ec2 instance access failed due to change in owner - linux

When I login to the server, but 22 is already open for all upcoming connections still getting error as below,
ssh Server_Name
ssh: connect to host Server-IP port 22: Connection refused
I misleadingly change the the owner of the system and change root privileges with jenkins. So, right now I could not able to log into the system and port 22 is closed it's throwing the error.
I understood the error issue occurred because of wrong fstab file and wrong editing to sshd conf(Not sure). And, the directory of authorized_keys been messed up. I tried this solution but not working
I tried accessing via public DNS, via private IP address, detaching and re-attaching volumes driver after attaching it to other instance(but, once I attached to it, I could not able to ssh into that instance), etc. but no luck. Also, tried login with Jenkins user still not working. But, jenkins is still running fine on the server and I could access the Jenkins Dashboard and run the shell onto my instance. But, if I try any sudo command, it shows sudo: effective uid is not 0, is sudo installed setuid root?
Build step 'Execute shell' marked build as failure
Questions
Is there any way to get back my instance port 22 running fine as before ?
Is there a way I can run the sudo commands using Jenkins user by creating the job(By running the shell) inside Jenkins ?
I could trace on the IP which clearly shows port 22 is closed and I could not do anything because of it. Thanks in advance.

Related

Git clone gives "ssh: connect to host github.com port 22: Connection timed out" Linux /opt directory Amazon EC2 Instance

Issue
I am trying to use git in /opt/jamf2snipe directory on an EC2 Instance. I have tried the following command:
sudo git clone git#github.com:MYUSERNAME/jamf2snipe-school.git
It says connection timed out:
Cloning into 'jamf2snipe-school'...
ssh: connect to host github.com port 22: Connection timed out
fatal: Could not read from remote repository.
Please make sure you have the correct access rights
and the repository exists.
If I try to run this in my home directory it works fine. It seems to be a permission issue with /opt. I am wary of changing permissions for /opt.
Setup
I am trying to do this on an Amazon EC2 Instance. Currently SSH is limited to certain IP addresses (not including Github). I followed this article from github to use SSH over HTTPS. I tested to make sure I had stuff setup correctly by using:
$ ssh -T git#github.com
received
Hi USERNAME! You've successfully authenticated, but GitHub does not provide shell access.
I did this in /opt/jamf2snipe and the home directory successfully.
First, make sure to, if possible, not use sudo.
In addition of executing commands as root (which is dangerous), it uses its own environment variable, and SSH settings (in /root/.ssh), which differs from your normal EC2 user.
Conversely, making a repository in /opt, which might be accessible only by root, is not the best spot to clone a repository.
Second, Using SSH over the HTTPS port is the usual solution (like this one from 2018) on EC2, where the firewall can block by default SSH egress traffic.

Unable to transfer local file wsl ubuntu terminal to remote server using windows subsystem

I have a file called test1.zip in /mnt/c/Users/test/ folder of my local laptop [in which ubuntu windows subsystem for linux is installed]. Local ubuntu terminal WSL name is lauda
Now, I would like to transfer this zip file called test1.zip to my remote server named stuff.
PLEASE NOTE THAT ALL COMMANDS ARE TRIED FROM MY LOCAL LAPTOP WSL SCREEN [ubuntu screen]
So, I tried the below command from my WSL [local laptop ubuntu WSL terminal]
scp user1#lauda:/mnt/c/Users/test/test1.zip user1#stuff:/home/test/codes/test1
and got the error ssh: Could not resolve hostname lauda: Name or service not known
So I tried the below [replacing the lauda local laptop ubuntu terminal hostname with its IP]
scp user1#172.xx.xxx.xxx:/mnt/c/Users/test/test1.zip user1#stuff:/home/test/codes/test1
this resulted in error as ssh: connect to host 172.xx.xxx.xxx port 22: Connection refused
Now I tried the same command as above but in opposite way as shown below
scp user1#stuff:/home/test/codes/ user1#lauda:/mnt/c/Users/test/test1.zip
and got the below error
ssh: Could not resolve hostname lauda: Temporary failure in name resolution
Later, I tried with IP address
scp user1#stuff:/home/test/codes/ user1#172.xx.xxx.xxx:/mnt/c/Users/test/test1.zip
And I got the below error
ssh: connect to host 172.xx.xxx.xxx port 22: No route to host lost connection
Later, I tried the below commands as well
scp /mnt/c/Users/test/test1.zip user1#stuff:/home/test/codes/
and got an error scp: /home/test/codes/test1.zip: Permission denied
So, I again tried like below
scp user1#stuff:/home/test/codes/ /mnt/c/Users/test/test1.zip
and got an error scp: /home/test/codes: not a regular file
PLEASE NOTE THAT ALL COMMANDS ARE TRIED FROM MY LOCAL LAPTOP WSL SCREEN [ubuntu screen]
How can I transfer local files/folders from my local ubuntu WSL terminal to remote server?
scp /mnt/c/Users/test/test1.zip user1#stuff:/home/test/codes/ is the closest attempt to working. The error you get could be due to one of two reasons:
Firstly user1 does not have permissions to write to /home/test on stuff - makes sense as usually only the test user would be able to write there. (Note that the test user on your WSL instance is not the same profile the test user on the remote.)
Secondly the /home/test/codes/ folder may not even exist yet.
Instead (if you know test's password) copy as the test user :
scp /mnt/c/Users/test/test1.zip test#stuff:/home/test/codes/
Or copy to user1's home directory (after ensuring you have created /home/user1/codes/
scp /mnt/c/Users/test/test1.zip user1#stuff:/home/user1/codes/

