Chapter 9: Deploying with Fabric aborts with Fatal error: Error reading SSH protocol banner

[Natalia Zolotukhina]

Hi guys,

did anyone face this issue when running Fabric?

I use amazon EC2 instance with elastic IP and opened SSH port (manual SSH works fine), however running fabric on my local machine ends up with the following error:

No handlers could be found for logger "paramiko.transport"

Fatal error: Error reading SSH protocol banner

Underlying exception:

    Error reading SSH protocol banner

Aborting.

At the beginning of execution fabric keeps asking me for the password of my server's user.

I tried:

- setting the password into env.password in the fab file;

- changing banner_timeout from 15 to 30 seconds in transport.py file 

- changed wi-fi network

None of the above helped.

I would appreciate any thoughts regarding this issue.

[Harry Percival]

Hi Natalia,

Two suggestions occur to me:

- are you specifying the right username as well as the right password when you're telling fabric to connect?  You can do it in the host= section of the fab command line, with the @ syntax:

  fab deploy host=user...@sitename.com

- try using public/private key authentication instead of passwords?  I put a link to a linode article about it near the beginning of chapter 8.

If that doesn't work, the specific error you're looking at, "error reading ssh protocol banner", sounds more like you're ending up on the wrong port somehow...  You're not specifying a port anywhere are you?    What command are you using to run fab?  Can you share your code? (not your password obviously, but the code?)

--
You received this message because you are subscribed to the Google Groups "Obey the testing goat! Test-Driven Web Development with Python book" group.
To unsubscribe from this group and stop receiving emails from it, send an email to obey-the-testing-go...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

--

------------------------------
Harry J.W. Percival
------------------------------
Twitter: @hjwp
Mobile:  +44 (0) 78877 02511
Skype:         harry.percival

[Natalia Zolotukhina]

Hi Harry,

it seems like your second thought about public/private key authentication was correct. When I launched an instance on amazon I was prompted to create a key pair pem file and use it during the launch.

I changed fabric file a bit to use this pem file as an env.key_filename, but it didn't help.

Here's my fab file

https://github.com/rosomaxa/tddgoat/blob/master/deploy_tools/fabfile.py

and this is how I run the command:

fab deploy -H ol...@superlists-stage.tddgoat.net

fab deploy -H ol...@superlists-stage.tddgoat.net -i ~/Downloads/amazon/ololo.pem  // I know this is not the best folder to store a key :)

Both of them ended up with

[superlists-stage.tddgoat.net] Executing task 'deploy'

[superlists-stage.tddgoat.net] run: mkdir -p /home/ololo/sites/superlists-stage.tddgoat.net/database

[superlists-stage.tddgoat.net] Login password for 'ololo': 

// asks for password 10 times and then

No handlers could be found for logger "paramiko.transport"

Fatal error: Error reading SSH protocol banner

Underlying exception:

    Error reading SSH protocol banner

Aborting.

I'm sure I use correct password and don't specify the port anywhere (during the instance launch I only explicitly opened port 80 for HTTP).

Anyway, I have working staging environment and can proceed with your great book! %)

середа, 9 грудня 2015 р. 23:26:36 UTC-8 користувач Harry Percival написав:

Hi Natalia,

Two suggestions occur to me:

- are you specifying the right username as well as the right password when you're telling fabric to connect?  You can do it in the host= section of the fab command line, with the @ syntax:

  fab deploy host=user...@sitename.com

- try using public/private key authentication instead of passwords?  I put a link to a linode article about it near the beginning of chapter 8.

If that doesn't work, the specific error you're looking at, "error reading ssh protocol banner", sounds more like you're ending up on the wrong port somehow...  You're not specifying a port anywhere are you?    What command are you using to run fab?  Can you share your code? (not your password obviously, but the code?)

On 10 December 2015 at 00:27, Natalia Zolotukhina <nvzolo...@gmail.com> wrote:

Hi guys,

did anyone face this issue when running Fabric?

I use amazon EC2 instance with elastic IP and opened SSH port (manual SSH works fine), however running fabric on my local machine ends up with the following error:

No handlers could be found for logger "paramiko.transport"

Fatal error: Error reading SSH protocol banner

Underlying exception:

    Error reading SSH protocol banner

Aborting.

At the beginning of execution fabric keeps asking me for the password of my server's user.

I tried:

- setting the password into env.password in the fab file;

- changing banner_timeout from 15 to 30 seconds in transport.py file 

- changed wi-fi network

None of the above helped.

I would appreciate any thoughts regarding this issue.

-- 
You received this message because you are subscribed to the Google Groups "Obey the testing goat! Test-Driven Web Development with Python book" group.

To unsubscribe from this group and stop receiving emails from it, send an email to obey-the-testing-goat-book+unsub...@googlegroups.com.

For more options, visit https://groups.google.com/d/optout.

[Harry Percival]

Hi Natalia,

My guess is that the .pem private key file that amazon gave you will only work for the default "ubuntu" user that amazon creates, not for the "ololo" user that you created.

For the ololo user, you can set up your own public/private key authentication.  I recommend generating a new key pair on your own pc, and then adding your public key to /home/ololo/.ssh/authorized_keys on the server.  There are some instructions in the link I suggest in the book...

