We have been using Ubuntu VM's on Azure for some time now and rarely had a any problems. However, one of the VMs has gone bonkers lately. Out of the blue, the Ubuntu VM starts rejecting the public key -
ssh -i ~/azure.key abc#xyz.cloudapp.net
Permission denied (publickey).
Verbose gives me even more confusing signs -
~$ ssh -i -v -v -v ~/azure.key abc#xyz.cloudapp.net
Warning: Identity file -v not accessible: No such file or directory.
OpenSSH_5.9p1 Debian-5ubuntu1.1, OpenSSL 1.0.1 14 Mar 2012
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug2: ssh_connect: needpriv 0
ssh: Could not resolve hostname /home/abc/azure.key: Name or service not known
Wondering if anyone saw this problem or can suggest ideas/solutions?
How about the following?
$ ssh -i ~/azure.key -v -v -v abc#xyz.cloudapp.net
Related
I am using RHEL 7.x as my control server. I have installed Ansible 2.2.2.0. The managed nodes are running CentOS 6. I cannot upgrade Ansible because of an incompatibility.
Without Ansible, I can ping the managed servers from the control server. From the control server I can SSH to the managed nodes without password authentication. With Ansible from the control server, I cannot ping the managed servers. Why cannot I use basic Ansible operations (e.g., ansible -m ping all)?
Here are some details. As root, I run this:
ansible -m ping all -vvvv
I saw this:
| UNREACHABLE! => {
"changed": false,
"msg": "Failed to connect to the host via ssh: OpenSSH_6.6.1, OpenSSL 1.0.1e-fips 11 Feb 2013\r\ndebug1: Reading configuration data
/etc/ssh/ssh_config\r\ndebug1: /etc/ssh/ssh_config line 56: Applying
options for *\r\npercent_expand: unknown key %C\r\n",
"unreachable": true
So I rebooted.
I tried it again. I saw this:
[WARNING]: scp transfer mechanism failed on [x.y.z.z]. Use
ANSIBLE_DEBUG=1 to see detailed information
x.y.z.z | FAILED! => {
"failed": true,
"msg": "failed to transfer file to Please login as the user \"centos\" rather than the user \"root\"./ping.py:\n\nExecuting:
program /usr/bin/ssh host x.y.z.z, user (unspecified), command scp -v
-t 'Please login as the user \"centos\" rather than the user \"root\"./ping.py'\nOpenSSH_6.6.1, OpenSSL 1.0.1e-fips 11 Feb
2013\r\ndebug1: Reading configuration data
/etc/ssh/ssh_config\r\ndebug1: /etc/ssh/ssh_config line 56: Applying
options for *\r\ndebug1: auto-mux: Trying existing master\r\ndebug2:
fd 3 setting O_NONBLOCK\r\ndebug2: mux_client_hello_exchange: master
version 4\r\ndebug3: mux_client_forwards: request forwardings: 0
local, 0 remote\r\ndebug3: mux_client_request_session:
entering\r\ndebug3: mux_client_request_alive: entering\r\ndebug3:
mux_client_request_alive: done pid = 10256\r\ndebug3:
mux_client_request_session: session request sent\r\ndebug1:
mux_client_request_session: master session id: 4\r\nPlease login as
the user \"centos\" rather than the user \"root\".\n" } [WARNING]:
scp transfer mechanism failed on [z.x.y.w]. Use ANSIBLE_DEBUG=1 to see
detailed information
z.x.y.w | FAILED! => {
"failed": true,
"msg": "failed to transfer file to Please login as the user \"centos\" rather than the user \"root\"./ping.py:\n\nExecuting:
program /usr/bin/ssh host z.x.y.w, user (unspecified), command scp -v
-t 'Please login as the user \"centos\" rather than the user \"root\"./ping.py'\nOpenSSH_6.6.1, OpenSSL 1.0.1e-fips 11 Feb
2013\r\ndebug1: Reading configuration data
/etc/ssh/ssh_config\r\ndebug1: /etc/ssh/ssh_config line 56: Applying
options for *\r\ndebug1: auto-mux: Trying existing master\r\ndebug2:
fd 3 setting O_NONBLOCK\r\ndebug2: mux_client_hello_exchange: master
version 4\r\ndebug3: mux_client_forwards: request forwardings: 0
local, 0 remote\r\ndebug3: mux_client_request_session:
entering\r\ndebug3: mux_client_request_alive: entering\r\ndebug3:
mux_client_request_alive: done pid = 10259\r\ndebug3:
mux_client_request_session: session request sent\r\ndebug1:
mux_client_request_session: master session id: 4\r\nPlease login as
the user \"centos\" rather than the user \"root\".\n" }
I then assumed the Linux user "centos" (su centos). I then tried the ansible commands again. I ran this command:
ansible -m ping all -vvvv
I saw this:
x.y.z.z | UNREACHABLE! => {
"changed": false,
"msg": "Failed to connect to the host via ssh: OpenSSH_6.6.1, OpenSSL 1.0.1e
-fips 11 Feb 2013\r\ndebug1: Reading configuration data /etc/ssh/ssh_config\r\nd
ebug1: /etc/ssh/ssh_config line 56: Applying options for *\r\ndebug1:
auto-mux:
