[kepler-dev] SSH Help
subhav mital
mital.subhav at gmail.com
Sun Sep 27 16:21:03 PDT 2009
Thanks a lot Norbert for your help.
The identity file is on the Client Machine and now works fine. The problem
was that, if one is trying to simulate this on a Windows environment, then
Cygwin must be installed with OpenSSH.
Now, for some reason, relative paths were not being understood by the SSH
Session actor. When I changed it to the absolute path, it worked.
This problem would, I think, not occur in Linux.
Thanks!
On Fri, Sep 25, 2009 at 2:44 PM, Podhorszki, Norbert <pnorbert at ornl.gov>wrote:
> Subhav,
>
> I cannot reproduce your bug. I have modified
> workflows/test/ssh/FileCopier.xml to provide the input with String Constant
> actors, and it still works. Attached here, please try it and tell me if it
> works.
>
> The identity file should be the one on the client machine.
>
> Regards
> Norbert
>
>
> On 9/25/09 1:07 AM, "subhav mital" <mital.subhav at gmail.com> wrote:
>
> Thanks Norbert.
>
> The error message is: "One of the source and target should be local" even
> though the condition is satisfied. It does not work with the string constant
> actor as an input to the input port.
>
> Also, I had a doubt regarding the SSH session actor.
> The identity file should be located on the client m/c or the host m/c?
> (Since both have id_rsa under .ssh directory) Also confuses me since the
> Browse button can be seen considering am on Windows.
>
> By path you mean: /home/.ssh/id_rsa?
>
> I tried a lot with the SSH session actor to specify the id_rsa file's path
> name by logging into the server, doing a pwd and using the same path in the
> actor. Yet, every time I get prompted for a password. Maybe I am doing
> something wrong?
>
> Thanks
>
>
>
>
>
> On Mon, Sep 14, 2009 at 12:57 PM, Podhorszki, Norbert <pnorbert at ornl.gov>
> wrote:
> Hi Subhav,
>
> For 1. and 3. note that you are using two different software to access the
> remote machine.
> With external execution you are using your ssh client installed on the
> system, so it's not surprising that you get the
> pwdless access as you have set it for that client.
> With the SSH actors, you use a java implementation of the SSH-2 client side
> protocol (this is jSch).
> If you want to use your public/private key pair with the SSH actors, you
> need to use the SSH Session actor to perform the connection and
> authentication and you need to specify the path of your keys to do that.
>
> Thanks for the bug report on 2. I do not know what is that error, however
> the SSH File Copier wants one of the hosts to be the local machine. It
> neither copies files on a remote machine, nor between two remote machines.
> Nevertheless I do not find any 'different' string in the ssh source. Could
> you please send the actual error message?
>
> Best regards
> Norbert
>
>
> On 9/11/09 10:56 PM, "subhav mital" <mital.subhav at gmail.com> wrote:
>
> Hi Norbert,
>
> Some more updates.
>
> 1) Updating the Jar file helped and worked fine!! Though I was prompted for
> a password despite having pwdless login enabled on that server, but this was
> expected as your mentioning.
>
> 2) Another peculiar observation. If I feed data in the SSH file copier
> actor via the String Constant Actor, I get an error saying the source and
> target machine must be different. However, If I do the same thing via a
> parameter (Sim Parameter) and enter the exact same details there, I do not
> get any error.
>
>
> Just for Info:
>
> 3) If I use the external execution actor and try to do an SSH
> username at hostname.edu, it works fine even with the old jar. Also it is
> able to copy a file from one directory on the remote server to the other. (
> I have openSSH and Cwgwin installed)
>
>
> Thanks Norbert, David, Michal and Kepler Dev for your help!
>
>
> - Subhav
>
>
> On Thu, Sep 10, 2009 at 3:11 PM, subhav mital <mital.subhav at gmail.com>
> wrote:
> Hi Norbert,
>
> Thanks for your comments.
>
> As per this site,
> http://jira.codehaus.org/browse/MNG-4241, your suggestion about updating
> the Jar File seems correct.
>
> I update the Jar File but still got the error. I have a feeling that it
> needs to be update in the rest of package using ant and copy pasting might
> not just help...Do you know how to update it using ant?
>
>
> Moreover, another resource I searched about the error: "Algorithm
> Negotiation Fail", which talks about the error being with local host. Given
> that I have installed openSSH on windows, it could be the cause of the
> problem.
>
> However, the resolve for it is:
>
> esolve the problem by connecting to remote-host SSH without compression.
> [local-host]$ ssh -o "Compression no" -l jsmith remote-host
> jsmith at remote-host's password:
> Last login: Wed Jun 25 17:06:31 2008 from 192.168.1.2
>
> But, I wonder how to implement this in the File Copier actor since there
> are going to be problems parsing this and I usually do not prepend the
> keyword SSH before host at usename.edu
>
> I will try this on another remote server and see if it works.