jenkins.plugins.publish_over.BapPublisherException: Failed to connect and initialize SSH connection Message [Auth fail]

I am learning to use Jenkins to deploy a .Net 5.0 application on an AWS EC2 server. This is the first time I am using Linux server and Jenkins for .Net (I'm am a life long Windows guy), and I am facing an error while trying to publish my artifacts over SSH to Web Server.
My setup:
Jenkins server is an AWS EC2 Linux AMI server.
Web Server is also an AWS EC2 LInux AMI server.
My Jenkins is correctly installed and working. I am able to build and run unit test cases without any issues.
For Deploy, I am using 'Publish Over SSH' plugin, and I have followed all steps to configure this plugin as mentioned here https://plugins.jenkins.io/publish-over-ssh/.
However, when try to 'Test Configuration', I get the below error,
Failed to connect or change directory
jenkins.plugins.publish_over.BapPublisherException: Failed to connect and initialize SSH connection. Message: [Failed to connect session for config [WebServer]. Message [Auth fail]]
I did a ping test from Jenkins server to Web Server, and it is a success.
I'm using the .pem key in the 'Key' section of 'Publish over SSH'. This key is the same key I use to SSH into the web server.
The below link suggests many different solutions, but none is working in my case.
Jenkins Publish over ssh authentification failed with private key
I was looking at the below link which describes the same problem,
Jenkins publish over SSH failed to change to remote directory
However in my case I have kept 'Remote Directory' as empty. I don't know if I have to specify any directory here. Anyways, I tried creating a new directory under the home directory of user ec2-user as '/home/ec2-user/publish' and then used this path as Remote Directory, but it still didn't work.
Screenshot of my settings in Jenkins:
I would appreciate if anyone can point me to the right direction or highlight any mistake I'm doing with my configuration.
In my case following steps solved the problem.
Solution is based on Ubuntu 22.04
add two line in /etc/ssh/sshd_config
PubkeyAuthentication yes
PubkeyAcceptedKeyTypes +ssh-rsa
restart sshd service
sudo service sshd restart
you might consider the following:
a. From the screenshot you’ve provided, it seems that you have checked the Use password authentication, or use different key option which will require you to add your key and password (inputs from these fields will be used in connecting to your server via SSH connection). If you use the same SSH key and passphrase/password on all of your servers, you can uncheck/untick that box and just use the config you have specified above.
b. You might also check if port 22 of your web server allows inbound traffic from the security group where your Jenkins server/EC2 instance is running. See reference here.
c. Also, make sure that the remote directory you have specified is existing otherwise the connection may fail.
Here's the sample config

Jenkins Error 128 / Git Error 403: Jenkins can't connect to my Bitbucket repository

