[kepler-dev] SSH Help

Podhorszki, Norbert pnorbert at ornl.gov
Thu Sep 10 09:52:03 PDT 2009 

Hi Subhav,

see below my comments

On 9/10/09 12:02 PM, "subhav mital" <mital.subhav at gmail.com> wrote:

Hi Norbert,

Thank you for helping out.

Sorry that I forgot to reply to your messages earlier on.

I replied to Michal's message on the same day but saved your response as an unsent draft message as I was waiting for the new build to get installed on my machine, thinking it would solve my prob.

Anyways, here are my responses:


Can you use this actor to login with password? - I have got pwdless login working with the remote server.
I do not know how to try this with a password, with the SSH actor since most of them use pwdless login, I guess?

The SSH actor should work with password authentication. You should get a pop-up dialog asking for the password when connecting to the remote server.

Can you use this private key to login to that remote machine with command-line ssh? - Yes, I can.

google search reveals to me that something have been changed in ssh server configurations that is incompatible for older jsch versions. - Yes, you are correct.
(like http://www.mail-archive.com/issues@maven.apache.org/msg54510.html)

Can you replace the ./common/lib/jar/jsch-0.1.31.jar with the recent version and try it again?

- Do you mean jsch-0.1.42.zip <https://sourceforge.net/projects/jsch/files/jsch/jsch-0.1.42.zip/download> (282,216 bytes)  ?? Sounds like a good option, but how do I include this jar file? ant get...

Do you need to build the jar file from the zip source? Or can you get the jar itself?
Just replace the current jar file in your Kepler tree. I do not have the head, but last time I saw it in common/lib/jar/jsch-0.1.31.jar

http://publib.boulder.ibm.com/infocenter/director/v6r1x/index.jsp?topic=/director.tbs_6.1/fqm0_r_tbs_cannot_deploy_agents_to_vmware.html
says something about the ciphers enabled at server side.  If you are admin of the remote host, you may add (back) the 3des-cbc cipher as described on this web page - I am not the admin and guess it would be difficult to get this done, but could request the admin and see it this can be implemented.

We have it here at ORNL, so this can be a reason why it works here. Can you just ask the admin if they have the 3des-cbc enabled? Can you test it with another remote machine?

Please could you send me your workflow with the working SSH actor ?

No because you cannot execute my monster workflows. For testing, the /workflows/test/ssh/ExecuteACommand.xml
is perfect small workflow as well as the FileCopier.xml workflow. workflows/ directory is at the same level as the modules/, you may not have checked out it before.

 Then I would know exactly if the SSH server needs to be configured. After repeated attempts, I've realised that the problem lies during the copying and may be a configuration issue with the remote server.

If I use the same SSH file copier to copy files from one local directory to the other, it works fine (despite the condn that one must be a remote m/c and the other a local m/c).

The ssh package has a dual implementation using jsch for ssh connections and Java RT for local processing. Any reference with "local:" or "" is handled by the latter.
PNNL is currently working on a third implementation for GSI credentials.

Best regards
Norbert

On Wed, Aug 12, 2009 at 10:33 AM, subhav mital <mital.subhav at gmail.com> wrote:
Thanks for that. However, even if I do not activate pwdless connection, it still gives me the error despite the username and hostname being correct.

Thanks.


2009/8/12 Michal Owsiak <michalo at man.poznan.pl>

Hi,

I am not sure, whether SSH actor provides password less connection
without further settings.

But you can always (assuming that ssh is present at your Kepler
installation) use this simple workflow as an alternative.

Regards

Michal


> Hello,
> I have been using the SSH actor to connect to a remote host and get the
> following error:
>
> Exception caught in .ssh2executeActor.SSH to Execute
> (com.jcraft.jsch.JSchException)
> Algorithm negotiation fail

--
Michal Owsiak <michalo at man.poznan.pl>
Poznan Supercomputing and Networking Center
ul. Noskowskiego 10, 61-704 Poznan, POLAND
http://www.man.poznan.pl

More information about the Kepler-dev mailing list