Debug ssh Connection refused
504 views
Skip to first unread message
angelo.co...@madisoft.it
Sep 9, 2016, 4:14:00 PM9/9/16
to rundeck-discuss
Hello list,
I'm having several troubles connecting rundeck with EC2 instances.
While I had little troubles configuring EC2 nodes, actually I cannot connect to them.
I have a custom port for which I created a new mapping file. Connecting via ssh commandline works obviously without problems.
This is the execution log:
12:25:54 services Connection refused
12:25:54 Failed: ConnectionFailure: Connection refused
12:25:54 localhost Execution failed: 44: [Workflow result: , step failures: {1=Dispatch failed on 1 nodes: [services: ConnectionFailure: Connection refused]}, Node failures: {services=[ConnectionFailure: Connection refused]}, status: failed]
Is there a way to print out some debug informations for ssh? Iwould really like to know where it's wrong!
Thanks!
I'm having several troubles connecting rundeck with EC2 instances.
While I had little troubles configuring EC2 nodes, actually I cannot connect to them.
I have a custom port for which I created a new mapping file. Connecting via ssh commandline works obviously without problems.
This is the execution log:
12:25:54 services Connection refused
12:25:54 Failed: ConnectionFailure: Connection refused
12:25:54 localhost Execution failed: 44: [Workflow result: , step failures: {1=Dispatch failed on 1 nodes: [services: ConnectionFailure: Connection refused]}, Node failures: {services=[ConnectionFailure: Connection refused]}, status: failed]
Is there a way to print out some debug informations for ssh? Iwould really like to know where it's wrong!
Thanks!
Peter Garlic
Sep 12, 2016, 2:50:14 AM9/12/16
to rundeck-discuss
Hi
I´m not skilled on EC2, but if you try sh ssh -v to your hinstance what output you get?
From man ssh:
-v Verbose mode. Causes ssh to print debugging messages about its progress. This is helpful in debugging
connection, authentication, and configuration problems. Multiple -v options increase the verbosity. The
maximum is 3.)
I´m not skilled on EC2, but if you try sh ssh -v to your hinstance what output you get?
From man ssh:
-v Verbose mode. Causes ssh to print debugging messages about its progress. This is helpful in debugging
connection, authentication, and configuration problems. Multiple -v options increase the verbosity. The
maximum is 3.)
Chris Cerda
Sep 19, 2016, 2:56:26 PM9/19/16
to rundeck-discuss
You can get more output by adding -v to your node executor. Go into your project and add -v, or whatever level you need, -vvv maybe, into that setting. Once you do that, you should see debug output whenever you run the job.
-
Default Node Executor
The Node Executor is responsible for executing commands and scripts on remote nodes.Script Execution Delegates command execution to an external script. Can be configured project-wide or on a per-node basis.Command: ssh -o "StrictHostKeyChecking no" ${node.username}@${node.hostname} ${exec.command} Interpreter: bash -c
Austin Heiman
Nov 17, 2016, 11:52:16 AM11/17/16
to rundeck-discuss
@Chris - what is the project config item I can set to change the ssh command? I dont see it in the ssh plugin docs anywhere (http://rundeck.org/docs/plugins-user-guide/ssh-plugins.html). Also, where would this debug logging go to? Would I see it in job log output or would it go to another log location? Here is my current project config with my guess at what the option would be, but it doesnt seem to be changing anything:
project.name=foo
project.nodeCache.enabled=true
project.ssh-authentication=password
project.ssh-keypath=/var/lib/rundeck/.ssh/id_rsa
project.ssh-password-storage-path=keys/projects/${job.project}/rundecksvcacct.password
project.sudo-command-enabled=true
project.sudo-password-storage-path=keys/projects/${job.project}/rundecksvcacct.password
project.sudo-prompt-max-timeout=50000
resources.source.1.cache=true
resources.source.1.config.generateFileAutomatically=true
resources.source.1.config.includeServerNode=true
resources.source.1.config.url=http\://localhost\:8080/tags\:aws?run_list\=run_list&roles\=roles&platform\=platform&tags\=tags&environment\=chef_environment&ip\=ipaddress&hostname\=fqdn&default_username\= rundecksvcacct&default_project\=/foo
resources.source.1.type=url
service.FileCopier.default.provider=jsch-scp
service.NodeExecutor.default.command=ssh -o "StrictHostKeyChecking no" -vv ${node.username}@${node.hostname} ${exec.command}
service.NodeExecutor.default.provider=jsch-ssh
HyperElliptic
Nov 17, 2016, 1:03:01 PM11/17/16
to rundeck-discuss
I'm assuming that you have uploaded and verified your keys for the user your trying to authenticate as into Rundeck? Could be a list of things blocking the connection.
1. Make sure applied security group(s) allows incoming connections from Rundeck instance.
2. Make sure node information in your job includes the user you want to connect as and that keys and key paths are correct in resource.xml for your project.
3. Check permissions on .ssh directory and authorized_keys file.
4. Try connecting through Rundeck while passing -vvv to ssh which is it's most verbose setting and should at least point you in the right direction as to where in the process, authentication is failing.
5. What is the output in /var/log/secure when Rundeck is trying to connect and fails?
1. Make sure applied security group(s) allows incoming connections from Rundeck instance.
2. Make sure node information in your job includes the user you want to connect as and that keys and key paths are correct in resource.xml for your project.
3. Check permissions on .ssh directory and authorized_keys file.
4. Try connecting through Rundeck while passing -vvv to ssh which is it's most verbose setting and should at least point you in the right direction as to where in the process, authentication is failing.
5. What is the output in /var/log/secure when Rundeck is trying to connect and fails?
Austin Heiman
Nov 17, 2016, 1:46:48 PM11/17/16
to rundeck-discuss
How can I set -vvv on Rundeck ssh connections in my project config?
The problem we are facing is intermittent, out of ~100 nodes in our vpc we will see "Authentication failure connecting to node: "ec2.i-05743b0de8374f6af". Password incorrect." on ~20 nodes inconsistently. These nodes are connected to AD domain for auth with winbind, ssh connections use the same service account and password on all nodes.
Only messages we've seen in /var/log/secure is incorrect password. Is there anything that could cause rundeck to be sending the incorrect password?
Reply all
Reply to author
Forward
0 new messages