I've installed the copssh on a windows 2008 server and then I tried to clone a reposity on the server through ssh. But no matter how hard I tried I couldn't fix this error i got. here is the log:
C:\Users\Admin>hg clone ssh://ehsan#rafsanjani.ir
The authenticity of host 'rafsanjani.ir (96.31.90.174)' can't be established.
RSA key fingerprint is 41:a8:41:21:61:1a:67:2c:e8:44:99:6c:63:e7:06:73.
Are you sure you want to continue connecting (yes/no)? yes
ehsan#rafsanjani.ir's password:
remote: Could not create directory '/home/Administrator/.ssh'.
remote: Failed to add the host to the list of known hosts (/home/Administrator/.ssh/known_hosts).
remote: /bin/bash: Permission denied
abort: no suitable response from remote hg!
I tried to login with administrator but i get the same error message. Also i changed the permission of the folder located in C:\Program Files (x86)\ICW\home\administrator so that ehsan has the full access to this folder.
also when I connect to the server with putty and use this command:
cd /home/administrator/.ssh
echo test>test
file test will create! so it seems that I have the permission to this folder!
this is log when i try to clone with administrator account:
C:\Users\Admin>hg clone ssh://administrator#rafsanjani.ir
The authenticity of host 'rafsanjani.ir (96.31.90.174)' can't be established.
RSA key fingerprint is 41:a8:41:21:61:1a:67:2c:e8:44:99:6c:63:e7:06:73.
Are you sure you want to continue connecting (yes/no)? yes
administrator#rafsanjani.ir's password:
remote: Could not create directory '/home/Administrator/.ssh'.
remote: Failed to add the host to the list of known hosts (/home/Administrator/.ssh/known_hosts).
remote: bash: hg: command not found
abort: no suitable response from remote hg!
The latest versions of copssh/cwrsync use cygwin 1.7 and require a HOME environment variable. So just add a HOME=%HOMEDRIVE%%HOMEPATH% variable and it should work right away. It did for me :)
Related
How to renew Lets encrypt certificate in ejabberd configured server? My server is Debian-jessie and I have tried to renew SSL certificates using the below command,
certbot certonly -d mydomainname
But it produced an unexpected error:
Failed authorization procedure. : urn:acme:error:connection ::Timeout
during connect (likely firewall problem). Skipping.
Timeout during connect (likely firewall problem)
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A record(s) for that domain
contain(s) the right IP address. Additionally, please check that
your computer has a publicly routable IP address and that no
firewalls are preventing the server from communicating with the
client. If you're using the webroot plugin, you should also verify
that you are serving files from the webroot path you provided.
Found the proper answer for this:
You need to stop the service ejabberd service before you do the
process,
service ejabberd stop
Then move the expired ssl pem file to somewhere else,
mv /etc/ejabberd/ejabberd.pem /etc/ejabberd/ejabberd.pem.backup
Go to the directory where the cert boot locating,
cd /root
Enter the below command in-order to renew the certificate for the
required domain
certbot certonly --webroot -w /etc/ejabberd -d yourdomain.com --force-renewal --rsa-key-size 4096
Then merge the generated ssl files to the ejabberd configuration file
cat /etc/letsencrypt/live/yourdomain.com/privkey.pem /etc/letsencrypt/live/chat.yourdomain.com/fullchain.pem > ejabberd.pem
Then move the pem file to the ejabberd root path
mv ejabberd.pem /etc/ejabberd
chown ejabberd /etc/ejabberd/ejabberd.pem
Enable ejabberd service
service ejabberd start
service ejabberd status
When i was installing Ejabberd, it gave an error saying it wasnt installed successfully. But then i have the folder my-ejabberd with all the folders in it.
I am not sure if thats 100% installed, but when i try to start up the server, with the command line sbin/ejabberdctl start, it says No such file or directory. I am running on Mac OS 10.8.5.
Not sure what the problem is. Any Ideas?
