Ansible access via SSH to Azure VM's on same host but different ports - azure
I have to VM's running on an azure cloud where the hostname is the same but the ports are different for the two VM's. I can do a direct SSH to each of the machines but now I'm trying to configure my ansible playbook to connect and run a simple ping command
ansible all -m ping
My basic ansible inventory file contained
[all]
test01vm0 ansible_host=test01.cloudapp.azure.com ansible_port=50000
test01vm1 ansible_host=test01.cloudapp.azure.com ansible_port=50001
The result is that first VM replies but the second always fails.
test01vm1 | UNREACHABLE! => {
"changed": false,
"msg": "ERROR! SSH encountered an unknown error during the connection. We recommend you re-run the command using -vvvv, which will enable SSH debugging output to help diagnose the issue",
"unreachable": true
}
test01vm0 | SUCCESS => {
"changed": false,
"ping": "pong"
}
I came across this thread on how-to-handle-ssh-host-key-verification-with-2-different-hosts-on-the-same-but and i added
these details to my '.ssh/config' file
Host azure.t01vm0
Hostname test01.cloudapp.azure.com
HostKeyAlias azure.t01vm0
CheckHostIP no
Port 50000
User admin
Host azure.t01vm1
Hostname test01.cloudapp.azure.com
HostKeyAlias azure.t01vm1
CheckHostIP no
Port 50001
User admin
I then updated my inventory file to
[all]
test01vm0 ansible_host=azure.t01vm0
test01vm1 ansible_host=azure.t01vm1
which uses the host alias, under the hood the SSH command will resolve the Hostname and Port.
In my 'groups_vars/all' file i have
# ssh access
ansible_connection: ssh
~~ansible_user: admin~~
~~ansible_pass: xxxxx~~
In my 'ansible.cfg' file i have
[defaults]
~~host_key_checking=false~~
But the same issue still happens. Any suggestions on how i can get around this SSH issue?
The full error is
pc#pc-HP-ZBook-15:~/work/devops/ansible$ ansible all -m ping -vvvv
Using /home/pc/work/devops/ansible/ansible.cfg as config file
Loaded callback minimal of type stdout, v2.0
<azure.t01vm0> ESTABLISH SSH CONNECTION FOR USER: admin
<azure.t01vm0> SSH: EXEC ssh -C -vvv -o ControlMaster=auto -o ControlPersist=60s -o StrictHostKeyChecking=no -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o User=admin -o ConnectTimeout=10 -o ControlPath=/home/pc/.ansible/cp/ansible-ssh-%h-%p-%r -tt azure.t01vm0 '( umask 22 && mkdir -p "$( echo $HOME/.ansible/tmp/ansible-tmp-1453379274.37-334027235531 )" && echo "$( echo $HOME/.ansible/tmp/ansible-tmp-1453379274.37-334027235531 )" )'
<azure.t01vm1> ESTABLISH SSH CONNECTION FOR USER: admin
<azure.t01vm1> SSH: EXEC ssh -C -vvv -o ControlMaster=auto -o ControlPersist=60s -o StrictHostKeyChecking=no -o Port=50001 -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o User=admin -o ConnectTimeout=10 -o ControlPath=/home/pc/.ansible/cp/ansible-ssh-%h-%p-%r -tt azure.t01vm1 '( umask 22 && mkdir -p "$( echo $HOME/.ansible/tmp/ansible-tmp-1453379274.37-107934098383321 )" && echo "$( echo $HOME/.ansible/tmp/ansible-tmp-1453379274.37-107934098383321 )" )'
test01vm1 | UNREACHABLE! => {
"changed": false,
"msg": "ERROR! SSH encountered an unknown error. The output was:\nOpenSSH_6.6.1, OpenSSL 1.0.1f 6 Jan 2014\r\ndebug1: Reading configuration data /home/pc/.ssh/config\r\ndebug1: /home/pc/.ssh/config line 20: Applying options for azure.t01vm1\r\ndebug1: Reading configuration data /etc/ssh/ssh_config\r\ndebug1: /etc/ssh/ssh_config line 19: Applying options for *\r\ndebug1: Hostname has changed; re-reading configuration\r\ndebug1: Reading configuration data /home/pc/.ssh/config\r\ndebug1: Reading configuration data /etc/ssh/ssh_config\r\ndebug1: /etc/ssh/ssh_config line 19: Applying options for *\r\ndebug1: auto-mux: Trying existing master\r\ndebug1: Control socket \"/home/pc/.ansible/cp/ansible-ssh-test01.cloudapp.azure.com-50001-admin\" does not exist\r\ndebug2: ssh_connect: needpriv 0\r\ndebug1: Connecting to test01.cloudapp.azure.com [13.69.146.148] port 50001.\r\ndebug2: fd 3 setting O_NONBLOCK\r\ndebug1: fd 3 clearing O_NONBLOCK\r\ndebug1: Connection established.\r\ndebug3: timeout: 9975 ms remain after connect\r\ndebug3: Incorrect RSA1 identifier\r\ndebug3: Could not load \"/home/pc/.ssh/id_rsa\" as a RSA1 public key\r\ndebug1: identity file /home/pc/.ssh/id_rsa type 1\r\ndebug1: identity file /home/pc/.ssh/id_rsa-cert type -1\r\ndebug1: identity file /home/pc/.ssh/id_dsa type -1\r\ndebug1: identity file /home/pc/.ssh/id_dsa-cert type -1\r\ndebug1: identity file /home/pc/.ssh/id_ecdsa type -1\r\ndebug1: identity file /home/pc/.ssh/id_ecdsa-cert type -1\r\ndebug1: identity file /home/pc/.ssh/id_ed25519 type -1\r\ndebug1: identity file /home/pc/.ssh/id_ed25519-cert type -1\r\ndebug1: Enabling compatibility mode for protocol 2.0\r\ndebug1: Local version string SSH-2.0-OpenSSH_6.6.1p1 Ubuntu-2ubuntu2.4\r\ndebug1: Remote protocol version 2.0, remote software version OpenSSH_6.6.1\r\ndebug1: match: OpenSSH_6.6.1 pat OpenSSH_6.6.1* compat 0x04000000\r\ndebug2: fd 3 setting O_NONBLOCK\r\ndebug1: using hostkeyalias: azure.t01vm1\r\ndebug3: load_hostkeys: loading entries for host \"azure.t01vm1\" from file \"/home/pc/.ssh/known_hosts\"\r\ndebug3: load_hostkeys: found key type ECDSA in file /home/pc/.ssh/known_hosts:75\r\ndebug3: load_hostkeys: loaded 1 keys\r\ndebug3: order_hostkeyalgs: prefer hostkeyalgs: ecdsa-sha2-nistp256-cert-v01#openssh.com,ecdsa-sha2-nistp384-cert-v01#openssh.com,ecdsa-sha2-nistp521-cert-v01#openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521\r\ndebug1: SSH2_MSG_KEXINIT sent\r\ndebug1: SSH2_MSG_KEXINIT received\r\ndebug2: kex_parse_kexinit: curve25519-sha256#libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1\r\ndebug2: kex_parse_kexinit: ecdsa-sha2-nistp256-cert-v01#openssh.com,ecdsa-sha2-nistp384-cert-v01#openssh.com,ecdsa-sha2-nistp521-cert-v01#openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519-cert-v01#openssh.com,ssh-rsa-cert-v01#openssh.com,ssh-dss-cert-v01#openssh.com,ssh-rsa-cert-v00#openssh.com,ssh-dss-cert-v00#openssh.com,ssh-ed25519,ssh-rsa,ssh-dss\r\ndebug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-gcm#openssh.com,aes256-gcm#openssh.com,chacha20-poly1305#openssh.com,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc#lysator.liu.se\r\ndebug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-gcm#openssh.com,aes256-gcm#openssh.com,chacha20-poly1305#openssh.com,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc#lysator.liu.se\r\ndebug2: kex_parse_kexinit: hmac-md5-etm#openssh.com,hmac-sha1-etm#openssh.com,umac-64-etm#openssh.com,umac-128-etm#openssh.com,hmac-sha2-256-etm#openssh.com,hmac-sha2-512-etm#openssh.com,hmac-ripemd160-etm#openssh.com,hmac-sha1-96-etm#openssh.com,hmac-md5-96-etm#openssh.com,hmac-md5,hmac-sha1,umac-64#openssh.com,umac-128#openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160#openssh.com,hmac-sha1-96,hmac-md5-96\r\ndebug2: kex_parse_kexinit: hmac-md5-etm#openssh.com,hmac-sha1-etm#openssh.com,umac-64-etm#openssh.com,umac-128-etm#openssh.com,hmac-sha2-256-etm#openssh.com,hmac-sha2-512-etm#openssh.com,hmac-ripemd160-etm#openssh.com,hmac-sha1-96-etm#openssh.com,hmac-md5-96-etm#openssh.com,hmac-md5,hmac-sha1,umac-64#openssh.com,umac-128#openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160#openssh.com,hmac-sha1-96,hmac-md5-96\r\ndebug2: kex_parse_kexinit: zlib#openssh.com,zlib,none\r\ndebug2: kex_parse_kexinit: zlib#openssh.com,zlib,none\r\ndebug2: kex_parse_kexinit: \r\ndebug2: kex_parse_kexinit: \r\ndebug2: kex_parse_kexinit: first_kex_follows 0 \r\ndebug2: kex_parse_kexinit: reserved 0 \r\ndebug2: kex_parse_kexinit: curve25519-sha256#libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1\r\ndebug2: kex_parse_kexinit: ssh-rsa,ecdsa-sha2-nistp256\r\ndebug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-gcm#openssh.com,aes256-gcm#openssh.com,chacha20-poly1305#openssh.com,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc#lysator.liu.se\r\ndebug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-gcm#openssh.com,aes256-gcm#openssh.com,chacha20-poly1305#openssh.com,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc#lysator.liu.se\r\ndebug2: kex_parse_kexinit: hmac-md5-etm#openssh.com,hmac-sha1-etm#openssh.com,umac-64-etm#openssh.com,umac-128-etm#openssh.com,hmac-sha2-256-etm#openssh.com,hmac-sha2-512-etm#openssh.com,hmac-ripemd160-etm#openssh.com,hmac-sha1-96-etm#openssh.com,hmac-md5-96-etm#openssh.com,hmac-md5,hmac-sha1,umac-64#openssh.com,umac-128#openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160#openssh.com,hmac-sha1-96,hmac-md5-96\r\ndebug2: kex_parse_kexinit: hmac-md5-etm#openssh.com,hmac-sha1-etm#openssh.com,umac-64-etm#openssh.com,umac-128-etm#openssh.com,hmac-sha2-256-etm#openssh.com,hmac-sha2-512-etm#openssh.com,hmac-ripemd160-etm#openssh.com,hmac-sha1-96-etm#openssh.com,hmac-md5-96-etm#openssh.com,hmac-md5,hmac-sha1,umac-64#openssh.com,umac-128#openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160#openssh.com,hmac-sha1-96,hmac-md5-96\r\ndebug2: kex_parse_kexinit: none,zlib#openssh.com\r\ndebug2: kex_parse_kexinit: none,zlib#openssh.com\r\ndebug2: kex_parse_kexinit: \r\ndebug2: kex_parse_kexinit: \r\ndebug2: kex_parse_kexinit: first_kex_follows 0 \r\ndebug2: kex_parse_kexinit: reserved 0 \r\ndebug2: mac_setup: setup hmac-md5-etm#openssh.com\r\ndebug1: kex: server->client aes128-ctr hmac-md5-etm#openssh.com zlib#openssh.com\r\ndebug2: mac_setup: setup hmac-md5-etm#openssh.com\r\ndebug1: kex: client->server aes128-ctr hmac-md5-etm#openssh.com zlib#openssh.com\r\ndebug1: sending SSH2_MSG_KEX_ECDH_INIT\r\ndebug1: expecting SSH2_MSG_KEX_ECDH_REPLY\r\ndebug1: Server host key: ECDSA ff:e4:84:a7:d4:88:18:6b:80:a7:0c:df:b0:f1:56:16\r\ndebug3: put_host_port: [13.69.146.148]:50001\r\ndebug1: using hostkeyalias: azure.t01vm1\r\ndebug3: load_hostkeys: loading entries for host \"azure.t01vm1\" from file \"/home/pc/.ssh/known_hosts\"\r\ndebug3: load_hostkeys: found key type ECDSA in file /home/pc/.ssh/known_hosts:75\r\ndebug3: load_hostkeys: loaded 1 keys\r\ndebug1: Host 'azure.t01vm1' is known and matches the ECDSA host key.