I have a bash script which uses rsync to pull down backups of my server to an offline server I have running Ubuntu.
But it does not seem my offline server wants to run this script right. And the issue I get when I run it manually run it is,
Host key verification failed.
rsync: connection unexpectedly closed (0 bytes received so far) [Receiver]
rsync error: unexplained error (code 255) at io.c(226) [Receiver=3.1.1]
But heres the thing, the host key is fine and works when I SSH. So logging on to my offline server and from there logging into the remote server works without any issues.
Here is where the issue gets very odd, the bash script works (when asked to run via webmin) after I have SSHed into the offline server. I dont have to do anything else, just login to the remote server and the bash script will work.
That is what I dont understand, if the host keys are not configured right, then they should not work at all, but they do, once I have logged into the server?
Thanks,
Try to login with ssh -a to prevent your ssh-agent to be forwarded. You probably use an identiy in your agent to authenticate to the target Server. This authentication will not work if your ssh-agent ist not present.
Related
I am attempting to set up gpg preset passphrase caching using the gpg agent so I can automate my file encryption process. In order for the gpg-agent to run and properly cache the passphrase, it seems there needs to be a S.gpg-agent socket located within the ~/.gnupg/ directory that gets generated in the root directory when I set up gpg and gpg-agent.
What I have done (and which seemed to work in the past) is I would start up everything as root and copy over the contents of the /.gnupg directory to my less privileged user and grant permissions to that socket and directory to the user. The commands I ran to start up the gpg-agent daemon and cache passphrase:
gpg-agent --homedir /home/<user>/.gnupg --daemon
/usr/libexec/gpg-preset-passphrase --preset --passphrase <passphrase> <keygrip>
gpg-agent process seems to be running just fine but I get the below error from the second line:
gpg-preset-passphrase: can't connect to `/home/<user>/.gnupg/S.gpg-agent': Connection refused
gpg-preset-passphrase: caching passphrase failed: Input/output error
I have made sure the socket exists in the directory with proper permissions and this process runs as root. It seems that this socket is still inherently tied to root even if I copy and modify permissions. So my questions are
How exactly does this socket get initialized?
Is there a way to do so manually as another user?
To add, the agent process seems to run just fine for both users but where I get a little hazy is how the gpg-preset-passphrase is using the socket and if its that or the agent that is refusing the connection to S.gpg-agent
I also assume that I don't need to explicitly start the agent but figured I would this so that I could set any values such as the homedir if needed.
It turns out the issue was unrelated to the gpg-agent and gpg-preset-passprhase.
Note: This is not a permanent solution but it did allow me to get past the issue I was facing.
After modifying the /etc/selinux/config and disabling SE Linux, I no longer experienced the permissions issue above. SE Linux is a Linux kernel security module developed by Red Hat (I am currently running this on RHEL7). It seems the next step will likely be to make sure these binaries and packages are allowed access from my user using audit2allow. Bit more information on this here: https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/6/html/security-enhanced_linux/sect-security-enhanced_linux-fixing_problems-allowing_access_audit2allow
I'm running on a Windows 7 machine with msysgit, git Bash, tortoisegit and posh-git all installed.
Our company has a git server that previously ran on https. Then, for a time it had both https and ssh. Now it has only ssh. Everything ran without issues on https.
I generated and installed all my keys without a problem. I can push/pull/whatever via tortoisegit with no problems. However, I can no longer use the command line in either git BASH or powershell + posh-git. I think part of the reason is because we do not use port 22, but a custom port for increased security.
Note that hostname and port number have been changed in the commands below to protect the innocent.
I get the errors below when trying to push/pull, but I'm showing commands just to test the ssh server to show that ssh is the issue (I believe). If I don't specify the port, it finds the server and attempts to connect - but since it defaults to port 22 I get an error as shown below:
C:\gitpath\design [master]> ssh ssh://git#dev.zzz.us
ssh: connect to host dev.zzz.us port 22: Bad file number
If I do specify the port, however, it then cannot find the hostname:
C:\gitpath\design [master]> ssh ssh://git#dev.zzz.us:9092/
ssh.exe": Could not resolve hostname dev.zzz.us:9092/: no address associated with name
I've looked at similar posts and they all pointed to needing the protocol included (ssh://) to prevent this error. As you can see, I'm getting this error even with the protocol in place. I've also tried with and without the ending '/' - same result. Is there something else with the syntax I'm missing?