HP

To unsubscribe from this group and stop receiving emails from it, send an email to obey-the-testing-go...@googlegroups.com.

For more options, visit https://groups.google.com/d/optout.

-- 

------------------------------
Harry J.W. Percival
------------------------------
Twitter: @hjwp
Mobile:  +44 (0) 78877 02511
Skype:         harry.percival

--

You received this message because you are subscribed to the Google Groups "Obey the testing goat! Test-Driven Web Development with Python book" group.

To unsubscribe from this group and stop receiving emails from it, send an email to obey-the-testing-go...@googlegroups.com.

For more options, visit https://groups.google.com/d/optout.

[Kurt Kelly]

Hi Natalia,

I did have these same issues when running Fabric and it took me quite awhile to figure out what was happening.  Essentially, for me, it came down to the fact that on Amazon EC2, using Ubuntu, at first you can only ssh in using ubuntu@superlists..... (rest of server address) until you set it up so that other users can ssh in to the server.  Fabric is using ssh so if you haven't done that, it won't work. 

I found out how to do that by going to this page : http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/managing-users.html , which showed the following steps:

Once your user "newuser" has been setup,
1. After you've used ssh to login to the server using ubuntu@...
2. Make your newuser a sudo user with the command:
    $ sudo usermod -a -G sudo newuser

3. switch to that user using .. 
    $ sudo su -newuser
4. $ mkdir .ssh
5. change the permissions for the .ssh directory..
    $ chmod 700 .ssh
6. create a folder named "authorized_keys" in the .ssh directory..
    $ touch     .ssh/authorized_keys
7. change the permissions of the authorized_keys folder..
    $ chmod 600 .ssh/authorized_keys
8. edit the authorized_keys file to include the public key for key pair file (see directions here for retrieving your private key on your local machine -- note it's a little different between linux and windows and the instructions are down the page a little ways: http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-key-pairs.html#having-ec2-create-your-key-pair )  -- I used vim to edit that file and cut and paste the text into the file, but you can use whichever text editor you like.

After doing all of this I was able to run the command from my local machine:
$ fab deploy:host=new...@superlists.mydomain.com -i ~/Path/toLocation/ofPrivateKeyFile/NameofFile.pem 

I had to enter the sudo password for newuser and then it failed at the point where it runs the command in the fabfile

cd /home/newuser/sites/superlists.mydomain.com/source && git reset --hard with a permission denied.

So I then went back on the server (still open from before), navigated to the file sites and made newuser an owner of the folder superlists with the command:

sudo chown -R newuser:newuser superlists.mydomain.com/

Then I ran the command on the local machine again:
$ fab deploy:host=new...@superlists.mydomain.com -i ~/Path/toLocation/ofPrivateKeyFile/NameofFile.pem

And everything worked.  My guess is that we could make newuser the owner of superlists.mydomain.com in the fabfile and not have to run the command twice to get it to work, but I haven't tested that yet.

Hope this helps in your case.  If anyone sees any problems that might be caused by this please let me know.




In the

[Steffan A]

Hey Kurt,

First off I want to say thank you so much for the detailed steps - I've hit a similar issue and this has helped to give me some good steps in troubleshooting it, since this is my first time doing anything with a server, period.  I was curious about what you actually entered in the .shh/authorized_key file for the newuser - is it the same text as what's in ubuntu/.ssh/authorized_key?  My fab deploy task is getting so far as trying to run the first mkdir before prompting for newuser password, thinking, prompt for newuser password, repeat infinitely.

[Harry Percival]

Hi All,  hope you don't mind if I step in.

I keep meaning to write a better guide to this stuff, but it's hard to find the time.

The authorized_keys file can contain keys for any user you want to authorize to log into that account, without needing a password.  You put the public key in there, and then anyone with the private key can log in.

I think by default amazon gives you a private key, and puts its corresponding public key into the "ubuntu" user's authorized_keys.  So if you want to keep using that private key, then you can put a copy the same public key into the other user's authorized_keys.

Alternatively, you can generate a brand new private/public keypair with ssh-keygen (I link to some instructions for that at the beginning of chapter 8), and then put the new public key into authorized_keys.

You can even do both if you want, you can put as many public keys as you want into authorized_keys

cheers,

Harry

--
You received this message because you are subscribed to the Google Groups "Obey the testing goat! Test-Driven Web Development with Python book" group.
To unsubscribe from this group and stop receiving emails from it, send an email to obey-the-testing-go...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Steffan A]

Harry,

Thanks for the information & explanation!  You're the best.

To unsubscribe from this group and stop receiving emails from it, send an email to obey-the-testing-goat-book+unsub...@googlegroups.com.

For more options, visit https://groups.google.com/d/optout.

[Steffan A]

Also, just in case someone else comes across this in the future - when you run the fabric command, note that the secret key you send to the server has to be an OpenSSH key - for a while, I was trying to use either my .pem AWS key, or my .ppk Putty key, neither of which are supported by Fabric.  use PuttyGen to export the key to OpenSSH and link to that for the connection to go through!