<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<br>
<div class="moz-cite-prefix">On 08/05/2013 11:59 AM, Pierre Naude
wrote:<br>
</div>
<blockquote
cite="mid:CAP-9kwveOoUbvWEgoW7scoC9dZStAUHeuOtfA4ksLRyOrqviPA@mail.gmail.com"
type="cite">
<div dir="ltr">
<div>
<div>Good Morning,<br>
<br>
I'm busy setting up a proof-of-concept using ONE and have
run into a problem adding hosts to the server.<br>
<br>
</div>
My ONE server is a Centos 6.4 installation, and so is the host
I'm adding to the server.<br>
<br>
</div>
<div>I am able to ssh successfully without password from the
server to the host as root and oneadmin and vice versa (I have
also made sure the servers can connect to themselves without
password).<br>
<br>
</div>
<div>
The problem is that the one server monitoring process is
failing to ssh passwordlessly from the server to the host:<br>
<br>
</div>
<div>Debug from the server:<br>
<br>
<font size="1"><span style="font-family:courier new,monospace">Mon
Aug 5 11:48:10 2013 [InM][I]: Monitoring host
rtfwops2.rorotika (7)<br>
Mon Aug 5 11:48:10 2013 [InM][I]: Command execution fail:
'if [ -x "/var/tmp/one/im/run_probes" ]; then<br>
/var/tmp/one/im/run_probes kvm 7 rtfwops2.rorotika;
else exit 42; fi'<br>
Mon Aug 5 11:48:10 2013 [InM][I]: debug1: Connecting to
rtfwops2.rorotika [xxx.xxx.xxx.138] port 22.<br>
Mon Aug 5 11:48:10 2013 [InM][I]: debug1: Connection
established.<br>
Mon Aug 5 11:48:10 2013 [InM][I]: debug1: identity file
/var/lib/one/.ssh/identity type -1<br>
Mon Aug 5 11:48:10 2013 [InM][I]: debug1: identity file
/var/lib/one/.ssh/id_rsa type -1<br>
Mon Aug 5 11:48:10 2013 [InM][I]: debug1: identity file
/var/lib/one/.ssh/id_dsa type 2<br>
Mon Aug 5 11:48:10 2013 [InM][I]: debug1: Remote protocol
version 2.0, remote software version OpenSSH_5.3<br>
Mon Aug 5 11:48:10 2013 [InM][I]: debug1: match:
OpenSSH_5.3 pat OpenSSH*<br>
Mon Aug 5 11:48:10 2013 [InM][I]: debug1: Enabling
compatibility mode for protocol 2.0<br>
Mon Aug 5 11:48:10 2013 [InM][I]: debug1: Local version
string SSH-2.0-OpenSSH_5.3<br>
Mon Aug 5 11:48:10 2013 [InM][I]: debug1:
SSH2_MSG_KEXINIT sent<br>
Mon Aug 5 11:48:10 2013 [InM][I]: debug1:
SSH2_MSG_KEXINIT received<br>
Mon Aug 5 11:48:10 2013 [InM][I]: debug1: kex:
server->client aes128-ctr hmac-md5 none<br>
Mon Aug 5 11:48:10 2013 [InM][I]: debug1: kex:
client->server aes128-ctr hmac-md5 none<br>
Mon Aug 5 11:48:10 2013 [InM][I]: debug1:
SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent<br>
Mon Aug 5 11:48:10 2013 [InM][I]: debug1: expecting
SSH2_MSG_KEX_DH_GEX_GROUP<br>
Mon Aug 5 11:48:10 2013 [InM][I]: debug1:
SSH2_MSG_KEX_DH_GEX_INIT sent<br>
Mon Aug 5 11:48:10 2013 [InM][I]: debug1: expecting
SSH2_MSG_KEX_DH_GEX_REPLY<br>
Mon Aug 5 11:48:10 2013 [InM][I]: debug1:
read_passphrase: can't open /dev/tty: No such device or
address<br>
</span></font></div>
</div>
</blockquote>
<font size="1"><big><big>It seems it expects to get you</big></big><font
size="1"><big><big>r pass</big></big><font size="1"><big><big>phrase
here. I think <font size="1"><big><big>y</big></big></font>our
key is password protected<font size="1"> (and this is
fine).</font><br>
<font size="1"><big><big>When you made your connection
tests, are you sure </big></big><font size="1"><big><big>you
used the oneadmin user key (and not one loaded via
ssh-agent or something like that) ?<br>
<br>
<font size="1"><big><big>Olivier</big></big></font></big></big><br>
</font></font></big></big><br>
</font></font></font>
<blockquote
cite="mid:CAP-9kwveOoUbvWEgoW7scoC9dZStAUHeuOtfA4ksLRyOrqviPA@mail.gmail.com"
type="cite">
<div dir="ltr">
<div><font size="1"><span style="font-family:courier
new,monospace">
