exec node and SSH

[ghe...@me.com]

I am having a problem with running the exec node getting a key verification failed error message

the command Im running is like

ssh localuser@localIP 'rsync fromhere remoteuser@remoteipblahblah'

i.e. from node red computer (odroid) ssh into a local machine (MAC) then do a rsync backup from local MAC to a remote MAC

works fine from terminal but key verification error from node red

Host key verification failed.

[Colin Law]

Are you using key authentication? If so you may need to tell it where
to find the key if node-red is running as a different user. There is a
cli parameter to set the key location in the ssh command.

Colin

> --
> http://nodered.org
>
> Join us on Slack to continue the conversation: http://nodered.org/slack
> ---
> You received this message because you are subscribed to the Google Groups
> "Node-RED" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to node-red+u...@googlegroups.com.
> To post to this group, send email to node...@googlegroups.com.
> Visit this group at https://groups.google.com/group/node-red.
> To view this discussion on the web, visit
> https://groups.google.com/d/msgid/node-red/9b54c56d-74f2-4ba5-81f8-d24f2c3ac278%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.

[ghe...@me.com]

ssh -i ~/.ssh/id_rsa 'user@ip command'

also gives same error

force reinstall key also same error

[Dave C-J]

What user are you running the command as? Are the command line user and Node-RED use the same?

[ghe...@me.com]

command is being run as user odroid node-red user odroid

[Colin Law]

Is the key in odroid/.ssh? Specify the full path.

Colin

To unsubscribe from this group and stop receiving emails from it, send an email to node-red+unsubscribe@googlegroups.com.

To post to this group, send email to node...@googlegroups.com.
Visit this group at https://groups.google.com/group/node-red.

To view this discussion on the web, visit https://groups.google.com/d/msgid/node-red/73db3481-3f2a-4c75-8454-7813d9c4c741%40googlegroups.com.

[ghe...@me.com]

tried still same error

ssh -i /home/odroid/.ssh/id_rsa user@ipaddress command

[Colin Law]

On 28 January 2017 at 07:51, <ghe...@me.com> wrote:
> tried still same error
>
> ssh -i /home/odroid/.ssh/id_rsa user@ipaddress command

Try adding to the ssh command
-o StrictHostKeyChecking=no

Colin

> https://groups.google.com/d/msgid/node-red/2b0f61e8-19c6-46f3-96ed-e93113dbd5e4%40googlegroups.com.

[ghe...@me.com]

this time I got 

Warning: Permanently added '192.168.0.12' (ECDSA) to the list of known hosts.
Permission denied, please try again.
Permission denied, please try again.
Received disconnect from 192.168.0.12 port 22:2: Too many authentication failures
Connection to 192.168.0.12 closed by remote host.

[Colin Law]

On 28 January 2017 at 09:38, <ghe...@me.com> wrote:
> this time I got
>
> Warning: Permanently added '192.168.0.12' (ECDSA) to the list of known
> hosts.
> Permission denied, please try again.
> Permission denied, please try again.
> Received disconnect from 192.168.0.12 port 22:2: Too many authentication
> failures
> Connection to 192.168.0.12 closed by remote host.

Is that the right ip address?
Is so then your key is not right. Have a look in auth.log on the
server to see if you get further clues.
Also check now whether the exact command you are running in the exec
node works in the command line.

Colin

[ghe...@me.com]

where is the auth.log

On Saturday, 28 January 2017 20:48:35 UTC+11, Colin Law wrote:

On 28 January 2017 at 09:38,  <ghe...@me.com> wrote:
> this time I got

[ghe...@me.com]

yes right address

yes same command works in terminal

[Colin Law]

On 28 January 2017 at 09:50, <ghe...@me.com> wrote:
> where is the auth.log

Did google not answer that question for you? It depends on which linux
distribution you are using, usually it is in /var/log

Colin

> --
> http://nodered.org
>
> Join us on Slack to continue the conversation: http://nodered.org/slack
> ---
> You received this message because you are subscribed to the Google Groups
> "Node-RED" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to node-red+u...@googlegroups.com.
> To post to this group, send email to node...@googlegroups.com.
> Visit this group at https://groups.google.com/group/node-red.
> To view this discussion on the web, visit

> https://groups.google.com/d/msgid/node-red/52a8c556-7cd5-4f31-9c0b-b671dd64f9bc%40googlegroups.com.

[ghe...@me.com]

auth.log in var/log

does not show any attempt

On Saturday, 28 January 2017 20:50:52 UTC+11, ghe...@me.com wrote:

[ghe...@me.com]

it seems when running from node-red it looks for identity file in root rather than home/odroid

does this mean something wrong with my node-red setup?

[Nick O'Leary]

How are you running Node-RED?

If you use an exec node to run /usr/bin/id , what does it return?

Nick

To unsubscribe from this group and stop receiving emails from it, send an email to node-red+unsubscribe@googlegroups.com.

To post to this group, send email to node...@googlegroups.com.
Visit this group at https://groups.google.com/group/node-red.

To view this discussion on the web, visit https://groups.google.com/d/msgid/node-red/45032b10-4b31-4acd-af26-5cfc36878a78%40googlegroups.com.

[ghe...@me.com]

uid=0(root) gid=0(root) groups=0(root)

[Nick O'Leary]

Which tells us you are running node-red as root.

How are you running it?

Nick

To unsubscribe from this group and stop receiving emails from it, send an email to node-red+unsubscribe@googlegroups.com.

To post to this group, send email to node...@googlegroups.com.
Visit this group at https://groups.google.com/group/node-red.

To view this discussion on the web, visit https://groups.google.com/d/msgid/node-red/3fe5ed22-5017-43f0-bd63-b60245a4b442%40googlegroups.com.

[ghe...@me.com]

I thought I followed the instructions its starts on boot but can't remember what I did

I imagine I did the PAM thing from the instructions but not sure

[ghe...@me.com]

I found this in syslog (now that I know where the logs are)

Jan 28 21:51:46 odroid pm2[1609]: [PM2] PM2 Successfully daemonized

Jan 28 21:51:46 odroid pm2-init.sh[1683]: mesg: ttyname failed: Inappropriate ioctl for device

Jan 28 21:51:46 odroid pm2[1609]: [PM2] Resurrecting

Jan 28 21:51:46 odroid pm2[1609]: [PM2] Restoring processes located in /root/.pm2/dump.pm2

Jan 28 21:51:47 odroid pm2[1609]: ┌──────────┬────┬──────┬─────┬────────┬─────────┬────────┬─────┬─────┬──────────┐

Jan 28 21:51:47 odroid pm2[1609]: │ App name │ id │ mode │ pid │ status │ restart │ uptime │ cpu │ mem │ watching │

Jan 28 21:51:47 odroid pm2[1609]: └──────────┴────┴──────┴─────┴────────┴─────────┴────────┴─────┴─────┴──────────┘

Jan 28 21:51:47 odroid pm2[1609]:  Use `pm2 show <id|name>` to get more details about an app

Jan 28 21:51:47 odroid systemd[1]: Started PM2 next gen process manager for Node.js.

Jan 28 21:51:47 odroid pm2-init.sh[1683]: [PM2] Spawning PM2 daemon with pm2_home=/home/odroid/.pm2

Jan 28 21:51:48 odroid pm2-init.sh[1683]: [PM2] PM2 Successfully daemonized

Jan 28 21:51:48 odroid pm2-init.sh[1683]: [PM2] Resurrecting

Jan 28 21:51:48 odroid pm2-init.sh[1683]: [PM2] Restoring processes located in /home/odroid/.pm2/dump.pm2

Jan 28 21:51:48 odroid pm2-init.sh[1683]: [PM2] Process /usr/bin/node-red restored

Jan 28 21:51:48 odroid pm2-init.sh[1683]: ┌──────────┬────┬──────┬──────┬────────┬─────────┬────────┬─────┬───────────┬──────────┐

Jan 28 21:51:48 odroid pm2-init.sh[1683]: │ App name │ id │ mode │ pid  │ status │ restart │ uptime │ cpu │ mem       │ watching │

Jan 28 21:51:48 odroid pm2-init.sh[1683]: ├──────────┼────┼──────┼──────┼────────┼─────────┼────────┼─────┼───────────┼──────────┤

Jan 28 21:51:48 odroid pm2-init.sh[1683]: │ node-red │ 0  │ fork │ 1808 │ online │ 0       │ 0s     │ 70% │ 12.1 MB   │ disabled │

Jan 28 21:51:48 odroid pm2-init.sh[1683]: └──────────┴────┴──────┴──────┴────────┴─────────┴────────┴─────┴───────────┴──────────┘

Jan 28 21:51:48 odroid pm2-init.sh[1683]:  Use `pm2 show <id|name>` to get more details about an app

Jan 28 21:51:49 odroid systemd[1]: Started LSB: PM2 init script.

[ghe...@me.com]

I note pm2 commands run only with sudo. I wonder if this is the scource of the problem. How would you fix that?

[Mark Setrem]

why not stop node-red running under pm2.   

Start node-red from the command line as described in the documentation

Try your flow again and see if it works?

[Dave C-J]

Basic advice would be to not use pm2, and use systemd instead, but if you need to then check https://github.com/Unitech/pm2/pull/329

[ghe...@me.com]

OK so I have determined that PM2 was starting node-red as root

it runs fine if I start manually with node-red command in terminal

i tried uninstalling PM2 and directory ~/.pm2 and reinstalling PM2

however on running pm2 start /usr/bin/node-red -- -v

I get error 

vents.js:141

      throw er; // Unhandled 'error' event

      ^

Error: connect EACCES /home/odroid/.pm2/rpc.sock

    at Object.exports._errnoException (util.js:907:11)

    at exports._exceptionWithHostPort (util.js:930:20)

    at PipeConnectWrap.afterConnect [as oncomplete] (net.js:1078:14)

Rather than just find some other way to start node-red I would prefer to

solve this problem. Any suggestions? 

[Julian Knight]

I think that is saying that it can't open an IP port.

It feels to me as though your Node/NR installation is somewhat messed up.

You shouldn't generally need to run any userland application with SUDO and it reduces security fairly significantly so is best avoided.

Certainly on the Pi, there is no need to have NR or PM2 running as root.

The only other thing I can think of is that you are trying to open a port <1024. Those do require root access.

[Colin Law]

On 27 January 2017 at 22:42, <ghe...@me.com> wrote:
> Tried this still same error
> simplified test
> ssh lev...@192.168.0.12 say test
> gives
>
> host key verification error

You previously said you had got past this problem by specifying
-o StrictHostKeyChecking=no

Colin