[Swift-devel] ssh data provider
Zhao Zhang
zhaozhang at uchicago.edu
Thu Dec 11 21:40:12 CST 2008
ok, I see, thanks.
zhao
Mihael Hategan wrote:
> Uh. Sorry. Let me be more clear. They need to enable sftp in the openssh
> server. This has little to do with whether the sftp client tool is
> installed or not.
>
> On Thu, 2008-12-11 at 21:00 -0600, Mihael Hategan wrote:
>
>> Ok. Can you paste a link to the log file?
>>
>> On Thu, 2008-12-11 at 20:57 -0600, Zhao Zhang wrote:
>>
>>> I tried to run sftp on IO nodes,
>>>
>>> bash-3.1$ sftp
>>> usage: sftp [-1Cv] [-B buffer_size] [-b batchfile] [-F ssh_config]
>>> [-o ssh_option] [-P sftp_server_path] [-R num_requests]
>>> [-S program] [-s subsystem | sftp_server] host
>>> sftp [[user@]host[:file [file]]]
>>> sftp [[user@]host[:dir[/]]]
>>> sftp -b batchfile [user@]host
>>>
>>> it seems that there is a working version
>>>
>>> zhao
>>>
>>> Mihael Hategan wrote:
>>>
>>>> You could ask the folks who administer the BG to enable sftp on the io
>>>> nodes. This is enabled by default with openssh.
>>>>
>>>> On Thu, 2008-12-11 at 20:52 -0600, Zhao Zhang wrote:
>>>>
>>>>
>>>>> got this
>>>>>
>>>>> zzhang at login6.surveyor:~/swift/test> swift -sites.file ./sites.xml
>>>>> -tc.file ./tc.data first.swift
>>>>> Swift svn swift-r2334 (Swift modified locally) cog-r2216
>>>>>
>>>>> RunID: 20081211-2021-oi8c3r0b
>>>>> Progress:
>>>>> echo started
>>>>> Sorted: [bgp000:1,000.000(98.545):0/789 overload: 0]
>>>>> Sorted: [bgp000:999.590(98.544):0/789 overload: 0]
>>>>> Sorted: [bgp000:999.180(98.544):0/789 overload: 0]
>>>>> echo failed
>>>>> Execution failed:
>>>>> Could not initialize shared directory on bgp000
>>>>> Caused by:
>>>>> org.globus.cog.abstraction.impl.file.FileResourceException:
>>>>> Error while communicating with the SSH server on 172.16.3.2:22
>>>>> Caused by:
>>>>> Failed to start the SFTP subsystem on zzhang:<key>@172.16.3.2:22
>>>>>
>>>>>
>>>>> Mihael Hategan wrote:
>>>>>
>>>>>
>>>>>> now try swift
>>>>>>
>>>>>> On Thu, 2008-12-11 at 20:16 -0600, Zhao Zhang wrote:
>>>>>>
>>>>>>
>>>>>>
>>>>>>> Mihael Hategan wrote:
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>> On Thu, 2008-12-11 at 20:00 -0600, Zhao Zhang wrote:
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>> nope, we don't need to since ssh works for us.
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>> Mmm, obviously not. May I suggest typing "man ssh" and reading the
>>>>>>>> section on authentication?
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>> By "it works" I mean it works for our ordinary use, we could login IO
>>>>>>> nodes with that host based authentication.
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>> Besides, I have no idea
>>>>>>>>> where the ssh on IO nodes saves the public key.
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>> For public key authentication you need to put the public
>>>>>>>> key (~/.ssh/id_rsa.pub) in ~/.ssh/authorized_keys on the remote
>>>>>>>> machine. This is the public key that corresponds to your private key.
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>> Ha, it works now.
>>>>>>>
>>>>>>> zzhang at login6.surveyor:~/swift/test> ssh -v -o
>>>>>>> HostbasedAuthentication=no -l zzh
>>>>>>> ang -i /home/zzhang/.ssh/id_rsa ion-1
>>>>>>> OpenSSH_4.2p1, OpenSSL 0.9.8a 11 Oct 2005
>>>>>>> debug1: Reading configuration data /etc/ssh/ssh_config
>>>>>>> debug1: Applying options for *
>>>>>>> debug1: /etc/ssh/ssh_config line 25: Deprecated option
>>>>>>> "RhostsAuthentication"
>>>>>>> debug1: Connecting to ion-1 [172.16.3.1] port 22.
>>>>>>> debug1: Connection established.