Mon Aug 5 11:48:10 2013 [InM][I]: Host key verification
failed.<br>
Mon Aug 5 11:48:10 2013 [InM][I]: ExitCode: 255<br>
Mon Aug 5 11:48:10 2013 [ONE][E]: Error monitoring Host
rtfwops2.rorotika (7): -</span></font><br>
<br>
</div>
<div>Debug from the host:<br>
<br>
<font size="1"><span style="font-family:courier new,monospace">Aug
5 11:48:10 rtfwops2 sshd[2301]: debug1: Forked child
11777.<br>
Aug 5 11:48:10 rtfwops2 sshd[11777]: Set
/proc/self/oom_score_adj to 0<br>
Aug 5 11:48:10 rtfwops2 sshd[11777]: debug1: rexec start
in 5 out 5 newsock 5 pipe 7 sock 8<br>
Aug 5 11:48:10 rtfwops2 sshd[11777]: debug1: inetd
sockets after dupping: 3, 3<br>
Aug 5 11:48:10 rtfwops2 sshd[11777]: Connection from
172.28.200.137 port 52989<br>
Aug 5 11:48:10 rtfwops2 sshd[11777]: debug1: Client
protocol version 2.0; client software version Open<br>
SSH_5.3<br>
Aug 5 11:48:10 rtfwops2 sshd[11777]: debug1: match:
OpenSSH_5.3 pat OpenSSH*<br>
Aug 5 11:48:10 rtfwops2 sshd[11777]: debug1: Enabling
compatibility mode for protocol 2.0<br>
Aug 5 11:48:10 rtfwops2 sshd[11777]: debug1: Local
version string SSH-2.0-OpenSSH_5.3<br>
Aug 5 11:48:10 rtfwops2 sshd[11778]: debug1:
permanently_set_uid: 74/74<br>
Aug 5 11:48:10 rtfwops2 sshd[11778]: debug1:
list_hostkey_types: ssh-rsa,ssh-dss<br>
Aug 5 11:48:10 rtfwops2 sshd[11778]: debug1:
SSH2_MSG_KEXINIT sent<br>
Aug 5 11:48:10 rtfwops2 sshd[11778]: debug1:
SSH2_MSG_KEXINIT received<br>
Aug 5 11:48:10 rtfwops2 sshd[11778]: debug1: kex:
client->server aes128-ctr hmac-md5 none<br>
Aug 5 11:48:10 rtfwops2 sshd[11778]: debug1: kex:
server->client aes128-ctr hmac-md5 none<br>
Aug 5 11:48:10 rtfwops2 sshd[11778]: debug1:
SSH2_MSG_KEX_DH_GEX_REQUEST received<br>
Aug 5 11:48:10 rtfwops2 sshd[11778]: debug1:
SSH2_MSG_KEX_DH_GEX_GROUP sent<br>
Aug 5 11:48:10 rtfwops2 sshd[11778]: debug1: expecting
SSH2_MSG_KEX_DH_GEX_INIT<br>
Aug 5 11:48:10 rtfwops2 sshd[11778]: debug1:
SSH2_MSG_KEX_DH_GEX_REPLY sent<br>
Aug 5 11:48:10 rtfwops2 sshd[11778]: debug1:
SSH2_MSG_NEWKEYS sent<br>
Aug 5 11:48:10 rtfwops2 sshd[11778]: debug1: expecting
SSH2_MSG_NEWKEYS<br>
Aug 5 11:48:10 rtfwops2 sshd[11778]: Connection closed by
xxx.xxx.xxx.137<br>
Aug 5 11:48:10 rtfwops2 sshd[11778]: debug1: do_cleanup<br>
Aug 5 11:48:10 rtfwops2 sshd[11777]: debug1: do_cleanup</span></font><br>
<br>
</div>
<div>
<div>
<div>When I run a script from onadmin's cron on the server
it can also ssh successfully without password - I don't
think this is a key issue.<br>
<br>
</div>
<div>Any suggestions?<br>
<br>
</div>
<div>
Thanks<br>
<br>
Pierre<br>
<br>
</div>
<div>-- <br>
<div dir="ltr">Pierre Naude<br>
Rorotika Technologies<br>
<br>
e-mail: <a moz-do-not-send="true"
href="mailto:pierre.naude@rorotika.com"
target="_blank">pierre.naude@rorotika.com</a><br>
Tel.: +27-11-568-0805<br>
Cell.: +27-82-901-9609<br>
Skype: pierre_naude<br>
Google Hangouts: <a moz-do-not-send="true"
href="mailto:pierre.naude@rorotika.com"
target="_blank">pierre.naude@rorotika.com</a><br>
</div>
</div>
</div>
</div>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
Users mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Users@lists.opennebula.org">Users@lists.opennebula.org</a>
<a class="moz-txt-link-freetext" href="http://lists.opennebula.org/listinfo.cgi/users-opennebula.org">http://lists.opennebula.org/listinfo.cgi/users-opennebula.org</a>
</pre>
</blockquote>
<br>
<pre class="moz-signature" cols="72">--
Olivier Sallou
IRISA / University of Rennes 1
Campus de Beaulieu, 35000 RENNES - FRANCE
Tel: 02.99.84.71.95
gpg key id: 4096R/326D8438 (keyring.debian.org)
Key fingerprint = 5FB4 6F83 D3B9 5204 6335 D26D 78DC 68DB 326D 8438
</pre>
</body>
</html>