\r\ndebug1: Found key in /home/pc/.ssh/known_hosts:75\r\ndebug1: ssh_ecdsa_verify: signature correct\r\ndebug2: kex_derive_keys\r\ndebug2: set_newkeys: mode 1\r\ndebug1: SSH2_MSG_NEWKEYS sent\r\ndebug1: expecting SSH2_MSG_NEWKEYS\r\ndebug2: set_newkeys: mode 0\r\ndebug1: SSH2_MSG_NEWKEYS received\r\ndebug1: SSH2_MSG_SERVICE_REQUEST sent\r\ndebug2: service_accept: ssh-userauth\r\ndebug1: SSH2_MSG_SERVICE_ACCEPT received\r\ndebug2: key: /home/pc/.ssh/id_rsa (0x7fcac5e86a60),\r\ndebug2: key: /home/pc/.ssh/id_dsa ((nil)),\r\ndebug2: key: /home/pc/.ssh/id_ecdsa ((nil)),\r\ndebug2: key: /home/pc/.ssh/id_ed25519 ((nil)),\r\ndebug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password\r\ndebug3: start over, passed a different list publickey,gssapi-keyex,gssapi-with-mic,password\r\ndebug3: preferred gssapi-with-mic,gssapi-keyex,hostbased,publickey\r\ndebug3: authmethod_lookup gssapi-with-mic\r\ndebug3: remaining preferred: gssapi-keyex,hostbased,publickey\r\ndebug3: authmethod_is_enabled gssapi-with-mic\r\ndebug1: Next authentication method: gssapi-with-mic\r\ndebug1: Unspecified GSS failure. Minor code may provide more information\nNo Kerberos credentials available\n\r\ndebug1: Unspecified GSS failure. Minor code may provide more information\nNo Kerberos credentials available\n\r\ndebug1: Unspecified GSS failure. Minor code may provide more information\n\n\r\ndebug1: Unspecified GSS failure. Minor code may provide more information\nNo Kerberos credentials available\n\r\ndebug2: we did not send a packet, disable method\r\ndebug3: authmethod_lookup gssapi-keyex\r\ndebug3: remaining preferred: hostbased,publickey\r\ndebug3: authmethod_is_enabled gssapi-keyex\r\ndebug1: Next authentication method: gssapi-keyex\r\ndebug1: No valid Key exchange context\r\ndebug2: we did not send a packet, disable method\r\ndebug3: authmethod_lookup publickey\r\ndebug3: remaining preferred: ,publickey\r\ndebug3: authmethod_is_enabled publickey\r\ndebug1: Next authentication method: publickey\r\ndebug1: Offering RSA public key: /home/pc/.ssh/id_rsa\r\ndebug3: send_pubkey_test\r\ndebug2: we sent a publickey packet, wait for reply\r\ndebug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password\r\ndebug1: Trying private key: /home/pc/.ssh/id_dsa\r\ndebug3: no such identity: /home/pc/.ssh/id_dsa: No such file or directory\r\ndebug1: Trying private key: /home/pc/.ssh/id_ecdsa\r\ndebug3: no such identity: /home/pc/.ssh/id_ecdsa: No such file or directory\r\ndebug1: Trying private key: /home/pc/.ssh/id_ed25519\r\ndebug3: no such identity: /home/pc/.ssh/id_ed25519: No such file or directory\r\ndebug2: we did not send a packet, disable method\r\ndebug1: No more authentication methods to try.\r\nPermission denied (publickey,gssapi-keyex,gssapi-with-mic,password).\r\n",
"unreachable": true
}
EDIT
I updated my ansible.cfg file to include a the private_key_file value
[defaults]
private_key_file=/home/pc/.ssh/id_rsa.pem
when i attempt to SSH onto the box with the private_key, this is the debug details and i get access
ssh -p 50000 admin#test01.cloudapp.azure.com -v -i ~/.ssh/id_rsa.pem
OpenSSH_6.6.1, OpenSSL 1.0.1f 6 Jan 2014
debug1: Reading configuration data /home/pc/.ssh/config
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug1: Connecting to test01.cloudapp.azure.com [40.112.77.99] port 50000.
debug1: Connection established.
debug1: identity file /home/pc/.ssh/id_rsa.pem type -1
debug1: identity file /home/pc/.ssh/id_rsa.pem-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.6.1p1 Ubuntu-2ubuntu2.4
debug1: Remote protocol version 2.0, remote software version OpenSSH_6.6.1
debug1: match: OpenSSH_6.6.1 pat OpenSSH_6.6.1* compat 0x04000000
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5-etm#openssh.com none
debug1: kex: client->server aes128-ctr hmac-md5-etm#openssh.com none
debug1: sending SSH2_MSG_KEX_ECDH_INIT
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ECDSA a3:30:44:1a:1b:f9:fa:c0:6e:7e:79:a3:fe:da:f4:e1
debug1: Host '[test01.cloudapp.azure.com]:50000' is known and matches the ECDSA host key.
debug1: Found key in /home/pc/.ssh/known_hosts:67
debug1: ssh_ecdsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
debug1: Next authentication method: gssapi-keyex
debug1: No valid Key exchange context
debug1: Next authentication method: gssapi-with-mic
debug1: Unspecified GSS failure. Minor code may provide more information
No Kerberos credentials available
debug1: Unspecified GSS failure. Minor code may provide more information
No Kerberos credentials available
debug1: Unspecified GSS failure. Minor code may provide more information
debug1: Unspecified GSS failure. Minor code may provide more information
No Kerberos credentials available
debug1: Next authentication method: publickey
debug1: Offering RSA public key: pc#pc-HP-ZBook-15
debug1: Server accepts key: pkalg ssh-rsa blen 279
debug1: Authentication succeeded (publickey).
Authenticated to test01.cloudapp.azure.com ([40.112.77.99]:50000).
debug1: channel 0: new [client-session]
debug1: Requesting no-more-sessions#openssh.com
debug1: Entering interactive session.
debug1: Sending environment.
debug1: Sending env LANG = en_IE.UTF-8
It seems odd to me that the SSH login is still using the 'publickey' in this case?
If you have a look on that long line, with error, you will find:
debug3: preferred gssapi-with-mic,gssapi-keyex,hostbased,publickey
Server does not support password authentication. It is no wonder that it fails. You need to allow it in server config or log in using private key.
