<div dir="ltr">Hi Pierre,<div><br></div><div>it looks like it could be an environment issue. Can you stop OpenNebula and start it with the 'one start' command in the oneadmin account, instead of using the init script?</div>
<div><br>Maybe there's something there that is not inheriting properly.</div><div><br></div><div>cheers,<br>Jaime</div></div><div class="gmail_extra"><br><br><div class="gmail_quote">On Mon, Aug 5, 2013 at 6:59 AM, Olivier Sallou <span dir="ltr"><<a href="mailto:olivier.sallou@irisa.fr" target="_blank">olivier.sallou@irisa.fr</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div text="#000000" bgcolor="#FFFFFF"><div><div class="h5">
<br>
<div>On 08/05/2013 12:40 PM, Pierre Naude
wrote:<br>
</div>
<blockquote type="cite">
<div dir="ltr">
<div>
<div>
<div>Hi Olivier,<br>
<br>
</div>
No - as per the docs the key is not password protected. <br>
<br>
</div>
<div>Also neither of the systems are configured to use
ssh-agent (ForwardAgent is set to no and SSH_AUTH_SOCK never
gets set). </div>
<div><br>
</div>
From the command line it works whether I force the key or not:<br>
<br>
<font size="1"><span style="font-family:courier new,monospace">[oneadmin@rtfwops1
~]$ ssh -v -i /var/lib/one/.ssh/id_dsa oneadmin@rtfwops2<br>
OpenSSH_5.3p1, OpenSSL 1.0.0-fips 29 Mar 2010<br>
debug1: Reading configuration data /etc/ssh/ssh_config<br>
debug1: Applying options for *<br>
debug1: Connecting to rtfwops2 [xxx.xxx.xxx.138] port 22.<br>
debug1: Connection established.<br>
debug1: identity file /var/lib/one/.ssh/id_dsa type 2<br>
debug1: Remote protocol version 2.0, remote software
version OpenSSH_5.3<br>
debug1: match: OpenSSH_5.3 pat OpenSSH*<br>
debug1: Enabling compatibility mode for protocol 2.0<br>
debug1: Local version string SSH-2.0-OpenSSH_5.3<br>
debug1: SSH2_MSG_KEXINIT sent<br>
debug1: SSH2_MSG_KEXINIT received<br>
debug1: kex: server->client aes128-ctr hmac-md5 none<br>
debug1: kex: client->server aes128-ctr hmac-md5 none<br>
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192)
sent<br>
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP<br>
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent<br>
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY<br>
debug1: Host 'rtfwops2' is known and matches the RSA host
key.<br>
debug1: Found key in /var/lib/one/.ssh/known_hosts:1<br>
debug1: ssh_rsa_verify: signature correct<br>
debug1: SSH2_MSG_NEWKEYS sent<br>
debug1: expecting SSH2_MSG_NEWKEYS<br>
debug1: SSH2_MSG_NEWKEYS received<br>
debug1: SSH2_MSG_SERVICE_REQUEST sent<br>
debug1: SSH2_MSG_SERVICE_ACCEPT received<br>
debug1: Authentications that can continue:
publickey,gssapi-keyex,gssapi-with-mic,password<br>
debug1: Next authentication method: publickey<br>
debug1: Offering public key: /var/lib/one/.ssh/id_dsa<br>
debug1: Server accepts key: pkalg ssh-dss blen 434<br>
debug1: read PEM private key done: type DSA<br>
debug1: Authentication succeeded (publickey).<br>
debug1: channel 0: new [client-session]<br>
debug1: Requesting <a href="mailto:no-more-sessions@openssh.com" target="_blank">no-more-sessions@openssh.com</a><br>
debug1: Entering interactive session.<br>
debug1: Sending environment.<br>
debug1: Sending env LANG = en_US.UTF-8<br>
