[GE users] ssh_exchange_identification

Reuti reuti at staff.uni-marburg.de
Tue Jul 10 09:50:44 BST 2007


Hi,

root is always special, as a) its ~ isn't shared across all nodes, b)  
root login maybe disabled in the /etc/ssh/sshd_config

But here maybe a second problem is present: was the ssh-key also  
generated on this machine? There is another format of the ssh-key,  
which includes the "-----BEGIN/END". You can convert the keys with:

ssh-keygen -i <filename>

-- Reuti


Am 10.07.2007 um 10:13 schrieb sadfub at gmx.net:

> Hello,
>
> I want to configure qrsh and qlogin to use ssh. Hence, I followed the
> steps in http://gridengine.sunsource.net/howto/qrsh_qlogin_ssh.html
> (which seems a little outdated, since I've no rsh_command and  
> rsh_daemon
> items in my cluster configuration. But I included them to my cluster
> config.) As user all ssh stuff works well: `ssh node22` works with my
> keyfiles without a password prompt and all is well. But when using  
> `qrsh
> hostname` the following error occurs:
>
> [root at frontend ~]# qrsh hostname
> ssh_exchange_identification: Connection closed by remote host
> [root at frontend ~]# qrsh -verbose hostname
> Your job 158411 ("hostname") has been submitted
> waiting for interactive job to be scheduled ...
> Your interactive job 158411 has been successfully scheduled.
> Establishing /usr/bin/ssh session to host node17 ...
> ssh_exchange_identification: Connection closed by remote host
> /usr/bin/ssh exited with exit code 255
> reading exit code from shepherd ... 129
> [root at frontend ~]# qlogin
> Your job 158412 ("QLOGIN") has been submitted
> waiting for interactive job to be scheduled ...
> Your interactive job 158412 has been successfully scheduled.
> Establishing ssh_qlogin_wrapper session to host node23 ...
> OpenSSH_3.9p1-hpn NCSA_GSSAPI_20040818 KRB5, OpenSSL 0.9.7a Feb 19  
> 2003
> debug1: Reading configuration data /etc/ssh/ssh_config
> debug1: Applying options for *
> debug2: ssh_connect: needpriv 0
> debug1: Connecting to node23 [10.108.74.88] port 38380.
> debug1: Connection established.
> debug1: permanently_set_uid: 0/0
> debug1: identity file /root/.ssh/identity type -1
> debug1: identity file /root/.ssh/id_rsa type -1
> debug3: Not a RSA1 key file /root/.ssh/id_dsa.
> debug2: key_type_from_name: unknown key type '-----BEGIN'
> debug3: key_read: missing keytype
> debug3: key_read: missing whitespace
> debug3: key_read: missing whitespace
> debug3: key_read: missing whitespace
> debug3: key_read: missing whitespace
> debug3: key_read: missing whitespace
> debug3: key_read: missing whitespace
> debug3: key_read: missing whitespace
> debug3: key_read: missing whitespace
> debug3: key_read: missing whitespace
> debug3: key_read: missing whitespace
> debug2: key_type_from_name: unknown key type '-----END'
> debug3: key_read: missing keytype
> debug1: identity file /root/.ssh/id_dsa type 2
> ssh_exchange_identification: Connection closed by remote host
> ssh_qlogin_wrapper exited with exit code 255
>
> some relevant parts of my cluster config:
> rlogin_daemon:	/usr/sbin/sshd -i
> rlogin_command:	/usr/bin/ssh
> rsh_daemon:	/usr/sbin/sshd -i
> rsh_command:	/usr/bin/ssh
> qlogin_daemon:	/usr/sbin/sshd -i
> qlogin_command:	ssh_qlogin_wrapper
>
> ssh_qlogin_wrapper:
> #!/bin/sh
> HOST=$1
> PORT=$2
> /usr/bin/ssh -vvv -X -p $PORT $HOST
>
> I tried to configure my hosts.allow with a 'sshd:ALL' or 'ALL:ALL' but