Trying existing master\r\ndebug1: Control socket
\"/home/centos/.ansible/cp/ansi
ble-ssh-x.y.z.z-22-centos\" does not exist\r\ndebug2: ssh_connect:
needpri
v 0\r\ndebug1: Connecting to x.y.z.z [x.y.z.z] port 22.\r\ndebug2: f
d 3 setting O_NONBLOCK\r\ndebug1: fd 3 clearing O_NONBLOCK\r\ndebug1:
... partially removed because it "looked like spam"
est\r\ndebug2: we sent a publickey packet, wait for reply\r\ndebug1:
Authenticat
ions that can continue:
publickey,gssapi-keyex,gssapi-with-mic\r\ndebug1: Trying
private key: /home/centos/.ssh/id_dsa\r\ndebug3: no such identity:
/home/centos
/.ssh/id_dsa: No such file or directory\r\ndebug1: Trying private key:
/home/cen
tos/.ssh/id_ecdsa\r\ndebug3: no such identity:
/home/centos/.ssh/id_ecdsa: No su
ch file or directory\r\ndebug1: Trying private key:
/home/centos/.ssh/id_ed25519
\r\ndebug3: no such identity: /home/centos/.ssh/id_ed25519: No such
file or dire
ctory\r\ndebug2: we did not send a packet, disable method\r\ndebug1:
No more aut
hentication methods to try.\r\nPermission denied
(publickey,gssapi-keyex,gssapi-
with-mic).\r\n",
"unreachable": true }
My ansible.cfg file looks like this:
[defaults]
host_key_checking = False
library = ../extra_modules
roles_path = ../roles
pipelining = True
remote_user = centos
forks = 20
log_path = ./ansible.log
[ssh_connection]
control_path = ~/.ssh/ansible-ssh-%%C
What is wrong? Why cannot I ping Ansible managed nodes?
Can you please share your Ansible hosts/inventory file and.ssh folder (ls ~/.ssh)?
Also please try do to something like that and passing the ssh private key and the user name variables via cli:
ansiblie.cfg
[ssh_connection]
pipelining = True
ssh_args = -o ControlMaster=auto -o ControlPersist=30m -o StrictHostKeyChecking=no
control_path = /tmp/ansible-ssh-%%h-%%p-%%r
command:
ansible -m ping all -i <inventory_file> --private-key=~/.ssh/<your pem key.pem> -u <login user ubuntu/centos>
I have a small application that's trying to do a dozen parallel "scp" runs, pulling files from a remote system. Usually, it runs fine.
Sometimes, one or two of the scp runs quietly dies.
("quiet" if pulling from Linux. If pulling from HP-UX, I get a message
like Connection reset by peer.)
If I add "-v" to my scp commands, then when a failure occurs, I see that I'm
getting "ssh_exchange_identification: read: Connection reset by peer"
(on Linux ... haven't tried the -v on HP-UX).
Here's the "scp -v" output for a typical run, with the point where a 'bad'
run and a 'good' run diverge indicated:
Executing: program /usr/bin/ssh host wilbur, user (unspecified), command scp -v -p -f /home/sieler/source/misc/[p-q]*.[ch]
OpenSSH_6.9p1, LibreSSL 2.1.8
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 51: Applying options for *
debug1: Connecting to wilbur [10.84.3.61] port 22.
debug1: Connection established.
debug1: identity file /Users/sieler/.ssh/id_rsa type 1
debug1: key_load_public: No such file or directory
debug1: identity file /Users/sieler/.ssh/id_rsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /Users/sieler/.ssh/id_dsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /Users/sieler/.ssh/id_dsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /Users/sieler/.ssh/id_ecdsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /Users/sieler/.ssh/id_ecdsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /Users/sieler/.ssh/id_ed25519 type -1
debug1: key_load_public: No such file or directory
debug1: identity file /Users/sieler/.ssh/id_ed25519-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.9
'bad' and 'good' runs match up to this point, then...
Bad:
ssh_exchange_identification: read: Connection reset by peer
Good:
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.3
debug1: match: OpenSSH_5.3 pat OpenSSH_5* compat 0x0c000000
debug1: Authenticating to wilbur:22 as 'sieler'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr umac-64#openssh.com none
debug1: kex: client->server aes128-ctr umac-64#openssh.com none
...
Although the usual host machine for the script and scp runs is a Mac, running OS X 10.11.4, the problem was been reproduced to/from several combinations
of Mac/Linux/HP-UX (enough to rule out it being a Mac or HP-UX specific problem).
IIRC, using scp to pull from Linux to Mac has had the problem,
as well as pulling from HP-UX to Mac, and pulling from Linux to HP-UX.
Haven't tried pulling from Mac or HP-UX to Linux.
Is there something about scp/ssh/openssh that parallel usage sometimes fails?
