I trying to install HBase on a servers A and B (Ubuntu 18.04)
For that I using CDM (CDM 6.3.1~1466458.ubuntu1804) installed on server A to handle installation of HBASE on a server A and B.
But I have a problem during the step "Install Agents", the wizard display the following error message "Exhausted available authentication methods".
I have found some post on the Cloudera forum which speak about NOPASSWD to add into the sudoers file of the server B, but in my case I have already established a ssh connexion from the server A to the server B in command line and run a sudo command without any password, so I suppose my servers was correctly configured.
To be precise I trying to connect my servers by using a private key which I have generate a key couple in server A by using the following command :
ssh-keygen -t rsa
And after a add the content of the generated file .ssh/id_rsa.pub into the .ssh/authorized_keys file of server B After a retry I obtain the same result.
I found this trace in the log file:
2020-01-02 09:48:39,559 WARN NodeConfiguratorThread-22-0:com.cloudera.server.cmf.node.NodeConfigurator: Could not authenticate to SERVER_B net.schmizz.sshj.userauth.UserAuthException: Exhausted available authentication methods at net.schmizz.sshj.SSHClient.auth(SSHClient.java:232) at net.schmizz.sshj.SSHClient.auth(SSHClient.java:208) at com.cloudera.server.cmf.node.NodeConfigurator.connect(NodeConfigurator.java:416) at com.cloudera.server.cmf.node.NodeConfigurator.configure(NodeConfigurator.java:1028) at com.cloudera.server.cmf.node.NodeConfigurator.run(NodeConfigurator.java:1106) at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511) at java.util.concurrent.FutureTask.run(FutureTask.java:266) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) at java.lang.Thread.run(Thread.java:748)
Caused by: net.schmizz.sshj.userauth.UserAuthException: Problem getting public key from PKCS8KeyFile{resource=[PrivateKeyStringResource]} at net.schmizz.sshj.userauth.method.KeyedAuthMethod.putPubKey(KeyedAuthMethod.java:46) at net.schmizz.sshj.userauth.method.AuthPublickey.buildReq(AuthPublickey.java:62) at net.schmizz.sshj.userauth.method.AuthPublickey.buildReq(AuthPublickey.java:81) at net.schmizz.sshj.userauth.method.AbstractAuthMethod.request(AbstractAuthMethod.java:63) at net.schmizz.sshj.userauth.UserAuthImpl.authenticate(UserAuthImpl.java:68) at net.schmizz.sshj.SSHClient.auth(SSHClient.java:226) ... 9 more
Caused by: java.io.IOException: unrecognised object: OPENSSH PRIVATE KEY at org.bouncycastle.openssl.PEMParser.readObject(Unknown Source) at net.schmizz.sshj.userauth.keyprovider.PKCS8KeyFile.readKeyPair(PKCS8KeyFile.java:132) at net.schmizz.sshj.userauth.keyprovider.PKCS8KeyFile.getPublic(PKCS8KeyFile.java:78) at net.schmizz.sshj.userauth.method.KeyedAuthMethod.putPubKey(KeyedAuthMethod.java:44)
... 14 more
Does anyone have an idea to help me?
I hit this exact same issue, and it turns out ssh-keygen creates a private key file with BEGIN OPENSSH PRIVATE KEY that the Java libraries Cloudera uses don't know how to parse. You can instead use openssl with a command like:
openssl genrsa -out mykey.pem 1024
Unlike ssh-keygen that won't give you the public key you need, and the builtin openssl commands to get a public key from a private key aren't in a format Cloudera accepts. For that, you can use ssh-keygen like so:
ssh-keygen -y -f mykey.pem > mykey.pub
So I have found the origin of the problem. I need to add the pub key from server A on server B but I need also from server B to server A. That's all
Related
I am installing EJBCA on a Windows .
OS version: Windows Server 2016
Java: OpenJDK 8.0.242.08
Ant: ant 1.9.14
Database: MariaDB 10.4.12
Server: Wildfly 10.1.0
EJBCA Version: 6.15.2
Installation proceeded using this https://doc.primekey.com/ejbca6152/ejbca-installations/ejbca-main-installation manual.
