Hi I am trying to setup DC/OS in Debian 8 Jessie, I got working ssh connection with the ssh key, I am able to login without password to all masters and agents (they are running CentOS 7). Strange thing is it's not working when running --preflight, it will say connection refused for all nodes.
TASK:
/usr/bin/ssh -oConnectTimeout=10 -oStrictHostKeyChecking=no -oUserKnownHostsFile=/dev/null -oBatchMode=yes -oPasswordAuthentication=no -p22 -i genconf/ssh_key -tt root#192.168.122.131 sudo rm -rf /opt/dcos_install_tmp
STDERR:
ssh: connect to host 192.168.122.131 port 22: Connection refused
STDOUT:
If I try to run this command in terminal, it works just fine. So it does not work only when running it via bash dcos_generate_config.sh --prefligh. Any idea what could be wrong please?
In bash -- denotes the end of command-line options, so what you need to probably do is:
bash dcos_generate_config.sh -- --prefligh
Related
I have a file called test1.zip in /mnt/c/Users/test/ folder of my local laptop [in which ubuntu windows subsystem for linux is installed]. Local ubuntu terminal WSL name is lauda
Now, I would like to transfer this zip file called test1.zip to my remote server named stuff.
PLEASE NOTE THAT ALL COMMANDS ARE TRIED FROM MY LOCAL LAPTOP WSL SCREEN [ubuntu screen]
So, I tried the below command from my WSL [local laptop ubuntu WSL terminal]
scp user1#lauda:/mnt/c/Users/test/test1.zip user1#stuff:/home/test/codes/test1
and got the error ssh: Could not resolve hostname lauda: Name or service not known
So I tried the below [replacing the lauda local laptop ubuntu terminal hostname with its IP]
scp user1#172.xx.xxx.xxx:/mnt/c/Users/test/test1.zip user1#stuff:/home/test/codes/test1
this resulted in error as ssh: connect to host 172.xx.xxx.xxx port 22: Connection refused
Now I tried the same command as above but in opposite way as shown below
scp user1#stuff:/home/test/codes/ user1#lauda:/mnt/c/Users/test/test1.zip
and got the below error
ssh: Could not resolve hostname lauda: Temporary failure in name resolution
Later, I tried with IP address
scp user1#stuff:/home/test/codes/ user1#172.xx.xxx.xxx:/mnt/c/Users/test/test1.zip
And I got the below error
ssh: connect to host 172.xx.xxx.xxx port 22: No route to host lost connection
Later, I tried the below commands as well
scp /mnt/c/Users/test/test1.zip user1#stuff:/home/test/codes/
and got an error scp: /home/test/codes/test1.zip: Permission denied
So, I again tried like below
scp user1#stuff:/home/test/codes/ /mnt/c/Users/test/test1.zip
and got an error scp: /home/test/codes: not a regular file
PLEASE NOTE THAT ALL COMMANDS ARE TRIED FROM MY LOCAL LAPTOP WSL SCREEN [ubuntu screen]
How can I transfer local files/folders from my local ubuntu WSL terminal to remote server?
scp /mnt/c/Users/test/test1.zip user1#stuff:/home/test/codes/ is the closest attempt to working. The error you get could be due to one of two reasons:
Firstly user1 does not have permissions to write to /home/test on stuff - makes sense as usually only the test user would be able to write there. (Note that the test user on your WSL instance is not the same profile the test user on the remote.)
Secondly the /home/test/codes/ folder may not even exist yet.
Instead (if you know test's password) copy as the test user :
scp /mnt/c/Users/test/test1.zip test#stuff:/home/test/codes/
Or copy to user1's home directory (after ensuring you have created /home/user1/codes/
scp /mnt/c/Users/test/test1.zip user1#stuff:/home/user1/codes/
Assume that you run an application with a web UI (e.g. Jupyter, Kubernetes Dashboard UI) on a Linux/UNIX server (sarah#10.0.0.100). On the server, you confirm that you can access the web UI by opening http:/ /localhost:8001 on Firefox.
You have separate workstations in the same network. Is there any easy way to access the web UI by simply opening http:/ /10.0.0.100:8001 from a web browser on the workstations?
Workaround. Establish an SSH connection with port tunneling:
$ ssh -N -L 8001:localhost:8001 sarah#10.0.0.100
You can establish a similar connection by using other SSH client tools such as PuTTY. Open http:/ /localhost:8001 from a web browser on your workstation.
But it is tedious to establish an SSH connection every time so that I need a better idea.
why not just do this?
jupyter notebook --ip=0.0.0.0 --port=8001
Ok, if you want a system-level proxy that works on your local lan, you can do the following:
on your workstation, install proxychains-ng
modify proxychains.conf with the following:
[ProxyList]
socks4 127.0.0.1 8001
on your workstation run:
proxychains4 -f proxychains.conf ssh -L 8001:0.0.0.0:8001 sarah#10.0.0.100
Now you can hit http://<your_workstation>:8001 from anywhere on your LAN and it will be proxied to your remote system.
To keep your tunnel always connected, you can install autossh, and replace the proxy command with:
proxychains4 -f proxychains.conf \
autossh -t -M 0
-o 'ServerAliveInterval=30' \
-o 'ServerAliveCountMax=10000' \
-o 'SendEnv=TERM_PROGRAM' \
-o 'ExitOnForwardFailure=no' \
-o 'TCPKeepAlive=yes' \
-L 8001:0.0.0.0:8001 \
sarah#10.0.0.100
You should also consider you using key-based auth for this.
How do I transfer a file from my local machine to a remote host to which I need to get through a jump host? These are the steps I follow to connect to the remote host
1. ssh myname#jump-host
2. enter password
3. sudo su - another-random-name
4. ssh name#remote-host
Now I want to transfer a file from my local machine to the remote-host. How would I achieve this? I have already tried scp -oProxyCommand but I don't quite know where I should include step 3 as part of this command?
Use port forwarding to get third host ssh port on your localhost, in this way:
ssh -L 2222:remote-host:22 myname#jump-host
then (on another tab/shell on first host):
scp -P 2222 file myname#localhost:
will copy directly to remote host.
On the jump host under another-random-name run
ssh -L 2222:remote-host:22 myname#jump-host
then on your local computer you can run
scp -P 2222 file name#jump-host:
SCP will try to connect to jump-host, while in fact this connection will be forwarded to jump-host. And will use name as it is connecting to remote-host.
You are probably still facing problem with certificate for another-random-user. You can either create certificate on your machine for your-local-user and put public key on remote-host in user allowed keys.
When I do "ssh -X abcserver", I got message "X11 forwarding request failed on channel 0".
I checked online and it was suggested to solve it by switching "X11UseLocalhost no" to "X11UseLocalhost yes".
However, both my manager and I don't have this administrative privilege. I am wondering, except this solution, whether there is another option to solve the issue ? I also don't have sudo privilege to directly install X11 on the server.
My local platform is:
Linux version 3.16.0-4-amd64 (debian-kernel#lists.debian.org)
(gcc version 4.8.4 (Debian 4.8.4-1) ) #1 SMP Debian 3.16.7-ckt25-2+deb8u3 (2016-07-02)
The remote platform is:
Linux version 3.13.0-88-generic (buildd#lgw01-16)
(gcc version 4.8.4 (Ubuntu 4.8.4-2ubuntu1~14.04.3) )
#135-Ubuntu SMP Wed Jun 8 21:10:42 UTC 2016
Adding the -v option to ssh when trying to log in will give a lot of debug information which might give a clue to exactly what the problem is, like for instance
debug1: Remote: No xauth program; cannot forward with spoofing.
which in my case installing xauth on the server fixed the issue.
I had to edit the sshd config file on the remote server to fix the issue. It worked on Ubuntu 16.04 Server:
$ sudo vim /etc/ssh/sshd_config
Set `X11UseLocalhost no`
Save the file.
$ sudo service sshd restart
$ exit
Now it works!
$ ssh -X user#remotehost
$ xclock
sudo apt install xauth
change the line #AddressFamily any to AddressFamily inet in /etc/ssh/sshd_config
sudo service ssh restart
This is enough on Ubuntu 18.04 LTS.
After login with ssh -X (or after activating the PuTTY / KiTTY option "Enable X11 forwarding") you should see that the environment variable DISPLAY is automatically defined to localhost:10.0 or similar. After first successful login (with a functional X11 forwarding) the file .Xauthority will be generated. Another positive sign of success.
If you are interested to see and to understand the details of X11 forwarding within your session you can try with lsof -i -P|grep ssh.
1.make sure that during ssh -X root#server you have root permission.
2.update the /etc/ssh/sshd_config and make sure this line is uncommented
X11Forwarding yes
3.systemctl restart sshd
4.exit from server
5.ssh -X root#server
6.virt-manager
In my case, as superuser, editing /etc/ssh/sshd_config on the remote host and changing the following line fixed it.
From
#X11Forwarding no
to
X11Forwarding yes
Then: pkill -HUP sshd on the remote host to make sshd reload its config, which also closes the sshd session.
After X11 forwarding suddenly stopped working after no other changes than moving the ssh server to another wifi, I followed the answer to this seemingly completely different question and it worked.
In other words, it seems the solution for me was to specify AddressFamily inet in /etc/ssh/sshd_config.
I'm remote debugging a qt application from one ubuntu machine to another ubuntu one.
I can do it from the console with:
root#eclipsePC# sudo ssh apppcIP -X
root#appPC# export DISPLAY=:0.0
root#appPC# gdb myApplication
Now I'm trying to do the same with Eclipse cdt (starting eclipse with sudo). I've defined the remote connection as a Linux type system. It works for application with no graphics, but for my qt application I get:
Listening on port 2345 Remote debugging from host "myEclipseIP"
myApp: cannot connect to X server
Child exited with status 1
GDBserver exiting logout
I've tried doing
root#appPC# xhost +
root#appPC# export DISPLAY=:ECLIPSEPCIP:0.0
but it didn't work. Anyone knows how to do this?
Thanks
I've added the argument -display ECLIPSEPCIP:0.0 in the debug config and now it starts, but in the appPC instead of the host ECLIPSEPC.
You can enforce ssh X11 forwarding using the ssh config file:
Add the following lines to your $HOME/.ssh/config:
Host apppcIP
ForwardX11 yes
I guess there should be also an option in eclipse to configure -X for the ssh connection, but I'm not sure and have no eclipse for testing. However, the solution shown above will work regardless of eclipse's feature set.
Further, you should not start eclipse as root, also root to root ssh connections are considered insecure. Make sure the regular user can connect to the remote host and execute the necessary commands there.