Related
Unable to run command over SSH Paramiko
I am logged into a device and trying to run commands over the ssh connection. Whenever I run the command I get the prompt to enter a password I pass the password through stdin and the program gets stuck at stdout.readlines(). I think the reason for that is because paramiko is not able to pass the password for that command. Can you help? Below is the code that I am using def SSH_Connection(): ssh = paramiko.SSHClient() ssh.load_system_host_keys() ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy()) ssh.connect(device_ip, username=username, password=password,port=22) print(command_to_run) stdin, stdout, stderr = ssh.exec_command(command_to_run) stdin.write(command_pass+'\n') stdin.flush() data = stdout.readlines() ssh.close() for line in data: print(line) SSH_Connection() Output of ssh -vv username#host your_command: OpenSSH_for_Windows_7.6p1, LibreSSL 2.6.4 debug2: resolving "host" port 22 debug2: ssh_connect_direct: needpriv 0 debug1: Connecting to host [host] port 22. debug1: Connection established. debug1: key_load_public: No such file or directory debug1: identity file C:\\Users\\temp/.ssh/id_rsa type -1 debug1: key_load_public: No such file or directory debug1: identity file C:\\Users\\temp/.ssh/id_rsa-cert type -1 debug1: key_load_public: No such file or directory debug1: identity file C:\\Users\\temp/.ssh/id_dsa type -1 debug1: key_load_public: No such file or directory debug1: identity file C:\\Users\\temp/.ssh/id_dsa-cert type -1 debug1: key_load_public: No such file or directory debug1: identity file C:\\Users\\temp/.ssh/id_ecdsa type -1 debug1: key_load_public: No such file or directory debug1: identity file C:\\Users\\temp/.ssh/id_ecdsa-cert type -1 debug1: key_load_public: No such file or directory debug1: identity file C:\\Users\\temp/.ssh/id_ed25519 type -1 debug1: key_load_public: No such file or directory debug1: identity file C:\\Users\\temp/.ssh/id_ed25519-cert type -1 debug1: Local version string SSH-2.0-OpenSSH_for_Windows_7.6 debug1: Remote protocol version 2.0, remote software version OpenSSH_12.1 debug1: match: OpenSSH_12.1 pat OpenSSH* compat 0x04000000 debug2: fd 3 setting O_NONBLOCK debug1: Authenticating to host:22 as 'admin' debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug2: local client KEXINIT proposal Cipher exchange happens debug1: sending SSH2_MSG_KEX_ECDH_INIT debug1: expecting SSH2_MSG_KEX_ECDH_REPLY debug1: Server host key: debug1: Host 'host' is known and matches the RSA host key. debug1: Found key in C:\\Users\\temp/.ssh/known_hosts:16 debug2: set_newkeys: mode 1 debug1: rekey after 4294967296 blocks debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug1: SSH2_MSG_NEWKEYS received debug2: set_newkeys: mode 0 debug1: rekey after 4294967296 blocks debug1: pubkey_prepare: ssh_get_authentication_socket: No such file or directory debug2: key: C:\\Users\\temp/.ssh/id_rsa (0000000000000000) debug2: key: C:\\Users\\temp/.ssh/id_dsa (0000000000000000) debug2: key: C:\\Users\\temp/.ssh/id_ecdsa (0000000000000000) debug2: key: C:\\Users\\temp/.ssh/id_ed25519 (0000000000000000) debug2: service_accept: ssh-userauth debug1: SSH2_MSG_SERVICE_ACCEPT received WARNING Activity on this device, and attempted access, is logged. debug1: Authentications that can continue: publickey,password,keyboard-interactive debug1: Next authentication method: publickey debug1: Trying private key: C:\\Users\\temp/.ssh/id_rsa debug1: Trying private key: C:\\Users\\temp/.ssh/id_dsa debug1: Trying private key: C:\\Users\\temp/.ssh/id_ecdsa debug1: Trying private key: C:\\Users\\temp/.ssh/id_ed25519 debug2: we did not send a packet, disable method debug1: Next authentication method: keyboard-interactive debug2: userauth_kbdint debug2: we sent a keyboard-interactive packet, wait for reply debug2: input_userauth_info_req debug2: input_userauth_info_req: num_prompts 1 debug1: read_passphrase: can't open /dev/tty: No such file or directory Password: debug2: input_userauth_info_req debug2: input_userauth_info_req: num_prompts 0 debug1: Authentication succeeded (keyboard-interactive). Authenticated to host ([host]:22). debug1: channel 0: new [client-session] debug2: channel 0: send open debug1: Requesting no-more-sessions#openssh.com debug1: Entering interactive session. debug1: pledge: network debug2: channel_input_open_confirmation: channel 0: callback start debug2: fd 3 setting TCP_NODELAY debug2: client_session2_setup: id 0 debug1: Sending command: my_command debug2: channel 0: request exec confirm 1 debug2: channel_input_open_confirmation: channel 0: callback done debug2: channel 0: open confirm rwindow 0 rmax 32768 debug2: channel 0: rcvd adjust 2097152 debug2: channel_input_status_confirm: type 99 id 0 debug2: exec request accepted on channel 0 The scenario is like after I run exec_command, it prompts for password. It's like when you run a sudo command OS asks you for password to run it like that as soon as I run the command I get prompted for password. My command is that I log in to a network device like a router and run a command and store the output and then check the output whether it ran successfully if not then what was the error. The code works for other commands. Wwhen I am running this command over cli it asks for password and then I enter the password and it runs. I tried using \r\n in stdin.write(command_pass+'\r\n') but it still gets stuck Below is the shell channel code I used def SSH_Connection_Shell: ssh = paramiko.SSHClient() ssh.load_system_host_keys() ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy()) ssh.connect(host, username=username, password=password,port=22) channel = ssh.invoke_shell() channel.send('\n') channel.send(command_to_run+'\n') channel.send(pass) channel.send('\r\n') channel.send('\n') time.sleep(5) out=channel.recv(9999) print(out) file = open('Output_Of_Commands.txt', 'ab') file.write(out) file.close()
can't connect ssh sh: 6000: command not found [closed]
