<html>
  <head>
    <meta content="text/html; charset=ISO-8859-1"
      http-equiv="Content-Type">
  </head>
  <body text="#000000" bgcolor="#FFFFFF">
    <br>
    <div class="moz-cite-prefix">On 08/05/2013 12:40 PM, Pierre Naude
      wrote:<br>
    </div>
    <blockquote
cite="mid:CAP-9kwtWKyDYuL75SmO47HqJd2GdDVvfQsHm93BbSer3qLHdWg@mail.gmail.com"
      type="cite">
      <div dir="ltr">
        <div>
          <div>
            <div>Hi Olivier,<br>
              <br>
            </div>
            No - as per the docs the key is not password protected. <br>
            <br>
          </div>
          <div>Also neither of the systems are configured to use
            ssh-agent (ForwardAgent is set to no and SSH_AUTH_SOCK never
            gets set). </div>
          <div><br>
          </div>
          From the command line it works whether I force the key or not:<br>
          <br>
          <font size="1"><span style="font-family:courier new,monospace">[oneadmin@rtfwops1
              ~]$ ssh -v -i /var/lib/one/.ssh/id_dsa oneadmin@rtfwops2<br>
              OpenSSH_5.3p1, OpenSSL 1.0.0-fips 29 Mar 2010<br>
              debug1: Reading configuration data /etc/ssh/ssh_config<br>
              debug1: Applying options for *<br>
              debug1: Connecting to rtfwops2 [xxx.xxx.xxx.138] port 22.<br>
              debug1: Connection established.<br>
              debug1: identity file /var/lib/one/.ssh/id_dsa type 2<br>
              debug1: Remote protocol version 2.0, remote software
              version OpenSSH_5.3<br>
              debug1: match: OpenSSH_5.3 pat OpenSSH*<br>
              debug1: Enabling compatibility mode for protocol 2.0<br>
              debug1: Local version string SSH-2.0-OpenSSH_5.3<br>
              debug1: SSH2_MSG_KEXINIT sent<br>
              debug1: SSH2_MSG_KEXINIT received<br>
              debug1: kex: server->client aes128-ctr hmac-md5 none<br>
              debug1: kex: client->server aes128-ctr hmac-md5 none<br>
              debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192)
              sent<br>
              debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP<br>
              debug1: SSH2_MSG_KEX_DH_GEX_INIT sent<br>
              debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY<br>
              debug1: Host 'rtfwops2' is known and matches the RSA host
              key.<br>
              debug1: Found key in /var/lib/one/.ssh/known_hosts:1<br>
              debug1: ssh_rsa_verify: signature correct<br>
              debug1: SSH2_MSG_NEWKEYS sent<br>
              debug1: expecting SSH2_MSG_NEWKEYS<br>
              debug1: SSH2_MSG_NEWKEYS received<br>
              debug1: SSH2_MSG_SERVICE_REQUEST sent<br>
              debug1: SSH2_MSG_SERVICE_ACCEPT received<br>
              debug1: Authentications that can continue:
              publickey,gssapi-keyex,gssapi-with-mic,password<br>
              debug1: Next authentication method: publickey<br>
              debug1: Offering public key: /var/lib/one/.ssh/id_dsa<br>
              debug1: Server accepts key: pkalg ssh-dss blen 434<br>
              debug1: read PEM private key done: type DSA<br>
              debug1: Authentication succeeded (publickey).<br>
              debug1: channel 0: new [client-session]<br>
              debug1: Requesting <a moz-do-not-send="true"
                href="mailto:no-more-sessions@openssh.com">no-more-sessions@openssh.com</a><br>
              debug1: Entering interactive session.<br>
              debug1: Sending environment.<br>
              debug1: Sending env LANG = en_US.UTF-8<br>
              Last login: Mon Aug  5 11:37:43 2013 from xxx.xxx.xxx.138<br>
              [oneadmin@rtfwops2 ~]$ debug1: client_input_channel_req:
              channel 0 rtype exit-status reply 0<br>
              debug1: client_input_channel_req: channel 0 rtype <a
                moz-do-not-send="true" href="mailto:eow@openssh.com">eow@openssh.com</a>
              reply 0<br>
              debug1: channel 0: forcing write<br>
              logout<br>
              debug1: channel 0: free: client-session, nchannels 1<br>
              Connection to rtfwops2 closed.<br>
              Transferred: sent 2992, received 3064 bytes, in 25.6
              seconds<br>
              Bytes per second: sent 116.7, received 119.5<br>
              debug1: Exit status 0<br>
              <br>
              [oneadmin@rtfwops1 ~]$ ssh -v oneadmin@rtfwops2<br>
              OpenSSH_5.3p1, OpenSSL 1.0.0-fips 29 Mar 2010<br>
              debug1: Reading configuration data /etc/ssh/ssh_config<br>
              debug1: Applying options for *<br>
