closed.<br>
Transferred: sent 2992, received 3064 bytes, in 25.6 seconds<br>Bytes per second: sent 116.7, received 119.5<br>debug1: Exit status 0<br><br>[oneadmin@rtfwops1 ~]$ ssh -v oneadmin@rtfwops2<br>OpenSSH_5.3p1, OpenSSL 1.0.0-fips 29 Mar 2010<br>
debug1: Reading configuration data /etc/ssh/ssh_config<br>debug1: Applying options for *<br>debug1: Connecting to rtfwops2 [xxx.xxx.xxx.138] port 22.<br>debug1: Connection established.<br>debug1: identity file /var/lib/one/.ssh/identity type -1<br>
debug1: identity file /var/lib/one/.ssh/id_rsa type -1<br>debug1: identity file /var/lib/one/.ssh/id_dsa type 2<br>debug1: Remote protocol version 2.0, remote software version OpenSSH_5.3<br>debug1: match: OpenSSH_5.3 pat OpenSSH*<br>
debug1: Enabling compatibility mode for protocol 2.0<br>debug1: Local version string SSH-2.0-OpenSSH_5.3<br>debug1: SSH2_MSG_KEXINIT sent<br>debug1: SSH2_MSG_KEXINIT received<br>debug1: kex: server->client aes128-ctr hmac-md5 none<br>
debug1: kex: client->server aes128-ctr hmac-md5 none<br>debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent<br>debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP<br>debug1: SSH2_MSG_KEX_DH_GEX_INIT sent<br>debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY<br>
debug1: Host 'rtfwops2' is known and matches the RSA host key.<br>debug1: Found key in /var/lib/one/.ssh/known_hosts:1<br>debug1: ssh_rsa_verify: signature correct<br>debug1: SSH2_MSG_NEWKEYS sent<br>debug1: expecting SSH2_MSG_NEWKEYS<br>
debug1: SSH2_MSG_NEWKEYS received<br>debug1: SSH2_MSG_SERVICE_REQUEST sent<br>debug1: SSH2_MSG_SERVICE_ACCEPT received<br>debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password<br>debug1: Next authentication method: publickey<br>
debug1: Trying private key: /var/lib/one/.ssh/identity<br>debug1: Trying private key: /var/lib/one/.ssh/id_rsa<br>debug1: Offering public key: /var/lib/one/.ssh/id_dsa<br>debug1: Server accepts key: pkalg ssh-dss blen 434<br>
debug1: read PEM private key done: type DSA<br>debug1: Authentication succeeded (publickey).<br>debug1: channel 0: new [client-session]<br>debug1: Requesting <a href="mailto:no-more-sessions@openssh.com">no-more-sessions@openssh.com</a><br>
debug1: Entering interactive session.<br>debug1: Sending environment.<br>debug1: Sending env LANG = en_US.UTF-8<br>Last login: Mon Aug 5 12:21:57 2013 from xxx.xxx.xxx.137<br>[oneadmin@rtfwops2 ~]$ </span></font><br><br>
</div><div>HTH<br><br></div><div>Pierre<br></div><div><div><br><br></div></div></div><div class="gmail_extra"><br><br><div class="gmail_quote">On 5 August 2013 12:19, Olivier Sallou <span dir="ltr"><<a href="mailto:olivier.sallou@irisa.fr" target="_blank">olivier.sallou@irisa.fr</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div text="#000000" bgcolor="#FFFFFF"><div><div class="h5">
<br>
<div>On 08/05/2013 11:59 AM, Pierre Naude
wrote:<br>
</div>
<blockquote type="cite">
<div dir="ltr">
<div>
<div>Good Morning,<br>
<br>
I'm busy setting up a proof-of-concept using ONE and have
run into a problem adding hosts to the server.<br>
<br>
</div>
My ONE server is a Centos 6.4 installation, and so is the host
I'm adding to the server.<br>
<br>
</div>
<div>I am able to ssh successfully without password from the
server to the host as root and oneadmin and vice versa (I have
also made sure the servers can connect to themselves without
password).<br>
<br>
</div>
<div>
The problem is that the one server monitoring process is
failing to ssh passwordlessly from the server to the host:<br>