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers. This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered. Closed 3 years ago. Improve this question I'm trying to connect my server and ssh show me: sh: 6000: command not found blow is ssh verbose log and my sshd_config. [~] # ssh -v admin#myserver -P 6000 OpenSSH_7.6p1, OpenSSL 1.0.2k 26 Jan 2017 debug1: Connecting to 192.168.50.21 [192.168.50.21] port 6000. debug1: Connection established. debug1: permanently_set_uid: 0/0 debug1: identity file /root/.ssh/id_rsa type 0 debug1: key_load_public: No such file or directory debug1: identity file /root/.ssh/id_rsa-cert type -1 debug1: key_load_public: No such file or directory debug1: identity file /root/.ssh/id_dsa type -1 debug1: key_load_public: No such file or directory debug1: identity file /root/.ssh/id_dsa-cert type -1 debug1: key_load_public: No such file or directory debug1: identity file /root/.ssh/id_ecdsa type -1 debug1: key_load_public: No such file or directory debug1: identity file /root/.ssh/id_ecdsa-cert type -1 debug1: key_load_public: No such file or directory debug1: identity file /root/.ssh/id_ed25519 type -1 debug1: key_load_public: No such file or directory debug1: identity file /root/.ssh/id_ed25519-cert type -1 debug1: Local version string SSH-2.0-OpenSSH_7.6 debug1: Remote protocol version 2.0, remote software version OpenSSH_7.6 debug1: match: OpenSSH_7.6 pat OpenSSH* compat 0x04000000 debug1: Authenticating to 192.168.50.216000 as 'admin' debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug1: kex: algorithm: curve25519-sha256 debug1: kex: host key algorithm: rsa-sha2-512 debug1: kex: server->client cipher: chacha20-poly1305#openssh.com MAC: <implicit> compression: none debug1: kex: client->server cipher: chacha20-poly1305#openssh.com MAC: <implicit> compression: none debug1: expecting SSH2_MSG_KEX_ECDH_REPLY debug1: Server host key: ssh-rsa SHA256:XTuaKA/5nJd1wol9+Ckp0or8XCx3Rd/0NGMIdT9lrro debug1: Host '192.168.50.21' is known and matches the RSA host key. debug1: Found key in /root/.ssh/known_hosts:2 debug1: rekey after 134217728 blocks debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug1: SSH2_MSG_NEWKEYS received debug1: rekey after 134217728 blocks debug1: SSH2_MSG_EXT_INFO received debug1: kex_input_ext_info: server-sig-algs=<ssh-ed25519,ssh-rsa,rsa-sha2-256,rsa-sha2-512,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521> debug1: SSH2_MSG_SERVICE_ACCEPT received debug1: Authentications that can continue: publickey,password,keyboard-interactive debug1: Next authentication method: publickey debug1: Offering public key: RSA SHA256:XTuaKA/5nJd1wol9+Ckp0or8XCx3Rd/0NGMIdT9lrro /root/.ssh/id_rsa debug1: Authentications that can continue: publickey,password,keyboard-interactive debug1: Trying private key: /root/.ssh/id_dsa debug1: Trying private key: /root/.ssh/id_ecdsa debug1: Trying private key: /root/.ssh/id_ed25519 debug1: Next authentication method: keyboard-interactive debug1: Authentications that can continue: publickey,password,keyboard-interactive debug1: Next authentication method: password admin#192.168.50.21's password: debug1: Authentication succeeded (password). Authenticated to 192.168.50.21 ([192.168.50.21]6000). debug1: channel 0: new [client-session] debug1: Requesting no-more-sessions#openssh.com debug1: Entering interactive session. debug1: pledge: network debug1: client_input_global_request: rtype hostkeys-00#openssh.com want_reply 0 debug1: Sending command: 6000 debug1: client_input_channel_req: channel 0 rtype exit-status reply 0 debug1: client_input_channel_req: channel 0 rtype eow#openssh.com reply 0 sh: 6000: command not found debug1: channel 0: free: client-session, nchannels 1 Transferred: sent 2248, received 3052 bytes, in 0.2 seconds Bytes per second: sent 14674.8, received 19923.2 debug1: Exit status 127 this is my sshd config # $OpenBSD: sshd_config,v 1.74 2006/07/19 13:07:10 dtucker Exp $ # This is the sshd server system-wide configuration file. See # sshd_config(5) for more information. # This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin # The strategy used for options in the default sshd_config shipped with # OpenSSH is to specify options with their default value where # possible, but leave them commented. Uncommented options change a # default value. #Port 22 #Protocol 2,1 Protocol 2 #AddressFamily any #ListenAddress 0.0.0.0 #ListenAddress :: # HostKey for protocol version 1 #HostKey /etc/ssh/ssh_host_key # HostKeys for protocol version 2 HostKey /etc/ssh/ssh_host_rsa_key HostKey /etc/ssh/ssh_host_dsa_key # Lifetime and size of ephemeral version 1 server key #KeyRegenerationInterval 1h #ServerKeyBits 768 # Logging # obsoletes QuietMode and FascistLogging #SyslogFacility AUTH #LogLevel INFO # Authentication: #LoginGraceTime 2m PermitRootLogin yes #StrictModes yes #MaxAuthTries 6 #RSAAuthentication yes #PubkeyAuthentication yes #AuthorizedKeysFile .ssh/authorized_keys # For this to work you will also need host keys in /etc/ssh/ssh_known_hosts #RhostsRSAAuthentication no # similar for protocol version 2 #HostbasedAuthentication no # Change to yes if you don't trust ~/.ssh/known_hosts for # RhostsRSAAuthentication and HostbasedAuthentication #IgnoreUserKnownHosts no # Don't read the user's ~/.rhosts and ~/.shosts files #IgnoreRhosts yes # To disable tunneled clear text passwords, change to no here! #PasswordAuthentication yes #PermitEmptyPasswords no # Change to no to disable s/key passwords #ChallengeResponseAuthentication yes # Kerberos options #KerberosAuthentication no #KerberosOrLocalPasswd yes #KerberosTicketCleanup yes #KerberosGetAFSToken no # GSSAPI options #GSSAPIAuthentication no #GSSAPICleanupCredentials yes # Set this to 'yes' to enable PAM authentication, account processing, # and session processing. If this is enabled, PAM authentication will # be allowed through the ChallengeResponseAuthentication and # PasswordAuthentication. Depending on your PAM configuration, # PAM authentication via ChallengeResponseAuthentication may bypass # the setting of "PermitRootLogin without-password". # If you just want the PAM account and session checks to run without # PAM authentication, then enable this but set PasswordAuthentication # and ChallengeResponseAuthentication to 'no'. #UsePAM no #AllowTcpForwarding yes #GatewayPorts no #X11Forwarding no #X11DisplayOffset 10 #X11UseLocalhost yes #PrintMotd yes #PrintLastLog yes #TCPKeepAlive yes #UseLogin no #PermitUserEnvironment no #Compression delayed #ClientAliveInterval 0 #ClientAliveCountMax 3 UseDNS no #PidFile /var/run/sshd.pid #MaxStartups 10 #PermitTunnel no # no default banner path #Banner /some/path # override default of no subsystems Subsystem sftp /usr/libexec/sftp-server AllowUsers admin # Example of overriding settings on a per-user basis #Match User anoncvs # X11Forwarding no # AllowTcpForwarding no # ForceCommand cvs server I don't know why this error show here. And I use a mac software called ssh shell it can connect to my server. I'm pretty sure the password is right.