> that doesn't effected anything, so now my hosts.allow and  
> hosts.deny are
> empty again. Searching the mailing list doesn't give me a solution.  
> Any
> help is much apreciated.
>
> --
> The debug info for a working ssh -vvv conenction:
> [root at frontend ~]# ssh -vvv node23
> OpenSSH_3.9p1-hpn NCSA_GSSAPI_20040818 KRB5, OpenSSL 0.9.7a Feb 19  
> 2003
> debug1: Reading configuration data /etc/ssh/ssh_config
> debug1: Applying options for *
> debug2: ssh_connect: needpriv 0
> debug1: Connecting to node23 [10.108.74.88] port 22.
> debug1: Connection established.
> debug1: permanently_set_uid: 0/0
> debug1: identity file /root/.ssh/identity type -1
> debug1: identity file /root/.ssh/id_rsa type -1
> debug3: Not a RSA1 key file /root/.ssh/id_dsa.
> debug2: key_type_from_name: unknown key type '-----BEGIN'
> debug3: key_read: missing keytype
> debug3: key_read: missing whitespace
> debug3: key_read: missing whitespace
> debug3: key_read: missing whitespace
> debug3: key_read: missing whitespace
> debug3: key_read: missing whitespace
> debug3: key_read: missing whitespace
> debug3: key_read: missing whitespace
> debug3: key_read: missing whitespace
> debug3: key_read: missing whitespace
> debug3: key_read: missing whitespace
> debug2: key_type_from_name: unknown key type '-----END'
> debug3: key_read: missing keytype
> debug1: identity file /root/.ssh/id_dsa type 2
> debug1: Remote protocol version 1.99, remote software version
> OpenSSH_3.9p1-hpn NCSA_GSSAPI_20040818 KRB5
> debug1: match: OpenSSH_3.9p1-hpn NCSA_GSSAPI_20040818 KRB5 pat  
> OpenSSH*
> debug1: Enabling compatibility mode for protocol 2.0
> debug1: Local version string SSH-2.0-OpenSSH_3.9p1-hpn
> NCSA_GSSAPI_20040818 KRB5
> debug2: fd 3 setting O_NONBLOCK
> debug3: Trying to reverse map address 10.108.74.88.
> debug1: Miscellaneous failure
> Unknown code krb5 195
>
> debug1: Miscellaneous failure
> Unknown code krb5 195
>
> debug1: SSH2_MSG_KEXINIT sent
> debug1: SSH2_MSG_KEXINIT received
> debug2: kex_parse_kexinit:
> diffie-hellman-group-exchange-sha1,diffie-hellman-group14- 
> sha1,diffie-hellman-group1-sha1
> debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
> debug2: kex_parse_kexinit:
> aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192- 
> cbc,aes256-cbc,rijndael-cbc at lysator.liu.se,aes128-ctr,aes192- 
> ctr,aes256-ctr
> debug2: kex_parse_kexinit:
> aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192- 
> cbc,aes256-cbc,rijndael-cbc at lysator.liu.se,aes128-ctr,aes192- 
> ctr,aes256-ctr
> debug2: kex_parse_kexinit:
> hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160 at openssh.com,hmac- 
> sha1-96,hmac-md5-96
> debug2: kex_parse_kexinit:
> hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160 at openssh.com,hmac- 
> sha1-96,hmac-md5-96
> debug2: kex_parse_kexinit: none,zlib
> debug2: kex_parse_kexinit: none,zlib
> debug2: kex_parse_kexinit:
> debug2: kex_parse_kexinit:
> debug2: kex_parse_kexinit: first_kex_follows 0
> debug2: kex_parse_kexinit: reserved 0
> debug2: kex_parse_kexinit:
> gss-group1-sha1-toWM5Slw5Ew8Mrkay+al2g==,gss-group1-sha1- 
> Se3H81isnmOC3OE+FwYCiQ==,diffie-hellman-group-exchange-sha1,diffie- 
> hellman-group14-sha1,diffie-hellman-group1-sha1
> debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
> debug2: kex_parse_kexinit:
> aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192- 
> cbc,aes256-cbc,rijndael-cbc at lysator.liu.se,aes128-ctr,aes192- 
> ctr,aes256-ctr
