I have an Openshift app, and a Windows install with ssh provided by Git-for-Windows (under cmder). I do not have PuTTY installed.
When I run rhc ssh app, I get the error:
Connecting to <UID>#app-domain.rhcloud.com ...
Using username "<UID>".
FATAL ERROR: Disconnected: No supported authentication methods available (server sent: publickey,gssapi-keyex,gssapi-with-mic)
If I run rhc ssh -d app to get better diagnostics, I end up with a trace containing:
DEBUG: Invoking Kernel.exec with ["C:\\Program Files\\PuTTY\\plink.exe", "-vv", "<UID>#app-domain.rhcloud.com"]
plink: unknown option "-vv"
...so it looks like rhc ssh is trying to use PuTTY. In fact, if I run
rhc ssh --ssh C:\Users\me\Downloads\cmder\vendor\git-for-windows\usr\bin\ssh.exe app
Then the connection works.
Can I setup rhc so that it tries to use the ssh I have installed, instead of looking for PuTTY?
You have to fix the environment variable PATH, because rhc uses the default ssh client.
If you don't have PUTTY installed, the easiest solution is to add the C:\Users\me\Downloads\cmder\vendor\git-for-windows\usr\bin\ folder (which includes ssh.exe) to the PATH environment variable.
By the way, I suggest to move git-for-windows in another folder.
From workstation (Windows) trying to execute
knife ssh 'name:*' 'sudo chef-client'
But it shows error message of
WARNING: Failed to connect to ******** – Net::SSH::AuthenticationFailed: Authentication failed for user ************
How do I solve this error?
Another question is how to execute 'sudo chef-client' on all nodes from workstation without using any passwords?
If you run knife ssh --help you'll get a list of available options. Try adding -VV for verbose output. That's usually helpful as it should tell you what user knife is trying to connect as.
My guess is you'll have to incorporate one or more of the ssh options (a few listed here):
-x, --ssh-user USERNAME
-i, --identity-file IDENTITY_FILE
-P, --ssh-password [PASSWORD] (will prompt if flag specified but no password is given)
The docs (https://docs.getchef.com/knife_ssh.html) also have some helpful examples
Your SSH authentication isn't working, fix that. Key-based authentication is something I'm sure you can look up on Google, but in general set your public key in .ssh/authorized_keys and setup your agent on your workstation.
I have installed the latest version of RabbitMQ on a VPS Debian Linux box. Tried to get login through guest/guest but returned with the message login failed. I did a little research and found that for security reason its prohibited to get login via guest/guest remotely.
I also have tried enabling guest uses on this version to get logged in remotely by creating a rabbitmq.config file manually (because the installation didn't create one) and placing the following entry only
[{rabbit, [{loopback_users, []}]}].
after restart the rabbitmq with the following command.
invoke-rc.d rabbitmq-server stop -- to stop
invoke-rc.d rabbitmq-server start -- to start
It still doesn't logged me in with guest/guest. I also have tried installing RabbitMQ on Windows VPS and tried to get log in via guest/guest through localhost but again i get the same message login failed.
Also provide me a source where I could try installing the old version of RabbitMQ that does support logging remotely via guest/guest.
I had the same Problem..
I installed RabbitMQ and Enabled Web Interface also but still couldn't sign in with any user i newly created, this is because you need to be administrator to access this.
Do not create any config file and mess with it..
This is what i did then,
Add a new/fresh user, say user test and password test:
rabbitmqctl add_user test test
Give administrative access to the new user:
rabbitmqctl set_user_tags test administrator
Set permission to newly created user:
rabbitmqctl set_permissions -p / test ".*" ".*" ".*"
That's it, enjoy :)
I tried on Debian the same configuration with the following steps:
Installed RabbitMQ.
Enabled the web-management plug-in (not necessary).
When I tried to login I had the same error:
So I created a rabbitmq.config file (classic configuration file) inside the /etc/rabbitmq directory with the following content (notice the final dot):
[{rabbit, [{loopback_users, []}]}].
Alternatively, one can create instead a rabbitmq.conf file (new configuration file) inside the same directory with the following content:
loopback_users = none
Then I executed the invoke-rc.d rabbitmq-server start command and both the console and the Java client were able to connect using the guest/guest credentials:
So I think you have some other problem if this procedure doesn't work. For example your RabbitMQ might be unable to read the configuration file if for some reason you have changed the RABBITMQ_CONFIG_FILE environment variable.
This is a new features since the version 3.3.0. You can only login using guest/guest on localhost. For logging from other machines or on ip you'll have to create users and assign the permissions. This can be done as follows:
rabbitmqctl add_user test test
rabbitmqctl set_user_tags test administrator
rabbitmqctl set_permissions -p / test ".*" ".*" ".*"
Adding the below line in the config file and restarting the server worked for me. Kindly try in your setup.
loopback_users.guest = false
I got this line from the example RabbitMQ config file from Github as linked here.
notice: check your PORT is 15672 ! (version > 3.3 ) if 5672 not works
First of all, check the "choosen answer above":
rabbitmqctl add_user test test
rabbitmqctl set_user_tags test administrator
rabbitmqctl set_permissions -p / test ".*" ".*" ".*"
and if still can't make connection work, check if your port is correct!
for me, this command works:
$ rabbitmqadmin -H 10.140.0.2 -P 15672 -u test -p test list vhosts
+------+----------+
| name | messages |
+------+----------+
| / | |
+------+----------+
for the completed ports , check this:
What ports does RabbitMQ use?
to verify your rabbit mq server, check this: Verify version of rabbitmq
p.s.
For me, after I created the "test" user and run set_user_tags, set_permissions , I can't connect to rabbitmq via port 5672. but I can connect via 15672.
However, port 15672 always gives me a "blank response". and my code stop working.
so about 5 minutes later, I switched to 5672, everything worked!
Very wired problem. I have no time to dig deeper. so I wrote it down here for someone meeting the same problems.
for other guys which use Ansible for RabbitMQ provisioning, what I missed for rabbitmq_user module was tags: administrator
here is my working Ansible configuration to recreate "guest" user (for development environment purpose, don't do that in production environment):
- name: Create RabbitMQ user "guest"
become: yes
rabbitmq_user:
user: guest
password: guest
vhost: /
configure_priv: .*
read_priv: .*
write_priv: .*
tags: administrator
force: yes # recreate existing user
state: present
and I also had to setup a file /etc/rabbitmq/rabbitmq.config containing the following:
[{rabbit, [{loopback_users, []}]}].
in order to be able to log using "guest"/"guest" from outside of localhost
#Create rabbitmq.conf file with
rabbitmq.conf
loopback_users = none
Dockerfile:
FROM rabbitmq:3.7-management
#Rabbitmq config
COPY rabbitmq.conf /etc/rabbitmq/rabbitmq.conf
#Install vim (edit file)
RUN ["apt-get", "update"]
RUN ["apt-get", "-y", "install", "vim"]
#Enable plugins rabbitmq
RUN rabbitmq-plugins enable --offline rabbitmq_mqtt rabbitmq_federation_management rabbitmq_stomp
Run:
$ docker build -t my-rabbitmq-image .
$ docker run -d --hostname my-rabbit --name some-rabbit -p 8080:15672 my-rabbitmq-image
Check that the rabbitmq.conf file has been copied correctly.
$ docker exec -it my_container_id /bin/bash
$ vim /etc/rabbitmq/rabbitmq.conf
I had the same problem. I tried what was suggested by Gas and ran "invoke-rc.d rabbitmq-server start" it didn't start. I tried to reboot the server and the webui worked with the guest user. Maybe after adding the rabbitmq.config file, something else also needed to started.
I used rabbitmq version 3.5.3.
One more thing to note: if you're using AWS instance then you need to open inbound port 15672. (The port for RabbitMQ versions prior to 3.0 is 55672.).
Students and I stared at this problem for an hour. Be sure you've named your files correctly. In the /etc/rabbitmq directory, there are two distinct files. There is an /etc/rabbitmq/rabbitmq.config file which you should edit to get the loopback users as described, but there is another file called rabbitmq-env.conf file. Many folks were using tab completion and just adding "ig", which isn't the right file. Double check!
sometimes you don't need the comma , which is there in the configuration file by default , if nothing else is configured below rabbit tag , while starting broker
we will get a crash
like
{loopback_users, []} , I spend many times hours forgetting this and later removing the comma , it is applicable for all other configurations including SSL
Try restart your rabbitmq and login again, for me work.
For a slightly different use, but might be useful for anyone dealing with accessing the API for monitoring purposes:
I can confirm the answer given by #Oliboy50 works well, however make sure you enable it for each vhost you want the user to be able to monitor, such as:
permissions:
- vhost: "{{item.name}}"
configure_priv: .*
write_priv: .*
read_priv: .*
state: present
tags: management
with_items: "{{user_system_users}}"
With this loop I was able to get past the "401 Unauthorized" error when using the API for any vhost.
By default, the guest user is prohibited from connecting from remote hosts; it can only connect over a loopback interface (i.e. localhost). This applies to connections regardless of the protocol. Any other users will not (by default) be restricted in this way.
It is possible to allow the guest user to connect from a remote host
by setting the loopback_users configuration to none
# DANGER ZONE!
#
# allowing remote connections for default user is highly discouraged
# as it dramatically decreases the security of the system. Delete the user
# instead and create a new one with generated secure credentials.
loopback_users = none
Or, in the classic config file format (rabbitmq.config):
%% DANGER ZONE!
%%
%% Allowing remote connections for default user is highly discouraged
%% as it dramatically decreases the security of the system. Delete the user
%% instead and create a new one with generated secure credentials.
[{rabbit, [{loopback_users, []}]}].
See at "guest" user can only connect from localhost
TIP: It is advisable to delete the guest user or at least change its password to reasonably secure generated value that won't be known to the public.
If you will check the log file under info report you will get this.
`config file(s) : /etc/rabbitmq/rabbitmq.config (not found)`.
Change the config file permission using below command then login using guest , it will work
sudo chmod 777 /etc/rabbitmq/rabbitmq.config
hg clone ssh://denis#medsecop.com//var/www/vhosts/medsecop.com/stage/symphony
returns
remote: Permission denied (publickey).
abort: no suitable response from remote hg!
I have the .ppk file but I don't know how to add options to the ssh command above to use (it says "hg clone doesn't take more arguments")
-i /path/to/keys.ppk
I connect to SSH with this:
sudo ssh -v denis#medsecop.com -i /home/denis/Desktop/MedSec/my-openssh-key
Any ideas?
If you tag question with putty tag, I suppose, you use Windows at your side (and some Win-specific details I'll mention later)?
I don't know how to add options to the ssh command above to use
Well, for any ssh-powered repositories you must to define used ssh-client in (global, user- or repository-specific) config file. For key-based authorization you can define private-key file as parameter of used command or use special additional tool (ssh-agent in *Nix or pageant in Win or...)
Sample
Windows-box with Mercurial (TortoiseHG), full Putty, without Cygwin
Key-based authorization for ssh-repositories: Plink + Pageant
Global mercurial.ini part
[ui]
merge = ...
username = ...
ssh = "PATH\TO\TortoisePlink.exe"
Also Pageant is running and (putty-type) private keys for published public keys loaded into it
When I connect to any ssh-repo, authorization happens automagically
Pageant-less version may include
-i KEYFILE option for TortoisePlink at the repository level - in the .hg\hgrc
--load SESSION option for TortoisePlink (same location as above) for using previously created Putty's session, which have all needed authorization predefined
I solved it by adding the public key
ssh-add file.ppk
I have two accounts on Openshift platform. How can I setup my computer so that I can manage both of them with rhc? I cannot find any relevant option in the command line arguments.
The rhc command-line tools come with the global option -l, --rhlogin LOGIN. You have two options:
Use the -l flag with every command to specify the login name:
rhc app create <appname> <cartridge> [-l <login1/login2>]
Run rhc setup -l LOGIN between the sessions. Once done managing apps from one account you can end the session for it by running rhc account logout.
rhc setup -l <login1> # First account's login
rhc app create <appname> <cartridge>
rhc logout
rhc setup -l <login2> # Second account's login
rhc app create <appname> <cartridge>
rhc logout
When you can rhc setup command, the username information gets stored in .openshift/express.conf file; hence the need to run it again when you want to switch the account.
The command line also supports --conf - where you pass a file. You can always alias the command via a shell script.
Quite old question, but I use yet another solution which seems to be more comfortable (at least for me) - the environment variable OPENSHIFT_CONFIG.
The OPENSHIFT_CONFIG environment variable can be used to override the OpenShift configuration name (by default "express"). When set the operations performed with rhc refers to ~/.openshift/${OPENSHIFT_CONFIG}.conf (instead of ~/.openshift/express.conf).
To switch to the another OpenShift account the following could be used (Bash):
export OPENSHIFT_CONFIG=thenewone
rhc apps //apps on the new account
...
unset OPENSHIFT_CONFIG
rhc apps //apps on the default account
Verified with rhc 1.37.1, but should work with any version released after May 2013.
When you run the rhc setup command for the first time, the ~/.openshift/express.conf file is created, containing the settings for your initial server configuration. When you add another server, or run the rhc setup command again with the --server option, the ~/.openshift/servers.yml file is created, containing the settings for each server. You can edit this file to make any changes to the server configuration, and this takes precedence over the initial ~/.openshift/express.conf file.
rhc server use server.name.example.co
rhc server use Server_Nickname
More information here
Use rhc setup -l <login>. Here login is your registered OpenShift account's email address.
On Windows, run these commands like and respond I did (denoted by < and >):
rhc setup -l login#domain.mail.com
Enter the server hostname: <openshift.redhat.com>
Password: <**********><Press Enter>
Generate a token now? (yes|no) y<Press Enter>
Generating an authorization token for this client ... lasts about 1 month
Saving configuration to C:\Users\UserName\.openshift\express.conf ... done
Your private SSH key file should be set as readable only to yourself. To make this change, run:
chmod 600 C:\Users\<Your Username>\.ssh\id_rsa
Your client tools are now configured.
Then you can use console commands for a long time with generated token for your OpenShift login.
You can configure multiple accounts using the server add command and then you can provide the server nickname in all subsequent commands using --server option. For example:
rhc server add -l <first_account> --nickname srv1 <first-server>
rhc server add -l <second_account> --nickname srv2 <second-server>
You may add options like -p, --use-authorized-tokens to suppress the prompts for password and token-generation. Also --insecured if required
rhc server use srv1
rhc server use srv2
Commands above perform some sort of initialization. Once two steps above are done you are ready to use your multiple accounts.
Now in your rhc commands you need to specify which server should be used. For example:
rhc app-show -n <domain> <app> --server srv1
Command above will show details of app in srv1. For srv2 you can run
rhc app-show -n <domain> <app> --server srv2