Your commandline doesn't do what you think it does. ssh -v admin#myserver -P 6000 -v enables some debug information admin#myserver provides the remote user and remote host -P 6000 does NOT attempt to connect to port 6000 The command you probably intended was: ssh -v admin#myserver -p 6000 However, it turns out that -P is an undocumented argument that is accepted by ssh. This leaves an unaccounted for argument 6000. ssh assumes this is a command that you want to run on the remote server. It doesn't exist, which results in the error shown: sh: 6000: command not found
How to setup SSH keys for buildbot user
I'm trying to setup SSH keys for Buildbot's buildbot user, so it can clone my private repo without needing a username and password. This is how I'm testing: sudo -u buildbot bash export HOME=/var/lib/buildbot cd $HOME mkdir git cd git git clone git#bitbucket.org:myproject/myrepo.git the last step fails with: Cloning into 'myrepo'... Permission denied (publickey). fatal: Could not read from remote repository. Please make sure you have the correct access rights and the repository exists. Why am I getting this error? I've confirmed my SSH key is correct with: /var/lib/buildbot/.ssh folder exists with the correct permissions /var/lib/buildbot/.ssh/id_rsa file exists with the correct permissions /var/lib/buildbot/.ssh/id_rsa.pub file exists with the correct permissions the content of /var/lib/buildbot/.ssh/id_rsa.pub file has been registered in my Bitbucket account as my SSH key If I run: ssh-agent bash -c 'ssh-add /var/lib/buildbot/.ssh/id_rsa; git clone git#bitbucket.org:myproject/myrepo.git' then it clones my repo perfectly. Why isn't the normal command able to access my SSH key? Edit: The output of ssh -vvv git#bitbucket.org is: OpenSSH_7.2p2 Ubuntu-4ubuntu2.1, OpenSSL 1.0.2g 1 Mar 2016 debug1: Reading configuration data /etc/ssh/ssh_config debug1: /etc/ssh/ssh_config line 19: Applying options for * debug2: resolving "bitbucket.org" port 22 debug2: ssh_connect_direct: needpriv 0 debug1: Connecting to bitbucket.org [104.192.143.2] port 22. debug1: Connection established. debug1: key_load_public: No such file or directory debug1: identity file /home/buildbot/.ssh/id_rsa type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/buildbot/.ssh/id_rsa-cert type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/buildbot/.ssh/id_dsa type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/buildbot/.ssh/id_dsa-cert type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/buildbot/.ssh/id_ecdsa type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/buildbot/.ssh/id_ecdsa-cert type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/buildbot/.ssh/id_ed25519 type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/buildbot/.ssh/id_ed25519-cert type -1 debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_7.2p2 Ubuntu-4ubuntu2.1 debug1: Remote protocol version 2.0, remote software version conker_1.0.288-e9ef8ea app-123 debug1: no match: conker_1.0.288-e9ef8ea app-123 debug2: fd 3 setting O_NONBLOCK debug1: Authenticating to bitbucket.org:22 as 'git' debug3: hostkeys_foreach: reading file "/home/buildbot/.ssh/known_hosts" debug3: record_hostkey: found key type RSA in file /home/buildbot/.ssh/known_hosts:1 debug3: load_hostkeys: loaded 1 keys from bitbucket.org debug3: order_hostkeyalgs: prefer hostkeyalgs: ssh-rsa-cert-v01#openssh.com,rsa-sha2-512,rsa-sha2-256,ssh-rsa debug3: send packet: type 20 debug1: SSH2_MSG_KEXINIT sent debug3: receive packet: type 20 debug1: SSH2_MSG_KEXINIT received debug2: local client KEXINIT proposal debug2: KEX algorithms: curve25519-sha256#libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,ext-info-c debug2: host key algorithms: ssh-rsa-cert-v01#openssh.com,rsa-sha2-512,rsa-sha2-256,ssh-rsa,ecdsa-sha2-nistp256-cert-v01#openssh.com,ecdsa-sha2-nistp384-cert-v01#openssh.com,ecdsa-sha2-nistp521-cert-v01#openssh.com,ssh-ed25519-cert-v01#openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519 debug2: ciphers ctos: chacha20-poly1305#openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm#openssh.com,aes256-gcm#openssh.com,aes128-cbc,aes192-cbc,aes256-cbc,3des-cbc debug2: ciphers stoc: chacha20-poly1305#openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm#openssh.com,aes256-gcm#openssh.com,aes128-cbc,aes192-cbc,aes256-cbc,3des-cbc debug2: MACs ctos: umac-64-etm#openssh.com,umac-128-etm#openssh.com,hmac-sha2-256-etm#openssh.com,hmac-sha2-512-etm#openssh.com,hmac-sha1-etm#openssh.com,umac-64#openssh.com,umac-128#openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1 debug2: MACs stoc: umac-64-etm#openssh.com,umac-128-etm#openssh.com,hmac-sha2-256-etm#openssh.com,hmac-sha2-512-etm#openssh.com,hmac-sha1-etm#openssh.com,umac-64#openssh.com,umac-128#openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1 debug2: compression ctos: none,zlib#openssh.com,zlib debug2: compression stoc: none,zlib#openssh.com,zlib debug2: languages ctos: debug2: languages stoc: debug2: first_kex_follows 0 debug2: reserved 0 debug2: peer server KEXINIT proposal debug2: KEX algorithms: curve25519-sha256#libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1 debug2: host key algorithms: ssh-dss,ssh-rsa debug2: ciphers ctos: aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm#openssh.com,arcfour256,arcfour128 debug2: ciphers stoc: aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm#openssh.com,arcfour256,arcfour128 debug2: MACs ctos: hmac-sha2-256,hmac-sha1,hmac-sha1-96 debug2: MACs stoc: hmac-sha2-256,hmac-sha1,hmac-sha1-96 debug2: compression ctos: none debug2: compression stoc: none debug2: languages ctos: debug2: languages stoc: debug2: first_kex_follows 0 debug2: reserved 0 debug1: kex: algorithm: curve25519-sha256#libssh.org debug1: kex: host key algorithm: ssh-rsa debug1: kex: server->client cipher: aes128-ctr MAC: hmac-sha2-256 compression: none debug1: kex: client->server cipher: aes128-ctr MAC: hmac-sha2-256 compression: none debug3: send packet: type 30 debug1: expecting SSH2_MSG_KEX_ECDH_REPLY debug3: receive packet: type 31 debug1: Server host key: ssh-rsa SHA256:zzXQOXSRBEiUtuE8AikJYKwbHaxvSc0ojez9YXaGp1A debug3: hostkeys_foreach: reading file "/home/buildbot/.ssh/known_hosts" debug3: record_hostkey: found key type RSA in file /home/buildbot/.ssh/known_hosts:1 debug3: load_hostkeys: loaded 1 keys from bitbucket.org debug3: hostkeys_foreach: reading file "/home/buildbot/.ssh/known_hosts" debug3: record_hostkey: found key type RSA in file /home/buildbot/.ssh/known_hosts:2 debug3: load_hostkeys: loaded 1 keys from 104.192.143.2 debug1: Host 'bitbucket.org' is known and matches the RSA host key. debug1: Found key in /home/buildbot/.ssh/known_hosts:1 debug3: send packet: type 21 debug2: set_newkeys: mode 1 debug1: rekey after 4294967296 blocks debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug3: receive packet: type 21 debug2: set_newkeys: mode 0 debug1: rekey after 4294967296 blocks debug1: SSH2_MSG_NEWKEYS received debug2: key: /home/buildbot/.ssh/id_rsa ((nil)) debug2: key: /home/buildbot/.ssh/id_dsa ((nil)) debug2: key: /home/buildbot/.ssh/id_ecdsa ((nil)) debug2: key: /home/buildbot/.ssh/id_ed25519 ((nil)) debug3: send packet: type 5 debug3: receive packet: type 6 debug2: service_accept: ssh-userauth debug1: SSH2_MSG_SERVICE_ACCEPT received debug3: send packet: type 50 debug3: receive packet: type 51 debug1: Authentications that can continue: publickey debug3: start over, passed a different list publickey debug3: preferred gssapi-keyex,gssapi-with-mic,publickey,keyboard-interactive,password debug3: authmethod_lookup publickey debug3: remaining preferred: keyboard-interactive,password debug3: authmethod_is_enabled publickey debug1: Next authentication method: publickey debug1: Trying private key: /home/buildbot/.ssh/id_rsa debug3: no such identity: /home/buildbot/.ssh/id_rsa: No such file or directory debug1: Trying private key: /home/buildbot/.ssh/id_dsa debug3: no such identity: /home/buildbot/.ssh/id_dsa: No such file or directory debug1: Trying private key: /home/buildbot/.ssh/id_ecdsa debug3: no such identity: /home/buildbot/.ssh/id_ecdsa: No such file or directory debug1: Trying private key: /home/buildbot/.ssh/id_ed25519 debug3: no such identity: /home/buildbot/.ssh/id_ed25519: No such file or directory debug2: we did not send a packet, disable method debug1: No more authentication methods to try. Permission denied (publickey). Edit: Updating buildbot's home directory in /etc/passwd to point to /var/lib/buildbot causes more problems. Now I can't even access buildbot's home directory as buildbot: $ sudo -u buildbot bash $ echo $HOME /home/ubuntu $ export HOME=/var/lib/buildbot $ cd $HOME bash: cd: /var/lib/buildbot: Permission denied
Buildbot now supports specifying private SSH keys (these changes will be released as part of buildbot 1.3.0). See https://github.com/buildbot/buildbot/pull/4178 and https://github.com/buildbot/buildbot/pull/4160 Disclaimer: I'm the author of these PRs :-)
OpenSSH is not using environment variable $HOME, as you can see from the log, but uses directly the getpwnam() functions to get the real home directory of running user (/home/buildbot/). You either have to fix it in /etc/passwd or use the ssh-agent or IdentityFile option/config value to the ssh to make ssh use this key.
