[Swift-devel] ssh data provider
Zhao Zhang
zhaozhang at uchicago.edu
Thu Dec 11 20:16:24 CST 2008
Mihael Hategan wrote:
> On Thu, 2008-12-11 at 20:00 -0600, Zhao Zhang wrote:
>
>> nope, we don't need to since ssh works for us.
>>
>
> Mmm, obviously not. May I suggest typing "man ssh" and reading the
> section on authentication?
>
By "it works" I mean it works for our ordinary use, we could login IO
nodes with that host based authentication.
>
>> Besides, I have no idea
>> where the ssh on IO nodes saves the public key.
>>
>
> For public key authentication you need to put the public
> key (~/.ssh/id_rsa.pub) in ~/.ssh/authorized_keys on the remote
> machine. This is the public key that corresponds to your private key.
>
Ha, it works now.
zzhang at login6.surveyor:~/swift/test> ssh -v -o
HostbasedAuthentication=no -l zzh
ang -i /home/zzhang/.ssh/id_rsa ion-1
OpenSSH_4.2p1, OpenSSL 0.9.8a 11 Oct 2005
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: /etc/ssh/ssh_config line 25: Deprecated option
"RhostsAuthentication"
debug1: Connecting to ion-1 [172.16.3.1] port 22.
debug1: Connection established.
debug1: identity file /home/zzhang/.ssh/id_rsa type 1
debug1: Remote protocol version 2.0, remote software version OpenSSH_4.2
debug1: match: OpenSSH_4.2 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_4.2
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-cbc hmac-md5 none
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host 'ion-1' is known and matches the RSA host key.
debug1: Found key in /home/zzhang/.ssh/known_hosts:40
Warning: the RSA host key for 'ion-1' differs from the key for the IP
address '172.16.3.1'
Offending key for IP in /home/zzhang/.ssh/known_hosts:3
Matching host key in /home/zzhang/.ssh/known_hosts:40
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue:
publickey,keyboard-interactive,hostbased
debug1: Next authentication method: publickey
debug1: Offering public key: /home/zzhang/.ssh/id_rsa
debug1: Server accepts key: pkalg ssh-rsa blen 277
debug1: read PEM private key done: type RSA
debug1: Authentication succeeded (publickey).
debug1: channel 0: new [client-session]
debug1: Entering interactive session.
Last login: Thu Dec 11 20:15:10 2008 from login6-data.surveyor.alcf.anl.gov
BusyBox v1.4.2 (2008-05-07 02:58:20 UTC) Built-in shell (ash)
Enter 'help' for a list of built-in commands.
/gpfs/home/zzhang $
>
>> zhao
>>
>> Mihael Hategan wrote:
>>
>>> Have you installed the public key on ion-1?
>>>
>>> On Thu, 2008-12-11 at 19:10 -0600, Zhao Zhang wrote:
>>>
>>>
>>>> Then it failed
>>>>
>>>> zzhang at login6.surveyor:~/swift/test> ssh -v -o
>>>> HostbasedAuthentication=no -l zzh
>>>> ang -i /home/zzhang/.ssh/id_rsa ion-7
>>>> OpenSSH_4.2p1, OpenSSL 0.9.8a 11 Oct 2005
>>>> debug1: Reading configuration data /etc/ssh/ssh_config
>>>> debug1: Applying options for *
>>>> debug1: /etc/ssh/ssh_config line 25: Deprecated option
>>>> "RhostsAuthentication"
>>>> debug1: Connecting to ion-7 [172.16.3.7] port 22.
>>>> debug1: Connection established.
>>>> debug1: identity file /home/zzhang/.ssh/id_rsa type 1
>>>> debug1: Remote protocol version 2.0, remote software version OpenSSH_4.2
>>>> debug1: match: OpenSSH_4.2 pat OpenSSH*
>>>> debug1: Enabling compatibility mode for protocol 2.0
>>>> debug1: Local version string SSH-2.0-OpenSSH_4.2
>>>> debug1: SSH2_MSG_KEXINIT sent
>>>> debug1: SSH2_MSG_KEXINIT received
>>>> debug1: kex: server->client aes128-cbc hmac-md5 none
>>>> debug1: kex: client->server aes128-cbc hmac-md5 none
>>>> debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
>>>> debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
>>>> debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
>>>> debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
>>>> debug1: Host 'ion-7' is known and matches the RSA host key.
