1

I have 3 servers. On 1 server i have 2 scripts: 1st script:

ssh [email protected] 'bash -s' < 2.sh

2nd script:

rsync -av --update /root/backup/* [email protected]:/root/backup/

I want to connect from 1st server with 1st script by ssh to 2nd server and perform copying data from 2nd server to 3rd server. Connection from 1st server to 2nd server is OK, it asks for password for ssh. After that must be promt for a password for rsync, but i get errors. Rsync doesn't work. Errors:

Permission denied, please try again.

Permission denied, please try again.

Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password).

rsync: connection unexpectedly closed (0 bytes received so far) [sender]

rsync error: unexplained error (code 255) at io.c(226) [sender=3.1.2]

Firewalls on servers are disabled. When i perform rsync on 2nd server without script, it works.

What is the problem?

debug 

OpenSSH_7.4p1, OpenSSL 1.0.2k-fips 26 Jan 2017 debug1: Reading configuration data /etc/ssh/ssh_config debug1: /etc/ssh/ssh_config line 58: Applying options for * debug2: resolving "1.1.1.2" port 22 debug2: ssh_connect_direct: needpriv 0 debug1: Connecting to 1.1.1.2 [1.1.1.2] port 22. debug1: Connection established. debug1: identity file /home/wso2admin/.ssh/id_rsa type 1 debug1: key_load_public: No such file or directory debug1: identity file /home/wso2admin/.ssh/id_rsa-cert type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/wso2admin/.ssh/id_dsa type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/wso2admin/.ssh/id_dsa-cert type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/wso2admin/.ssh/id_ecdsa type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/wso2admin/.ssh/id_ecdsa-cert type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/wso2admin/.ssh/id_ed25519 type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/wso2admin/.ssh/id_ed25519-cert type -1 debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_7.4 debug1: Remote protocol version 2.0, remote software version OpenSSH_7.4 debug1: match: OpenSSH_7.4 pat OpenSSH* compat 0x04000000 debug2: fd 3 setting O_NONBLOCK debug1: Authenticating to 1.1..2:22 as 'wso2admin' debug3: hostkeys_foreach: reading file "/home/wso2admin/.ssh/known_hosts" debug3: record_hostkey: found key type ECDSA in file /home/wso2admin/.ssh/known_hosts:3 debug3: load_hostkeys: loaded 1 keys from 1.1.1.2 debug3: order_hostkeyalgs: prefer hostkeyalgs: [email protected],[email protected],[email protected],ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521 debug3: send packet: type 20 debug1: SSH2_MSG_KEXINIT sent debug3: receive packet: type 20 debug1: SSH2_MSG_KEXINIT received debug2: local client KEXINIT proposal debug2: KEX algorithms: curve25519-sha256,[email protected],ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c debug2: host key algorithms: [email protected],[email protected],[email protected],ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,[email protected],[email protected],[email protected],ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa,ssh-dss debug2: ciphers ctos: [email protected],aes128-ctr,aes192-ctr,aes256-ctr,[email protected],[email protected],aes128-cbc,aes192-cbc,aes256-cbc debug2: ciphers stoc: [email protected],aes128-ctr,aes192-ctr,aes256-ctr,[email protected],[email protected],aes128-cbc,aes192-cbc,aes256-cbc debug2: MACs ctos: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-sha1 debug2: MACs stoc: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-sha1 debug2: compression ctos: none,[email protected],zlib debug2: compression stoc: none,[email protected],zlib debug2: languages ctos: debug2: languages stoc: debug2: first_kex_follows 0 debug2: reserved 0 debug2: peer server KEXINIT proposal debug2: KEX algorithms: curve25519-sha256,[email protected],ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1 debug2: host key algorithms: ssh-rsa,rsa-sha2-512,rsa-sha2-256,ecdsa-sha2-nistp256,ssh-ed25519 debug2: ciphers ctos: [email protected],aes128-ctr,aes192-ctr,aes256-ctr,[email protected],[email protected],aes128-cbc,aes192-cbc,aes256-cbc,blowfish-cbc,cast128-cbc,3des-cbc debug2: ciphers stoc: [email protected],aes128-ctr,aes192-ctr,aes256-ctr,[email