              debug1: Connecting to rtfwops2 [xxx.xxx.xxx.138] port 22.<br>
              debug1: Connection established.<br>
              debug1: identity file /var/lib/one/.ssh/identity type -1<br>
              debug1: identity file /var/lib/one/.ssh/id_rsa type -1<br>
              debug1: identity file /var/lib/one/.ssh/id_dsa type 2<br>
              debug1: Remote protocol version 2.0, remote software
              version OpenSSH_5.3<br>
              debug1: match: OpenSSH_5.3 pat OpenSSH*<br>
              debug1: Enabling compatibility mode for protocol 2.0<br>
              debug1: Local version string SSH-2.0-OpenSSH_5.3<br>
              debug1: SSH2_MSG_KEXINIT sent<br>
              debug1: SSH2_MSG_KEXINIT received<br>
              debug1: kex: server->client aes128-ctr hmac-md5 none<br>
              debug1: kex: client->server aes128-ctr hmac-md5 none<br>
              debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192)
              sent<br>
              debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP<br>
              debug1: SSH2_MSG_KEX_DH_GEX_INIT sent<br>
              debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY<br>
              debug1: Host 'rtfwops2' is known and matches the RSA host
              key.<br>
            </span></font></div>
      </div>
    </blockquote>
    <br>
    This is gine for host match here, but not in your previous log:<br>
    <big><big><font size="1"><big><big><span style="font-family:courier
                new,monospace">"Mon Aug  5 11:48:10 2013 [InM][I]: Host
                key verification failed."<br>
                <font size="1"><big><big>Could be know<font size="1"><big><big>n_host
                            issue but<big><big><font size="1"><big><big>
                                      it should fail via command line
                                      too.</big></big></font></big></big></big></big></font></big></big></font><br>
              </span></big></big></font></big></big><br>
    <blockquote
cite="mid:CAP-9kwtWKyDYuL75SmO47HqJd2GdDVvfQsHm93BbSer3qLHdWg@mail.gmail.com"
      type="cite">
      <div dir="ltr">
        <div><font size="1"><span style="font-family:courier
              new,monospace">debug1: Found key in
              /var/lib/one/.ssh/known_hosts:1<br>
              debug1: ssh_rsa_verify: signature correct<br>
              debug1: SSH2_MSG_NEWKEYS sent<br>
              debug1: expecting SSH2_MSG_NEWKEYS<br>
              debug1: SSH2_MSG_NEWKEYS received<br>
              debug1: SSH2_MSG_SERVICE_REQUEST sent<br>
              debug1: SSH2_MSG_SERVICE_ACCEPT received<br>
              debug1: Authentications that can continue:
              publickey,gssapi-keyex,gssapi-with-mic,password<br>
              debug1: Next authentication method: publickey<br>
              debug1: Trying private key: /var/lib/one/.ssh/identity<br>
              debug1: Trying private key: /var/lib/one/.ssh/id_rsa<br>
              debug1: Offering public key: /var/lib/one/.ssh/id_dsa<br>
              debug1: Server accepts key: pkalg ssh-dss blen 434<br>
              debug1: read PEM private key done: type DSA<br>
              debug1: Authentication succeeded (publickey).<br>
              debug1: channel 0: new [client-session]<br>
              debug1: Requesting <a moz-do-not-send="true"
                href="mailto:no-more-sessions@openssh.com">no-more-sessions@openssh.com</a><br>
              debug1: Entering interactive session.<br>
              debug1: Sending environment.<br>
              debug1: Sending env LANG = en_US.UTF-8<br>
              Last login: Mon Aug  5 12:21:57 2013 from xxx.xxx.xxx.137<br>
              [oneadmin@rtfwops2 ~]$ </span></font><br>
          <br>
        </div>
        <div>HTH<br>
          <br>
        </div>
        <div>Pierre<br>
        </div>
        <div>
          <div><br>
            <br>
          </div>
        </div>
      </div>
      <div class="gmail_extra"><br>
        <br>
        <div class="gmail_quote">On 5 August 2013 12:19, Olivier Sallou
          <span dir="ltr"><<a moz-do-not-send="true"
              href="mailto:olivier.sallou@irisa.fr" target="_blank">olivier.sallou@irisa.fr</a>></span>
          wrote:<br>
          <blockquote class="gmail_quote" style="margin:0 0 0
            .8ex;border-left:1px #ccc solid;padding-left:1ex">
            <div text="#000000" bgcolor="#FFFFFF">
              <div>
                <div class="h5"> <br>
                  <div>On 08/05/2013 11:59 AM, Pierre Naude wrote:<br>
                  </div>
                  <blockquote type="cite">
                    <div dir="ltr">
                      <div>