>>>>>>> debug1: identity file /home/zzhang/.ssh/id_rsa type 1
>>>>>>> debug1: Remote protocol version 2.0, remote software version OpenSSH_4.2
>>>>>>> debug1: match: OpenSSH_4.2 pat OpenSSH*
>>>>>>> debug1: Enabling compatibility mode for protocol 2.0
>>>>>>> debug1: Local version string SSH-2.0-OpenSSH_4.2
>>>>>>> debug1: SSH2_MSG_KEXINIT sent
>>>>>>> debug1: SSH2_MSG_KEXINIT received
>>>>>>> debug1: kex: server->client aes128-cbc hmac-md5 none
>>>>>>> debug1: kex: client->server aes128-cbc hmac-md5 none
>>>>>>> debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
>>>>>>> debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
>>>>>>> debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
>>>>>>> debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
>>>>>>> debug1: Host 'ion-1' is known and matches the RSA host key.
>>>>>>> debug1: Found key in /home/zzhang/.ssh/known_hosts:40
>>>>>>> Warning: the RSA host key for 'ion-1' differs from the key for the IP
>>>>>>> address '172.16.3.1'
>>>>>>> Offending key for IP in /home/zzhang/.ssh/known_hosts:3
>>>>>>> Matching host key in /home/zzhang/.ssh/known_hosts:40
>>>>>>> debug1: ssh_rsa_verify: signature correct
>>>>>>> debug1: SSH2_MSG_NEWKEYS sent
>>>>>>> debug1: expecting SSH2_MSG_NEWKEYS
>>>>>>> debug1: SSH2_MSG_NEWKEYS received
>>>>>>> debug1: SSH2_MSG_SERVICE_REQUEST sent
>>>>>>> debug1: SSH2_MSG_SERVICE_ACCEPT received
>>>>>>> debug1: Authentications that can continue:
>>>>>>> publickey,keyboard-interactive,hostbased
>>>>>>> debug1: Next authentication method: publickey
>>>>>>> debug1: Offering public key: /home/zzhang/.ssh/id_rsa
>>>>>>> debug1: Server accepts key: pkalg ssh-rsa blen 277
>>>>>>> debug1: read PEM private key done: type RSA
>>>>>>> debug1: Authentication succeeded (publickey).
>>>>>>> debug1: channel 0: new [client-session]
>>>>>>> debug1: Entering interactive session.
>>>>>>> Last login: Thu Dec 11 20:15:10 2008 from login6-data.surveyor.alcf.anl.gov
>>>>>>>
>>>>>>>
>>>>>>> BusyBox v1.4.2 (2008-05-07 02:58:20 UTC) Built-in shell (ash)
>>>>>>> Enter 'help' for a list of built-in commands.
>>>>>>>
>>>>>>> /gpfs/home/zzhang $
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>> zhao
>>>>>>>>>
>>>>>>>>> Mihael Hategan wrote:
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>> Have you installed the public key on ion-1?
>>>>>>>>>>
>>>>>>>>>> On Thu, 2008-12-11 at 19:10 -0600, Zhao Zhang wrote:
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>> Then it failed
>>>>>>>>>>>
>>>>>>>>>>> zzhang at login6.surveyor:~/swift/test> ssh -v -o
>>>>>>>>>>> HostbasedAuthentication=no -l zzh
>>>>>>>>>>> ang -i /home/zzhang/.ssh/id_rsa ion-7
>>>>>>>>>>> OpenSSH_4.2p1, OpenSSL 0.9.8a 11 Oct 2005
>>>>>>>>>>> debug1: Reading configuration data /etc/ssh/ssh_config
>>>>>>>>>>> debug1: Applying options for *
>>>>>>>>>>> debug1: /etc/ssh/ssh_config line 25: Deprecated option
>>>>>>>>>>> "RhostsAuthentication"
>>>>>>>>>>> debug1: Connecting to ion-7 [172.16.3.7] port 22.
>>>>>>>>>>> debug1: Connection established.
>>>>>>>>>>> debug1: identity file /home/zzhang/.ssh/id_rsa type 1
>>>>>>>>>>> debug1: Remote protocol version 2.0, remote software version OpenSSH_4.2
>>>>>>>>>>> debug1: match: OpenSSH_4.2 pat OpenSSH*
>>>>>>>>>>> debug1: Enabling compatibility mode for protocol 2.0
>>>>>>>>>>> debug1: Local version string SSH-2.0-OpenSSH_4.2
>>>>>>>>>>> debug1: SSH2_MSG_KEXINIT sent
>>>>>>>>>>> debug1: SSH2_MSG_KEXINIT received
>>>>>>>>>>> debug1: kex: server->client aes128-cbc hmac-md5 none
>>>>>>>>>>> debug1: kex: client->server aes128-cbc hmac-md5 none
>>>>>>>>>>> debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
>>>>>>>>>>> debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
>>>>>>>>>>> debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
>>>>>>>>>>> debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
>>>>>>>>>>> debug1: Host 'ion-7' is known and matches the RSA host key.