Edit
This is the error from Terminal
bin/ejabberdctl: line 24: getent: command not found
/Users/clark/my-ejabberd/bin/erl: line 35: /Applications/my-ejabberd/bin/erlexec: No such file or directory
Edit:
If you have installed the ejabberd with source code then ejabberdctl will be sbin folder. If installed from source code, follow this:
$ cd /path/to/my-ejabberd
$ sbin/ejabberdctl start
$ sbin/ejabberdctl status
The node ejabberd#localhost is started with status: started
ejabberd 15.06.21 is running in that node
If you have installed with binary installer, then you will see the ejabberdctl in bin folder. And also you see start, stop and some other commands. If you did this, then follow
$ cd /path/to/my-ejabberd
$ cd bin
$ ./ejabberdctl start
$ ./ejabberdctl status
The node ejabberd#localhost is started with status: started
ejabberd 15.06.21 is running in that node
If you see the node is starting, then the ejabberd is running successfully. If you want you can check http://localhost:5280/admin for the ejabberd admin panel interface. To access this admin panel you need to register a user and give admin access in the ejabberd configuration file as:
// If installed from source code
$ sbin/ejabberdctl register username localhost password
// If installed from binary installer
$ ./ejabberdctl register username localhost password
Then open the ejabberd configuration file (ejabberd.yml) and add username under the admin as:
acl:
admin:
- "username": "localhost"
Now restart the server or stop and start the server and open the admin panel. Give username and password then you can access the admin panel.
In my particular case installing with .dmg i found using find / -name ejabberdctl in terminal and result /Applications/ejabberd.xx.x/bin/ejabberdctl
I am trying to configure a Hudson job to copy result of Hudson job (consists of multiple files) into a Hudson server for results consolidation from multiple slaves. My intention is to use scp. Unfortunately, I have difficulties setting up the SSH public key/private key in windows environment (both slave and Hudson server are windows environment). I cannot migrate to Linux because I am not the owner of those machines.
I use the following procedures to set up the SSH public/private keys.
Configure ssh server in Hudson machine by performing the following:
cd C:\Program Files\OpenSSH\bin
mkgroup -l >> ..\etc\group
mkpasswd -l >> ..\etc\passwd
mkpasswd -d -u test >> ..\etc\passwd (Note: test is the user id used for SSH)
Download cygintl-2.dll & cygwin1.dll from http://samanthahalfon.net/resources/cygwin_includes.zip. Copy those dll files to C:\Program Files\OpenSSH\bin.
You will need to replace cygwin1.dll.
cd C:\Program Files\OpenSSH\etc
..\bin\chown test *
..\bin\chmod 600 *
Edit C:\Program Files\OpenSSH\etc\sshd_config with the following configuration:
Port 22
Protocol 2
StrictModes no
PubKeyAuthentication yes
AuthorizedKeysFile /c/home/test/.ssh/authorized_keys
PasswordAuthentication no
UserPrivilegeSeparation no
To start it as Windows service by executing: net start opensshd
Configure ssh public key in Hudson machine, so that the test automation script will not be prompted for password:
In slave machine, using "ssh-keygen -t dsa" command to create key pairs.
By default the key pairs (files: id_dsa & id_dsa.pub) will be generated to C:\Documents and Settings\test.ssh\
Using "scp id_dsa.pub test#XX.XX.XX.XX:.ssh/id_rsa_upload.pub" command to upload public key to Hudson Server.
i.e. scp id_dsa.pub test#XX.XX.XX.XX:.ssh/id_rsa_upload.pub
In Hudson server, go to directory C:\Program Files\OpenSSH.ssh, then execute "type id_rsa_upload.pub >>authorized_keys"
Exit and restart opensshd on Hudson server by executing "net stop opensshd" and "net start opensshd" now you can login ssh server without password.
In Hudson server, execute the following:
cd C:\Program Files\OpenSSH\
chown -R test .
chmod -R 700 .ssh
cd .ssh
chmod 600 authorized_keys
In slave machine, edit C:\Program Files\OpenSSH\etc\ssh_config. Specify "IdentityFile /c/home/test/id_dsa".
Test from your slave computer which SSH private key has been executed. In the slave machine, connect by executing:
ssh test#XX.XX.XX.XX (IP is Hudson server's IP)
Unfortunately, it still prompts for the pass phrase.
