-
SSH problem(s)
Second, what I CANNOT do:
-Neither of the agents can comunicate to the server.This is the “old problem” with SSH automated logons, we could read about it in our FAQ. Almost every first pandora users has problems with this, so please be patient. for future versions we’ll replace it by an easier method to copy data between agent and server.
-Unless I run the Linux agent as root, I receive an error for not having reading rights over /var/log/syslog. How do you suggest this to be corrected without compromising security?
chmod o+r /var/log/syslog
or
Put “pandora” user (if you are running pandora agent with this user) in a special group called “pandora” and chgrp pandora /var/log/syslog
-I have succesfully logged in to the server via ssh -both locally and from the host (via PUTTY)- without having to use any password: (this means that my keys are OK, right?).
Dont use PUTTY, pandora has it own SSH code and parses your .conf to know IP address. Always use “pandora” user in server side, if have setup another user in server to connect, you need to change Pandora Agent for Windows source code and recompile it..
I know the key format is differs in Linux and Windows. Could it be the key format? In that case, which format should I use, the PUTTY (“Windows”) one or the ssh-keygen (“Linux”) one?
Format is very important and has caused many problems, “ssh-keygen” in OpenSSH format. Try with ssh-keygen…
-
4 Replies
-
Hello,
It looks like your keys are OK.
Review this:
– Generation keys in windows, please read http://pandora.sourceforge.net/en/print.php?sec=docs/faq_answers#22
and
http://pandora.sourceforge.net/en/print.php?sec=docs/faq_answers#23
– Have you created user pandora into the server?
– Have you put the id_dsa.pub key into /home/pandora/.ssh/authorized_keys file at the server?I am running a Linux Server (Debian “etch” – from now on “the server”) and I intend to use it to monitor a Windows host (Windows 2000 – from now on “the host”). I am using Pandora 1.2b3.
First, what I CAN do:
-All the servers seem to work. I can log in to the web console (only locally) from the server. I have already added two agents via the console: one on each computer.Second, what I CANNOT do:
-Neither of the agents can comunicate to the server.
-Unless I run the Linux agent as root, I receive an error for not having reading rights over /var/log/syslog. How do you suggest this to be corrected without compromising security?Some tests I have already performed:
-I have succesfully logged in to the server via ssh -both locally and from the host (via PUTTY)- without having to use any password: (this means that my keys are OK, right?).
However, the SSH test (to the Windows agent) fails:
[code:1]
C:Pandora_Agent>pandoraagent –test-ssh
Public key file: C:Pandora_Agentkeyid_dsa.pub
Private key file: C:Pandora_Agentkeyid_dsa
Connecting with [a.b.c.d]…
Authentication Failed when connecting to [a.b.c.d]
Check the remote host configuration and the public/private key files.I know the key format is differs in Linux and Windows. Could it be the key format? In that case, which format should I use, the PUTTY (“Windows”) one or the ssh-keygen (“Linux”) one?
Raúl
-
First:
Thanks for the chgrp stuff.It looks like your keys are OK.
Review this:
– Generation keys in windows, please read http://pandora.sourceforge.net/en/print.php?sec=docs/faq_answers#22
and
http://pandora.sourceforge.net/en/print.php?sec=docs/faq_answers#23I have followed the instructions there when generating the keys. (In fact, those keys work – see below).
– Have you created user pandora into the server?
– Have you put the id_dsa.pub key into /home/pandora/.ssh/authorized_keys file at the server?Yes, I have already created the pandora user on both computers: (the Linux server and the Windows host). And yes, I have copied the content of id_dsa.pub into /home/pandora/.ssh/authorized_keys.
I have run (again) the ssh-test stuff under Windows and the error still happens (both as administrator and as pandora).
I have tried running the agent (in windows) both as pandora and Administrator user. In both cases, I receive no contact confirmation from the Linux server.
I reviewed the Windows agent source code: there are three possible sources of error: the username (always pandora), the private key (id_dsa) and the public key (id_dsa.pub).
I have been using those three objects when connecting to the Linux Server from the Windows host via PUTTY (GUI) and plink (CLI) and I succeded in both cases. What could be wrong that PUTTY (and plink) works but the agent doesn´t?
-
😯
I think some admin has answered you quoting in your own post!:
Look your first POST:
Quote:
Second, what I CANNOT do:
-Neither of the agents can comunicate to the server.This is the “old problem” with SSH automated logons, we could read about it in our FAQ. Almost every first pandora users has problems with this, so please be patient. for future versions we’ll replace it by an easier method to copy data between agent and server.
Quote:
-Unless I run the Linux agent as root, I receive an error for not having reading rights over /var/log/syslog. How do you suggest this to be corrected without compromising security?
chmod o+r /var/log/syslog
or
Put “pandora” user (if you are running pandora agent with this user) in a special group called “pandora” and chgrp pandora /var/log/syslog
Quote:
-I have succesfully logged in to the server via ssh -both locally and from the host (via PUTTY)- without having to use any password: (this means that my keys are OK, right?).
Dont use PUTTY, pandora has it own SSH code and parses your .conf to know IP address. Always use “pandora” user in server side, if have setup another user in server to connect, you need to change Pandora Agent for Windows source code and recompile it..
Quote:
I know the key format is differs in Linux and Windows. Could it be the key format? In that case, which format should I use, the PUTTY (“Windows”) one or the ssh-keygen (“Linux”) one?
Format is very important and has caused many problems, “ssh-keygen” in OpenSSH format. Try with ssh-keygen…
-
I forgot to add that (acording to the pandora console) both agents fail to communicate to the server (both the one at the Windows host and the other at the Linux server).
The status for both agents is “Agent without data”. The module status is “1/0/1” (something’s wrong!). The only modules I have setup are those of CPU utilization, both in Linux and Windows.
