Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Problem Sync from UI. #13

Closed
jilabaca opened this issue Jun 8, 2018 · 3 comments
Closed

Problem Sync from UI. #13

jilabaca opened this issue Jun 8, 2018 · 3 comments

Comments

@jilabaca
Copy link

jilabaca commented Jun 8, 2018

Problem Sync from UI

When I add a server, it automatically remains as a root account waiting to be synchronized, I click on the sync now button and it tells me SSH Auhentication failed.

Checking the log tells me this.

Jun  8 09:33:40 ska syncd.php: Daemon started
Jun  8 09:33:46 ska syncd.php: Sync process spawning for: 1/
Jun  8 09:33:48 ska syncd.php: 2018-06-08T13:33:46+00:00 devel-ol6.inacap.cl: Preparing sync.
Jun  8 09:33:48 ska syncd.php: 2018-06-08T13:33:46+00:00 devel-ol6.inacap.cl: Checking IP address XXX.XXX.XXX.XXX.
Jun  8 09:33:48 ska syncd.php: 2018-06-08T13:33:46+00:00 devel-ol6.inacap.cl: Attempting to connect.
Jun  8 09:33:48 ska syncd.php: 2018-06-08T13:33:46+00:00 devel-ol6.inacap.cl: Public key authentication failed.
Jun  8 09:34:01 ska systemd: Started Session 1047 of user root.
Jun  8 09:34:01 ska systemd: Starting Session 1047 of user root.

I check the destination server and I have the following:

[root@devel-ol6 ~]# cat /etc/passwd |grep keys-sync
keys-sync:x:498:498::/var/local/keys-sync:/bin/sh
[root@devel-ol6 ~]#
[root@devel-ol6 ~]# ls -la /var/local/
total 12
drwxr-xr-x.  3 root root 4096 Jun  7 17:39 .
drwxr-xr-x. 19 root root 4096 Jun  7 16:53 ..
drwx--x--x   2 root root 4096 Jun  8 09:28 keys-sync
[root@devel-ol6 ~]# ls -la /var/local/keys-sync/
total 28
drwx--x--x  2 root      root      4096 Jun  8 09:28 .
drwxr-xr-x. 3 root      root      4096 Jun  7 17:39 ..
-rw-r--r--  1 root      root        18 Jun  7 17:40 .bash_logout
-rw-r--r--  1 root      root       176 Jun  7 17:40 .bash_profile
-rw-r--r--  1 root      root       124 Jun  7 17:40 .bashrc
-rw-r--r--  1 keys-sync keys-sync  735 Jun  7 18:24 keys-sync
[root@devel-ol6 ~]#
[root@devel-ol6 ~]# cat /etc/ssh/sshd_config |grep AuthorizedKeysFile
#AuthorizedKeysFile	.ssh/authorized_keys
AuthorizedKeysFile	/var/local/keys-sync/%u
[root@devel-ol6 ~]# cat /etc/ssh/sshd_config |grep StrictModes
StrictModes no
[root@devel-ol6 ~]#

The sshd service has been restarted.

From the SKA server, login with the keys-sync account and I have access to the destination server without a password.

[root@ska ~]# su - keys-sync
Last login: Fri Jun  8 09:47:33 -04 2018 on pts/0
-sh-4.2$ ssh devel-ol6.inacap.cl
Last login: Fri Jun  8 09:47:42 2018 from XXXXXXXXX
-sh-4.1$ hostname
devel-ol6.inacap.cl
-sh-4.1$ exit
logout
Connection to devel-ol6.inacap.cl closed.
-sh-4.2$ hostname
ska.inacap.cl
-sh-4.2$ exit
logout
[root@ska ~]#

But with the root account I can not enter the destination server without a password and the keys are the same for both accounts.

