Tag: ssh

Jenkins publish over ssh success to connect the server but failed put file

Cuzi Leave a comment

I have a problem that when I do build to my job, its cannot put my file on the server directory in console output i get the message “ERROR: Exception when publishing, exception message [Permission denied]”

i have the following log output:

SSH: Connecting from host [rp_ci]
SSH: Connecting with configuration [web-dev] ...
SSH: Creating session: username [ubuntu], hostname [xx.xx.xx.xxx], port [22]
SSH: Connecting session ...
SSH: Connected
SSH: Opening SFTP channel ...
SSH: SFTP channel open
SSH: Connecting SFTP channel ...
SSH: Connected
SSH: Remote root is not absolute, getting absolute directory from PWD
SSH: cd [/home/ubuntu]
SSH: OK
SSH: cd [deploy/]
SSH: OK
SSH: put [dev-xx-xx.tgz]
SSH: Disconnecting configuration [web-dev] ...
ERROR: Exception when publishing, exception message [Permission denied]
Build step 'Send build artifacts over SSH' changed build result to UNSTABLE
Finished: UNSTABLE

For the target server Im using ubuntu server on AWS EC2 using nginx.

Someone know how to fix that’s issue? I not found any clue for it around the web.
Thanks!

Related:

How to save two different ssh public keys to server?

hemppa Leave a comment

I have a CentOS-running server and I want to add ssh authentication for my laptop and desktop-computers. Both PCs are running Ubuntu. I managed to get it work with one computer. I added id_rsa.pub to my /home/$USER/.ssh/autheticated_keys-file. Then I disabled password protection so I can log in only if I have that ssh key on my computer.

I tried to add that second id_rsa.pub-key to that authenticated_keys-file on my server, but it didn’t work. Like this:

cat id_rsa.pub >> /home/$USER/.ssh/authenticated_keys

Is this the right way to do this? Or how to save two different public ssh keys on a server? (…and on a single user account)

Related:

generate ssh host keys for clients on puppetmaster

Paul Leave a comment

I look for a solution to create the ssh host keys for my puppet clients on the puppetmaster.
I did some research and found http://jsosic.wordpress.com/2012/12/04/managing-ssh-host-keys-with-puppet/, but I couldn’t get it working. Is there a more elegant solution to handle that or a full example of that?

I know it’s possible to generate the host keys on the clients and back them up to the puppetmaster, but I’d really prefer to generate them directly on the master.

Edit:

I created a module ‘ssh’.

The content of init.pp is:

class ssh::server {
  if generate('/etc/puppet/modules/ssh/scripts/generate_host_keys.sh',
$keys_dir) {
    include ssh::server::keys
  }
}

class ssh::server::keys {
  file { '/etc/ssh/ssh_host_rsa_key.pub':
    ensure  => file,
    owner   => root,
    group   => root,
    mode    => '0644',
    source  => [
      'puppet:///private/ssh/ssh_host_rsa_key.pub',
      'puppet:///modules/ssh/ssh_host_rsa_key.pub',
    ],
    require => Package['openssh-server'],
    notify  => Service[$service_name],
  }
}

The content of the generate_host_keys.sh is the following:

#!/bin/bash

# check arg0: dir for keys
[ -z "$1" ] && echo "Please specify directory for key generation" && exit 1
KEYSDIR="$1"

# set umask
umask 0022

# create directory tree if it does not exist
[ ! -d "$KEYSDIR" ] && mkdir -p $KEYSDIR

#
# functions stolen from CentOS 6 sshd init script
#

# Some functions to make the below more readable
KEYGEN=/usr/bin/ssh-keygen
RSA1_KEY=$1/ssh_host_key
RSA_KEY=$1/ssh_host_rsa_key
DSA_KEY=$1/ssh_host_dsa_key

# source function library
. /etc/rc.d/init.d/functions

fips_enabled() {
  if [ -r /proc/sys/crypto/fips_enabled ]; then
    cat /proc/sys/crypto/fips_enabled
  else  
    echo 0
  fi
}

do_rsa1_keygen() {
  if [ ! -s $RSA1_KEY -a `fips_enabled` -eq 0 ]; then
    echo -n $"Generating SSH1 RSA host key: "
    rm -f $RSA1_KEY
    if test ! -f $RSA1_KEY && $KEYGEN -q -t rsa1 -f $RSA1_KEY -C '' -N '' >&/dev/null; then
      chmod 600 $RSA1_KEY
      chmod 644 $RSA1_KEY.pub
      success $"RSA1 key generation"
      echo
    else  
      failure $"RSA1 key generation"
      echo
      exit 1
    fi
  fi
}