Last login: Mon Aug 5 11:37:43 2013 from xxx.xxx.xxx.138<br>
[oneadmin@rtfwops2 ~]$ debug1: client_input_channel_req:
channel 0 rtype exit-status reply 0<br>
debug1: client_input_channel_req: channel 0 rtype <a href="mailto:eow@openssh.com" target="_blank">eow@openssh.com</a>
reply 0<br>
debug1: channel 0: forcing write<br>
logout<br>
debug1: channel 0: free: client-session, nchannels 1<br>
Connection to rtfwops2 closed.<br>
Transferred: sent 2992, received 3064 bytes, in 25.6
seconds<br>
Bytes per second: sent 116.7, received 119.5<br>
debug1: Exit status 0<br>
<br>
[oneadmin@rtfwops1 ~]$ ssh -v oneadmin@rtfwops2<br>
OpenSSH_5.3p1, OpenSSL 1.0.0-fips 29 Mar 2010<br>
debug1: Reading configuration data /etc/ssh/ssh_config<br>
debug1: Applying options for *<br>
debug1: Connecting to rtfwops2 [xxx.xxx.xxx.138] port 22.<br>
debug1: Connection established.<br>
debug1: identity file /var/lib/one/.ssh/identity type -1<br>
debug1: identity file /var/lib/one/.ssh/id_rsa type -1<br>
debug1: identity file /var/lib/one/.ssh/id_dsa type 2<br>
debug1: Remote protocol version 2.0, remote software
version OpenSSH_5.3<br>
debug1: match: OpenSSH_5.3 pat OpenSSH*<br>
debug1: Enabling compatibility mode for protocol 2.0<br>
debug1: Local version string SSH-2.0-OpenSSH_5.3<br>
debug1: SSH2_MSG_KEXINIT sent<br>
debug1: SSH2_MSG_KEXINIT received<br>
debug1: kex: server->client aes128-ctr hmac-md5 none<br>
debug1: kex: client->server aes128-ctr hmac-md5 none<br>
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192)
sent<br>
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP<br>
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent<br>
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY<br>
debug1: Host 'rtfwops2' is known and matches the RSA host
key.<br>
</span></font></div>
</div>
</blockquote>
<br></div></div>
This is gine for host match here, but not in your previous log:<br>
<big><big><font size="1"><big><big><span style="font-family:courier new,monospace"><div class="im">"Mon Aug 5 11:48:10 2013 [InM][I]: Host
key verification failed."<br>
</div><font size="1"><big><big>Could be know<font size="1"><big><big>n_host
issue but<big><big><font size="1"><big><big>
it should fail via command line
too.</big></big></font></big></big></big></big></font></big></big></font><br>
</span></big></big></font></big></big><div><div class="h5"><br>
<blockquote type="cite">
<div dir="ltr">
<div><font size="1"><span style="font-family:courier new,monospace">debug1: Found key in
/var/lib/one/.ssh/known_hosts:1<br>
debug1: ssh_rsa_verify: signature correct<br>
debug1: SSH2_MSG_NEWKEYS sent<br>
debug1: expecting SSH2_MSG_NEWKEYS<br>
debug1: SSH2_MSG_NEWKEYS received<br>
debug1: SSH2_MSG_SERVICE_REQUEST sent<br>
debug1: SSH2_MSG_SERVICE_ACCEPT received<br>
debug1: Authentications that can continue:
publickey,gssapi-keyex,gssapi-with-mic,password<br>
debug1: Next authentication method: publickey<br>
debug1: Trying private key: /var/lib/one/.ssh/identity<br>
debug1: Trying private key: /var/lib/one/.ssh/id_rsa<br>
debug1: Offering public key: /var/lib/one/.ssh/id_dsa<br>
debug1: Server accepts key: pkalg ssh-dss blen 434<br>
debug1: read PEM private key done: type DSA<br>
debug1: Authentication succeeded (publickey).<br>