Unfortunately on the command ant deploy-keystore provides this error:
jee:deploytruststore:
BUILD FAILED
c:\ejbca\build.xml:844: The following error occurred while executing this line:
c:\ejbca\bin\jboss.xml:310: The following error occurred while executing this line:
c:\ejbca\bin\jboss.xml:294: Missing JKS truststorestore file in 'c:\ejbca/p12/truststore.jks'
It has a corresponding error (I think they are related):
ejbca:javatruststore:
[input] skipping input as property ca.name has already been set.
[echo] Getting root certificate in DER format...
[echo] ca getcacert "ManagementCA" C:\Users\tsaForFN\AppData\Local\Temp\2\/rootca.der -der
[java] Wrote CA certificate to 'C:\Users\tsaForFN\AppData\Local\Temp\2\/rootca.der' using DER encoding.
[echo] Adding to or creating keystore: c:\ejbca/p12/truststore.jks
ejbca:javatruststore-removeold:
[exec] keytool error: java.lang.Exception: Input not an X.509 certificate
[exec] java.lang.Exception: Input not an X.509 certificate
[exec] at sun.security.tools.keytool.Main.addTrustedCert(Main.java:2861)
[exec] at sun.security.tools.keytool.Main.doCommands(Main.java:1050)
[exec] at sun.security.tools.keytool.Main.run(Main.java:366)
[exec] at sun.security.tools.keytool.Main.main(Main.java:359)
[exec] Result: 1
[delete] Deleting: C:\Users\tsaForFN\AppData\Local\Temp\2\rootca.der
I tried to change slashes but it still didn't worked.
This is the log of Wildfly server
https://controlc.com/bb5d54f4
This is the log of EJBCA installation
https://controlc.com/f6f062d2
properties are default except database which is configured, working and not relevant right now.
Your issue is this: "Input not an X.509 certificate"
This is due to your usage of "implicitlyCA" in "install.properties", creating a CA certificate that is not useable by normal clients.
Initializing CA with 'ManagementCA' 'CN=ManagementCA,O=EJBCA Sample,C=SE' 'soft' '<ca.tokenpassword hidden>' 'implicitlyCA' 'ECDSA' '3650' 'null' 'SHA256withECDSA' -superadmincn 'SuperAdmin'...
You have configured the Management CA to use "implicitlyCA" ECDSA, which is not something that Java, Windows or any web servers and browsers support.
You need to use keys (in the ca.keyspec setting) that can be used for TLS connections, such as RSA 2048 or ECDSA prime256v1.
ImplicitlyCA can only be used if you are really really really sure what you are doing, and you use specific customer client software.
The step before is ant runinstall which :
1- created the Management CA.
2-Create TLS keystores for handling HTTPS, signed by the Management CA
3-Create the key store for the initial super administrator
it might not successfully done 2nd and 3rd step.
So you need to :
delete all the date(rows) in you ejbca database in all tables
,then from $EJBCA_HOME:
ant -q clean deployear
ant runinstall
ant deploy-keystore
Inshaallah it will work
With JSch I'm calling addIdentity() to add a private key and getSession() to open an SSH tunnel.
When running this code locally on my Windows machine the opening of the tunnel is working.
However when running that same code with the same private key on our CI the following error occurs:
2016-12-07 01:01:32 ERROR SSHConnector:25 - invalid privatekey: [B#4bb4de6a
com.jcraft.jsch.JSchException: invalid privatekey: [B#4bb4de6a
at com.jcraft.jsch.KeyPair.load(KeyPair.java:747)
at com.jcraft.jsch.KeyPair.load(KeyPair.java:561)
at com.jcraft.jsch.IdentityFile.newInstance(IdentityFile.java:40)
at com.jcraft.jsch.JSch.addIdentity(JSch.java:408)
at com.jcraft.jsch.JSch.addIdentity(JSch.java:389)
The private key looks something like this:
PuTTY-User-Key-File-2: ssh-rsa
Encryption: none
Comment: imported-openssh-key
Public-Lines: 6
XXXXXXXXXXXXXXXXXXX
Private-Lines: 14
XXXXXXXXXXXXXXXXXX
Private-MAC: XXXXXXXXXXXXXXXX
What could be the error here?