                        <div>Good Morning,<br>
                          <br>
                          I'm busy setting up a proof-of-concept using
                          ONE and have run into a problem adding hosts
                          to the server.<br>
                          <br>
                        </div>
                        My ONE server is a Centos 6.4 installation, and
                        so is the host I'm adding to the server.<br>
                        <br>
                      </div>
                      <div>I am able to ssh successfully without
                        password from the server to the host as root and
                        oneadmin and vice versa (I have also made sure
                        the servers can connect to themselves without
                        password).<br>
                        <br>
                      </div>
                      <div> The problem is that the one server
                        monitoring process is failing to ssh
                        passwordlessly from the server to the host:<br>
                        <br>
                      </div>
                      <div>Debug from the server:<br>
                        <br>
                        <font size="1"><span style="font-family:courier
                            new,monospace">Mon Aug  5 11:48:10 2013
                            [InM][I]: Monitoring host rtfwops2.rorotika
                            (7)<br>
                            Mon Aug  5 11:48:10 2013 [InM][I]: Command
                            execution fail: 'if [ -x
                            "/var/tmp/one/im/run_probes" ]; then<br>
                             /var/tmp/one/im/run_probes kvm 7
                            rtfwops2.rorotika;
                            else                              exit 42;
                            fi'<br>
                            Mon Aug  5 11:48:10 2013 [InM][I]: debug1:
                            Connecting to rtfwops2.rorotika
                            [xxx.xxx.xxx.138] port 22.<br>
                            Mon Aug  5 11:48:10 2013 [InM][I]: debug1:
                            Connection established.<br>
                            Mon Aug  5 11:48:10 2013 [InM][I]: debug1:
                            identity file /var/lib/one/.ssh/identity
                            type -1<br>
                            Mon Aug  5 11:48:10 2013 [InM][I]: debug1:
                            identity file /var/lib/one/.ssh/id_rsa type
                            -1<br>
                            Mon Aug  5 11:48:10 2013 [InM][I]: debug1:
                            identity file /var/lib/one/.ssh/id_dsa type
                            2<br>
                            Mon Aug  5 11:48:10 2013 [InM][I]: debug1:
                            Remote protocol version 2.0, remote software
                            version OpenSSH_5.3<br>
                            Mon Aug  5 11:48:10 2013 [InM][I]: debug1:
                            match: OpenSSH_5.3 pat OpenSSH*<br>
                            Mon Aug  5 11:48:10 2013 [InM][I]: debug1:
                            Enabling compatibility mode for protocol 2.0<br>
                            Mon Aug  5 11:48:10 2013 [InM][I]: debug1:
                            Local version string SSH-2.0-OpenSSH_5.3<br>
                            Mon Aug  5 11:48:10 2013 [InM][I]: debug1:
                            SSH2_MSG_KEXINIT sent<br>
                            Mon Aug  5 11:48:10 2013 [InM][I]: debug1:
                            SSH2_MSG_KEXINIT received<br>
                            Mon Aug  5 11:48:10 2013 [InM][I]: debug1:
                            kex: server->client aes128-ctr hmac-md5
                            none<br>
                            Mon Aug  5 11:48:10 2013 [InM][I]: debug1:
                            kex: client->server aes128-ctr hmac-md5
                            none<br>
                            Mon Aug  5 11:48:10 2013 [InM][I]: debug1:
                            SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192)
                            sent<br>
                            Mon Aug  5 11:48:10 2013 [InM][I]: debug1:
                            expecting SSH2_MSG_KEX_DH_GEX_GROUP<br>
                            Mon Aug  5 11:48:10 2013 [InM][I]: debug1:
                            SSH2_MSG_KEX_DH_GEX_INIT sent<br>
                            Mon Aug  5 11:48:10 2013 [InM][I]: debug1:
                            expecting SSH2_MSG_KEX_DH_GEX_REPLY<br>
                            Mon Aug  5 11:48:10 2013 [InM][I]: debug1:
                            read_passphrase: can't open /dev/tty: No