> debug2: kex_parse_kexinit:
> aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192- 
> cbc,aes256-cbc,rijndael-cbc at lysator.liu.se,aes128-ctr,aes192- 
> ctr,aes256-ctr
> debug2: kex_parse_kexinit:
> hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160 at openssh.com,hmac- 
> sha1-96,hmac-md5-96
> debug2: kex_parse_kexinit:
> hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160 at openssh.com,hmac- 
> sha1-96,hmac-md5-96
> debug2: kex_parse_kexinit: none,zlib
> debug2: kex_parse_kexinit: none,zlib
> debug2: kex_parse_kexinit:
> debug2: kex_parse_kexinit:
> debug2: kex_parse_kexinit: first_kex_follows 0
> debug2: kex_parse_kexinit: reserved 0
> debug2: mac_init: found hmac-md5
> debug1: kex: server->client aes128-cbc hmac-md5 none
> debug2: mac_init: found hmac-md5
> debug1: kex: client->server aes128-cbc hmac-md5 none
> debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
> debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
> debug2: dh_gen_key: priv key bits set: 106/256
> debug2: bits set: 485/1024
> debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
> debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
> debug3: check_host_in_hostfile: filename /root/.ssh/known_hosts
> debug3: check_host_in_hostfile: filename /etc/ssh/ssh_known_hosts
> debug3: check_host_in_hostfile: match line 23
> debug3: check_host_in_hostfile: filename /root/.ssh/known_hosts
> debug3: check_host_in_hostfile: filename /etc/ssh/ssh_known_hosts
> debug3: check_host_in_hostfile: match line 23
> debug1: Host 'node23' is known and matches the RSA host key.
> debug1: Found key in /etc/ssh/ssh_known_hosts:23
> debug2: bits set: 502/1024
> debug1: ssh_rsa_verify: signature correct
> debug2: kex_derive_keys
> debug2: set_newkeys: mode 1
> debug1: SSH2_MSG_NEWKEYS sent
> debug1: expecting SSH2_MSG_NEWKEYS
> debug2: set_newkeys: mode 0
> debug1: SSH2_MSG_NEWKEYS received
> debug1: SSH2_MSG_SERVICE_REQUEST sent
> debug2: service_accept: ssh-userauth
> debug1: SSH2_MSG_SERVICE_ACCEPT received
> debug2: key: /root/.ssh/identity ((nil))
> debug2: key: /root/.ssh/id_rsa ((nil))
> debug2: key: /root/.ssh/id_dsa (0x552abffdc0)
> debug1: Authentications that can continue:
> publickey,external-keyx,gssapi-with-mic,gssapi,password
> debug3: start over, passed a different list
> publickey,external-keyx,gssapi-with-mic,gssapi,password
> debug3: preferred
> external-keyx,gssapi-with-mic,gssapi,publickey,keyboard- 
> interactive,password
> debug3: authmethod_lookup external-keyx
> debug3: remaining preferred:
> gssapi-with-mic,gssapi,publickey,keyboard-interactive,password
> debug3: authmethod_is_enabled external-keyx
> debug1: Next authentication method: external-keyx
> debug2: gsskex not performed, skipping external-keyx
> debug2: we did not send a packet, disable method
> debug3: authmethod_lookup gssapi-with-mic
> debug3: remaining preferred: gssapi,publickey,keyboard- 
> interactive,password
> debug3: authmethod_is_enabled gssapi-with-mic
> debug1: Next authentication method: gssapi-with-mic
> debug1: Miscellaneous failure
> Unknown code krb5 195
>
> debug1: Miscellaneous failure
> Unknown code krb5 195
>
> debug2: we did not send a packet, disable method
> debug3: authmethod_lookup gssapi
> debug3: remaining preferred: publickey,keyboard-interactive,password
> debug3: authmethod_is_enabled gssapi
> debug1: Next authentication method: gssapi
> debug2: we did not send a packet, disable method