<br>
</div>
<div>Debug from the server:<br>
<br>
<font size="1"><span style="font-family:courier new,monospace">Mon
Aug 5 11:48:10 2013 [InM][I]: Monitoring host
rtfwops2.rorotika (7)<br>
Mon Aug 5 11:48:10 2013 [InM][I]: Command execution fail:
'if [ -x "/var/tmp/one/im/run_probes" ]; then<br>
/var/tmp/one/im/run_probes kvm 7 rtfwops2.rorotika;
else exit 42; fi'<br>
Mon Aug 5 11:48:10 2013 [InM][I]: debug1: Connecting to
rtfwops2.rorotika [xxx.xxx.xxx.138] port 22.<br>
Mon Aug 5 11:48:10 2013 [InM][I]: debug1: Connection
established.<br>
Mon Aug 5 11:48:10 2013 [InM][I]: debug1: identity file
/var/lib/one/.ssh/identity type -1<br>
Mon Aug 5 11:48:10 2013 [InM][I]: debug1: identity file
/var/lib/one/.ssh/id_rsa type -1<br>
Mon Aug 5 11:48:10 2013 [InM][I]: debug1: identity file
/var/lib/one/.ssh/id_dsa type 2<br>
Mon Aug 5 11:48:10 2013 [InM][I]: debug1: Remote protocol
version 2.0, remote software version OpenSSH_5.3<br>
Mon Aug 5 11:48:10 2013 [InM][I]: debug1: match:
OpenSSH_5.3 pat OpenSSH*<br>
Mon Aug 5 11:48:10 2013 [InM][I]: debug1: Enabling
compatibility mode for protocol 2.0<br>
Mon Aug 5 11:48:10 2013 [InM][I]: debug1: Local version
string SSH-2.0-OpenSSH_5.3<br>
Mon Aug 5 11:48:10 2013 [InM][I]: debug1:
SSH2_MSG_KEXINIT sent<br>
Mon Aug 5 11:48:10 2013 [InM][I]: debug1:
SSH2_MSG_KEXINIT received<br>
Mon Aug 5 11:48:10 2013 [InM][I]: debug1: kex:
server->client aes128-ctr hmac-md5 none<br>
Mon Aug 5 11:48:10 2013 [InM][I]: debug1: kex:
client->server aes128-ctr hmac-md5 none<br>
Mon Aug 5 11:48:10 2013 [InM][I]: debug1:
SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent<br>
Mon Aug 5 11:48:10 2013 [InM][I]: debug1: expecting
SSH2_MSG_KEX_DH_GEX_GROUP<br>
Mon Aug 5 11:48:10 2013 [InM][I]: debug1:
SSH2_MSG_KEX_DH_GEX_INIT sent<br>
Mon Aug 5 11:48:10 2013 [InM][I]: debug1: expecting
SSH2_MSG_KEX_DH_GEX_REPLY<br>
Mon Aug 5 11:48:10 2013 [InM][I]: debug1:
read_passphrase: can't open /dev/tty: No such device or
address<br>
</span></font></div>
</div>
</blockquote>
</div></div><font size="1"><big><big>It seems it expects to get you</big></big><font size="1"><big><big>r pass</big></big><font size="1"><big><big>phrase
here. I think <font size="1"><big><big>y</big></big></font>our
key is password protected<font size="1"> (and this is
fine).</font><br>
<font size="1"><big><big>When you made your connection
tests, are you sure </big></big><font size="1"><big><big>you
used the oneadmin user key (and not one loaded via
ssh-agent or something like that) ?<br>
<br>
<font size="1"><big><big>Olivier</big></big></font></big></big><br>
</font></font></big></big><br>
</font></font></font>
<blockquote type="cite"><div><div class="h5">
<div dir="ltr">
<div><font size="1"><span style="font-family:courier new,monospace">
Mon Aug 5 11:48:10 2013 [InM][I]: Host key verification
failed.<br>
Mon Aug 5 11:48:10 2013 [InM][I]: ExitCode: 255<br>
Mon Aug 5 11:48:10 2013 [ONE][E]: Error monitoring Host
rtfwops2.rorotika (7): -</span></font><br>
<br>
</div>
<div>Debug from the host:<br>
<br>
<font size="1"><span style="font-family:courier new,monospace">Aug
5 11:48:10 rtfwops2 sshd[2301]: debug1: Forked child
11777.<br>
Aug 5 11:48:10 rtfwops2 sshd[11777]: Set
/proc/self/oom_score_adj to 0<br>
Aug 5 11:48:10 rtfwops2 sshd[11777]: debug1: rexec start
in 5 out 5 newsock 5 pipe 7 sock 8<br>
Aug 5 11:48:10 rtfwops2 sshd[11777]: debug1: inetd
sockets after dupping: 3, 3<br>
Aug 5 11:48:10 rtfwops2 sshd[11777]: Connection from
172.28.200.137 port 52989<br>