If I run sshd on the Linux system with -ddd, then the demon stops after
the first scp accesses it (the scp has no problem),
and the other eleven scp runs fail.
Thanks
This is probably caused by the limitation of parallel sessions in sshd_config. By default, server is configured to do "random early drop", which means refusing new connections, if amount of active is bigger than some limit. The responsible option is MaxStartups (from man sshd_config):
MaxStartups
Specifies the maximum number of concurrent unauthenticated connections to the SSH daemon. Additional connections will be dropped until authentication succeeds or the LoginGraceTime expires for a connection. The default is 10:30:100.
Alternatively, random early drop can be enabled by specifying the three colon separated values “start:rate:full” (e.g. "10:30:60"). sshd(8) will refuse connection attempts with a probability of “rate/100” (30%) if there are currently “start” (10) unauthenticated connections. The probability increases linearly and all connection attempts are refused if the number of unauthenticated connections reaches “full” (60).
Bumping the value to something bigger than the amount of connections you expect should solve your problem. Otherwise, you can set LogLevel DEBUG3 in sshd_config to see more logs in system log.
But when you are connecting to the same server, it is better to use connection multiplexing. It will be faster and you will not have these problems. Check out ControlMaster option in ssh_config or just check my similar answer for fast excursion to this "magic".
I am trying to connect to remote solaris machine from a linux server using ssh but not able to connect to the solaris machine. I am using below ssd command to connect to the solaris machine
ssh <host_name>
After giving this command, I am not getting any prompt for username and password. Is it the limitation for linux to solaris connection ??
The output is:
root#host> ssh -v user#solaris_host
OpenSSH_5.3p1, OpenSSL 1.0.0-fips 29 Mar 2010
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Connecting to solaris_host [solaris_host] port 22.
debug1: connect to address solaris_host port 22: Connection timed out
ssh: connect to host solaris_host port 22: Connection timed out
Go over following steps
Check the network connectivity with your target, e.g. ping.
Check if the port 22 is open on your remote host e.g. nmap -A 192.168.0.5/32 -p 22
Check if ssh daemon is running on your target svcs ssh
Come back, when the problem still exists.
I have a virtual linux build running on qemu (It runs drop bear as ssh client.) and I am trying to copy some modules I wrote to it using scp using the following command:
scp -vvv -p 2222 wd/day10/int_mod.ko root#localhost:/lib/modules/3.13.5/int_mod.ko
And I get Connection refused error more specifically (I forwarded 2222 to 22 of virtual machine.):
Executing: program /usr/bin/ssh host localhost, user root, command scp -v -p -d -t /lib/modules/3.13.5/int_mod.ko
OpenSSH_6.6.1, OpenSSL 1.0.1f 6 Jan 2014
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug2: ssh_connect: needpriv 0
debug1: Connecting to localhost [127.0.0.1] port 22.
debug1: connect to address 127.0.0.1 port 22: Connection refused
ssh: connect to host localhost port 22: Connection refused
lost connection
What I don't understand is I can easily connect to ssh using
ssh -p 2222 root#localhost
I can connect without any problem.
ssh and scp use different options for specifying the port. From the ssh man page:
[-p port]
From the scp man page:
[-P port]
scp uses capital P. Notice how your debug output says port 22 connection refused when you are trying to connect to port 2222.
Problem is that , ssh package is not installed completely!
you must install ssh and openssh-client so on... with Synaptic Package Manager!
in Synaptic Package Manager , first type ssh in search filter and mark ssh. then click on Apply Button to install ssh services for server and client.
by this way your problem will fixed 100 Percentage!!!
see bellow Please:
I'm following the below steps to setup the ssh for running hadoop in single node, but, some how the when running sudo apt-get install openssh-server gives me an below exception trace, can any shed some light on this?
hduser#ubuntu:~$ sudo apt-get install openssh-server
[sudo] password for hduser:
Reading package lists... Done
Building dependency tree
Reading state information... Done
Package openssh-server is not available, but is referred to by another package.
This may mean that the package is missing, has been obsoleted, or
is only available from another source
E: Package 'openssh-server' has no installation candidate
solutions tried:
1 # update and install, no luck
sudo apt-get update
sudo apt-get install openssh-server
2# which ssh, this not solution for this issue, but FYI,
which ssh gives below info,
hduser#ubuntu:~$ which info
/usr/bin/info
whereas,
which sshd gives no path,
hduser#ubuntu:~$ which sshd
hduser#ubuntu:~$
3 # fyi,
hduser#ubuntu:~$ ssh localhost
ssh: connect to host localhost port 22: Connection refused
hduser#ubuntu:~$
hduser#ubuntu:~$ ssh -vvv localhost
OpenSSH_5.9p1 Debian-5ubuntu1.1, OpenSSL 1.0.1 14 Mar 2012
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug2: ssh_connect: needpriv 0
debug1: Connecting to localhost [127.0.0.1] port 22.
debug1: connect to address 127.0.0.1 port 22: Connection refused
ssh: connect to host localhost port 22: Connection refused
you can try below command from terminal for setting up ssh.
sudo apt-get install ssh