We built a two node cluster with master and slave, we got few issues while trying to connect master node with slave node:
We are able to run 'ssh master' in the master node without password
While running 'ssh slave' in the master node, we are unable to login without password. Whereas while running ssh system#slave its working without password.
You don't say what usernames are involved in these two accounts. Absent a specific username in the ssh command, ssh assumes that your username is the same on both hosts. Given that your command works when you specify a username, I'm guessing that the usernames between the two accounts are different.
On master, try this:
$ cat << EOF >> ~/.ssh/config
Host slave
User system
EOF
$ ssh slave
If that is not helpful, then please clarify your post to specify your username on master, and your username on slave.
In most cases you need to create ssh key, and put it on from master to slave like.
# on master
ssh-keygen
# Output truncated
ssh-copy-id root#slave
Now you can login without password.
One of best documentation in Linux word comes from Red Hat, so I decided to put here this link: https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/system_administrators_guide/s1-ssh-configuration
Related
Problem
Does the 'user#host' of the id_rsa.pub need to match with the actual machine username - host and then with the username in Gitlab?
Example:
Gitlab username name: #john.doe
Ubuntu Machine hostname command hostname: JOHNDOE
Ubuntu username: mark
Username in the id_rsa.pub: ...fsdfsdfsdfsd mark#JOHNDOE
So as you can see, my user in Ubuntu is mark and the ssh rsa key generated has a mark#JOHNDOE as last domain. But should it be john.doe#JOHNDOE instead (both in Ubuntu user and in the ssh pub key)?
And let's say that for some reason I cannot change the user in my Ubuntu machine.
I honestly think the answer is no and the issue is on my user in Gitlab that has some missing permissions or some network related problem, and I'm just paranoid but just to make sure that is not related with the ssh keys.
I think the ssh key just need to match the one in Gitlab and the username in the key has nothing to do (because actually, you can change it with command -C "john.doe#JOHNDOE" which is a Comment and anyway it still gives me errors. But again I have the doubt is ALSO the username of the Ubuntu must be john.doe
Command run / Troubleshot
OS: Ubuntu 18.04.6 LTS on Windows 10 x86_64 (WSL)
I need to connect via VPN (all other https services works via Browser so it should be fine)
Creating ssh
ssh-keygen -t rsa -b 2048
Add SSH
cat ~/.ssh/id_rsa.pub
# Then copy the key to gitlba key - etc..
Also try do
eval $(ssh-agent -s)
ssh-add -D
ssh-add ~/.ssh/id_rsa.pub
Error
Do a git clone
Please make sure you have the correct access rights and the repository exists.
Connecting
ssh -T git#gitlab.example.com
banner exchange: Connection to [here the IP but removed] port 22: Connection timed out
Ok so the problem is the VPN software that I used.
As #Raya pointed out the answer to my question is:
No, the user in the ssh public key does not matter
As soon as I changed the VPN it start to work therefore the problem was Network related
Will auto-post the answer and mark as accepted, but won't close the question so if anyone has better information can add it.
I have configured my redis.conf with requirepass and I started the server with
redis-server redis.conf
However, when I run redis-cli it does not ask me for password
and lets me connect to redis, but when I try to run a command, asks me for the password.
This behavior is causing problems with Sentinel because Sentinel tries to authenticate. Sentinel won't find that master because is not asking for password.
https://medium.com/garimoo/redis-sentinel-no-such-master-with-specified-name-fatal-config-file-error-1ca8b3d25d38
Wasn't something releated to redis-cli i associated two separate things
there is the solution.
I know this question has already been asked several times but I got another problem. I have a part in my script where I connect through ssh and scp and everytime I run the script it always ask for the password. Most of you would probably answer that I should use expect or sshpass yet I don't have any of this two. I tried running:
compgen -c
and there's no expect and sshpass existing.
Are there any alternative commands? I would really appreciate your help. Thanks
Update: I also can't install any of this since I'm only an ordinary user.
First I logged in to server A as testuser and entered the ff command:
ssh-keygen -d
Do not enter any passphrase.
This will generate files in the folder ~/.ssh/
Then scp the file rsa_id.pub (public key) to server B.
scp ~/.ssh/id_dsa.pub testuser#B:/home/testuser/.ssh/authorized_keys2
Do the same vice versa (if you want access to both). Then you can now transfer from one server to the other without the being asked for your password.
source
If you don't want to set up keys for passwordless access (against the rules?), you can set up "SSH connection sharing".
