Closed stevana closed 3 years ago
Also checked that jepsen-control
's public key is in the authorized keys of all the nodes, e.g.:
kyle@control:~$ cat .ssh/id_rsa.pub
ssh-rsa AAAAB3N [...]
kyle@control:~$ ssh root@n1 cat /root/.ssh/authorized_keys
ssh-rsa AAAAB3N [...]
Managed to reproduce it with clj-ssh
and got some more debug info:
kyle@control:/jepsen$ lein repl
nREPL server started on port 42715 on host 127.0.0.1 - nrepl://127.0.0.1:42715
REPL-y 0.4.3, nREPL 0.6.0
Clojure 1.10.1
OpenJDK 64-Bit Server VM 1.8.0_242-8u242-b08-0ubuntu3~16.04-b08
Docs: (doc function-name-here)
(find-doc "part-of-name-here")
Source: (source function-name-here)
Javadoc: (javadoc java-object-or-class-here)
Exit: Control+D or (exit) or (quit)
Results: Stored in vars *1, *2, *3, an exception in *e
smartlog.main=> (use 'clj-ssh.cli)
nil
smartlog.main=> (default-session-options {:strict-host-key-checking :no})
{:strict-host-key-checking :no}
smartlog.main=> (ssh "n1" "ls" :username "root")
15:21:56.840 [nRepl-session-880cca20-78c4-4ee8-9c31-1f5990246f03] DEBUG clj-ssh.ssh - Connecting to n1 port 22
15:21:56.854 [nRepl-session-880cca20-78c4-4ee8-9c31-1f5990246f03] DEBUG clj-ssh.ssh - Connection established
15:21:56.869 [nRepl-session-880cca20-78c4-4ee8-9c31-1f5990246f03] DEBUG clj-ssh.ssh - Remote version string: SSH-2.0-OpenSSH_7.4p1 Debian-10+deb9u7
15:21:56.869 [nRepl-session-880cca20-78c4-4ee8-9c31-1f5990246f03] DEBUG clj-ssh.ssh - Local version string: SSH-2.0-JSCH-0.1.53
15:21:56.869 [nRepl-session-880cca20-78c4-4ee8-9c31-1f5990246f03] DEBUG clj-ssh.ssh - CheckCiphers: aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-ctr,arcfour,arcfour128
,arcfour256
15:21:56.938 [nRepl-session-880cca20-78c4-4ee8-9c31-1f5990246f03] DEBUG clj-ssh.ssh - CheckKexes: diffie-hellman-group14-sha1,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521
15:21:57.020 [nRepl-session-880cca20-78c4-4ee8-9c31-1f5990246f03] DEBUG clj-ssh.ssh - CheckSignatures: ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521
15:21:57.021 [nRepl-session-880cca20-78c4-4ee8-9c31-1f5990246f03] DEBUG clj-ssh.ssh - SSH_MSG_KEXINIT sent
15:21:57.022 [nRepl-session-880cca20-78c4-4ee8-9c31-1f5990246f03] DEBUG clj-ssh.ssh - SSH_MSG_KEXINIT received
15:21:57.022 [nRepl-session-880cca20-78c4-4ee8-9c31-1f5990246f03] DEBUG clj-ssh.ssh - kex: server: curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2
-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1
15:21:57.022 [nRepl-session-880cca20-78c4-4ee8-9c31-1f5990246f03] DEBUG clj-ssh.ssh - kex: server: ssh-rsa,rsa-sha2-512,rsa-sha2-256,ecdsa-sha2-nistp256,ssh-ed25519
15:21:57.022 [nRepl-session-880cca20-78c4-4ee8-9c31-1f5990246f03] DEBUG clj-ssh.ssh - kex: server: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-g
cm@openssh.com
15:21:57.022 [nRepl-session-880cca20-78c4-4ee8-9c31-1f5990246f03] DEBUG clj-ssh.ssh - kex: server: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-g
cm@openssh.com
15:21:57.022 [nRepl-session-880cca20-78c4-4ee8-9c31-1f5990246f03] DEBUG clj-ssh.ssh - kex: server: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-e
tm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
15:21:57.022 [nRepl-session-880cca20-78c4-4ee8-9c31-1f5990246f03] DEBUG clj-ssh.ssh - kex: server: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-e
tm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
15:21:57.022 [nRepl-session-880cca20-78c4-4ee8-9c31-1f5990246f03] DEBUG clj-ssh.ssh - kex: server: none,zlib@openssh.com
15:21:57.022 [nRepl-session-880cca20-78c4-4ee8-9c31-1f5990246f03] DEBUG clj-ssh.ssh - kex: server: none,zlib@openssh.com
15:21:57.022 [nRepl-session-880cca20-78c4-4ee8-9c31-1f5990246f03] DEBUG clj-ssh.ssh - kex: server:
15:21:57.022 [nRepl-session-880cca20-78c4-4ee8-9c31-1f5990246f03] DEBUG clj-ssh.ssh - kex: server:
15:21:57.022 [nRepl-session-880cca20-78c4-4ee8-9c31-1f5990246f03] DEBUG clj-ssh.ssh - kex: client: ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-he
llman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