protected],[email protected],aes128-cbc,aes192-cbc,aes256-cbc,blowfish-cbc,cast128-cbc,3des-cbc debug2: MACs ctos: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-sha1 debug2: MACs stoc: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-sha1 debug2: compression ctos: none,[email protected] debug2: compression stoc: none,[email protected] debug2: languages ctos: debug2: languages stoc: debug2: first_kex_follows 0 debug2: reserved 0 debug1: kex: algorithm: curve25519-sha256 debug1: kex: host key algorithm: ecdsa-sha2-nistp256 debug1: kex: server->client cipher: [email protected] MAC: <implicit> compression: none debug1: kex: client->server cipher: [email protected] MAC: <implicit> compression: none debug1: kex: curve25519-sha256 need=64 dh_need=64 debug1: kex: curve25519-sha256 need=64 dh_need=64 debug3: send packet: type 30 debug1: expecting SSH2_MSG_KEX_ECDH_REPLY debug3: receive packet: type 31 debug1: Server host key: ecdsa-sha2-nistp256 SHA256:k6J9Ez5V+PiqaBfUlN6LM7MwBGfPOrOTv4P/eyC3sGI debug3: hostkeys_foreach: reading file "/home/wso2admin/.ssh/known_hosts" debug3: record_hostkey: found key type ECDSA in file /home/wso2admin/.ssh/known_hosts:3 debug3: load_hostkeys: loaded 1 keys from 1.1.1.2 debug1: Host '1.1.1.2' is known and matches the ECDSA host key. debug1: Found key in /home/wso2admin/.ssh/known_hosts:3 debug3: send packet: type 21 debug2: set_newkeys: mode 1 debug1: rekey after 134217728 blocks debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug3: receive packet: type 21 debug1: SSH2_MSG_NEWKEYS received debug2: set_newkeys: mode 0 debug1: rekey after 134217728 blocks debug2: key: /home/wso2admin/.ssh/id_rsa (0x55c2a242b850) debug2: key: /home/wso2admin/.ssh/id_dsa ((nil)) debug2: key: /home/wso2admin/.ssh/id_ecdsa ((nil)) debug2: key: /home/wso2admin/.ssh/id_ed25519 ((nil)) debug3: send packet: type 5 debug3: receive packet: type 7 debug1: SSH2_MSG_EXT_INFO received debug1: kex_input_ext_info: server-sig-algs=<rsa-sha2-256,rsa-sha2-512> debug3: receive packet: type 6 debug2: service_accept: ssh-userauth debug1: SSH2_MSG_SERVICE_ACCEPT received debug3: send packet: type 50 debug3: receive packet: type 51 debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password debug3: start over, passed a different list publickey,gssapi-keyex,gssapi-with-mic,password debug3: preferred gssapi-keyex,gssapi-with-mic,publickey,keyboard-interactive,password debug3: authmethod_lookup gssapi-keyex debug3: remaining preferred: gssapi-with-mic,publickey,keyboard-interactive,password debug3: authmethod_is_enabled gssapi-keyex debug1: Next authentication method: gssapi-keyex debug1: No valid Key exchange context debug2: we did not send a packet, disable method debug3: authmethod_lookup gssapi-with-mic debug3: remaining preferred: publickey,keyboard-interactive,password debug3: authmethod_is_enabled gssapi-with-mic debug1: Next authentication method: gssapi-with-mic debug1: Unspecified GSS failure. Minor code may provide more information No Kerberos credentials available (default cache: KEYRING:persistent:1000) debug1: Unspecified GSS failure. Minor code may provide more information No Kerberos credentials available (default cache: KEYRING:persistent:1000) debug2: we did not send a packet, disable method debug3: authmethod_lookup publickey debug3: remaining preferred: keyboard-interactive,password debug3: authmethod_is_enabled publickey debug1: Next authentication method: publickey debug1: Offering RSA public key: /home/wso2admin/.ssh/id_rsa debug3: send_pubkey_test debug3: send packet: type 50 debug2: we sent a publickey packet, wait for reply debug3: receive packet: type 51 debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password debug1: Trying private key: /home/wso2admin/.ssh/id_dsa debug3: no such identity: /home/wso2admin/.ssh/id_dsa: No such file or directory debug1: Trying private key: /home/wso2admin/.ssh/id_ecdsa debug3: no such identity: /home/wso2admin/.ssh/id_ecdsa: No such file or directory debug1: Trying private key: /home/wso2admin/.ssh/id_ed25519 debug3: no such identity: /home/wso2admin/.ssh/id_ed25519: No such file or directory debug2: we did not send a packet, disable method debug3: authmethod_lookup password debug3: remaining preferred: ,password debug3: authmethod_is_enabled password debug1: Next authentication method: password [email protected]'s password: debug3: send packet: type 50 debug2: we sent a password packet, wait for reply debug3: receive packet: type 52 debug1: Authentication succeeded (password). Authenticated to 1.1.1.2 ([1.1.1.2]:22). debug2: fd 4 setting O_NONBLOCK debug1: channel 0: new [client-session] debug3: ssh_session2_open: channel_new: 0 debug2: channel 0: send open debug3: send packet: type 90 debug1: Requesting [email protected] debug3: send packet: type 80 debug1: Entering interactive session. debug1: pledge: network debug3: receive packet: type 80 debug1: client_input_global_request: rtype [email protected] want_reply 0 debug3: receive packet: type 91 debug2: callback start debug2: fd 3 setting TCP_NODELAY debug3: ssh_packet_set_tos: set IP_TOS 0x08 debug2: client_session2_setup: id 0 debug1: Sending environment. debug3: Ignored env XDG_SESSION_ID debug3: Ignored env HOSTNAME debug3: Ignored env SHELL debug3: Ignored env TERM debug3: Ignored env HISTSIZE debug3: Ignored env SSH_CLIENT debug3: Ignored env SSH_TTY debug3: Ignored env USER debug3: Ignored env LS_COLORS debug3: Ignored env PATH debug3: Ignored env MAIL debug3: Ignored env _ debug3: Ignored env PWD debug3: Ignored env JAVA_HOME debug1: Sending env LANG = en_US.UTF-8 debug2: channel 0: request env confirm 0 debug3: send packet: type 98 debug3: Ignored env HISTCONTROL debug3: Ignored env HOME debug3: Ignored env SHLVL debug3: Ignored env LOGNAME debug3: Ignored env SSH_CONNECTION debug3: Ignored env LESSOPEN debug3: Ignored env XDG_RUNTIME_DIR debug1: Sending command: bash -s debug2: channel 0: request exec confirm 1 debug3: send packet: type 98 debug2: callback done debug2: channel 0: open confirm rwindow 0 rmax 32768 debug2: channel 0: rcvd adjust 2097152 debug3: receive packet: type 99 debug2: channel_input_status_confirm: type 99 id 0 debug2: exec request accepted on channel 0 debug2: channel 0: read<=0 rfd 4 len 0 debug2: channel 0: read failed debug2: channel 0: close_read debug2: channel 0: input open -> drain debug2: channel 0: ibuf empty debug2: channel 0: send eof debug3: send packet: type 96 debug2: channel 0: input drain -> closed debug2: channel 0: rcvd ext data 38 Permission denied, please try again. debug2: channel 0: written 38 to efd 6 debug2: channel 0: rcvd ext data 38 Permission denied, please try again. debug2: channel 0: written 38 to efd 6 debug2: channel 0: rcvd ext data 70 Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password). debug2: channel 0: written 70 to efd 6 debug2: channel 0: rcvd ext data 73 debug2: channel 0: rcvd ext data 70 rsync: connection unexpectedly closed (0 bytes received so far) [sender] rsync error: unexplained error (code 255) at io.c(226) [sender=3.1.2] debug2: channel 0: written 143 to efd 6 debug3: receive packet: type 98 debug1: client_input_channel_req: channel 0 rtype exit-status reply 0 debug3: receive packet: type 96 debug2: channel 0: rcvd eof debug2: channel 0: output open -> drain debug2: channel 0: obuf empty debug2: channel 0: close_write debug2: channel 0: output drain -> closed debug3: receive packet: type 97 debug2: channel 0: rcvd close debug3: channel 0: will not send data after close debug2: channel 0: almost dead debug2: channel 0: gc: notify user debug2: channel 0: gc: user detached debug2: channel 0: send close debug3: send packet: type 97 debug2: channel 0: is dead debug2: channel 0: garbage collecting debug1: channel 0: free: client-session, nchannels 1 debug3: channel 0: status: The following connections are open: #0 client-session (t4 r0 i3/0 o3/0 fd -1/-1 cc -1) debug3: send packet: type 1 debug1: fd 0 clearing O_NONBLOCK Transferred: sent 2496, received 2836 bytes, in 0.1 seconds Bytes per second: sent 18079.1, received 20541.8 debug1: Exit status 255
Improve this question
2
  • Do you login via SSH key when not using the script? Do you manually launch the script or is it executed from another daemon? What does ssh -vvv say when used in script? Commented Aug 14, 2019 at 11:20
  • Yes, i login via ssh without script. Yes, i manually launch the script Commented Aug 15, 2019 at 3:58