My problem was solved by using pem file instead of ppk.
pem file is in OpenSSH format that com.jcraft.jsch.JSch jar requires
My educated guess is that jSCh does not support PuTTY key format, but rather standard PEM or OpenSSH format. You can convert the PPK to PEM in the PuTTYgen and it should solve your problems.
I am trying to upload jar with Gradle and used Gradle SSH plugin: https://gradle-ssh-plugin.github.io/
Unfortunately, goal executed with error
* What went wrong:
Execution failed for task ':deploy'.
> reject HostKey: SERVERIPADDRESS
How to fix?
I found that there is similar error with Ant SSH task and it can be fixed with trust = true setting. Unfortunately, I can't find appropriate option here.
I.e. apparently, I need to configure SSH client so that it accept host's ID.
Try this:
ssh.settings {
knownHosts = allowAnyHosts
}
P.S: Sorry for editing mistakes, new to S.O.F.
Run: ssh-keyscan -t rsa server.com >> ~/.ssh/known_hosts
Explanation:
you have to add server SSH key info to your ~/.ssh/known_hosts file.
To obtain ssh-info run command ssh-keyscan -t rsa server.com
and add its output to ~/.ssh/known_hosts
As already said, you need to accept/validate the other server.
Another option for that would be to just connect to the server via ssh. Normally you will be asked to accept the server and the servers fingerprint will be added permanently to your known_hosts file.
We are using the Ganymed-SSH library and facing this error while doing SSH to another machine.
[root#XXXX test]# java -classpath .:ganymed-ssh2-build210.jar Basic
ERROR:java.io.IOException: There was a problem while connecting to 10.X.X.X:22
java.io.IOException: There was a problem while connecting to 10.X.X.X:22
at ch.ethz.ssh2.Connection.connect(Connection.java:699)
at ch.ethz.ssh2.Connection.connect(Connection.java:490)
at Basic.main(Basic.java:27)
Caused by: java.io.IOException: Key exchange was not finished, connection is closed.
at ch.ethz.ssh2.transport.KexManager.getOrWaitForConnectionInfo(KexManager.java:91)
at ch.ethz.ssh2.transport.TransportManager.getConnectionInfo(TransportManager.java:229)
at ch.ethz.ssh2.Connection.connect(Connection.java:655)
... 2 more
Caused by: java.io.IOException: Cannot read full block, EOF reached.
at ch.ethz.ssh2.crypto.cipher.CipherInputStream.getBlock(CipherInputStream.java:81)
at ch.ethz.ssh2.crypto.cipher.CipherInputStream.read(CipherInputStream.java:108)
at ch.ethz.ssh2.transport.TransportConnection.receiveMessage(TransportConnection.java:231)
at ch.ethz.ssh2.transport.TransportManager.receiveLoop(TransportManager.java:669)
at ch.ethz.ssh2.transport.TransportManager$1.run(TransportManager.java:468)
at java.lang.Thread.run(Thread.java:636)
Can anyone explain what could be the issue here? Where should we start to debug from?
SSH access from normal shell works correctly.
Probably there is some problem with your public key
ssh failed after 141742-01/02 patch on solaris 10 !
Enabled aes192/aes256 support in ssh/sshd does not work on S10u3 or older released
A workaround is to disable the use of aes192/aes256 ciphers for ssh and sshd. Change the two config files /etc/ssh/ssh_config and /etc/ssh/sshd_config and add the following line:
Ciphers aes128-ctr,aes128-cbc,arcfour,3des-cbc,blowfish-cbc
You’ll have to restart sshd to pickup the change (“svcadm restart ssh”).
Source:
http://blog.mydream.com.hk/howto/matching-cipher-is-not-supported-aes256-cbc
I have a section in a POM that looks something like this:
<scm>
<connection>scm:cvs:ext:myhostname:/cvsroot/repo:module_name</connection>
</scm>
I typically use publickey auth to authentication against this cvs server, although it should accept my password as well.
