Net::SSH::AuthenticationFailed when pulling db

[martin-josef]

Describe the bug

When pulling the db (-d) (hosted on rackspeed.de) I get the following error:

Net::SSH::AuthenticationFailed when pulling db

But I can pull the files (--all --no-db) without issues.

I specified an ssh-key in ~/.ssh/config (IdentityFile ).

▬▬ Pulling Database ▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬

    local | mysqldump --host=[secret] --user=root --result-file="[secret]/web/app/local-backup-1663235937.sql" <local-db>

    local | gzip -9 -f "[secret]/web/app/local-backup-1663235937.sql"

   remote | mysqldump --user=<db-user> --password=[secret] --result-file="[secret]/web/app/dump.sql" <db-name>
/Library/Ruby/Gems/2.6.0/gems/net-ssh-6.1.0/lib/net/ssh.rb:268:in `start': Authentication failed for user <ssh user>@<ip> (Net::SSH::AuthenticationFailed)
    from /Library/Ruby/Gems/2.6.0/gems/photocopier-1.4.0/lib/photocopier/ssh.rb:71:in `session'
    from /Library/Ruby/Gems/2.6.0/gems/photocopier-1.4.0/lib/photocopier/ssh.rb:44:in `exec!'
    from /Library/Ruby/Gems/2.6.0/gems/wordmove-5.2.2/lib/wordmove/deployer/ssh.rb:66:in `remote_run'
    from /Library/Ruby/Gems/2.6.0/gems/wordmove-5.2.2/lib/wordmove/deployer/ssh.rb:79:in `download_remote_db'
    from /Library/Ruby/Gems/2.6.0/gems/wordmove-5.2.2/lib/wordmove/deployer/ssh/wpcli_sql_adapter.rb:34:in `adapt_remote_db!'
    from /Library/Ruby/Gems/2.6.0/gems/wordmove-5.2.2/lib/wordmove/deployer/ssh.rb:48:in `pull_db'
    from /Library/Ruby/Gems/2.6.0/gems/wordmove-5.2.2/lib/wordmove/cli.rb:92:in `block in pull'
    from /Library/Ruby/Gems/2.6.0/gems/wordmove-5.2.2/lib/wordmove/cli.rb:40:in `block in handle_options'
    from /Library/Ruby/Gems/2.6.0/gems/wordmove-5.2.2/lib/wordmove/cli.rb:39:in `each'
    from /Library/Ruby/Gems/2.6.0/gems/wordmove-5.2.2/lib/wordmove/cli.rb:39:in `handle_options'
    from /Library/Ruby/Gems/2.6.0/gems/wordmove-5.2.2/lib/wordmove/cli.rb:91:in `pull'
    from /Library/Ruby/Gems/2.6.0/gems/thor-0.20.3/lib/thor/command.rb:27:in `run'
    from /Library/Ruby/Gems/2.6.0/gems/thor-0.20.3/lib/thor/invocation.rb:126:in `invoke_command'
    from /Library/Ruby/Gems/2.6.0/gems/thor-0.20.3/lib/thor.rb:387:in `dispatch'
    from /Library/Ruby/Gems/2.6.0/gems/thor-0.20.3/lib/thor/base.rb:466:in `start'
    from /Library/Ruby/Gems/2.6.0/gems/wordmove-5.2.2/exe/wordmove:6:in `<top (required)>'
    from /usr/local/bin/wordmove:23:in `load'
    from /usr/local/bin/wordmove:23:in `<main>'

Wordmove command

wordmove pull -e production -d

Expected behavior

I expected word move to pull the db.

movefile.yml

.env-file:

# ---- PRODUCTION env ('production') ----

### host & path
PROD_VHOST="<ip>"
PROD_PATH="<path>"

### database
PROD_DB_NAME="<db-name>"
PROD_DB_USER="<db-user>"
PROD_DB_PASS="<db-pass>"

### ssh
PROD_DB_SSH_HOST="<ssh-host>"
PROD_DB_SSH_USER="<ssh-user>"

movefile:

# ---- Production ---- #

production:
  vhost: '<%= ENV['PROD_VHOST'] %>'
  wordpress_path: '<%= ENV['PROD_PATH'] %>' # use an absolute path here

  database:
    name: '<%= ENV['PROD_DB_NAME'] %>'
    user: '<%= ENV['PROD_DB_USER'] %>'
    password: '<%= ENV['PROD_DB_PASS'] %>'
    host: '<%= ENV['PROD_DB_HOST'] %>'

  paths:
    wp_content: 'web/app' # wp_content
    mu_plugins: 'web/app/mu-plugins'
    plugins:  'web/app/plugins'
    themes: 'web/app/themes'
    uploads: 'web/app/uploads'
    languages: 'web/app/languages'

  ssh:
    host: '<%= ENV['PROD_DB_SSH_HOST'] %>'
    user: '<%= ENV['PROD_DB_SSH_USER'] %>'

Exception/trace

Paste (removing personal data) the entire trace of error/exception you encountered, if any

Environment (please complete the following information):

• OS: macOS 12.6 (Silicon M1 Mac)
• Ruby: ruby 2.6.8p205 (2021-07-07 revision 67951) [universal.arm64e-darwin21]
• Wordmove: 5.2.2

Doctor

• [x] running the wordmove doctor command returns all green

(If it is not, report the error you got.)