Aug 5 11:48:10 rtfwops2 sshd[11777]: debug1: Client
protocol version 2.0; client software version Open<br>
SSH_5.3<br>
Aug 5 11:48:10 rtfwops2 sshd[11777]: debug1: match:
OpenSSH_5.3 pat OpenSSH*<br>
Aug 5 11:48:10 rtfwops2 sshd[11777]: debug1: Enabling
compatibility mode for protocol 2.0<br>
Aug 5 11:48:10 rtfwops2 sshd[11777]: debug1: Local
version string SSH-2.0-OpenSSH_5.3<br>
Aug 5 11:48:10 rtfwops2 sshd[11778]: debug1:
permanently_set_uid: 74/74<br>
Aug 5 11:48:10 rtfwops2 sshd[11778]: debug1:
list_hostkey_types: ssh-rsa,ssh-dss<br>
Aug 5 11:48:10 rtfwops2 sshd[11778]: debug1:
SSH2_MSG_KEXINIT sent<br>
Aug 5 11:48:10 rtfwops2 sshd[11778]: debug1:
SSH2_MSG_KEXINIT received<br>
Aug 5 11:48:10 rtfwops2 sshd[11778]: debug1: kex:
client->server aes128-ctr hmac-md5 none<br>
Aug 5 11:48:10 rtfwops2 sshd[11778]: debug1: kex:
server->client aes128-ctr hmac-md5 none<br>
Aug 5 11:48:10 rtfwops2 sshd[11778]: debug1:
SSH2_MSG_KEX_DH_GEX_REQUEST received<br>
Aug 5 11:48:10 rtfwops2 sshd[11778]: debug1:
SSH2_MSG_KEX_DH_GEX_GROUP sent<br>
Aug 5 11:48:10 rtfwops2 sshd[11778]: debug1: expecting
SSH2_MSG_KEX_DH_GEX_INIT<br>
Aug 5 11:48:10 rtfwops2 sshd[11778]: debug1:
SSH2_MSG_KEX_DH_GEX_REPLY sent<br>
Aug 5 11:48:10 rtfwops2 sshd[11778]: debug1:
SSH2_MSG_NEWKEYS sent<br>
Aug 5 11:48:10 rtfwops2 sshd[11778]: debug1: expecting
SSH2_MSG_NEWKEYS<br>
Aug 5 11:48:10 rtfwops2 sshd[11778]: Connection closed by
xxx.xxx.xxx.137<br>
Aug 5 11:48:10 rtfwops2 sshd[11778]: debug1: do_cleanup<br>
Aug 5 11:48:10 rtfwops2 sshd[11777]: debug1: do_cleanup</span></font><br>
<br>
</div>
<div>
<div>
<div>When I run a script from onadmin's cron on the server
it can also ssh successfully without password - I don't
think this is a key issue.<br>
<br>
</div>
<div>Any suggestions?<br>
<br>
</div>
<div>
Thanks<br>
<br>
Pierre<br>
<br>
</div>
<div>-- <br>
<div dir="ltr">Pierre Naude<br>
Rorotika Technologies<br>
<br>
e-mail: <a href="mailto:pierre.naude@rorotika.com" target="_blank">pierre.naude@rorotika.com</a><br>
Tel.: +27-11-568-0805<br>
Cell.: +27-82-901-9609<br>
Skype: pierre_naude<br>
Google Hangouts: <a href="mailto:pierre.naude@rorotika.com" target="_blank">pierre.naude@rorotika.com</a><br>
</div>
</div>
</div>
</div>
</div>
<br>
<fieldset></fieldset>
<br>
</div></div><pre>_______________________________________________
Users mailing list
<a href="mailto:Users@lists.opennebula.org" target="_blank">Users@lists.opennebula.org</a>
<a href="http://lists.opennebula.org/listinfo.cgi/users-opennebula.org" target="_blank">http://lists.opennebula.org/listinfo.cgi/users-opennebula.org</a><span class="HOEnZb"><font color="#888888">
</font></span></pre><span class="HOEnZb"><font color="#888888">
</font></span></blockquote><span class="HOEnZb"><font color="#888888">
<br>
<pre cols="72">--
Olivier Sallou
IRISA / University of Rennes 1
Campus de Beaulieu, 35000 RENNES - FRANCE
Tel: 02.99.84.71.95
gpg key id: 4096R/326D8438 (<a href="http://keyring.debian.org" target="_blank">keyring.debian.org</a>)
Key fingerprint = 5FB4 6F83 D3B9 5204 6335 D26D 78DC 68DB 326D 8438
</pre>
</font></span></div>
</blockquote></div><br><br clear="all"><br>-- <br><div dir="ltr">Pierre Naude<br>Rorotika Technologies<br><br>e-mail: <a href="mailto:pierre.naude@rorotika.com" target="_blank">pierre.naude@rorotika.com</a><br>Tel.: +27-11-568-0805<br>
Cell.: +27-82-901-9609<br>Skype: pierre_naude<br>Google Hangouts: <a href="mailto:pierre.naude@rorotika.com" target="_blank">pierre.naude@rorotika.com</a><br></div>
</div>