I looked into the following possibilities as workaround but the results are not positive:
a. shared drive in Hudson server mapped to a drive in slave machine - Hudson does not permit "copy result.html Y:"
b. sftp - it also requires public key
c. Found a proposed solution to overcome shared drive issue by using "copy result.html \XX.XX.XX.XX\test\" but I encountered access denied error as I have
no idea how to specify the user id and password using this method. Refer to: Hudson continuous integration server: how to see Windows mapped directories that are visible to Ant?
d: I have also looked into Hudson's plugin for any potential solution but could not find anything suitable or have no idea on the plugin usage.
It would be great if someone can spot my mistake in public key setup or propose an alternative solution for me to copy multiple files into Hudson server. Thanks
You need to identify what is wrong first -- server or client.
To verify server setup same key on any Linux/Mac client (which is much more transparent) and try to connect to the server.
To verify that ssh on your slave machine loads your dsa identity key try next:
ssh -i c:/home/test/id_dsa -v test#XX.XX.XX.XX
where -i would tell ssh where to get key and -v enables verbose mode which can help you to identify the problem.
My Jenkins server has stopped being able to build a maven project hosted at bitbucket.org. The build works locally but Jenkins reports this error:
[workspace] $ hg incoming --quiet --bundle hg.bundle --template "<changeset node='{node}' author='{author|xmlescape}' rev='{rev}' date='{date}'><msg>{desc|xmlescape}</msg><added>{file_adds|stringify|xmlescape}</added><deleted>{file_dels|stringify|xmlescape}</deleted><files>{files|stringify|xmlescape}</files><parents>{parents}</parents></changeset>\n" --rev default
abort: no suitable response from remote hg!
ERROR: Failed to determine incoming changes
[workspace] $ hg log --rev . --template {node}
Any ideas what's going on?
[edit]
So, I ran hg paths and got a response that the tomcat user was untrusted:
Not trusting file /usr/local/tomcat/.jenkins/jobs/Test/workspace/.hg/hgrc from untrusted user tomcat, group tomcat
After running hg incoming as the tomcat user
cd /usr/local/tomcat/.jenkins/jobs/Test/workspace
sudo -u tomcat hg incoming
I got an error saying the permissions on my ssh key were too open:
remote: ###########################################################
remote: # WARNING: UNPROTECTED PRIVATE KEY FILE! #
remote: ###########################################################
remote: Permissions 0620 for '/usr/local/tomcat/.ssh/id_rsa' are too open.
remote: It is recommended that your private key files are NOT accessible by others.
remote: This private key will be ignored.
remote: bad permissions: ignore key: /usr/local/tomcat/.ssh/id_rsa
remote: Permission denied (publickey).
abort: no suitable response from remote hg!
and thanks to this SO question
I set the permissions and now Jenkins can successfully build.
Since your hg incoming is based on whatever your 'default' path is in the repository's hgrc (use hg paths to see them, or open the file), maybe you should make sure the address of the remote repository is still correct and that the project is still accessible.
I'm trying to manage my mercurial repos on my server (Debian Lenny) with mercurial-server from LShift. I was using this tutorial: http://kurtgrandis.com/blog/2010/03/20/gitosis-for-mercurial/
But when I try to clone the hgadmin repo, ssh asks me for a password.
hg clone ssh://hg#MyMercurialServer/hgadmin
But I never had set a password for the hg user. It was created using the apt-get installation.
Normally, the authentication should be done with my public ssh key (which was copied to the keys/root directory from mercurial-server). But it seems, that mercurial-server don't uses my public key.
I also flushed the privileges with
sudo -u hg /usr/share/mercurial-server/refresh-auth
After copying the public key to the mercurial-server keys/root dir. Furthermore, I can't find any logfiles for mercurial-server.
Does anybody know, how to fix that?
Thanks.
zerkms, is correct -- debug the ssh directly first. Try something like:
ssh -v -v hg#MyMercurialServer
That'll let you know if your key is being sent and rejected or not sent. Also try adding -i path/to/private/key on the client to force sending the key.
The usual config problem in ssh key setups is permissions on the authorized_keys file on the ssh server side. It needs to be 0600 and the directory its in needs to be 0700. You can debug that stuff in /var/log/messages on the server side, where sshd will print a message if it's unwilling to trust the authorized_keys file due to permissions.