do_rsa_keygen() {
  if [ ! -s $RSA_KEY ]; then
    echo -n $"Generating SSH2 RSA host key: "
    rm -f $RSA_KEY
    if test ! -f $RSA_KEY && $KEYGEN -q -t rsa -f $RSA_KEY -C '' -N '' >&/dev/null; then
      chmod 600 $RSA_KEY
      chmod 644 $RSA_KEY.pub
      success $"RSA key generation"
      echo
    else 
      failure $"RSA key generation"
      echo
      exit 1
    fi
  fi
}

do_dsa_keygen() {
  if [ ! -s $DSA_KEY ]; then
    echo -n $"Generating SSH2 DSA host key: "
    rm -f $DSA_KEY
    if test ! -f $DSA_KEY && $KEYGEN -q -t dsa -f $DSA_KEY -C '' -N '' >&/dev/null; then
      chmod 600 $DSA_KEY
      chmod 644 $DSA_KEY.pub
      success $"DSA key generation"
      echo
    else
      failure $"DSA key generation"
      echo
      exit 1
    fi
  fi
}

# main
do_rsa1_keygen
do_rsa_keygen
do_dsa_keygen
chmod -R 644 $KEYSDIR/*
exit 0

manifests/site.pp looks like that

node { 'mynode':
  include ssh::server
}

Running puppet agent –test on the client produce the following output:

Info: Retrieving plugin
Error: Could not retrieve catalog from remote server: Error 400 on SERVER: Failed to execute generator /etc/puppet/modules/ssh/scripts/generate_host_keys.sh: Execution of '/etc/puppet/modules/ssh/scripts/generate_host_keys.sh ' returned 1:  at /etc/puppet/modules/ssh/manifests/init.pp:2 on node nodename
Warning: Not using cache on failed catalog
Error: Could not retrieve catalog; skipping run

Thanks,

Paul

Related:

Cannot connect to Openstack Instance via horizon, but SSH works?

user991710 Leave a comment

I’ve got an OpenStack deployment running inside a VM for testing purposes. My setup is as follows: Host Ubuntu x64 with Virtualbox -> Guest Ubuntu x64 with OpenStack -> Ubuntu X64 Server Test Instances through Openstack.

I realize it is of no practical use, but as said, it is for testing purposes only. I successfully launched an instance, binding it to 11.1.0.3 and 172.16.1.1 (host is 172.16.0.1) and I can successfully ssh into it from either the host or the guest VM with ssh -i key.pem ubuntu@11.1.0.3 (or 172.16.1.1). Unfortunately, the NoVNC via Horizon does not work (Starting VNC handshake -> Failed to connect).

The relevant lines from my nova.conf are the following:

--novnc_enabled=true
--novncproxy_base_url=http://172.16.0.1:6080/vnc_auto.html
--vncserver_proxyclient_address=172.16.0.1
--vncserver_listen=172.16.0.1

So I’m not sure what’s going wrong. The keypair that matches the .pem file I ssh with is of course coupled with the instance, and the instance is Active and Running.

Any help would be greatly appreciated.

Edit: nova get-vnc-console [id] novnc correctly supplies me with a link to vnc into the vm, but it also fails to connect.

Edit 2: To clarify: I have an active, running instance that successfully launched through the OpenStack dashboard. I can ping the instance, I can ssh into it (using 'ssh -i key.pem ip), but I cannot access it through VNC (specifically novnc on the dashboard). Trying to access the VM through the URL nova supplies through get-vnc-console does not work either. What I wish to do is access this instance via VNC.

Related:

ssh remote execution always exits 127

Aiden Bell Leave a comment

quick question:

I have a program that is spawning a process which executes a basic remote command over SSH such as:

ssh aiden@host /bin/ps

Running this manually from my shell is successful (as you would expect), but the parent program running the task always exits 127 … even with absolute paths.

It isn’t the local end returning 127 (it can find the ssh binary), but it is always the remote end even when equivalent commands from the shell, with absolute paths also, run fine.

Any ideas why my shell can execute this command, but my program can’t? I realize this may be specific to my language (and therefore a question for StackOverflow), but my program passes its environment to SSH so I can’t think what differs.

Any ideas?