                            such device or address<br>
                          </span></font></div>
                    </div>
                  </blockquote>
                </div>
              </div>
              <font size="1"><big><big>It seems it expects to get you</big></big><font
                  size="1"><big><big>r pass</big></big><font size="1"><big><big>phrase

                        here. I think <font size="1"><big><big>y</big></big></font>our

                        key is password protected<font size="1"> (and
                          this is fine).</font><br>
                        <font size="1"><big><big>When you made your
                              connection tests, are you sure </big></big><font
                            size="1"><big><big>you used the oneadmin
                                user key (and not one loaded via
                                ssh-agent or something like that) ?<br>
                                <br>
                                <font size="1"><big><big>Olivier</big></big></font></big></big><br>
                          </font></font></big></big><br>
                  </font></font></font>
              <blockquote type="cite">
                <div>
                  <div class="h5">
                    <div dir="ltr">
                      <div><font size="1"><span
                            style="font-family:courier new,monospace">
                            Mon Aug  5 11:48:10 2013 [InM][I]: Host key
                            verification failed.<br>
                            Mon Aug  5 11:48:10 2013 [InM][I]: ExitCode:
                            255<br>
                            Mon Aug  5 11:48:10 2013 [ONE][E]: Error
                            monitoring Host rtfwops2.rorotika (7): -</span></font><br>
                        <br>
                      </div>
                      <div>Debug from the host:<br>
                        <br>
                        <font size="1"><span style="font-family:courier
                            new,monospace">Aug  5 11:48:10 rtfwops2
                            sshd[2301]: debug1: Forked child 11777.<br>
                            Aug  5 11:48:10 rtfwops2 sshd[11777]: Set
                            /proc/self/oom_score_adj to 0<br>
                            Aug  5 11:48:10 rtfwops2 sshd[11777]:
                            debug1: rexec start in 5 out 5 newsock 5
                            pipe 7 sock 8<br>
                            Aug  5 11:48:10 rtfwops2 sshd[11777]:
                            debug1: inetd sockets after dupping: 3, 3<br>
                            Aug  5 11:48:10 rtfwops2 sshd[11777]:
                            Connection from 172.28.200.137 port 52989<br>
                            Aug  5 11:48:10 rtfwops2 sshd[11777]:
                            debug1: Client protocol version 2.0; client
                            software version Open<br>
                            SSH_5.3<br>
                            Aug  5 11:48:10 rtfwops2 sshd[11777]:
                            debug1: match: OpenSSH_5.3 pat OpenSSH*<br>
                            Aug  5 11:48:10 rtfwops2 sshd[11777]:
                            debug1: Enabling compatibility mode for
                            protocol 2.0<br>
                            Aug  5 11:48:10 rtfwops2 sshd[11777]:
                            debug1: Local version string
                            SSH-2.0-OpenSSH_5.3<br>
                            Aug  5 11:48:10 rtfwops2 sshd[11778]:
                            debug1: permanently_set_uid: 74/74<br>
                            Aug  5 11:48:10 rtfwops2 sshd[11778]:
                            debug1: list_hostkey_types: ssh-rsa,ssh-dss<br>
                            Aug  5 11:48:10 rtfwops2 sshd[11778]:
                            debug1: SSH2_MSG_KEXINIT sent<br>
                            Aug  5 11:48:10 rtfwops2 sshd[11778]:
                            debug1: SSH2_MSG_KEXINIT received<br>
                            Aug  5 11:48:10 rtfwops2 sshd[11778]:
                            debug1: kex: client->server aes128-ctr
                            hmac-md5 none<br>
                            Aug  5 11:48:10 rtfwops2 sshd[11778]:
                            debug1: kex: server->client aes128-ctr
                            hmac-md5 none<br>
                            Aug  5 11:48:10 rtfwops2 sshd[11778]:
                            debug1: SSH2_MSG_KEX_DH_GEX_REQUEST received<br>
                            Aug  5 11:48:10 rtfwops2 sshd[11778]:
                            debug1: SSH2_MSG_KEX_DH_GEX_GROUP sent<br>
