[kepler-dev] SSH Help

[subhav mital]

Hi Norbert,
Some more updates.

1) Updating the Jar file helped and worked fine!! Though I was prompted for
a password despite having pwdless login enabled on that server, but this was
expected as your mentioning.

2) Another peculiar observation. If I feed data in the SSH file copier actor
via the String Constant Actor, I get an error saying the source and target
machine must be different. However, If I do the same thing via a parameter
(Sim Parameter) and enter the exact same details there, I do not get any
error.


*Just for Info:*

3) If I use the external execution actor and try to do an SSH
username at hostname.edu, it works fine even with the old jar. Also it is able
to copy a file from one directory on the remote server to the other. ( I
have openSSH and Cwgwin installed)


Thanks Norbert, David, Michal and Kepler Dev for your help!


- Subhav


On Thu, Sep 10, 2009 at 3:11 PM, subhav mital <mital.subhav at gmail.com>wrote:

> Hi Norbert,
> Thanks for your comments.
>
> As per this site,
> http://jira.codehaus.org/browse/MNG-4241, your suggestion about updating
> the Jar File seems correct.
>
> I update the Jar File but still got the error. I have a feeling that it
> needs to be update in the rest of package using ant and copy pasting might
> not just help...Do you know how to update it using ant?
>
>
> Moreover, another resource I searched about the error:
> "Algorithm Negotiation Fail", which talks about the error being with local
> host. Given that I have installed openSSH on windows, it could be the cause
> of the problem.
>
> However, the resolve for it is:
>
> *esolve the problem by connecting to remote-host SSH without compression.*
> [local-host]$ *ssh -o "Compression no" -l jsmith remote-host*
> *
>
> jsmith at remote-host's password:
> Last login: Wed Jun 25 17:06:31 2008 from 192.168.1.2
>
> *
>
> But, I wonder how to implement this in the File Copier actor since there
> are going to be problems parsing this and I usually do not prepend the
> keyword SSH before host at usename.edu
>
> I will try this on another remote server and see if it works.
>
> The last thing would be to update the ciphers on the machines and try this
> again.
>
> Thanks.
>
>
> On Thu, Sep 10, 2009 at 12:52 PM, Podhorszki, Norbert <pnorbert at ornl.gov>wrote:
>
>> Hi Subhav,
>>
>> see below my comments
>>
>> On 9/10/09 12:02 PM, "subhav mital" <mital.subhav at gmail.com> wrote:
>>
>> Hi Norbert,
>>
>> Thank you for helping out.
>>
>> Sorry that I forgot to reply to your messages earlier on.
>>
>> I replied to Michal's message on the same day but saved your response as
>> an unsent draft message as I was waiting for the new build to get installed
>> on my machine, thinking it would solve my prob.
>>
>> Anyways, here are my responses:
>>
>>
>> Can you use this actor to login with password? - I have got pwdless login
>> working with the remote server.
>> I do not know how to try this with a password, with the SSH actor since
>> most of them use pwdless login, I guess?
>>
>> The SSH actor should work with password authentication. You should get a
>> pop-up dialog asking for the password when connecting to the remote server.
>>
>> Can you use this private key to login to that remote machine with
>> command-line ssh? - Yes, I can.
>>
>> google search reveals to me that something have been changed in ssh server
>> configurations that is incompatible for older jsch versions. - Yes, you are
>> correct.
>> (like http://www.mail-archive.com/issues@maven.apache.org/msg54510.html)
>>
>> Can you replace the ./common/lib/jar/jsch-0.1.31.jar with the recent
>> version and try it again?
>>
>> - Do you mean jsch-0.1.42.zip <
>> https://sourceforge.net/projects/jsch/files/jsch/jsch-0.1.42.zip/download>
>> (282,216 bytes)  ?? Sounds like a good option, but how do I include this jar
>> file? ant get...
>>
>> Do you need to build the jar file from the zip source? Or can you get the
>> jar itself?
>> Just replace the current jar file in your Kepler tree. I do not have the
>> head, but last time I saw it in common/lib/jar/jsch-0.1.31.jar
>>
>>
>> http://publib.boulder.ibm.com/infocenter/director/v6r1x/index.jsp?topic=/director.tbs_6.1/fqm0_r_tbs_cannot_deploy_agents_to_vmware.html
>> says something about the ciphers enabled at server side.  If you are admin
>> of the remote host, you may add (back) the 3des-cbc cipher as described on
>> this web page - I am not the admin and guess it would be difficult to get
>> this done, but could request the admin and see it this can be implemented.
>>
>> We have it here at ORNL, so this can be a reason why it works here. Can
>> you just ask the admin if they have the 3des-cbc enabled? Can you test it
>> with another remote machine?
>>
>> Please could you send me your workflow with the working SSH actor ?
>>
>> No because you cannot execute my monster workflows. For testing, the
>> /workflows/test/ssh/ExecuteACommand.xml
>> is perfect small workflow as well as the FileCopier.xml workflow.
>> workflows/ directory is at the same level as the modules/, you may not have
>> checked out it before.
>>
>>  Then I would know exactly if the SSH server needs to be configured. After
>> repeated attempts, I've realised that the problem lies during the copying
>> and may be a configuration issue with the remote server.
>>
>> If I use the same SSH file copier to copy files from one local directory
>> to the other, it works fine (despite the condn that one must be a remote m/c
>> and the other a local m/c).
>>
>> The ssh package has a dual implementation using jsch for ssh connections
>> and Java RT for local processing. Any reference with "local:" or "" is
>> handled by the latter.
>> PNNL is currently working on a third implementation for GSI credentials.
>>
>> Best regards
>> Norbert
>>
>> On Wed, Aug 12, 2009 at 10:33 AM, subhav mital <mital.subhav at gmail.com>
>> wrote:
>> Thanks for that. However, even if I do not activate pwdless connection, it
>> still gives me the error despite the username and hostname being correct.
>>
>> Thanks.
>>
>>
>> 2009/8/12 Michal Owsiak <michalo at man.poznan.pl>
>>
>> Hi,
>>
>> I am not sure, whether SSH actor provides password less connection
>> without further settings.
>>
>> But you can always (assuming that ssh is present at your Kepler
>> installation) use this simple workflow as an alternative.
>>
>> Regards
>>
>> Michal
>>
>>
>> > Hello,
>> > I have been using the SSH actor to connect to a remote host and get the
>> > following error:
>> >
>> > Exception caught in .ssh2executeActor.SSH to Execute
>> > (com.jcraft.jsch.JSchException)
>> > Algorithm negotiation fail
>>
>> --
>> Michal Owsiak <michalo at man.poznan.pl>
>> Poznan Supercomputing and Networking Center
>> ul. Noskowskiego 10, 61-704 Poznan, POLAND
>> http://www.man.poznan.pl
>>
>>
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mercury.nceas.ucsb.edu/kepler/pipermail/kepler-dev/attachments/20090911/ab577637/attachment.html>