[root@ska ~]# ssh devel-ol6.inacap.cl
root@devel-ol6.inacap.cl's password:
Permission denied, please try again.
root@devel-ol6.inacap.cl's password:
Permission denied, please try again.
root@devel-ol6.inacap.cl's password:
Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password).
[root@ska ~]# ls .ssh/
id_rsa  id_rsa.pub  known_hosts
[root@ska ~]# ls /var/local/keys-sync/.ssh/
id_rsa  id_rsa.pub  known_hosts
[root@ska ~]# diff ~/.ssh/id_rsa.pub /var/local/keys-sync/.ssh/id_rsa.pub
[root@ska ~]# diff ~/.ssh/id_rsa /var/local/keys-sync/.ssh/id_rsa
[root@ska ~]# md5sum ~/.ssh/id_rsa
72e6d7295e2f302e4f4ab1027917d1ba  /root/.ssh/id_rsa
[root@ska ~]# md5sum ~/.ssh/id_rsa.pub
1d5ca306000b6f6102e93d822f75477d  /root/.ssh/id_rsa.pub
[root@ska ~]# md5sum /var/local/keys-sync/.ssh/id_rsa
72e6d7295e2f302e4f4ab1027917d1ba  /var/local/keys-sync/.ssh/id_rsa
[root@ska ~]# md5sum /var/local/keys-sync/.ssh/id_rsa.pub
1d5ca306000b6f6102e93d822f75477d  /var/local/keys-sync/.ssh/id_rsa.pub
[root@ska ~]#

Now if I run the sync.php manually it works.

[root@ska scripts]# /opt/rh/rh-php56/root/usr/bin/php sync.php -h devel-ol6.inacap.cl
2018-06-08T13:57:39+00:00 devel-ol6.inacap.cl: Preparing sync.
2018-06-08T13:57:39+00:00 devel-ol6.inacap.cl: Checking IP address XXX.XXX.XXX.XXX.
2018-06-08T13:57:39+00:00 devel-ol6.inacap.cl: Attempting to connect.
2018-06-08T13:57:40+00:00 devel-ol6.inacap.cl: Logged in as keys-sync.
devel-ol6.inacap.cl: Sync command execution failed for root, file_put_contents(): Unable to open ssh2.sftp://Resource id #31/var/local/keys-sync/root on remote host
2018-06-08T13:57:40+00:00 devel-ol6.inacap.cl: Sync finished
[root@ska scripts]# /opt/rh/rh-php56/root/usr/bin/php sync.php -h devel-ol6.inacap.cl -u root
2018-06-08T13:57:44+00:00 devel-ol6.inacap.cl: Preparing sync.
2018-06-08T13:57:44+00:00 devel-ol6.inacap.cl: Checking IP address XXX.XXX.XXX.XXX.
2018-06-08T13:57:44+00:00 devel-ol6.inacap.cl: Attempting to connect.
2018-06-08T13:57:44+00:00 devel-ol6.inacap.cl: Logged in as keys-sync.
devel-ol6.inacap.cl: Sync command execution failed for root, file_put_contents(): Unable to open ssh2.sftp://Resource id #31/var/local/keys-sync/root on remote host
2018-06-08T13:57:44+00:00 devel-ol6.inacap.cl: Sync finished
[root@ska scripts]# /opt/rh/rh-php56/root/usr/bin/php sync.php -h devel-ol6.inacap.cl -u keys-sync
2018-06-08T13:57:50+00:00 devel-ol6.inacap.cl: Preparing sync.
2018-06-08T13:57:50+00:00 devel-ol6.inacap.cl: Checking IP address XXX.XXX.XXX.XXX.
2018-06-08T13:57:50+00:00 devel-ol6.inacap.cl: Attempting to connect.
2018-06-08T13:57:50+00:00 devel-ol6.inacap.cl: Logged in as keys-sync.
2018-06-08T13:57:50+00:00 devel-ol6.inacap.cl: Sync finished
[root@ska scripts]#

I may have something wrong configured but I have not been able to find it, I would appreciate any help in this regard.

Access to the website is under LDAP as recommended in the README.

But the keys-sync account in the UI appears Inactive, do I have to create that account in the Active Directory?

captura de pantalla 2018-06-08 a la s 10 05 50

I am currently using my own account to access the UI and create the ska-administrator group where I am a member.
@thomas-pike
Copy link
Collaborator

Hi

Since it works when you run it manually but not when it runs from the daemon, it would suggest perhaps that the user that the daemon is running under does not have access to the private key file. Check the permissions and ownership on the private key file versus the user account specified in the systemd service file or the init script.

@jilabaca
Copy link
Author

jilabaca commented Jun 8, 2018

Thank you very much, indeed the files keys-sync and keys-sync.pub inside the directory config/ did not have read permission for the user keys-sync which is the one that starts the daemon.

Thank you very much!!

@krissi-opera
Copy link
Collaborator

Glad it works now!

@Kwiescent Kwiescent mentioned this issue Nov 29, 2018
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@thomas-pike @krissi-opera @jilabaca