[kepler-dev] SSH Help

Podhorszki, Norbert pnorbert at ornl.gov
Mon Sep 14 09:57:17 PDT 2009 

Hi Subhav,

For 1. and 3. note that you are using two different software to access the remote machine.
With external execution you are using your ssh client installed on the system, so it's not surprising that you get the
pwdless access as you have set it for that client.
With the SSH actors, you use a java implementation of the SSH-2 client side protocol (this is jSch).
If you want to use your public/private key pair with the SSH actors, you need to use the SSH Session actor to perform the connection and authentication and you need to specify the path of your keys to do that.

Thanks for the bug report on 2. I do not know what is that error, however the SSH File Copier wants one of the hosts to be the local machine. It neither copies files on a remote machine, nor between two remote machines.
Nevertheless I do not find any 'different' string in the ssh source. Could you please send the actual error message?

Best regards
Norbert


On 9/11/09 10:56 PM, "subhav mital" <mital.subhav at gmail.com> wrote:

Hi Norbert,

Some more updates.

1) Updating the Jar file helped and worked fine!! Though I was prompted for a password despite having pwdless login enabled on that server, but this was expected as your mentioning.

2) Another peculiar observation. If I feed data in the SSH file copier actor via the String Constant Actor, I get an error saying the source and target machine must be different. However, If I do the same thing via a parameter (Sim Parameter) and enter the exact same details there, I do not get any error.


Just for Info:

3) If I use the external execution actor and try to do an SSH username at hostname.edu, it works fine even with the old jar. Also it is able to copy a file from one directory on the remote server to the other. ( I have openSSH and Cwgwin installed)


Thanks Norbert, David, Michal and Kepler Dev for your help!


- Subhav


On Thu, Sep 10, 2009 at 3:11 PM, subhav mital <mital.subhav at gmail.com> wrote:
Hi Norbert,

Thanks for your comments.

As per this site,
http://jira.codehaus.org/browse/MNG-4241, your suggestion about updating the Jar File seems correct.

I update the Jar File but still got the error. I have a feeling that it needs to be update in the rest of package using ant and copy pasting might not just help...Do you know how to update it using ant?


Moreover, another resource I searched about the error: "Algorithm Negotiation Fail", which talks about the error being with local host. Given that I have installed openSSH on windows, it could be the cause of the problem.

However, the resolve for it is:

esolve the problem by connecting to remote-host SSH without compression.
[local-host]$ ssh -o "Compression no" -l jsmith remote-host
jsmith at remote-host's password:
Last login: Wed Jun 25 17:06:31 2008 from 192.168.1.2

But, I wonder how to implement this in the File Copier actor since there are going to be problems parsing this and I usually do not prepend the keyword SSH before host at usename.edu

I will try this on another remote server and see if it works.

The last thing would be to update the ciphers on the machines and try this again.

Thanks.


On Thu, Sep 10, 2009 at 12:52 PM, Podhorszki, Norbert <pnorbert at ornl.gov> wrote:
Hi Subhav,

see below my comments

On 9/10/09 12:02 PM, "subhav mital" <mital.subhav at gmail.com> wrote:

Hi Norbert,

Thank you for helping out.

Sorry that I forgot to reply to your messages earlier on.

I replied to Michal's message on the same day but saved your response as an unsent draft message as I was waiting for the new build to get installed on my machine, thinking it would solve my prob.

Anyways, here are my responses:


Can you use this actor to login with password? - I have got pwdless login working with the remote server.
I do not know how to try this with a password, with the SSH actor since most of them use pwdless login, I guess?

The SSH actor should work with password authentication. You should get a pop-up dialog asking for the password when connecting to the remote server.

Can you use this private key to login to that remote machine with command-line ssh? - Yes, I can.

google search reveals to me that something have been changed in ssh server configurations that is incompatible for older jsch versions. - Yes, you are correct.
(like http://www.mail-archive.com/issues@maven.apache.org/msg54510.html)

Can you replace the ./common/lib/jar/jsch-0.1.31.jar with the recent version and try it again?

- Do you mean jsch-0.1.42.zip <https://sourceforge.net/projects/jsch/files/jsch/jsch-0.1.42.zip/download> (282,216 bytes)  ?? Sounds like a good option, but how do I include this jar file? ant get...

Do you need to build the jar file from the zip source? Or can you get the jar itself?
Just replace the current jar file in your Kepler tree. I do not have the head, but last time I saw it in common/lib/jar/jsch-0.1.31.jar

http://publib.boulder.ibm.com/infocenter/director/v6r1x/index.jsp?topic=/director.tbs_6.1/fqm0_r_tbs_cannot_deploy_agents_to_vmware.html
says something about the ciphers enabled at server side.  If you are admin of the remote host, you may add (back) the 3des-cbc cipher as described on this web page - I am not the admin and guess it would be difficult to get this done, but could request the admin and see it this can be implemented.

We have it here at ORNL, so this can be a reason why it works here. Can you just ask the admin if they have the 3des-cbc enabled? Can you test it with another remote machine?

Please could you send me your workflow with the working SSH actor ?

No because you cannot execute my monster workflows. For testing, the /workflows/test/ssh/ExecuteACommand.xml
is perfect small workflow as well as the FileCopier.xml workflow. workflows/ directory is at the same level as the modules/, you may not have checked out it before.

 Then I would know exactly if the SSH server needs to be configured. After repeated attempts, I've realised that the problem lies during the copying and may be a configuration issue with the remote server.

If I use the same SSH file copier to copy files from one local directory to the other, it works fine (despite the condn that one must be a remote m/c and the other a local m/c).

The ssh package has a dual implementation using jsch for ssh connections and Java RT for local processing. Any reference with "local:" or "" is handled by the latter.
PNNL is currently working on a third implementation for GSI credentials.

Best regards
Norbert

On Wed, Aug 12, 2009 at 10:33 AM, subhav mital <mital.subhav at gmail.com> wrote:
Thanks for that. However, even if I do not activate pwdless connection, it still gives me the error despite the username and hostname being correct.

Thanks.


2009/8/12 Michal Owsiak <michalo at man.poznan.pl>

Hi,

I am not sure, whether SSH actor provides password less connection
without further settings.

But you can always (assuming that ssh is present at your Kepler
installation) use this simple workflow as an alternative.

Regards

Michal


> Hello,
> I have been using the SSH actor to connect to a remote host and get the
> following error:
>
> Exception caught in .ssh2executeActor.SSH to Execute
> (com.jcraft.jsch.JSchException)
> Algorithm negotiation fail

--
Michal Owsiak <michalo at man.poznan.pl>
Poznan Supercomputing and Networking Center
ul. Noskowskiego 10, 61-704 Poznan, POLAND
http://www.man.poznan.pl

More information about the Kepler-dev mailing list