1 Answer 1

Reset to default
0

I don't believe the problem is the script or that rsync doesn't run from within but the ssh daemon configuration in the first server.

You may try edit in /etc/ssh/sshd_config

PasswordAuthentication yes

The error seems to be the password which makes me think either you're typing it manually (make sure it's the correct one) but at the same time make sure that you actually allow password logins.

Since you're also using root, you have to also make sure the following is present in /etc/ssh/sshd_config

PermitRootLogin yes

You didn't specify distro, so most distros will have it in that path, otherwise you can check your specific or reply to the question and I'll do my best to answer.

I'd also recommend running from server a:

ssh-copy-id root@serverb

And the same on server b changing for server a.

That way your key will be present in origin and destination and ssh won't ask for a password.

Improve this answer
6
  • Ur advices didn't help. I made ssh-copy-id root@serverb. There is no promt for password to connect to 2nd server, but there are still the same errors. Commented Aug 14, 2019 at 9:00
  • Did you replace serverb with the ip address or domain to the correct address? Are you able to ssh from both sides? Commented Aug 14, 2019 at 19:13
  • I found that there are more problems with ssh on 1st server. It can't connect to other servers. 2nd & 3rd servers can perform scripts when ssh doesn't ask for pwd, but servers can't perform script when ssh asks for pwd. I tried to do it on a new 4rd server, and on 4rd server everything works when ssh asks and doesnt ask for pwd. Some problems with ssh on 1,2,3 servers. I copied config from 4th server on other servers, it didn't help to other servers, so problem not in config. I tried to clean known_hosts, it didn't help too. Commented Aug 15, 2019 at 3:57
  • I will need you to post ssh root@server1,2,3 -vvv at least from one of the problem childs so we can get more information on this. Commented Aug 15, 2019 at 5:49
  • I found that 3rd server must contain authorized key for 2nd server. 1st & 2nd servers dont need to contain authorized keys. In this case script asks for pwd of 2nd server and then do rsync. Soon i ll publish debug log from ssh. Commented Aug 15, 2019 at 6:14

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.