▬▬ Checking local database commands and connection ▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬

    ✅  success | `mysql` command is in $PATH

    ✅  success | `mysqldump` command is in $PATH

    ❌  error |   We can't connect to the MySQL server using credentials
                specified in the Movefile. Double check them or try
                to debug your system configuration.

                The command used to test was:

                mysql -e'QUIT'

    ❌  error |   We can't connect to the database using credentials
                specified in the Movefile, or the database does not
                exists. Double check them or try to debug your
                system configuration.

                The command used to test was:

                mysql -e'QUIT'

To add, this configuration (.env, movefile) works with other hosts flawlessly. This is rackspeed specific.

[alessandro-fazzi]

@martin-josef as far as your report is a really complete one, it's hard to track it down as a bug.

It's not reproducible, as you reported. What we probably have is a behavior in Wordmove that your current hosting provider dislikes.

I can't elaborate a solution but I have a previous experience to share; Wordmove has a somewhat defective behavior when working w/ DB: it makes a lot of subsequent connections. Sometimes hosting providers set a throttle limit in order to protect themselves from ddos-like attempts and this limit could happen to resolve into a refute to auth the user.

One desperate try to do in order to verify this assumption is to add these configs to the specific host into your ssh config

Host example.com
  ControlMaster auto
  ControlPath /tmp/master-%r@%h:%p
  [...]

then in one terminal open an SSH connection to the host and in another terminal run wordmove pull -e production -d. This way you should force SSH client to reuse a single connection through a local socket (don't know if it's actually a socket, but at least it has a similar concept).

Is this a fix? It is not for sure. It's more of a troubleshooting/possible workaround/reproduction path, but that's all I have on the table.

[martin-josef]

It is much appreciated, thanks! I will continue debugging the situation soon, right now I manually dump / pull / search-replace. I will report back if I find anything.

[psydigital]

I'm also experiencing this issue.

[martin-josef]

I couldn't solve it myself and don't have to pull / push from that host anymore, so I sadly won't be of any help.

[psydigital]

I'll let you know if I solve - I think it might be related to php 8.1 but honestly I don't know why.

[martin-josef]

I only experienced this issue with one host, all my digitalocean droplets etc. are unaffected.

[MaruanBO]

If you take a litle bit of attencion you can see wordmove is not getting your env variables, to fix it you can do something like:

local: vhost: "http://localhost:<%= ENV['LOCAL_SERVER_PORT'] %>" wordpress_path: "/var/www/html/" database: # does not change this value, wordmove does not get ENV variables for this. name: "wordpress" user: "wordpress" password: "wordpress" host: "database" mysqldump_options: "--hex-blob -no-tablespace" # add -- -no-tablespace to prevent permission denied error with mysqldump

Also for for integer does not add "" cause gonna be detected as string.

[harnerdesigns]

Running into a similar issue and I think it's related to the current incompatibility of net-ssh 6.x.x and OpenSSL 3.x.x which ships by default with Ubuntu 22. Supposedly net-ssh 7.x.x should fix this, but I don't know how to go about fixing that here in Wordmove. (See https://github.com/net-ssh/net-ssh/issues/874 for reference)

[MaruanBO]

mysql -e'QUIT'

In him case he is using bad configuration in movefile.yml, look at: mysql -e'QUIT'. Movefile is not reading env file '<%= ENV['PROD_DB_NAME'] %>' etc.. the solution is was i suggested. There is not another solution.

[alessandro-fazzi]

mysql -e'QUIT'

In him case he is using bad configuration in movefile.yml, look at: mysql -e'QUIT'. Movefile is not reading env file '<%= ENV['PROD_DB_NAME'] %>' etc.. the solution is was i suggested. There is not another solution.

mysql -e'QUIT' is not a command from the OP, but a command wordmove doctor uses to test connection to DB. If a bug in reading from ENV exists, it should exist only when running doctor command.

[alessandro-fazzi]

Running into a similar issue and I think it's related to the current incompatibility of net-ssh 6.x.x and OpenSSL 3.x.x which ships by default with Ubuntu 22. Supposedly net-ssh 7.x.x should fix this, but I don't know how to go about fixing that here in Wordmove. (See net-ssh/net-ssh#874 for reference)

@harnerdesigns does «similar» means only database related operations are failing?

[stale[bot]]

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

[harnerdesigns]

@alessandro-fazzi sorry for the late as hell response, but yes, DB operations are the only one failing.

Running wordmove push -e production --all runs through everything fine and then fails on the DB push.