openssh seamless login does not work
Have been trying to setup the seamless ssh login across couple of servers but running into issues as after copying the public key the ssh to the host still asks for the password. Here is what I did [root#app6 .ssh]# ssh-keygen Generating public/private rsa key pair. Enter file in which to save the key (/root/.ssh/id_rsa): /root/.ssh/id_rsa already exists. Overwrite (y/n)? y Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /root/.ssh/id_rsa. Your public key has been saved in /root/.ssh/id_rsa.pub. The key fingerprint is: e9:e9:b4:e5:50:7b:9b:f6:3f:d5:65:52:39:9c:ba:38 root#app6 The key's randomart image is: +--[ RSA 2048]----+ | . o| | =.| | ...| | . .. o| | S . . .oo| | . o E . o| | = o o .| | o = ..o . | | o ..o...o| +-----------------+ And then copied the id to the host [root#app6 .ssh]# ssh-copy-id app3 /usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed /usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys \S Kernel \r on an \m Password: Number of key(s) added: 1 Now try logging into the machine, with: "ssh 'app3'" and check to make sure that only the key(s) you wanted were added. But when I try to login then it does not work (asks for password) – [root#app6 .ssh]# ssh 'app3' \S Kernel \r on an \m Password: I should not be seeing the 'Password:' prompt. Apparently something is amiss. Here is the version of ssh that is running: [root#app6 ~]# ssh -V OpenSSH_6.6.1p1, OpenSSL 1.0.1e-fips 11 Feb 2013 Adding the output of ssh -vvv app3 below: debug3: load_hostkeys: loading entries for host "172.27.36.104" from file "/root/.ssh/known_hosts" debug3: load_hostkeys: found key type ECDSA in file /root/.ssh/known_hosts:5 debug3: load_hostkeys: loaded 1 keys debug1: Host '172.27.36.104' is known and matches the ECDSA host key. debug1: Found key in /root/.ssh/known_hosts:5 debug1: ssh_ecdsa_verify: signature correct debug2: kex_derive_keys debug2: set_newkeys: mode 1 debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug2: set_newkeys: mode 0 debug1: SSH2_MSG_NEWKEYS received debug1: Roaming not allowed by server debug1: SSH2_MSG_SERVICE_REQUEST sent debug2: service_accept: ssh-userauth debug1: SSH2_MSG_SERVICE_ACCEPT received debug2: key: /root/.ssh/id_rsa (0x7f471042f250), debug2: key: /root/.ssh/id_dsa ((nil)), debug2: key: /root/.ssh/id_ecdsa (0x7f4710433730), debug2: key: /root/.ssh/id_ed25519 ((nil)), debug3: input_userauth_banner \S Kernel \r on an \m debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password,keyboard-interactive debug3: start over, passed a different list publickey,gssapi-keyex,gssapi-with-mic,password,keyboard-interactive debug3: preferred gssapi-keyex,gssapi-with-mic,publickey,keyboard-interactive,password debug3: authmethod_lookup gssapi-keyex debug3: remaining preferred: gssapi-with-mic,publickey,keyboard-interactive,password debug3: authmethod_is_enabled gssapi-keyex debug1: Next authentication method: gssapi-keyex debug1: No valid Key exchange context debug2: we did not send a packet, disable method debug3: authmethod_lookup gssapi-with-mic debug3: remaining preferred: publickey,keyboard-interactive,password debug3: authmethod_is_enabled gssapi-with-mic debug1: Next authentication method: gssapi-with-mic debug1: Unspecified GSS failure. Minor code may provide more information No Kerberos credentials available debug1: Unspecified GSS failure. Minor code may provide more information No Kerberos credentials available debug1: Unspecified GSS failure. Minor code may provide more information debug1: Unspecified GSS failure. Minor code may provide more information No Kerberos credentials available debug2: we did not send a packet, disable method debug3: authmethod_lookup publickey debug3: remaining preferred: keyboard-interactive,password debug3: authmethod_is_enabled publickey debug1: Next authentication method: publickey debug1: Offering RSA public key: /root/.ssh/id_rsa debug3: send_pubkey_test debug2: we sent a publickey packet, wait for reply debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password,keyboard-interactive debug1: Trying private key: /root/.ssh/id_dsa debug3: no such identity: /root/.ssh/id_dsa: No such file or directory debug1: Offering ECDSA public key: /root/.ssh/id_ecdsa debug3: send_pubkey_test debug2: we sent a publickey packet, wait for reply debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password,keyboard-interactive debug1: Trying private key: /root/.ssh/id_ed25519 debug3: no such identity: /root/.ssh/id_ed25519: No such file or directory debug2: we did not send a packet, disable method debug3: authmethod_lookup keyboard-interactive debug3: remaining preferred: password debug3: authmethod_is_enabled keyboard-interactive debug1: Next authentication method: keyboard-interactive debug2: userauth_kbdint debug2: we sent a keyboard-interactive packet, wait for reply debug2: input_userauth_info_req debug2: input_userauth_info_req: num_prompts 1 Password:
Check the following The directory app3:~/.ssh has permissions 0700 The file app3:~/.ssh/authorized_keys has permissions 0600 The key app6:~/.ssh/id_rsa.pub exists in app3:~/.ssh/authorized_keys Check sshd config file PermitRootLogin yes RSAAuthentication yes PubkeyAuthentication yes If all the above is correct, then run ssh -vvv app3 to see a very verbose connection info. It should provide feedback on why the password-less login fails.
comment for #yk11 's answer: 4.check the sshd config file PermitRootLogin yes RSAAuthentication yes PubkeyAuthentication yes open these config and restart sshd process.