Insert these lines into your .ssh/config file:
ControlMaster auto
ControlPath /tmp/ssh_%r#%n:%p
ControlPersist 8h
Now, when you log into a server from the machine with that config it will ask you your password the first time, and won't ask again until 8 hours of idle time have passed (so, you'll get asked once per day, usually).
What it's doing is keeping the connection open in the background, and then reusing the same connection for all your SSH sessions. This gives a useful connect-speed boost, and means you don't need to re-authenticate. All-in-all, it's great for accelerating scripted SSH and SCP commands.
I'm sorry to have to ask this question, but I feel like I've tried every answer so far on SO with no luck.
I have my local machine and my remote server. Jenkins is up and running on my server.
If I open up terminal and do something like scp /path/to/file user#server:/path/to/wherever then my ssh works fine without requiring a password
If I run this command inside of my Jenkins job I get 'Host Key Verification Failed'
So I know my SSH is working correctly the way I want, but why can't I get Jenkins to use this SSH key?
Interesting thing is, it did work fine when I first set up Jenkins and the key, then I think I restarted my local machine, or restarted Jenkins, then it stopped working. It's hard to say exactly what caused it.
I've also tried several options regarding ssh-agent and ssh-add but those don't seem to work.
I verified the local machine .pub is on the server in the /user/.ssh folder and is also in the authorized keys file. The folder is owned by user.
Any thoughts would be much appreciated and I can provide more info about my problem. Thanks!
Update:
Per Kensters suggestion I did su - jenkins, then ssh server, and it asked me to add to known hosts. So I thought this was a step in the right direction. But the same problem persisted afterward.
Something I did not notice before I can ssh server without password when using my myUsername account. But if I switch to the jenkins user, then it asks me for my password when I do ssh server.
I also tried ssh-keygen -R server as suggested to no avail.
Try
su jenkins
ssh-keyscan YOUR-HOSTNAME >> ~/.ssh/known_hosts
SSH Slaves Plugin doesn't support ECDSA. The command above should add RSA key for ssh-slave.
Host Key Verification Failed
ssh is complaining about the remote host key, not the local key that you're trying to use for authentication.
Every SSH server has a host key which is used to identify the server to the client. This helps prevent clients from connecting to servers which are impersonating the intended server. The first time you use ssh to connect to a particular host, ssh will normally prompt you to accept the remote host's host key, then store the key locally so that ssh will recognize the key in the future. The widely used OpenSSH ssh program stores known host keys in a file .ssh/known_hosts within each user's home directory.
In this case, one of two things is happening:
The user ID that Jenkins is using to run these jobs has never connected to this particular remote host before, and doesn't have the remote host's host key in its known_hosts file.
The remote host key has changed for some reason, and it no longer matches the key which is stored in the Jenkins user's known_hosts file.
You need to update the known_hosts file for the user which jenkins is using to run these ssh operations. You need to remove any old host key for this host from the file, then add the host's new host key to the file. The simplest way is to use su or sudo to become the Jenkins user, then run ssh interactively to connect to the remote server:
$ ssh server
If ssh prompts you to accept a host key, say yes, and you're done. You don't even have to finish logging in. If it prints a big scary warning that the host key has changed, run this to remove the existing host from known_hosts:
$ ssh-keygen -R server
Then rerun the ssh command.
One thing to be aware of: you can't use a passphrase when you generate a key that you're going to use with Jenkins, because it gives you no opportunity to enter such a thing (seeing as it runs automated jobs with no human intervention).
I have ServerA which serves a central backup server for all linux machines in the field. They sync with rsync. I need keyless entry for these machines - say ServerX, ServerY and ServerZ. The idea is to give each client server a separate username and home folder to backup to - thus isolating each server's data and risk.
ServerA has UserX, UserY, UserZ.
On ServerX:
[root#ServerX ~]ssh-copy-id -i ~/.ssh/id_rsa.pub root#ServerA
[root#ServerX ~]ssh root#ServerA
[root#ServerA ~]
I can login as root without a password prompt
Now if I try using one of the other users on ServerA
[root#ServerX ~]ssh-copy-id -i ~/.ssh/id_rsa.pub UserX#ServerA
[root#ServerX ~]ssh UserX*#ServerA
UserX#ServerA's password:
[UserX#ServerA ~]
The ssh-copy-id does not report any erros and appears to work- but yet I cannot log in to ServerA "key-less". I have tried a couple combinations of the commands, but I cannot get passwordless login as UserX into ServerA
I am sure I am missing something obviouse here. :) Any feedback or advice would be appreciate to get passwordless access for UserX,UserY and UserZ.
Thank you for your help and time,
Regards,
Rudolf