>
> The last thing would be to update the ciphers on the machines and try this
> again.
>
> Thanks.
>
>
> On Thu, Sep 10, 2009 at 12:52 PM, Podhorszki, Norbert <pnorbert at ornl.gov>
> wrote:
> Hi Subhav,
>
> see below my comments
>
> On 9/10/09 12:02 PM, "subhav mital" <mital.subhav at gmail.com> wrote:
>
> Hi Norbert,
>
> Thank you for helping out.
>
> Sorry that I forgot to reply to your messages earlier on.
>
> I replied to Michal's message on the same day but saved your response as an
> unsent draft message as I was waiting for the new build to get installed on
> my machine, thinking it would solve my prob.
>
> Anyways, here are my responses:
>
>
> Can you use this actor to login with password? - I have got pwdless login
> working with the remote server.
> I do not know how to try this with a password, with the SSH actor since
> most of them use pwdless login, I guess?
>
> The SSH actor should work with password authentication. You should get a
> pop-up dialog asking for the password when connecting to the remote server.
>
> Can you use this private key to login to that remote machine with
> command-line ssh? - Yes, I can.
>
> google search reveals to me that something have been changed in ssh server
> configurations that is incompatible for older jsch versions. - Yes, you are
> correct.
> (like http://www.mail-archive.com/issues@maven.apache.org/msg54510.html)
>
> Can you replace the ./common/lib/jar/jsch-0.1.31.jar with the recent
> version and try it again?
>
> - Do you mean jsch-0.1.42.zip <
> https://sourceforge.net/projects/jsch/files/jsch/jsch-0.1.42.zip/download>
> (282,216 bytes) ?? Sounds like a good option, but how do I include this jar
> file? ant get...
>
> Do you need to build the jar file from the zip source? Or can you get the
> jar itself?
> Just replace the current jar file in your Kepler tree. I do not have the
> head, but last time I saw it in common/lib/jar/jsch-0.1.31.jar
>
>
> http://publib.boulder.ibm.com/infocenter/director/v6r1x/index.jsp?topic=/director.tbs_6.1/fqm0_r_tbs_cannot_deploy_agents_to_vmware.html
> says something about the ciphers enabled at server side. If you are admin
> of the remote host, you may add (back) the 3des-cbc cipher as described on
> this web page - I am not the admin and guess it would be difficult to get
> this done, but could request the admin and see it this can be implemented.
>
> We have it here at ORNL, so this can be a reason why it works here. Can you
> just ask the admin if they have the 3des-cbc enabled? Can you test it with
> another remote machine?
>
> Please could you send me your workflow with the working SSH actor ?
>
> No because you cannot execute my monster workflows. For testing, the
> /workflows/test/ssh/ExecuteACommand.xml
> is perfect small workflow as well as the FileCopier.xml workflow.
> workflows/ directory is at the same level as the modules/, you may not have
> checked out it before.
>
> Then I would know exactly if the SSH server needs to be configured. After
> repeated attempts, I've realised that the problem lies during the copying
> and may be a configuration issue with the remote server.
>
> If I use the same SSH file copier to copy files from one local directory to
> the other, it works fine (despite the condn that one must be a remote m/c
> and the other a local m/c).
>
> The ssh package has a dual implementation using jsch for ssh connections
> and Java RT for local processing. Any reference with "local:" or "" is
> handled by the latter.
> PNNL is currently working on a third implementation for GSI credentials.
>
> Best regards
> Norbert
>
> On Wed, Aug 12, 2009 at 10:33 AM, subhav mital <mital.subhav at gmail.com>
> wrote:
> Thanks for that. However, even if I do not activate pwdless connection, it
> still gives me the error despite the username and hostname being correct.
>
> Thanks.
>
>
> 2009/8/12 Michal Owsiak <michalo at man.poznan.pl>
>
> Hi,
>
> I am not sure, whether SSH actor provides password less connection
> without further settings.
>
> But you can always (assuming that ssh is present at your Kepler
> installation) use this simple workflow as an alternative.
>
> Regards
>
> Michal
>
>
> > Hello,
> > I have been using the SSH actor to connect to a remote host and get the
> > following error:
> >
> > Exception caught in .ssh2executeActor.SSH to Execute
> > (com.jcraft.jsch.JSchException)
> > Algorithm negotiation fail
>
> --
> Michal Owsiak <michalo at man.poznan.pl>
> Poznan Supercomputing and Networking Center
> ul. Noskowskiego 10, 61-704 Poznan, POLAND
> http://www.man.poznan.pl
>
>
>
>
>
>
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mercury.nceas.ucsb.edu/kepler/pipermail/kepler-dev/attachments/20090927/8defc9b8/attachment-0001.html>
More information about the Kepler-dev
mailing list