Cannot execute remote command over openssh
763 views
Skip to first unread message
Martin Dalin
Oct 26, 2022, 9:53:51 AM10/26/22
to rundeck-discuss
Hello,
I am trying to execute the command uname -a over the node executor openssh.
The private key from the rundeck server is configured in the systems key storage
and it is configured in the project settings in default node executor -> SSH key Storage Path.
And the public key is inside the ~/.ssh/authorized_keys of the node.
I am trying to execute the command uname -a over the node executor openssh.
The private key from the rundeck server is configured in the systems key storage
and it is configured in the project settings in default node executor -> SSH key Storage Path.
And the public key is inside the ~/.ssh/authorized_keys of the node.
This is the error message I receive:
Failed: NonZeroResultCode: [ssh-exec] Result code: 255
Execution failed: 1855 in project test: [Workflow result: , step failures: {1=Dispatch failed on 1 nodes: [qoala: NonZeroResultCode: [ssh-exec] Result code: 255 + {dataContext=MultiDataContextImpl(map={ContextView(node:qoala)=BaseDataContext{{exec={exitCode=255}}}, ContextView(step:1, node:qoala)=BaseDataContext{{exec={exitCode=255}}}}, base=null)} ]}, Node failures: {qoala=[NonZeroResultCode: [ssh-exec] Result code: 255 + {dataContext=MultiDataContextImpl(map={ContextView(node:qoala)=BaseDataContext{{exec={exitCode=255}}}, ContextView(step:1, node:qoala)=BaseDataContext{{exec={exitCode=255}}}}, base=null)} ]}, status: failed]
Does someone have an idea why this is not working?
Does someone have an idea why this is not working?
Regards Martin
rac...@rundeck.com
Oct 26, 2022, 9:58:36 AM10/26/22
to rundeck-discuss
Hi,
Could you share your node definition? (the resources.yml/XML node entry). Here you can see a good example.
Regards.
Martin Dalin
Oct 27, 2022, 2:41:47 AM10/27/22
to rundeck...@googlegroups.com
Hi,
attached is the project configuration and the node source file and I redacted both somewhat.
I use the private key of the root user on the rundeck server.
And I have put it into the system's key storage under the name "rundeck".
Regards Martin
--
You received this message because you are subscribed to a topic in the Google Groups "rundeck-discuss" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/rundeck-discuss/8hLxxWI6m3E/unsubscribe.
To unsubscribe from this group and all its topics, send an email to rundeck-discu...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/rundeck-discuss/064ecb1f-71be-4378-9820-7cb63c83d01an%40googlegroups.com.
rac...@rundeck.com
Oct 27, 2022, 8:42:22 AM10/27/22
to rundeck-discuss
Hi Martin,
I tested your model source with the OpenSSH, SSH, and SSHJ node executors, it works on Rundeck WAR installation.
Couple of tips:
Don’t use the root account to execute Rundeck. If you’re using RPM or DEB installation you must use the Rundeck private key (in the same way, saved in your key storage and the public key on the remote node
authorized_keysaccount file. You can find it on/var/lib/rundeck/path. Take a look at this.Test the connection between the rundeck server and remote node manually via ssh, with the same user/keys. 255 code also means a potential link error.
Greetings.
Martin Dalin
Oct 27, 2022, 10:47:11 AM10/27/22
to rundeck...@googlegroups.com
Hi,
We use an RPM installation of rundeck.
Is it ok to use a symbolic link to the private key in `root/.ssh` like this:/var/lib/rundeck/.ssh $ ls -la
total 32
drwx------. 4 rundeck rundeck 4096 Oct 26 15:06 .
drwxr-xr-x. 14 rundeck rundeck 4096 Sep 6 19:12 ..
lrwxrwxrwx. 1 root root 17 Oct 26 15:06 id_rsa -> /root/.ssh/id_rsa
-rw-------. 1 rundeck rundeck 1679 Mar 16 2022 id_rsa-foreman_proxy
-rw-r--r--. 1 rundeck rundeck 415 Mar 16 2022 id_rsa-foreman_proxy.pub
-rw-------. 1 rundeck rundeck 2622 Oct 26 09:29 id_rsa_local
-rw-r--r--. 1 rundeck rundeck 307 Mar 16 2022 known_hosts
drwxrwxr-x. 4 rundeck rundeck 4096 Feb 25 2022 rundeck-scm
drwxr-xr-x. 2 root root 4096 Mar 16 2022 tmp
(I am talking about the id_rsa file here, another user has put in some other ssh key pair in there)
Or do I have to create a new pair of sshkeys with ssh-keygen inside the /var/lib/rundeck/.ssh directory?
And do I need both private key AND public key in that directory? I thought the private key is enough for the rundeck side as long as the corresponding public key is in the authorized key of the node?
Regards Martin
To view this discussion on the web visit https://groups.google.com/d/msgid/rundeck-discuss/0a5fb945-2e7f-42e1-a2f9-575f9c38e20cn%40googlegroups.com.
rac...@rundeck.com
Oct 27, 2022, 12:00:00 PM10/27/22
to rundeck-discuss
Hi Martin,
Just as advice, don’t use root symbolic links on the Rundeck “user space”. Checking your rundeck directory I think that the best approach is to backup all files and re-generate the pairs for the rundeck user: switch to rundeck user (from root user: sudo su rundeck) and regenerate the keys pairs: ssh-keygen -m PEM, now you can use the new private key on Rundeck Key Storage and the public key content on the authorized_keys remote nodes.
Hope it helps.
Regards.
Martin Dalin
Oct 28, 2022, 2:57:54 AM10/28/22
to rundeck...@googlegroups.com
Hi,
thank you very much for your help.Then I did a chown rundeck:rundeck on the node source file and configured the system's key storage in the gui.
And put the public key on the nodes authorized_keys.
I also was not aware that the rundeck user home is /var/lib/rundeck. Now it makes more sense.
Regards Martin
To view this discussion on the web visit https://groups.google.com/d/msgid/rundeck-discuss/96a21dae-6a7d-4133-b9d1-985dfb8938dfn%40googlegroups.com.
Reply all
Reply to author
Forward
0 new messages