                            Aug  5 11:48:10 rtfwops2 sshd[11778]:
                            debug1: expecting SSH2_MSG_KEX_DH_GEX_INIT<br>
                            Aug  5 11:48:10 rtfwops2 sshd[11778]:
                            debug1: SSH2_MSG_KEX_DH_GEX_REPLY sent<br>
                            Aug  5 11:48:10 rtfwops2 sshd[11778]:
                            debug1: SSH2_MSG_NEWKEYS sent<br>
                            Aug  5 11:48:10 rtfwops2 sshd[11778]:
                            debug1: expecting SSH2_MSG_NEWKEYS<br>
                            Aug  5 11:48:10 rtfwops2 sshd[11778]:
                            Connection closed by xxx.xxx.xxx.137<br>
                            Aug  5 11:48:10 rtfwops2 sshd[11778]:
                            debug1: do_cleanup<br>
                            Aug  5 11:48:10 rtfwops2 sshd[11777]:
                            debug1: do_cleanup</span></font><br>
                        <br>
                      </div>
                      <div>
                        <div>
                          <div>When I run a script from onadmin's cron
                            on the server it can also ssh successfully
                            without password - I don't think this is a
                            key issue.<br>
                            <br>
                          </div>
                          <div>Any suggestions?<br>
                            <br>
                          </div>
                          <div> Thanks<br>
                            <br>
                            Pierre<br>
                            <br>
                          </div>
                          <div>-- <br>
                            <div dir="ltr">Pierre Naude<br>
                              Rorotika Technologies<br>
                              <br>
                              e-mail: <a moz-do-not-send="true"
                                href="mailto:pierre.naude@rorotika.com"
                                target="_blank">pierre.naude@rorotika.com</a><br>
                              Tel.: +27-11-568-0805<br>
                              Cell.:  +27-82-901-9609<br>
                              Skype: pierre_naude<br>
                              Google Hangouts: <a
                                moz-do-not-send="true"
                                href="mailto:pierre.naude@rorotika.com"
                                target="_blank">pierre.naude@rorotika.com</a><br>
                            </div>
                          </div>
                        </div>
                      </div>
                    </div>
                    <br>
                    <fieldset></fieldset>
                    <br>
                  </div>
                </div>
                <pre>_______________________________________________
Users mailing list
<a moz-do-not-send="true" href="mailto:Users@lists.opennebula.org" target="_blank">Users@lists.opennebula.org</a>
<a moz-do-not-send="true" href="http://lists.opennebula.org/listinfo.cgi/users-opennebula.org" target="_blank">http://lists.opennebula.org/listinfo.cgi/users-opennebula.org</a><span class="HOEnZb"><font color="#888888">
</font></span></pre>
                <span class="HOEnZb"><font color="#888888"> </font></span></blockquote>
              <span class="HOEnZb"><font color="#888888"> <br>
                  <pre cols="72">-- 
Olivier Sallou
IRISA / University of Rennes 1
Campus de Beaulieu, 35000 RENNES - FRANCE
Tel: 02.99.84.71.95

gpg key id: 4096R/326D8438  (<a moz-do-not-send="true" href="http://keyring.debian.org" target="_blank">keyring.debian.org</a>)
Key fingerprint = 5FB4 6F83 D3B9 5204 6335  D26D 78DC 68DB 326D 8438

</pre>
                </font></span></div>
          </blockquote>
        </div>
        <br>
        <br clear="all">
        <br>
        -- <br>
        <div dir="ltr">Pierre Naude<br>
          Rorotika Technologies<br>
          <br>
          e-mail: <a moz-do-not-send="true"
            href="mailto:pierre.naude@rorotika.com" target="_blank">pierre.naude@rorotika.com</a><br>
          Tel.: +27-11-568-0805<br>
          Cell.:  +27-82-901-9609<br>
          Skype: pierre_naude<br>
          Google Hangouts: <a moz-do-not-send="true"
            href="mailto:pierre.naude@rorotika.com" target="_blank">pierre.naude@rorotika.com</a><br>
        </div>
      </div>
    </blockquote>
    <br>
    <pre class="moz-signature" cols="72">-- 
Olivier Sallou
IRISA / University of Rennes 1
Campus de Beaulieu, 35000 RENNES - FRANCE
Tel: 02.99.84.71.95

gpg key id: 4096R/326D8438  (keyring.debian.org)
Key fingerprint = 5FB4 6F83 D3B9 5204 6335  D26D 78DC 68DB 326D 8438

</pre>
  </body>
</html>