debug1: channel 0: new [client-session]<br>
debug1: Requesting <a href="mailto:no-more-sessions@openssh.com" target="_blank">no-more-sessions@openssh.com</a><br>
debug1: Entering interactive session.<br>
debug1: Sending environment.<br>
debug1: Sending env LANG = en_US.UTF-8<br>
Last login: Mon Aug 5 12:21:57 2013 from xxx.xxx.xxx.137<br>
[oneadmin@rtfwops2 ~]$ </span></font><br>
<br>
</div>
<div>HTH<br>
<br>
</div>
<div>Pierre<br>
</div>
<div>
<div><br>
<br>
</div>
</div>
</div>
<div class="gmail_extra"><br>
<br>
<div class="gmail_quote">On 5 August 2013 12:19, Olivier Sallou
<span dir="ltr"><<a href="mailto:olivier.sallou@irisa.fr" target="_blank">olivier.sallou@irisa.fr</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div text="#000000" bgcolor="#FFFFFF">
<div>
<div> <br>
<div>On 08/05/2013 11:59 AM, Pierre Naude wrote:<br>
</div>
<blockquote type="cite">
<div dir="ltr">
<div>
<div>Good Morning,<br>
<br>
I'm busy setting up a proof-of-concept using
ONE and have run into a problem adding hosts
to the server.<br>
<br>
</div>
My ONE server is a Centos 6.4 installation, and
so is the host I'm adding to the server.<br>
<br>
</div>
<div>I am able to ssh successfully without
password from the server to the host as root and
oneadmin and vice versa (I have also made sure
the servers can connect to themselves without
password).<br>
<br>
</div>
<div> The problem is that the one server
monitoring process is failing to ssh
passwordlessly from the server to the host:<br>
<br>
</div>
<div>Debug from the server:<br>
<br>
<font size="1"><span style="font-family:courier new,monospace">Mon Aug 5 11:48:10 2013
[InM][I]: Monitoring host rtfwops2.rorotika
(7)<br>
Mon Aug 5 11:48:10 2013 [InM][I]: Command
execution fail: 'if [ -x
"/var/tmp/one/im/run_probes" ]; then<br>
/var/tmp/one/im/run_probes kvm 7
rtfwops2.rorotika;
else exit 42;
fi'<br>
Mon Aug 5 11:48:10 2013 [InM][I]: debug1:
Connecting to rtfwops2.rorotika
[xxx.xxx.xxx.138] port 22.<br>
Mon Aug 5 11:48:10 2013 [InM][I]: debug1:
Connection established.<br>
Mon Aug 5 11:48:10 2013 [InM][I]: debug1:
identity file /var/lib/one/.ssh/identity
type -1<br>
Mon Aug 5 11:48:10 2013 [InM][I]: debug1:
identity file /var/lib/one/.ssh/id_rsa type
-1<br>
Mon Aug 5 11:48:10 2013 [InM][I]: debug1:
identity file /var/lib/one/.ssh/id_dsa type
2<br>
Mon Aug 5 11:48:10 2013 [InM][I]: debug1:
Remote protocol version 2.0, remote software
version OpenSSH_5.3<br>
Mon Aug 5 11:48:10 2013 [InM][I]: debug1:
match: OpenSSH_5.3 pat OpenSSH*<br>
Mon Aug 5 11:48:10 2013 [InM][I]: debug1:
Enabling compatibility mode for protocol 2.0<br>
Mon Aug 5 11:48:10 2013 [InM][I]: debug1:
Local version string SSH-2.0-OpenSSH_5.3<br>
Mon Aug 5 11:48:10 2013 [InM][I]: debug1:
SSH2_MSG_KEXINIT sent<br>
Mon Aug 5 11:48:10 2013 [InM][I]: debug1:
SSH2_MSG_KEXINIT received<br>
Mon Aug 5 11:48:10 2013 [InM][I]: debug1:
kex: server->client aes128-ctr hmac-md5
none<br>
Mon Aug 5 11:48:10 2013 [InM][I]: debug1:
kex: client->server aes128-ctr hmac-md5
none<br>
Mon Aug 5 11:48:10 2013 [InM][I]: debug1:
SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192)
sent<br>
Mon Aug 5 11:48:10 2013 [InM][I]: debug1:
expecting SSH2_MSG_KEX_DH_GEX_GROUP<br>
Mon Aug 5 11:48:10 2013 [InM][I]: debug1:
