I get a permissions denied but don't know why. From my jenkins master I was able to run the following command using ssh-rsa-key
scp /var/cache/jenkins/war/WEB-INF/slave.jar jenkins#<my_slave_host>:/var/jenkins/
Note: I did manually create /var/jenkins/ on the my slave host when i saw it didn't exist and made it owned by the jenkins user. My master jenkins is configured to use the jenkins#mySlaveHost using .ssh keys.
Any ideas why I'm getting a permissions denied? What is it trying to do?
Here's the log from master jenkins after clicking [Lauch slave agent] button:
[02/27/15 15:18:01] [SSH] Opening SSH connection to <my_slave_host>:22.
[02/27/15 15:18:02] [SSH] Authentication successful.
[02/27/15 15:18:03] [SSH] The remote users environment is:
BASH=/bin/bash
BASHOPTS=cmdhist:complete_fullquote:extquote:force_fignore:hostcomplete:interactive_comments:progcomp:promptvars:sourcepath
BASH_ALIASES=()
BASH_ARGC=()
BASH_ARGV=()
BASH_CMDS=()
BASH_EXECUTION_STRING=set
BASH_LINENO=()
BASH_SOURCE=()
BASH_VERSINFO=([0]="4" [1]="3" [2]="11" [3]="1" [4]="release" [5]="x86_64-pc-linux-gnu")
BASH_VERSION='4.3.11(1)-release'
CATALINA_HOME=/opt/tomcat/current
DIRSTACK=()
EUID=107
GROUPS=()
HOME=/var/lib/jenkins
HOSTNAME=*********** REMOVED***********
HOSTTYPE=x86_64
IFS=$' \t\n'
JAVA_HOME=/usr/lib/jvm/java-7-oracle
LANG=en_US.UTF-8
LOGNAME=jenkins
MACHTYPE=x86_64-pc-linux-gnu
MAIL=/var/mail/jenkins
OPTERR=1
OPTIND=1
OSTYPE=linux-gnu
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games
PIPESTATUS=([0]="0")
PPID=10592
PS4='+ '
PWD=/var/lib/jenkins
SHELL=/bin/bash
SHELLOPTS=braceexpand:hashall:interactive-comments
SHLVL=1
SSH_CLIENT='10.57.13.32 34436 22'
SSH_CONNECTION='10.57.13.32 34436 10.57.6.42 22'
TERM=dumb
UID=107
USER=jenkins
XDG_RUNTIME_DIR=/run/user/107
XDG_SESSION_ID=42
_=']'
[02/27/15 15:18:03] [SSH] Checking java version of java
[02/27/15 15:18:04] [SSH] java -version returned 1.7.0_76.
[02/27/15 15:18:04] [SSH] Starting sftp client.
[02/27/15 15:18:04] [SSH] Copying latest slave.jar...
hudson.util.IOException2: Could not copy slave.jar into '/var/jenkins' on slave
at hudson.plugins.sshslaves.SSHLauncher.copySlaveJar(SSHLauncher.java:1019)
at hudson.plugins.sshslaves.SSHLauncher.access$300(SSHLauncher.java:133)
at hudson.plugins.sshslaves.SSHLauncher$2.call(SSHLauncher.java:709)
at hudson.plugins.sshslaves.SSHLauncher$2.call(SSHLauncher.java:696)
at java.util.concurrent.FutureTask.run(FutureTask.java:266)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
at java.lang.Thread.run(Thread.java:745)
Caused by: hudson.util.IOException2: Could not copy slave.jar to '/var/jenkins/slave.jar' on slave
at hudson.plugins.sshslaves.SSHLauncher.copySlaveJar(SSHLauncher.java:1016)
... 7 more
Caused by: com.trilead.ssh2.SFTPException: Permission denied (SSH_FX_PERMISSION_DENIED: The user does not have sufficient permissions to perform the operation.)
at com.trilead.ssh2.SFTPv3Client.openFile(SFTPv3Client.java:1201)
at com.trilead.ssh2.SFTPv3Client.createFile(SFTPv3Client.java:1074)
at com.trilead.ssh2.SFTPv3Client.createFile(SFTPv3Client.java:1055)
at hudson.plugins.sshslaves.SFTPClient.writeToFile(SFTPClient.java:93)
at hudson.plugins.sshslaves.SSHLauncher.copySlaveJar(SSHLauncher.java:1008)
... 7 more
[02/27/15 15:18:04] Launch failed - cleaning up connection
[02/27/15 15:18:04] [SSH] Connection closed.
Edit:
Here's /var/jenkins on the slave:
$ ls -al
total 436
drwxr-xr-x 2 jenkins jenkins 22 Feb 27 15:17 .
drwxr-xr-x 14 root root 4096 Feb 27 15:12 ..
-rw-r--r-- 1 jenkins jenkins 439584 Feb 27 15:17 slave.jar
As for SFTP, I do not think it is enabled, can you point me to any docs that says SFTP is a pre-requisite for a slave? All the pages I've seen do not mention SFTP.
It looks like the problem is tied to your Remote root directory setting. That needs to be the location of the slave.jar, as Jenkins will try to execute it from there.
As for the permissions, the Remote Root Directory (whatever you set it to) needs to be configured to allow Jenkins to access it.
Therefore, if you change your Remote root directory setting to be /var/jenkins/ in your case, it should launch the Jenkins slave successfully.
Granting
sudo chmod -R 777 /var/lib/jenkins
works for me
sudo chmod -R 777 /var/jenkins
Make sure that the location's permissions where the jar needs to be copied is as the logged in user (i.e. jenkins).
check for permisison using:
ls -l directory_name
Most probably you'll find another owner, so change the owner with:
chown -R username:username directory_name
That worked for me !
For anyone with an external drive, check that it's mounted correct:
drwxrwxrwx+ 2 App admin 68 Aug 25 19:33 Jenkins_Support
drwxrwxr-x 19 App staff 714 Sep 25 10:46 Jenkins_Support 1
This might be a problem
If you changed a user to connect to slave, please also make sure slave destination directory is empty (not containing slave.jar copied there by previous user).
This is kind of stupid, but costed me a time.
In ubuntu terminal check
service ufw status
if active
service ufw stop
In redhat terminal check
service iptables status
if active
service iptables stop
service ip6tables status
if active
service ip6tables stop
then check jenkins-slave-node status
Related
I've wanted to connect my share hosting with ssh. So I generate an ssh key in the ssh action of cpanel and authorized it. Then I've downloaded the private key and drop it in the ./ssh folder of my MacBook.I've used this code to connect my host.
ssh -p 2083 username#host IP
but I got this error:
kex_exchange_identification: Connection closed by remote host
How can I solve my problem?
I run into a similar case with a small computer I have in my desk. What I did to debug the issue was to run sshd -t, which runs the sshd daemon in debug mode. This command reported that the permissions of my keys were invalid. All I had to do then was to go in the folder where the keys are stored and issue chmod 0600 <your_ssh_keys>.
Maybe the action you run generated things with the wrong permissions too.
I got this error when using docker command with remote host
docker -H ssh://user#server compose up
after some digging i found on my remote server in auth logs (/var/log/auth.log) this:
Aug 8 14:51:46 user sshd[1341]: error: beginning MaxStartups throttling
Aug 8 14:51:46 user sshd[1341]: drop connection #10 from [some_ip]:32992 on [some_ip]:22 past MaxStartups
This lead me to change MaxStartups settings in /etc/ssh/sshd_config. After restarting ssh service everything worked like a charm.
I had same problem and it was happend as I use ProxyCommand in ssh config file. In my case the Host was not defined correctly which then caused the same error!
After i installed SSH,
i try to configure Chroot, but then i got following error when i try to login.
Feb 29 11:53:49 tng-ubuntu sshd[15314]: error: /dev/pts/2: No such file or directory
Not very sure about what happen, i try many many options, actually almost spent a whole afternoon, still don't know what is the issue.
Can someone help?
Subsystem sftp internal-sftp -l VERBOSE
Whenever i have following section in my sshd_config, it failed.
I already try to change /home to /home/%u or %h ...
Match Group sftponly
ChrootDirectory /home
AllowTcpForwarding no
X11Forwarding no
ForceCommand internal-sftp -l VERBOSE
Actually my configuration works, but i was verifying using SSH login, and my SSH failed to login. Though i still don't know why my SSH failed to login, but anyway, my SFTP works.
Need to check further why the SSH failed to login.
I am setting up an ambari cluster with 3 virtualbox VMs running Ubuntu 16.04LTS.
I followed this hortonworks tutorial.
However when I am going to create a cluster using Ambari Cluster Install Wizard I get the below error during the step 3 - "Confirm Hosts".
26 Jun 2017 16:41:11,553 WARN [Thread-34] BSRunner:292 - Bootstrap process timed out. It will be destroyed.
26 Jun 2017 16:41:11,554 INFO [Thread-34] BSRunner:309 - Script log Mesg
INFO:root:BootStrapping hosts ['thanuja.ambari-agent1.com', 'thanuja.ambari-agent2.com'] using /usr/lib/python2.6/site-packages/ambari_server cluster primary OS: ubuntu16 with user 'thanuja'with ssh Port '22' sshKey File /var/run/ambari-server/bootstrap/5/sshKey password File null using tmp dir /var/run/ambari-server/bootstrap/5 ambari: thanuja.ambari-server.com; server_port: 8080; ambari version: 2.5.0.3; user_run_as: root
INFO:root:Executing parallel bootstrap
Bootstrap process timed out. It was destroyed.
I have read number of posts saying that this is related to not enabling Password-less SSH to the hosts. But I can ssh to the hosts without password from the server.
I am running ambari as non-root user with root privileges.
This post helped me.
I modified the users in host machines so that they can execute sudo commands without password using visudo command.
Please post if you have any alternative answers.
I've built GlassFish 4.1 docker container via Dockerfile, details here
http://bderzhavets.blogspot.com/2015/01/dockerfile-for-glassfish-41.html
Glassfish itself work fine , however
*** Running /etc/my_init.d/00_regen_ssh_host_keys.sh...
No SSH host key available. Generating one...
Creating SSH2 RSA key; this may take some time ...
Creating SSH2 DSA key; this may take some time ...
Creating SSH2 ECDSA key; this may take some time ...
Creating SSH2 ED25519 key; this may take some time ...
invoke-rc.d: policy-rc.d denied execution of restart.
Attempt to ssh
ssh -v root#localhost -p 49160
OpenSSH_6.4, OpenSSL 1.0.1e-fips 11 Feb 2013
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Local version string SSH-2.0-OpenSSH_6.4
. . . . . . . .
ssh_exchange_identification: Connection closed by remote host
I don't know how to fix problem , showing up in log and affecting ssh connectivity.
Docker philosophy is to have one service per container. Some base images make it difficult to start services, which you have probably experienced. I would recommend to reconsider you approach and ask yourself why do you need the ssh daemon? Maybe you just want to use docker exec ? Or maybe you would be better off by building a VM box with vagrant, stuffed with several services for you needs?
Due to image phusion/baseimage doesn't provide ready to go sshd daemon per https://github.com/phusion/baseimage-docker I tried workaround mentioned here https://github.com/phusion/baseimage-docker#login_ssh and got:-
[root#junolxc ~]# docker run -d -p 49160:22 -p 49161:4848 -p 49162:8080 -p 49163:8181 boris/docker-glassfish41 --enable-insecure-key
693176ea6596bf33b880dc0f58250f47fe2e35ed95f44fcd80a62eeaa3fe17a4
2015/01/08 12:26:32 Error response from daemon: Cannot start container 693176ea6596bf33b880dc0f58250f47fe2e35ed95f44fcd80a62eeaa3fe17a4: exec: "--enable-insecure-key": executable file not found in $PATH
I just hacked system via adding to Dockerfile :-
RUN echo "/usr/sbin/sshd > log &" >> /etc/my_init.d/00_regen_ssh_host_keys.sh
Another option not to touch 00_regen_ssh_host_keys.sh.
Create in building folder script 01_sshd_start.sh
#!/bin/bash
/usr/sbin/sshd > log &
and insert in Dockerfile:-
ADD 01_sshd_start.sh /etc/my_init.d/
I believe would port 22 be already busy by system service "sshd" running the last hack wouldn't help me much. However, it did. I state that that system by some reasons doesn't start SSHD provided as is.
I configured a jail with Chroot in SSH following this tutorial.
I found another question on StackOverflow dealing with the same problem, however the answers didn't work for me either.
The auth.log file contains the following:
Mar 16 18:36:06 *** sshd[30509]: Accepted password for thenewone from x.x.x.x port 49583 ssh2
Mar 16 18:36:06 *** sshd[30509]: pam_unix(sshd:session): session opened for user thenewone by (uid=0)
Mar 16 18:36:07 *** sshd[30509]: lastlog_openseek: Couldn't stat /var/log/lastlog: No such file or directory
Mar 16 18:36:07 *** sshd[30509]: lastlog_openseek: Couldn't stat /var/log/lastlog: No such file or directory
Mar 16 18:36:07 *** sshd[30509]: pam_unix(sshd:session): session closed for user thenewone
My sshd_config file contains the following:
Match User thenewone
ChrootDirectory /home/thenewone
AllowTcpForwarding no
X11Forwarding no
My /home/thenewone directory is owned by root:root and contains the chrooted system (all files but /home/thenewone/home/thenewone owned by root:root)
I don't understand why the connection is successful then simply close.
Problem found: some binaries dependencies were missing, even for the shell associated with the chrooted account...
Shell failed to load --> disconnection!
If you are experiencing the same trouble as mine, use ldd <binary> to find all needed dependencies in the chroot jail