>>>> debug1: Found key in /home/zzhang/.ssh/known_hosts:43
>>>> debug1: ssh_rsa_verify: signature correct
>>>> debug1: SSH2_MSG_NEWKEYS sent
>>>> debug1: expecting SSH2_MSG_NEWKEYS
>>>> debug1: SSH2_MSG_NEWKEYS received
>>>> debug1: SSH2_MSG_SERVICE_REQUEST sent
>>>> debug1: SSH2_MSG_SERVICE_ACCEPT received
>>>> debug1: Authentications that can continue:
>>>> publickey,keyboard-interactive,hostbased
>>>> debug1: Next authentication method: publickey
>>>> debug1: Offering public key: /home/zzhang/.ssh/id_rsa
>>>> debug1: Authentications that can continue:
>>>> publickey,keyboard-interactive,hostbased
>>>> debug1: Next authentication method: keyboard-interactive
>>>> debug1: Authentications that can continue:
>>>> publickey,keyboard-interactive,hostbased
>>>> debug1: No more authentication methods to try.
>>>> Permission denied (publickey,keyboard-interactive,hostbased).
>>>> zzhang at login6.surveyor:~/swift/test>
>>>>
>>>>
>>>> Mihael Hategan wrote:
>>>>
>>>>
>>>>> I looked at the ssh logs, and it seems like you're logging in using
>>>>> hostbased authentication.
>>>>>
>>>>> Try ssh -v -o HostBasedAuthenticatiosn=no -l zzhang
>>>>> -i /home/zzhang/.ssh/id_rsa ion-1
>>>>>
>>>>> Also, note that you misspelled "id_rsa": Warning: Identity
>>>>> file /home/zzhang/.ssh/ir_rsa not accessible: No such
>>>>> file or directory.
>>>>>
>>>>>
>>>>> On Thu, 2008-12-11 at 18:51 -0600, Zhao Zhang wrote:
>>>>>
>>>>>
>>>>>
>>>>>> Ha, you are right, i put a wrong log here.
>>>>>>
>>>>>> I rerun it, if failed with the following message.
>>>>>>
>>>>>> zzhang at login6.surveyor:~/swift/test> swift -sites.file ./sites.xml
>>>>>> -tc.file ./tc.data first.swift
>>>>>> Swift svn swift-r2334 (Swift modified locally) cog-r2216
>>>>>>
>>>>>> RunID: 20081211-1850-rcrr2fk0
>>>>>> Progress:
>>>>>> echo started
>>>>>> Sorted: [bgp000:1,000.000(98.545):0/789 overload: 0]
>>>>>> Sorted: [bgp000:999.590(98.544):0/789 overload: 0]
>>>>>> Sorted: [bgp000:999.180(98.544):0/789 overload: 0]
>>>>>> echo failed
>>>>>> Execution failed:
>>>>>> Could not initialize shared directory on bgp000
>>>>>> Caused by:
>>>>>> org.globus.cog.abstraction.impl.file.FileResourceException:
>>>>>> Error while communicating with the SSH server on 172.16.3.7:22
>>>>>> Caused by:
>>>>>> Public Key Authentication failed
>>>>>>
>>>>>> zhao
>>>>>>
>>>>>> Mihael Hategan wrote:
>>>>>>
>>>>>>
>>>>>>
>>>>>>> On Thu, 2008-12-11 at 18:38 -0600, Zhao Zhang wrote:
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>> sure, it is 172.16.3.6.passphrase=
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>> I don't believe you. Can you paste the file?
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>> Mihael Hategan wrote:
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>> On Thu, 2008-12-11 at 18:30 -0600, Zhao Zhang wrote:
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>> Hi, Mihael
>>>>>>>>>>
>>>>>>>>>> If I put .passphrase= there, I got this:
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>> With the IP address before .passphrase, of course. I.e.
>>>>>>>>> 172.16.3.6.passphrase=
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>
>>>>>
>>>>>
>>>
>>>
>
>
>
More information about the Swift-devel
mailing list