Identifiers such as ssh://git#dev.zzz.us:9092/ can be used by git to specify
a non-standard port for SSH when configuring remote repositories. However, the
remote identifier must include the path (I prefer to use the absolute path) to
the remote repository, e.g.,
git remote add origin ssh://git#dev.zzz.us:9092/path/to/repo.git
However, to test such a connection using the ssh command, you use the -p
option to specify the TCP port number and then user#hostname:
ssh -p 9092 git#dev.zzz.us
Note: I usually use Git from a Unix system (not from Windows) and the ssh
command is provided by the Openssh package.
Edit: I just checked on a Windows box and see that MSysGit also uses Openssh
so the above commands work; I haven't checked with Powershell but there shouldn't
be any issues running the above commands through the Bash shell.
I have trouble getting the official Windows ADT 21.1.0 distribution to connect to a git repository. No matter what I tried(details below) it complains about host key not present in the registry and shows me no option to accept the host key. The remote server is running Gitlab and is under my control. There's no problem with connectivity or firewalls.
What I tried so far:
connecting without giving a password, with user git
connecting while giving a password, with another user
adding manually the host key in the known_hosts file that is found in the ssh home directory(Preferences->General->Network Connections->SSH2->SSH2 home).
The message is always:
The server's host key is not cached in the registry. You
have no guarantee that the server is the computer you
think it is.
The server's rsa2 key fingerprint is:
ssh-rsa 2048 xx:xx:xx...
Connection abandoned.
RSE works without any problems, only egit gives me problems.
You could workaround the problem by not using the ssh protocol with the git server, but instead the git or http protocol.
One reason for the above message can be using a folder called "ssh" instead of ".ssh" (note the dot). Some colleague of mine experienced that, and this can easily happen when using Windows explorer, as it will silently remove the dot, when creating a folder called ".ssh". You have to use the command line instead.
I am using SFTP client(WinSCP) to get into a remote server and retrieve some files. I could not get to the SFTP server when I use WinSCP in a Windows-7 machine; but it works good when I try it from an XP machine. Can anyone think of what might be wrong. Any help appreciated!
I am also including the error screenshot, if that helps
Can anyone please help!
This could be some problem with your firewall. Check it if you are blocking WinSCP.
Quoting WinSCP documentation on the error message Server unexpectedly closed network connection:
If you get this error message while connecting to your server, it is
most usually caused by the server not being able to run some process
necessary to support your session. Always try to connect with another
SSH (SFTP) client to find, if it is server or client related problem.
Possibilities are:
Shell.
Your account may not be allowed to start a shell at all. With some servers (like OpenSSH or Sun SSH), you may need to be allowed to
start a shell, even if using SFTP protocol.
Also some servers refuse to start a shell if your password has expired or your account was terminated.
Some shells do not work with non-interactive sessions. The same it true for some configurations (or profiles used) for otherwise
working shells. This commonly exhibits with SCP protocol with
associated error message "Error skipping startup message. Your shell
is probably incompatible with the application (BASH is recommended)."
Try to force bash shell explicitly on SCP/Shell page of Advanced Site
Settings dialog. Using SFTP protocol instead of SCP is another option.
OpenSSH server may fail to start shell when chroot is configured, but not possible (e.g. due to group writeable permissions
to chroot directory).
Some environments require specific permissions (e.g. 755) to files like .profile or .bashrc.
SFTP server.
Your account may not be able to start SFTP server binary (e.g. /bin/sftp-server) or the binary is not present on your server.
Your SSH server may also lack the SFTP subsystem.
SSH server:
Your SSH server, particularly OpenSSH, may not be able to access the server key files, due to an incorrect permissions.
I'm trying to hook up Mercurial to Bitbucket on a PC and it's being really tough. I followed the instructions here:
http://www.codza.com/mercurial-with-ssh-setup-on-windows
and I'm running pageant set to my private key. I typed this at the command line:
plink -v hg#bitbucket.org and I get the following output:
C:\mypath>plink -v hg#bitbucket.org
"skipped for briefness"
Access granted
Opened channel for session
Server refused to allocate pty
Started a shell/command
conq: invalid command syntax
Server sent command exit status 0
Disconnected: All channels closed
My friend got the same error when he tried it on his PC. Can you help explain what the problem is or how to debug?
Running plink ssh://hg#bitbucket.org gives Using username ssh://hg and Disconnected: No supported authentication methods available.
Thanks for your help,
Kevin
You cannot connect to Bitbucket like that and get a login shell -- their backend process (called conq) will only accept Mercurial commands. With TortoiseHg, you don't have to do anything special -- so hg push ssh://hg#bitbucket.org/... should just work out of the box.
Using HTTPS is generally a nicer option for Bitbucket and as we discussed on IRC, there are plenty of ways to cache the passwords.