Related:

Out of nowhere, ssh_exchange_identification: Connection closed by remote host

Carlos Leave a comment

I am running Ubuntu 10.10 on a remote box. I ssh to it everyday without issues but today out of the blue, I get the following error:

ssh_exchange_identification: Connection closed by remote host

If I connect with -vv, I get the following:

OpenSSH_5.6p1, OpenSSL 0.9.8r 8 Feb 2011
debug1: Reading configuration data /Users/bla/.ssh/config
debug1: Applying options for ubuntu-server
debug1: Reading configuration data /etc/ssh_config
debug1: Applying options for *
debug2: ssh_connect: needpriv 0
debug1: Connecting to ubuntu-server.com [123.123.123.123] port 22.
debug1: Connection established.
debug2: key_type_from_name: unknown key type '-----BEGIN'
debug2: key_type_from_name: unknown key type '-----END'
debug1: identity file /Users/bla/.ssh/id_rsa type -1
debug1: identity file /Users/bla/.ssh/id_rsa-cert type -1
ssh_exchange_identification: Connection closed by remote host

If I remove the key, I get the exact same output (sans “debug2: key_type_…). I’ve managed to log in physically and checked my hosts.allow and hosts.deny but they have no entries. I tried removing and reinstalling OpenSSH, checked authorized_keys and ~/.ssh permissions and tried connecting from other computers only to get the same error. I’m at my wits end, any help would be greatly appreciated.

Related:

SSH configuration, publickeys, Permission denied (publickey,password). error

Alexander Ovchinnikov Leave a comment

My task: login from Mac OS Snow Leopard client to Ubuntu 10.10 server without password.

Commands:

client$ mkdir ~/.ssh
client$ chmod 700 ~/.ssh 
client$ ssh-keygen -q -f ~/.ssh/id_rsa -t rsa 
Enter passphrase (empty for no passphrase): [empty]
client$ chmod go-w ~/ 
client$ chmod 700 ~/.ssh 
client$ chmod go-rwx ~/.ssh/* 
client$ scp ~/.ssh/id_rsa.pub lorddaedra@server.domain.ltd:~ 
server$ mkdir ~/.ssh 
server$ chmod 700 ~/.ssh 
server$ cat ~/id_rsa.pub >> ~/.ssh/authorized_keys 
server$ chmod 600 ~/.ssh/authorized_keys 
server$ rm ~/id_rsa.pub 
client$ ssh -o PreferredAuthentications=publickey server.domain.ltd

and…

Permission denied (publickey,password).

Debug output(with -v):

XX-XX-XXX-XXX:~ lorddaedra$ ssh -o PreferredAuthentications=publickey server.domain.ltd -v
OpenSSH_5.2p1, OpenSSL 0.9.8l 5 Nov 2009
debug1: Reading configuration data /etc/ssh_config
debug1: Connecting to server.domain.ltd [XXX.XX.XX.XX] port 22.
debug1: Connection established.
debug1: identity file /Users/lorddaedra/.ssh/identity type -1
debug1: identity file /Users/lorddaedra/.ssh/id_rsa type 1
debug1: identity file /Users/lorddaedra/.ssh/id_dsa type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.5p1 Debian-4ubuntu5
debug1: match: OpenSSH_5.5p1 Debian-4ubuntu5 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.2
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host 'server.domain.ltd' is known and matches the RSA host key.
debug1: Found key in /Users/lorddaedra/.ssh/known_hosts:1
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: Trying private key: /Users/lorddaedra/.ssh/identity
debug1: Offering public key: /Users/lorddaedra/.ssh/id_rsa
debug1: Authentications that can continue: publickey,password
debug1: Trying private key: /Users/lorddaedra/.ssh/id_dsa
debug1: No more authentication methods to try.
Permission denied (publickey,password).

So my question is where is my error and how to fix it? Thank you!

P.S.

server$ cat /etc/ssh/sshd_config
# Package generated configuration file
# See the sshd_config(5) manpage for details

# What ports, IPs and protocols we listen for
Port 22
# Use these options to restrict which interfaces/protocols sshd will bind to
#ListenAddress ::
#ListenAddress 0.0.0.0
Protocol 2
# HostKeys for protocol version 2
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_dsa_key
#Privilege Separation is turned on for security
UsePrivilegeSeparation yes

# Lifetime and size of ephemeral version 1 server key
KeyRegenerationInterval 3600
ServerKeyBits 768

# Logging
SyslogFacility AUTH
LogLevel INFO

# Authentication:
LoginGraceTime 120
PermitRootLogin no
StrictModes yes

RSAAuthentication yes
PubkeyAuthentication yes
AuthorizedKeysFile  %h/.ssh/authorized_keys

# Don't read the user's ~/.rhosts and ~/.shosts files
IgnoreRhosts yes
# For this to work you will also need host keys in /etc/ssh_known_hosts
RhostsRSAAuthentication no
# similar for protocol version 2
HostbasedAuthentication no
# Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication
#IgnoreUserKnownHosts yes

# To enable empty passwords, change to yes (NOT RECOMMENDED)
PermitEmptyPasswords no

# Change to yes to enable challenge-response passwords (beware issues with
# some PAM modules and threads)
ChallengeResponseAuthentication no

# Change to no to disable tunnelled clear text passwords
#PasswordAuthentication yes

# Kerberos options
#KerberosAuthentication no
#KerberosGetAFSToken no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes

# GSSAPI options
#GSSAPIAuthentication no
#GSSAPICleanupCredentials yes

X11Forwarding no
X11DisplayOffset 10
PrintMotd no
PrintLastLog yes
TCPKeepAlive yes
#UseLogin no

#MaxStartups 10:30:60
#Banner /etc/issue.net

# Allow client to pass locale environment variables
AcceptEnv LANG LC_*

Subsystem sftp /usr/lib/openssh/sftp-server

# Set this to 'yes' to enable PAM authentication, account processing,
# and session processing. If this is enabled, PAM authentication will
# be allowed through the ChallengeResponseAuthentication and
# PasswordAuthentication.  Depending on your PAM configuration,
# PAM authentication via ChallengeResponseAuthentication may bypass
# the setting of "PermitRootLogin without-password".
# If you just want the PAM account and session checks to run without
# PAM authentication, then enable this but set PasswordAuthentication
# and ChallengeResponseAuthentication to 'no'.
UsePAM yes
UseDNS no
AllowUsers lorddaedra

P.P.S.

server$ cat /var/log/auth.log

Feb  3 19:15:38 electra sudo: lorddaedra : TTY=pts/0 ; PWD=/home/lorddaedra ; USER=root ; COMMAND=/bin/cat /var/log/auth.log
Feb  3 19:16:01 electra CRON[19081]: pam_unix(cron:session): session opened for user lorddaedra by (uid=0)
Feb  3 19:16:01 electra CRON[19080]: pam_unix(cron:session): session opened for user lorddaedra by (uid=0)
Feb  3 19:16:02 electra CRON[19080]: pam_unix(cron:session): session closed for user lorddaedra
Feb  3 19:16:02 electra sshd[19088]: Authentication refused: bad ownership or modes for directory /home/lorddaedra
Feb  3 19:16:02 electra sshd[19088]: Authentication refused: bad ownership or modes for directory /home/lorddaedra
Feb  3 19:16:06 electra CRON[19081]: pam_unix(cron:session): session closed for user lorddaedra
Feb  3 19:16:07 electra sudo: lorddaedra : TTY=pts/0 ; PWD=/home/lorddaedra ; USER=root ; COMMAND=/bin/cat /var/log/auth.log


client$ ls -al /Users/lorddaedra/.ssh
total 40
drwx------    6 lorddaedra  staff   204  3 фев 01:54 .
drwxr-xr-x+ 183 lorddaedra  staff  6222 31 янв 11:37 ..
-rw-------@   1 lorddaedra  staff  6148 21 ноя  2008 .DS_Store
-rw-------    1 lorddaedra  staff  1675  3 фев 01:53 id_rsa
-rw-------    1 lorddaedra  staff   427  3 фев 01:53 id_rsa.pub
-rw-r--r--    1 lorddaedra  staff   414  3 фев 01:54 known_hosts


server$ ls -al /home/lorddaedra/.ssh
итого 12
drwx------  2 lorddaedra lorddaedra 4096 2011-02-03 01:55 .
drwxrwxr-x 13 lorddaedra lorddaedra 4096 2011-02-03 01:55 ..
-rw-------  1 lorddaedra lorddaedra  427 2011-02-03 01:55 authorized_keys

Related:

How to reconnect to a disconnected ssh session

palehorse Leave a comment

Is there a way to connect to an ssh session that was disconnected? We are having problems with our network connection to a remote site that we are working on separately; however, in the mean time we experience a large number of disconnects due to lost packets while connected to servers at the remote location. Many times the session stays active for a while, and sometimes it happens to be in the middle of some action (file editing, running some process, etc…) that I need to get back to rather than restart if possible.

Related:

Can I use SSH key authentication to log into a remote system with a different username?

Matt Hurne Leave a comment

Suppose I have a remote system named “remotesystem”, and a user account “foouser” on that system.

I know that on my local system, I can generate an SSH key pair as local user “foouser”, put the public key in the “/home/foouser/.ssh/authorized_keys” file on “remotesystem”. When I SSH as “foouser” from my local system to “remotesystem”, SSH uses the key pair to authenticate me.

But what if my local username is not the same as the username on the remote system? That is, what if I want to SSH as local user “baruser” to “remotesystem”? Obviously, I will need to generate a key pair for “baruser” and add the public key to “/home/foouser/.ssh/authorized_keys”. Then, I should be able to “ssh foouser@remotesystem” while logged in as “baruser” locally, and SSH will use the key pair to authenticate, right?

I’m asking because I am trying to get the key authentication working in this scenario, without success. I’m not sure if its due to the username mismatch, or a configuration issue with the SSH server on the remote system.

Related: