I have a remote server.
If I use ssh to connect with the server as the Jenkins user it works perfectly
ssh jenkins#remoteserver.com
The jenkins user is allowed to change to user jboss WITHOUT being asked for password:
sudo su jboss
This works perfectly, no need for entering a password. Everything as expected.
If I make a Jenkins build, connecting to the remote server through a SSH plugin, the connection works fine. I can also run a testscript, it works also!
But if I make the sudo su jboss through Jenkins on my remote server, it's not working.
Jenkins is not throwing any error, there is just the spinning circle
It's never stopping, only if I cancel the job.
Anyone got an idea, what's the difference between running ssh in Jenkins and conncecting through a plugin?
Is the connection lost, when changing the username? (looks like it)
The SSH plugin and the ssh command provide two completely different implementations of the SSH protocol:
Your ssh command will probably run the OpenSSH client
The SSH plugin uses the SSH protocol implementation provided by JSch
I'm not into JSch, but I'd suspect there's a either a problem in the way the plugin configures JSch terminal handling, or there's a problem related to terminal handling with JSch. Either may break the behaviour of sudo:
sudo is somewhat sensitive to terminal/tty settings; see e.g. this discussion, which also contains a few hints which may help to work around the issue.
Related
To work remotely I need to SSH into the main server and then again into the departmental server.
I would like to set up a tunnel using sublime text 3 wbond sftp package to view and edit files remotely but I can't seem to find any information for setting up a tunnel. Is this even possible?
The reason I'm interested in this particular package is because I am unable to install any packages locally on the server, hence using something like rsub is not possible.
Any other suggestions besides sublime sftp are welcome.
I'm not sure the SFTP plugin would allow to do this directly.
What i would suggest is for you to use ssh -L to create a tunnel.
ssh -L localhost:random_unused_port:target_server:22 username_for_middle_server#middle_server -nNT
Use the password/identity_file for the middle server
The -nNT is to avoid opening an interactive shell in the middle server.
IMPORTANT: You need to keep the ssh -L command running so keep that shell open.
In this way you can connect to the target_server as such:
ssh username_for_target_server#localhost -p random_port_you_allocated
Similarly you can setup the SFTP plugin file as such
{
...
"host":"localhost",
"user":"username_for_target_server",
"ssh_key_file": "path_to_target_server_key",
"port":"random_port_you_allocated",
....
}
As a sidenote, always use the same port to tunnel to the same server, otherwise, with the default ssh configuration, you will be warned of a "Man in the middle attack" because the signature saved in the .ssh/known_hosts will not match with the previous one. This can be avoided by disabling this feature but I wouldn't recommend it.
I'm trying to push my project on git to my remote Linux server from my local Windows PC.
I have no issues connecting to my server through SSH when I use PuTTY. But PuTTY is only for the remote server, and doesn't let me look in my own local pc - so I can't access my git repository to push from.
Instead I've been trying with Git Bash, where I go to the repository(master) of my git project, and then attempt "git push production master". Receiving "Permission denied (publickey)" in response in Git Bash.
I have loaded by private key from my user/.ssh folder on local pc, using PuTTYgen, copy/pasted the public key it shows into my Github account's SSH-keys.
This is the same key that I use for connecting with PuTTY(which works).
If I use "git remote -v" in Git Bash, I receive what is the correct url for the server:
"
production ssh://notacop#mafiauniversedata.com/var/repo/site.git (fetch)
production ssh://notacop#mafiauniversedata.com/var/repo/site.git (push)
"
"notacop" is the admin user I made instead of root, which is also the one that I use in PuTTY.
If I attempt "ssh notacop#mafiauniversedata.com" in Git Bash I also receive the "Permission denied (publickey)" response. So seemingly the issue is related to the publickey that Git Bash uses, as it can't connect at all.
My user/.ssh folder contains:
digitalocean_private_key (is the one PuTTY uses/the one generated by PuTTYgen) + digitalocean_public_key
github_rsa + github_rsa.pub
id_rsa + id_rsa.pub
known_hosts
I feel like I've set things up in accordance with the general guidelines, and it does work in PuTTY, so the issue must be related to Git Bash and how Git Bash establishes ssh connection.
But I'm fairly clueless about how to fix the issue, and haven't been able to find a solution from searching. My guess is that it's something fairly simple, but I've been stuck on this for a couple weeks now, not getting anywhere because of it.
Any answers that can lead me in the right direction will be highly appreciated!
If anything about my question is unclear, or you need more information to answer, please let me know.
I don't know why Git Bash's own ssh doesn't seem to work for you,
but I have a better recommendation: make Git Bash use PuTTY, by setting the GIT_SSH environment variable to the path of plink.exe (that's not a typo, it's not putty.exe, but another executable that comes with the zip of PuTTY tools).
The main advantage and reason to do this is so that Git Bash can benefit from pagent.exe, the key manager of PuTTY.
So that you can enter your passphrase once,
when adding your private key to Pagent,
and then you don't need to re-enter it every time you perform remote operations in Git Bash.
I'm newbie to Linux and trying to set up a passphrase-less ssh. I'm following the instructions in this link: http://wiki.hands.com/howto/passphraseless-ssh/.
In the above link, it said:"One often sees people using passphrase-less ssh keys for things like cron jobs that do things like this:"
scp /etc/bind/named.conf* otherdns:/etc/bind/
ssh otherdns /usr/sbin/rndc reload
which is dangerous because the key that's being used here is being offered root write access, when it need not be.
I'm kind of confused by the above commands.
I understand the usage of scp. But for ssh, what does it mean "ssh otherdns /usr/sbin/rndc reload"?
"the key that's being used here is being offered root write access."
Can anyone also help explain this sentence more detail? Based on my understanding, the key is the public key generated by one server and copied
to otherdns. What does it mean "being offered root write access"?
it means to run a command on a remote server.
the syntax is
ssh <remote> <cmd>
so in your case
ssh otherdns /usr/sbin/rndc reload
is basically 4 parts:
ssh: run the ssh executable
otherdns: is the remote server; it's lacking a user information, so the default user (the same as currently logged in; or the one configured in ~/.ssh/config for this remote machine)
/usr/sbin/rndc is a programm on the remote server to be run
reload is an argument to the program to be run on the remote machine
so in plain words, your command means:
run the program /usr/sbin/rndc with the argument reload on the remote machine otherdns
I am using SSH Secure Shell to connect to a server. My connection is allowed to Tunnel X11 connections but when I execute the command. The display is not showing up. I get the message:
couldn't connect to display "localhost:12.0"
I have a ssh server installed and running on my machine.
Remember: Both the client and the server have to allow X forwarding.
On the server look in /etc/ssh/sshd_config and make sure you have X11Forwarding yes. You will need to restart the service if you edit this file.
On the client look in /etc/ssh/ssh_config (your user ~/.ssh/ssh/config will override global settings, if you have created this file) and make sure you have ForwardX11 yes.
Alternatively give the -X switch when you create your client connection. e.g. ssh -X user#host
Oh and of course, your client needs to be running an X server which you have authority to use! E.g. if you connect from Windows using PuTTY it will never work, as Windows is not an X server!
I figured it out. I needed to have X-Server installed on my computer instead of SSH-Server. I installed Xming for that purpose and now everything works as it should.
I'm remote debugging a qt application from one ubuntu machine to another ubuntu one.
I can do it from the console with:
root#eclipsePC# sudo ssh apppcIP -X
root#appPC# export DISPLAY=:0.0
root#appPC# gdb myApplication
Now I'm trying to do the same with Eclipse cdt (starting eclipse with sudo). I've defined the remote connection as a Linux type system. It works for application with no graphics, but for my qt application I get:
Listening on port 2345 Remote debugging from host "myEclipseIP"
myApp: cannot connect to X server
Child exited with status 1
GDBserver exiting logout
I've tried doing
root#appPC# xhost +
root#appPC# export DISPLAY=:ECLIPSEPCIP:0.0
but it didn't work. Anyone knows how to do this?
Thanks
I've added the argument -display ECLIPSEPCIP:0.0 in the debug config and now it starts, but in the appPC instead of the host ECLIPSEPC.
You can enforce ssh X11 forwarding using the ssh config file:
Add the following lines to your $HOME/.ssh/config:
Host apppcIP
ForwardX11 yes
I guess there should be also an option in eclipse to configure -X for the ssh connection, but I'm not sure and have no eclipse for testing. However, the solution shown above will work regardless of eclipse's feature set.
Further, you should not start eclipse as root, also root to root ssh connections are considered insecure. Make sure the regular user can connect to the remote host and execute the necessary commands there.