When I attempt to run mvn scm:update, mvn release:prepare, or any other Maven goal that involves connecting to this scm, I get the following failure:
[INFO] Executing: cmd.exe /X /C "cvs -z3 -f -q update -d"
[INFO] Working directory: C:\Documents and Settings\matt\workspace\projectname
org.netbeans.lib.cvsclient.connection.AuthenticationException: Cannot authenticate. Reason: Publickey authentication failed.
at org.apache.maven.scm.provider.cvslib.cvsjava.util.ExtConnection.open(ExtConnection.java:136)
at org.apache.maven.scm.provider.cvslib.cvsjava.util.CvsConnection.connect(CvsConnection.java:166)
at org.apache.maven.scm.provider.cvslib.cvsjava.util.CvsConnection.processCommand(CvsConnection.java:498)
at org.apache.maven.scm.provider.cvslib.cvsjava.command.update.CvsJavaUpdateCommand.executeCvsCommand(CvsJavaUpdateCommand.java:53)
at org.apache.maven.scm.provider.cvslib.command.update.AbstractCvsUpdateCommand.executeUpdateCommand(AbstractCvsUpdateCommand.java:78)
at org.apache.maven.scm.command.update.AbstractUpdateCommand.executeCommand(AbstractUpdateCommand.java:63)
at org.apache.maven.scm.command.AbstractCommand.execute(AbstractCommand.java:59)
at org.apache.maven.scm.provider.cvslib.AbstractCvsScmProvider.executeCommand(AbstractCvsScmProvider.java:750)
at org.apache.maven.scm.provider.cvslib.AbstractCvsScmProvider.update(AbstractCvsScmProvider.java:348)
at org.apache.maven.scm.provider.AbstractScmProvider.update(AbstractScmProvider.java:821)
at org.apache.maven.scm.provider.AbstractScmProvider.update(AbstractScmProvider.java:770)
at org.apache.maven.scm.manager.AbstractScmManager.update(AbstractScmManager.java:526)
at org.apache.maven.scm.plugin.UpdateMojo.execute(UpdateMojo.java:89)
(lots more of the stacktrace....)
And further down in the stacktrace:
Caused by: java.io.IOException: Decrypted PEM has wrong padding, did you specify the correct password?
at ch.ethz.ssh2.crypto.PEMDecoder.removePadding(PEMDecoder.java:109)
at ch.ethz.ssh2.crypto.PEMDecoder.decryptPEM(PEMDecoder.java:286)
at ch.ethz.ssh2.crypto.PEMDecoder.decode(PEMDecoder.java:319)
Followed by:
[ERROR] Provider message:
[ERROR] The cvs command failed.
[ERROR] Command output:
I'm running this on a Windows machine, with no cvs executable on the PATH. I do have my public key available under $HOME/.ssh, but it doesn't seem as if cvs/maven/scm is loading it here - as I'm not asked for the keyphrase for it.
So my question is ... is there anything special I need to do with Maven or the SCM/CVS provider to get it to recognize where my public key is installed, or how to actually use it? Currently it doesn't seem as if it is even being used as I am not prompted for it's passphrase.
So after debugging this a bit more, and downloading the source code for the maven-scm-provider-cvs package, I discovered that the CVS library used by this plugin uses the empty string ("") for the passphrase value if it finds your private key. To use the correct passphrase, the library expects you to set a System property with the key name maven.scm.cvs.java.ssh.passphrase.
So, if I run my scm:status goal like so:
mvn scm:status -Dmaven.scm.cvs.java.ssh.passphrase=<my passphrase>
I'm able to connect to CVS.
Gee - I really wish this was documented!
I solved this by executing the cvs+ssh login command from the console before using maven. This added the magic numbers to $home/.ssh for the automated login to work.
If this is because of a self-signed cert, check out the InstallCert code on how to add the self signed cert to the client. Or this example on how to replace the default X509 Trust code.