OS: Ubuntu 16.04
Hypervisor: VirtualBox
Network configuration: Nat Network with port forwarding to access the vms through the host ip. I can also ping a VM from another VM.
I try to connect my Jenkins app hosted on a VM to my BitBucket server also on a VM. I followed a tutorial on internet but when i enter the address of my git repository i'm getting this:
Failed to connect to repository : Command "usr/bin/git ls-remote -h http://admin#192.168.6.102:8005/scm/tes/repository-test.git HEAD" returned status code 128:
stdout:
stderr: fatal: unable to access 'http://admin#192.168.6.102:8005/scm/tes/repository-test.git/': The requested URL returned error: 403
So, to be sure I tried to exectute the command on the terminal... and on the terminal it seems to work.. I can also push, clone, pull etc..
On this image you can see that it's true
Do you have an explanation?
EDIT:
I try some others things like use or not sudo to see if the permissions problem came from that and it seems that it's not the case.
But I see that there is no result when we use the "HEAD" argument.
Do you think that because "HEAD" give no result, git in jenkins interprets it like no answer and returns the damn** error 403?
EDIT 2:
I found that on the web: http: // jenkins-ci.361315.n4.nabble.com/Jenkins-GIT-ls-remote-error-td4646903.html
The guy has the same problem but in a different way, I will try to allocate more RAM to see if it does the trick.
There could be many possible problems, but you are getting 403 - Access Forbidden, which indicates some problem with permissions. I would suggest first common mistakes:
a) trying https instead http - my scm only uses https,
b) check if admin is correct - scm by default uses scmadmin.
Here I run the exact same command twice.
The first time I used the proxy configuration wich I need to access internet, and the second time I set the mandatory server on "none".
So there is a problem with the damn proxy.
I was thinking that the proxy was not used in NAT connection with VirtualBox...
I found the solution.
I had to reinstall jenkins to have a user named "jenkins" with his own home directory.
I don't know if it is linked or not, but I configured my bitbucket server to use only HTTPS with a self signed certificate (I work in lan)
My troubleshoot was linked with my proxy settings.
I disabled all my proxy settings in Linux so I was able to launch the command that did'nt worked in jenkins with terminal.
I logged with sudo su jenkins the commands also worked.
I found out that in the home directory of the jenkins user there was a "proxy.xml" file. I opened it and saw my old proxy settings.
I deleted all the content with vim, saved and restarted and the error was gone.
there can be git version miss match.....
I would suggest you update git once. maybe it will resolve your issues.

Unable to Connect to Jenkins Server (Amazon Linux AMI)

When I had installed Jenkins on Amazon Linux AMI following steps mentioned in http://bhargavamin.com/how-to-do/install-jenkins-on-amazon-linux-aws/
After installation I was able to open Jenkins through browser but when I selected option "Install Plugins" it showed error as "Unable to connect to Jenkins Server."
So then how to troubleshoot this issue??
The problem here is pretty simple, if you do curl http://127.0.0.1:8080 on your host machine, you should get a message stating:
Authentication required
<!--
You are authenticated as: anonymous
Groups that you are in:
Permission you need to have (but didn't): hudson.model.Hudson.Administer
-->
This means that jenkins has anonymous priviledges which is not allowing any connection.
To solve this issue, you will have to do two changes:
Add Jenkins user to root group: sudo usermod -a -G root jenkins
Make Jenkins listen to all external IPs by editing file /etc/sysconfig/jenkins and changing the JENKINS_LISTEN_ADDRESS="0.0.0.0"
Once this is done, restart the jenkins server and then try to install plugins for jenkins.
I'm using this trick https://issues.jenkins-ci.org/browse/JENKINS-45388 and it works. What I did is add passwd: as prefix of file /var/lib/jenkins/secrets/initialAdminPassword and click retry button for several times and finally it works.
Updating java-1.7.0-openjdk to java-1.8.0-openjdk will do the trick and restart the jenkins service or else change the port number and try it.
I got the same error on my ubuntu VPC, here is how I solve Unable to connect to Jenkins issue.
In my VPC Nginx is installed. Nginx is listening on port 80 so you need to open the firewall to that port as well.
To open the firewall use the following command:
sudo ufw allow 80.
And run this command sudo ufw status to verify the firewall is opened for port 80
After that, you can get the default web page for Nginx by using your_public_ip:80 and Jenkins by entering your_public_ip:8080.
1.Click on retry
2.Fill admin user name, pwd ,mail, full name
3.If filled already use pwd given in initialAdminPassword folder
4.proceed

Resources