SSH2_MSG_KEX_DH_GEX_INIT sent<br>
Mon Aug 5 11:48:10 2013 [InM][I]: debug1:
expecting SSH2_MSG_KEX_DH_GEX_REPLY<br>
Mon Aug 5 11:48:10 2013 [InM][I]: debug1:
read_passphrase: can't open /dev/tty: No
such device or address<br>
</span></font></div>
</div>
</blockquote>
</div>
</div>
<font size="1"><big><big>It seems it expects to get you</big></big><font size="1"><big><big>r pass</big></big><font size="1"><big><big>phrase
here. I think <font size="1"><big><big>y</big></big></font>our
key is password protected<font size="1"> (and
this is fine).</font><br>
<font size="1"><big><big>When you made your
connection tests, are you sure </big></big><font size="1"><big><big>you used the oneadmin
user key (and not one loaded via
ssh-agent or something like that) ?<br>
<br>
<font size="1"><big><big>Olivier</big></big></font></big></big><br>
</font></font></big></big><br>
</font></font></font>
<blockquote type="cite">
<div>
<div>
<div dir="ltr">
<div><font size="1"><span style="font-family:courier new,monospace">
Mon Aug 5 11:48:10 2013 [InM][I]: Host key
verification failed.<br>
Mon Aug 5 11:48:10 2013 [InM][I]: ExitCode:
255<br>
Mon Aug 5 11:48:10 2013 [ONE][E]: Error
monitoring Host rtfwops2.rorotika (7): -</span></font><br>
<br>
</div>
<div>Debug from the host:<br>
<br>
<font size="1"><span style="font-family:courier new,monospace">Aug 5 11:48:10 rtfwops2
sshd[2301]: debug1: Forked child 11777.<br>
Aug 5 11:48:10 rtfwops2 sshd[11777]: Set
/proc/self/oom_score_adj to 0<br>
Aug 5 11:48:10 rtfwops2 sshd[11777]:
debug1: rexec start in 5 out 5 newsock 5
pipe 7 sock 8<br>
Aug 5 11:48:10 rtfwops2 sshd[11777]:
debug1: inetd sockets after dupping: 3, 3<br>
Aug 5 11:48:10 rtfwops2 sshd[11777]:
Connection from 172.28.200.137 port 52989<br>
Aug 5 11:48:10 rtfwops2 sshd[11777]:
debug1: Client protocol version 2.0; client
software version Open<br>
SSH_5.3<br>
Aug 5 11:48:10 rtfwops2 sshd[11777]:
debug1: match: OpenSSH_5.3 pat OpenSSH*<br>
Aug 5 11:48:10 rtfwops2 sshd[11777]:
debug1: Enabling compatibility mode for
protocol 2.0<br>
Aug 5 11:48:10 rtfwops2 sshd[11777]:
debug1: Local version string
SSH-2.0-OpenSSH_5.3<br>
Aug 5 11:48:10 rtfwops2 sshd[11778]:
debug1: permanently_set_uid: 74/74<br>
Aug 5 11:48:10 rtfwops2 sshd[11778]:
debug1: list_hostkey_types: ssh-rsa,ssh-dss<br>
Aug 5 11:48:10 rtfwops2 sshd[11778]:
debug1: SSH2_MSG_KEXINIT sent<br>
Aug 5 11:48:10 rtfwops2 sshd[11778]:
debug1: SSH2_MSG_KEXINIT received<br>
Aug 5 11:48:10 rtfwops2 sshd[11778]:
debug1: kex: client->server aes128-ctr
hmac-md5 none<br>
Aug 5 11:48:10 rtfwops2 sshd[11778]:
debug1: kex: server->client aes128-ctr
hmac-md5 none<br>
Aug 5 11:48:10 rtfwops2 sshd[11778]:
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST received<br>
Aug 5 11:48:10 rtfwops2 sshd[11778]:
debug1: SSH2_MSG_KEX_DH_GEX_GROUP sent<br>
Aug 5 11:48:10 rtfwops2 sshd[11778]:
debug1: expecting SSH2_MSG_KEX_DH_GEX_INIT<br>
Aug 5 11:48:10 rtfwops2 sshd[11778]:
debug1: SSH2_MSG_KEX_DH_GEX_REPLY sent<br>
Aug 5 11:48:10 rtfwops2 sshd[11778]:
debug1: SSH2_MSG_NEWKEYS sent<br>
Aug 5 11:48:10 rtfwops2 sshd[11778]:
debug1: expecting SSH2_MSG_NEWKEYS<br>
Aug 5 11:48:10 rtfwops2 sshd[11778]:
Connection closed by xxx.xxx.xxx.137<br>
Aug 5 11:48:10 rtfwops2 sshd[11778]:
debug1: do_cleanup<br>
Aug 5 11:48:10 rtfwops2 sshd[11777]:
debug1: do_cleanup</span></font><br>
<br>
</div>
<div>
<div>
<div>When I run a script from onadmin's cron
on the server it can also ssh successfully
without password - I don't think this is a
key issue.<br>
<br>
</div>
<div>Any suggestions?<br>
<br>
</div>
<div> Thanks<br>
<br>
Pierre<br>
<br>
</div>
<div>-- <br>
<div dir="ltr">Pierre Naude<br>
Rorotika Technologies<br>
<br>
e-mail: <a href="mailto:pierre.naude@rorotika.com" target="_blank">pierre.naude@rorotika.com</a><br>
Tel.: +27-11-568-0805<br>
Cell.: +27-82-901-9609<br>
Skype: pierre_naude<br>
Google Hangouts: <a href="mailto:pierre.naude@rorotika.com" target="_blank">pierre.naude@rorotika.com</a><br>
</div>
</div>
</div>
</div>
</div>
<br>
<fieldset></fieldset>
<br>
</div>
</div>
<pre>_______________________________________________
Users mailing list
<a href="mailto:Users@lists.opennebula.org" target="_blank">Users@lists.opennebula.org</a>
<a href="http://lists.opennebula.org/listinfo.cgi/users-opennebula.org" target="_blank">http://lists.opennebula.org/listinfo.cgi/users-opennebula.org</a><span><font color="#888888">
</font></span></pre>
<span><font color="#888888"> </font></span></blockquote>
<span><font color="#888888"> <br>
<pre cols="72">--
Olivier Sallou
IRISA / University of Rennes 1
Campus de Beaulieu, 35000 RENNES - FRANCE
Tel: 02.99.84.71.95
gpg key id: 4096R/326D8438 (<a href="http://keyring.debian.org" target="_blank">keyring.debian.org</a>)
Key fingerprint = 5FB4 6F83 D3B9 5204 6335 D26D 78DC 68DB 326D 8438
</pre>
</font></span></div>
</blockquote>
</div>
<br>
<br clear="all">
<br>
-- <br>
<div dir="ltr">Pierre Naude<br>
Rorotika Technologies<br>
<br>
e-mail: <a href="mailto:pierre.naude@rorotika.com" target="_blank">pierre.naude@rorotika.com</a><br>
Tel.: +27-11-568-0805<br>
Cell.: +27-82-901-9609<br>
Skype: pierre_naude<br>
Google Hangouts: <a href="mailto:pierre.naude@rorotika.com" target="_blank">pierre.naude@rorotika.com</a><br>
</div>
</div>
</blockquote>
<br>
<pre cols="72">--
Olivier Sallou
IRISA / University of Rennes 1
Campus de Beaulieu, 35000 RENNES - FRANCE
Tel: 02.99.84.71.95
gpg key id: 4096R/326D8438 (<a href="http://keyring.debian.org" target="_blank">keyring.debian.org</a>)
Key fingerprint = 5FB4 6F83 D3B9 5204 6335 D26D 78DC 68DB 326D 8438
</pre>
</div></div></div>
<br>_______________________________________________<br>
Users mailing list<br>
<a href="mailto:Users@lists.opennebula.org">Users@lists.opennebula.org</a><br>
<a href="http://lists.opennebula.org/listinfo.cgi/users-opennebula.org" target="_blank">http://lists.opennebula.org/listinfo.cgi/users-opennebula.org</a><br>
<br></blockquote></div><br><br clear="all"><div><br></div>-- <br><div dir="ltr">Join us at <a href="http://opennebulaconf.com/" style="color:rgb(17,85,204)" target="_blank">OpenNebulaConf2013</a> in Berlin, <span><span>24-26 September, 2013</span></span><br>
--<div>Jaime Melis<br>Project Engineer<br>OpenNebula - The Open Source Toolkit for Cloud Computing<br><a href="http://www.OpenNebula.org" target="_blank">www.OpenNebula.org</a> | <a href="mailto:jmelis@opennebula.org" target="_blank">jmelis@opennebula.org</a></div>
</div>
</div>