>>>>>>>>>>> debug1: Found key in /home/zzhang/.ssh/known_hosts:43
>>>>>>>>>>> debug1: ssh_rsa_verify: signature correct
>>>>>>>>>>> debug1: SSH2_MSG_NEWKEYS sent
>>>>>>>>>>> debug1: expecting SSH2_MSG_NEWKEYS
>>>>>>>>>>> debug1: SSH2_MSG_NEWKEYS received
>>>>>>>>>>> debug1: SSH2_MSG_SERVICE_REQUEST sent
>>>>>>>>>>> debug1: SSH2_MSG_SERVICE_ACCEPT received
>>>>>>>>>>> debug1: Authentications that can continue:
>>>>>>>>>>> publickey,keyboard-interactive,hostbased
>>>>>>>>>>> debug1: Next authentication method: publickey
>>>>>>>>>>> debug1: Offering public key: /home/zzhang/.ssh/id_rsa
>>>>>>>>>>> debug1: Authentications that can continue:
>>>>>>>>>>> publickey,keyboard-interactive,hostbased
>>>>>>>>>>> debug1: Next authentication method: keyboard-interactive
>>>>>>>>>>> debug1: Authentications that can continue:
>>>>>>>>>>> publickey,keyboard-interactive,hostbased
>>>>>>>>>>> debug1: No more authentication methods to try.
>>>>>>>>>>> Permission denied (publickey,keyboard-interactive,hostbased).
>>>>>>>>>>> zzhang at login6.surveyor:~/swift/test>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> Mihael Hategan wrote:
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>> I looked at the ssh logs, and it seems like you're logging in using
>>>>>>>>>>>> hostbased authentication.
>>>>>>>>>>>>
>>>>>>>>>>>> Try ssh -v -o HostBasedAuthenticatiosn=no -l zzhang
>>>>>>>>>>>> -i /home/zzhang/.ssh/id_rsa ion-1
>>>>>>>>>>>>
>>>>>>>>>>>> Also, note that you misspelled "id_rsa": Warning: Identity
>>>>>>>>>>>> file /home/zzhang/.ssh/ir_rsa not accessible: No such
>>>>>>>>>>>> file or directory.
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>> On Thu, 2008-12-11 at 18:51 -0600, Zhao Zhang wrote:
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>> Ha, you are right, i put a wrong log here.
>>>>>>>>>>>>>
>>>>>>>>>>>>> I rerun it, if failed with the following message.
>>>>>>>>>>>>>
>>>>>>>>>>>>> zzhang at login6.surveyor:~/swift/test> swift -sites.file ./sites.xml
>>>>>>>>>>>>> -tc.file ./tc.data first.swift
>>>>>>>>>>>>> Swift svn swift-r2334 (Swift modified locally) cog-r2216
>>>>>>>>>>>>>
>>>>>>>>>>>>> RunID: 20081211-1850-rcrr2fk0
>>>>>>>>>>>>> Progress:
>>>>>>>>>>>>> echo started
>>>>>>>>>>>>> Sorted: [bgp000:1,000.000(98.545):0/789 overload: 0]
>>>>>>>>>>>>> Sorted: [bgp000:999.590(98.544):0/789 overload: 0]
>>>>>>>>>>>>> Sorted: [bgp000:999.180(98.544):0/789 overload: 0]
>>>>>>>>>>>>> echo failed
>>>>>>>>>>>>> Execution failed:
>>>>>>>>>>>>> Could not initialize shared directory on bgp000
>>>>>>>>>>>>> Caused by:
>>>>>>>>>>>>> org.globus.cog.abstraction.impl.file.FileResourceException:
>>>>>>>>>>>>> Error while communicating with the SSH server on 172.16.3.7:22
>>>>>>>>>>>>> Caused by:
>>>>>>>>>>>>> Public Key Authentication failed
>>>>>>>>>>>>>
>>>>>>>>>>>>> zhao
>>>>>>>>>>>>>
>>>>>>>>>>>>> Mihael Hategan wrote:
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>>> On Thu, 2008-12-11 at 18:38 -0600, Zhao Zhang wrote:
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> sure, it is 172.16.3.6.passphrase=
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>> I don't believe you. Can you paste the file?
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> Mihael Hategan wrote:
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> On Thu, 2008-12-11 at 18:30 -0600, Zhao Zhang wrote:
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>> Hi, Mihael
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>> If I put .passphrase= there, I got this:
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> With the IP address before .passphrase, of course. I.e.
>>>>>>>>>>>>>>>> 172.16.3.6.passphrase=
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>
>>>>
>> _______________________________________________
>> Swift-devel mailing list
>> Swift-devel at ci.uchicago.edu
>> http://mail.ci.uchicago.edu/mailman/listinfo/swift-devel
>>
>
>
>
More information about the Swift-devel
mailing list