15:21:57.023 [nRepl-session-880cca20-78c4-4ee8-9c31-1f5990246f03] DEBUG clj-ssh.ssh - kex: client: ssh-rsa,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521
15:21:57.023 [nRepl-session-880cca20-78c4-4ee8-9c31-1f5990246f03] DEBUG clj-ssh.ssh - kex: client: aes128-ctr,aes128-cbc,3des-ctr,3des-cbc,blowfish-cbc,aes192-ctr,aes192-cbc,aes256-ctr,aes256-c
bc
15:21:57.023 [nRepl-session-880cca20-78c4-4ee8-9c31-1f5990246f03] DEBUG clj-ssh.ssh - kex: client: aes128-ctr,aes128-cbc,3des-ctr,3des-cbc,blowfish-cbc,aes192-ctr,aes192-cbc,aes256-ctr,aes256-c
bc
15:21:57.023 [nRepl-session-880cca20-78c4-4ee8-9c31-1f5990246f03] DEBUG clj-ssh.ssh - kex: client: hmac-md5,hmac-sha1,hmac-sha2-256,hmac-sha1-96,hmac-md5-96
15:21:57.023 [nRepl-session-880cca20-78c4-4ee8-9c31-1f5990246f03] DEBUG clj-ssh.ssh - kex: client: hmac-md5,hmac-sha1,hmac-sha2-256,hmac-sha1-96,hmac-md5-96
15:21:57.023 [nRepl-session-880cca20-78c4-4ee8-9c31-1f5990246f03] DEBUG clj-ssh.ssh - kex: client: none
15:21:57.023 [nRepl-session-880cca20-78c4-4ee8-9c31-1f5990246f03] DEBUG clj-ssh.ssh - kex: client: none
15:21:57.023 [nRepl-session-880cca20-78c4-4ee8-9c31-1f5990246f03] DEBUG clj-ssh.ssh - kex: client:
15:21:57.023 [nRepl-session-880cca20-78c4-4ee8-9c31-1f5990246f03] DEBUG clj-ssh.ssh - kex: client:
15:21:57.023 [nRepl-session-880cca20-78c4-4ee8-9c31-1f5990246f03] DEBUG clj-ssh.ssh - kex: server->client aes128-ctr hmac-sha1 none
15:21:57.023 [nRepl-session-880cca20-78c4-4ee8-9c31-1f5990246f03] DEBUG clj-ssh.ssh - kex: client->server aes128-ctr hmac-sha1 none
15:21:57.029 [nRepl-session-880cca20-78c4-4ee8-9c31-1f5990246f03] DEBUG clj-ssh.ssh - SSH_MSG_KEX_ECDH_INIT sent
15:21:57.029 [nRepl-session-880cca20-78c4-4ee8-9c31-1f5990246f03] DEBUG clj-ssh.ssh - expecting SSH_MSG_KEX_ECDH_REPLY
15:21:57.036 [nRepl-session-880cca20-78c4-4ee8-9c31-1f5990246f03] DEBUG clj-ssh.ssh - ssh_rsa_verify: signature true
15:21:57.039 [nRepl-session-880cca20-78c4-4ee8-9c31-1f5990246f03] DEBUG clj-ssh.ssh - Host 'n1' is known and matches the RSA host key
15:21:57.039 [nRepl-session-880cca20-78c4-4ee8-9c31-1f5990246f03] DEBUG clj-ssh.ssh - SSH_MSG_NEWKEYS sent
15:21:57.039 [nRepl-session-880cca20-78c4-4ee8-9c31-1f5990246f03] DEBUG clj-ssh.ssh - SSH_MSG_NEWKEYS received
15:21:57.042 [nRepl-session-880cca20-78c4-4ee8-9c31-1f5990246f03] DEBUG clj-ssh.ssh - SSH_MSG_SERVICE_REQUEST sent
15:21:57.043 [nRepl-session-880cca20-78c4-4ee8-9c31-1f5990246f03] DEBUG clj-ssh.ssh - SSH_MSG_SERVICE_ACCEPT received
15:21:57.043 [nRepl-session-880cca20-78c4-4ee8-9c31-1f5990246f03] DEBUG clj-ssh.ssh - Authentications that can continue: publickey,keyboard-interactive,password
15:21:57.043 [nRepl-session-880cca20-78c4-4ee8-9c31-1f5990246f03] DEBUG clj-ssh.ssh - Next authentication method: publickey
15:21:57.046 [nRepl-session-880cca20-78c4-4ee8-9c31-1f5990246f03] DEBUG clj-ssh.ssh - Authentications that can continue: password
15:21:57.046 [nRepl-session-880cca20-78c4-4ee8-9c31-1f5990246f03] DEBUG clj-ssh.ssh - Next authentication method: password
15:21:57.047 [nRepl-session-880cca20-78c4-4ee8-9c31-1f5990246f03] DEBUG clj-ssh.ssh - Disconnecting from n1 port 22
Execution error (JSchException) at com.jcraft.jsch.Session/connect (Session.java:512).
Auth fail
OK, almost got it now. Need to pass --ssh-private-key /home/kyle/.ssh/id_rsa
, but why?
Might be that your SSH agent isn't presenting the key?
The problem was ssh-add /root/.ssh/id_rsa &> /dev/null
in docker/control/bashrc
...
In case it wasn't clear: all issues have been resolved here and this is ready for review.
I'm trying to make the docker-compose stuff work as non-root in order to be able to mount my ~/.m2 so that I can use locally installed libraries and not have to fetch the dependencies all time and at the same time not have docker write as root into that directory.
That part works. However sshing doesn't:
If I do
docker exec -it jepsen-control bash
and thenssh -o StrictHostKeyChecking=no root@n1 hostname
it works though.I can't think of anything that my change introduced that would cause this to break, any hints?