> debug3: authmethod_lookup publickey
> debug3: remaining preferred: keyboard-interactive,password
> debug3: authmethod_is_enabled publickey
> debug1: Next authentication method: publickey
> debug1: Trying private key: /root/.ssh/identity
> debug3: no such identity: /root/.ssh/identity
> debug1: Trying private key: /root/.ssh/id_rsa
> debug3: no such identity: /root/.ssh/id_rsa
> debug1: Offering public key: /root/.ssh/id_dsa
> debug3: send_pubkey_test
> debug2: we sent a publickey packet, wait for reply
> debug1: Server accepts key: pkalg ssh-dss blen 433
> debug2: input_userauth_pk_ok: fp
> 1c:b5:ea:75:19:77:1b:de:a7:94:9f:42:41:00:ad:b6
> debug3: sign_and_send_pubkey
> debug1: read PEM private key done: type DSA
> debug1: Authentication succeeded (publickey).
> debug1: channel 0: new [client-session]
> debug3: ssh_session2_open: channel_new: 0
> debug2: channel 0: send open
> debug1: Entering interactive session.
> debug2: callback start
> debug2: x11_get_proto: /usr/X11R6/bin/xauth  list unix:10.0 . 2>/ 
> dev/null
> debug1: Requesting X11 forwarding with authentication spoofing.
> debug2: channel 0: request x11-req confirm 0
> debug2: client_session2_setup: id 0
> debug2: channel 0: request pty-req confirm 0
> debug3: tty_make_modes: ospeed 38400
> debug3: tty_make_modes: ispeed 38400
> debug3: tty_make_modes: 1 3
> debug3: tty_make_modes: 2 28
> debug3: tty_make_modes: 3 127
> debug3: tty_make_modes: 4 21
> debug3: tty_make_modes: 5 4
> debug3: tty_make_modes: 6 0
> debug3: tty_make_modes: 7 0
> debug3: tty_make_modes: 8 17
> debug3: tty_make_modes: 9 19
> debug3: tty_make_modes: 10 26
> debug3: tty_make_modes: 12 18
> debug3: tty_make_modes: 13 23
> debug3: tty_make_modes: 14 22
> debug3: tty_make_modes: 18 15
> debug3: tty_make_modes: 30 0
> debug3: tty_make_modes: 31 0
> debug3: tty_make_modes: 32 0
> debug3: tty_make_modes: 33 0
> debug3: tty_make_modes: 34 0
> debug3: tty_make_modes: 35 0
> debug3: tty_make_modes: 36 1
> debug3: tty_make_modes: 37 0
> debug3: tty_make_modes: 38 1
> debug3: tty_make_modes: 39 0
> debug3: tty_make_modes: 40 0
> debug3: tty_make_modes: 41 0
> debug3: tty_make_modes: 50 1
> debug3: tty_make_modes: 51 1
> debug3: tty_make_modes: 52 0
> debug3: tty_make_modes: 53 1
> debug3: tty_make_modes: 54 1
> debug3: tty_make_modes: 55 1
> debug3: tty_make_modes: 56 0
> debug3: tty_make_modes: 57 0
> debug3: tty_make_modes: 58 0
> debug3: tty_make_modes: 59 1
> debug3: tty_make_modes: 60 1
> debug3: tty_make_modes: 61 1
> debug3: tty_make_modes: 62 0
> debug3: tty_make_modes: 70 1
> debug3: tty_make_modes: 71 0
> debug3: tty_make_modes: 72 1
> debug3: tty_make_modes: 73 0
> debug3: tty_make_modes: 74 0
> debug3: tty_make_modes: 75 0
> debug3: tty_make_modes: 90 1
> debug3: tty_make_modes: 91 1
> debug3: tty_make_modes: 92 0
> debug3: tty_make_modes: 93 0
> debug2: channel 0: request shell confirm 0
> debug2: fd 3 setting TCP_NODELAY
> debug2: callback done
> debug2: channel 0: open confirm rwindow 0 rmax 32768
> debug2: channel 0: rcvd adjust 5242880
> Last login: Mon Jun 25 13:00:56 2007 from frontend
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe at gridengine.sunsource.net
> For additional commands, e-mail: users-help at gridengine.sunsource.net

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe at gridengine.sunsource.net
For additional commands, e-mail: users-help at gridengine.sunsource.net




More information about the gridengine-users mailing list