How to Reverse SSH from Shell Script
Good afternoon, I am trying to establish a reverse SSH connection using a shell script. Below is my calling command, from client to host, and back to client: (important data is replaced with xxxxxx) ssh -o StrictHostKeyChecking=no -o ConnectTimeout=15 -R 19999:localhost:22 admin#xx.xxx.xx.xx -v "sshpass -p xxxxxxx ssh -f -N -q -L 0.0.0.0:81:localhost:80 root#localhost -p 19999" Show Below are the Output from SSH and from Netstat commands The connection does show up on Netstat unfortunately, it shows up as TIME_WAIT instead of ESTABLISHED and I cannot access port 80 on client from another machine (by accessing port 81 on host) Is this the correct way to establish Reverse SSH connection without having to type anything on the host? If I run the two commands manually ssh -o StrictHostKeyChecking=no -o ConnectTimeout=15 -R 19999:localhost:22 dmin#xx.xxx.xx.xx -v and sshpass -p xxxxxxx ssh -f -N -q -L 0.0.0.0:81:localhost:80 root#localhost -p 19999 Everything work, Once it's connected to the host, I do not have any problems, however I cannot do it this way from a script file. EDIT: I tried different combinations of using -f -N and -q on the client and the host portion of the commands, but I haven't had any successful results. The best I've gotten was to display the client's firmware welcome message Netstat output after the command was executed: Active Internet connections (w/o servers) Proto Recv-Q Send-Q Local Address Foreign Address State tcp 0 0 xxx.xxxxxxxxx.myvzw.com:xxxx xxxx.us-west-1.compute.xxxxx.com:ssh TIME_WAIT tcp 0 0 localhost:49553 localhost:ssh TIME_WAIT udp 0 0 xxx.xxxxxxxxx.myvzw.com:xxxx xxxxxxx:ntp ESTABLISHED Active UNIX domain sockets (w/o servers) Debug Output from top SSH command OpenSSH_6.6, OpenSSL 1.0.1f 6 Jan 2014 debug1: Reading configuration data /etc/ssh/ssh_config debug1: Connecting to xx.xxx.xxx.xx [xx.xxx.xxx.xx] port 22. debug1: fd 3 clearing O_NONBLOCK debug1: Connection established. debug1: permanently_set_uid: 0/0 debug1: identity file /root/.ssh/id_rsa type -1 debug1: identity file /root/.ssh/id_rsa-cert type -1 debug1: identity file /root/.ssh/id_dsa type -1 debug1: identity file /root/.ssh/id_dsa-cert type -1 debug1: identity file /root/.ssh/id_ecdsa type -1 debug1: identity file /root/.ssh/id_ecdsa-cert type -1 debug1: identity file /root/.ssh/id_ed25519 type -1 debug1: identity file /root/.ssh/id_ed25519-cert type -1 debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_6.6 debug1: Remote protocol version 2.0, remote software version OpenSSH_6.0p1 Debian-4 debug1: match: OpenSSH_6.0p1 Debian-4 pat OpenSSH* compat 0x04000000 debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug1: kex: server->client aes128-ctr hmac-md5 none debug1: kex: client->server aes128-ctr hmac-md5 none debug1: sending SSH2_MSG_KEX_ECDH_INIT debug1: expecting SSH2_MSG_KEX_ECDH_REPLY debug1: Server host key: ECDSA xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx debug1: Host 'xx:xxx:xxx:xx' is known and matches the ECDSA host key. debug1: Found key in /root/.ssh/known_hosts:5 debug1: ssh_ecdsa_verify: signature correct debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug1: SSH2_MSG_NEWKEYS received debug1: Roaming not allowed by server debug1: SSH2_MSG_SERVICE_REQUEST sent debug1: SSH2_MSG_SERVICE_ACCEPT received debug1: Authentications that can continue: publickey debug1: Next authentication method: publickey debug1: Trying private key: /root/.ssh/id_rsa debug1: key_parse_private2: missing begin marker debug1: read PEM private key done: type RSA debug1: Authentication succeeded (publickey). Authenticated to xx:xxx:xxx:xx ([xx:xxx:xxx:xx]:22). debug1: Remote connections from LOCALHOST:19999 forwarded to local address localhost:22 debug1: channel 0: new [client-session] debug1: Requesting no-more-sessions#openssh.com debug1: Entering interactive session. debug1: remote forward success for: listen 19999, connect localhost:22 debug1: All remote forwarding requests processed debug1: Sending command: sleep 5; sshpass -p xxxxxxx ssh -f -N -q -L 0.0.0.0:1195:localhost:1194 root#localhost -p 19999 debug1: client_input_channel_open: ctype forwarded-tcpip rchan 3 win 2097152 max 32768 debug1: client_request_forwarded_tcpip: listen localhost port 19999, originator ::1 port 38767 debug1: connect_next: host localhost ([127.0.0.1]:22) in progress, fd=7 debug1: channel 1: new [::1] debug1: confirm forwarded-tcpip debug1: channel 1: connected to localhost port 22 debug1: client_input_channel_req: channel 0 rtype exit-status reply 0 debug1: client_input_channel_req: channel 0 rtype eow#openssh.com reply 0 debug1: channel 0: free: client-session, nchannels 2 debug1: channel 1: free: ::1, nchannels 1 Transferred: sent 4768, received 4176 bytes, in 10.4 seconds Bytes per second: sent 459.7, received 402.6 debug1: Exit status 0 Thank you,
I seem to have been able to establish a reverse connection by applying some "sleep" commands Below is my command ssh -o StrictHostKeyChecking=no -o ConnectTimeout=15 -f -R 19999:localhost:22 admin#XX.XXX.XXX.XX -v "sleep 5; sshpass -p XXXXXX ssh -L 0.0.0.0:81:localhost:81 root#localhost -p 19999 -v \"sleep 120\" sleep 120" So basically I am putting the ssh process to sleep before finishing the second connection and placing the second connection to sleep right afterwards. Interestingly enough, the connection doesn't cease after 120 seconds, it stays up. If someone would be kind enough to explain why this works, or if there is a better method, please reply Thanks