SSH Authentication

This article addresses situations where you have configured a host in a pre-existing infrastructure provider using password authentication, and you receive the following error when either testing the connection or performing an action on that instance (e.g. provision)

Checking connectivity for the admin compute node - rxr.infra.Compute-1
For pre-existing infrastructure, unable to connect to the admin node effectively stops the whole workflow, hence aborting execution
Checking connectivity for the admin compute node - rxr.infra.Compute-1
For pre-existing infrastructure, unable to connect to the admin node effectively stops the whole workflow, hence aborting execution
java.lang.RuntimeException: Could not connect to the host - osb-05-tk and port - 22
        at com.rubiconred.fusioncloud.platform.core.provisioning.steps.SetNodeCredentialsAndCheckConnectivity.checkSSHConnection\(SetNodeCredentialsAndCheckConnectivity.java:191\)
        at com.rubiconred.fusioncloud.platform.core.provisioning.steps.SetNodeCredentialsAndCheckConnectivity.checkSSHConnection\(SetNodeCredentialsAndCheckConnectivity.java:147\)
        at com.rubiconred.fusioncloud.platform.core.provisioning.steps.SetNodeCredentialsAndCheckConnectivity.execute\(SetNodeCredentialsAndCheckConnectivity.java:65\)
        at com.rubiconred.fusioncloud.platform.core.provisioning.steps.SetNodeCredentialsAndCheckConnectivity.execute\(SetNodeCredentialsAndCheckConnectivity.java:27\)
        at com.rubiconred.fusioncloud.common.workflow.StepBase.execute\(StepBase.java:17\)
        at org.apache.commons.chain.impl.ChainBase.execute\(ChainBase.java:191\)
        at com.rubiconred.fusioncloud.platform.core.provisioning.PlatformInstanceOrchestratorImpl.orchestrate\(PlatformInstanceOrchestratorImpl.java:220\)
        at com.rubiconred.fusioncloud.platform.core.provisioning.PlatformInstanceOrchestratorImpl$InstanceBackgroundJob.run\(PlatformInstanceOrchestratorImpl.java:176\)
Caused by: java.io.IOException: Password authentication failed.
        at com.trilead.ssh2.auth.AuthenticationManager.authenticatePassword\(AuthenticationManager.java:346\)
        at com.trilead.ssh2.Connection.authenticateWithPassword\(Connection.java:362\)
        at com.rubiconred.myst.remote.SSHConnection.doAuthentication\(SSHConnection.java:342\)
        at com.rubiconred.myst.remote.SSHConnection.connect\(SSHConnection.java:327\)
        at com.rubiconred.myst.remote.SSHConnection.executeCommand\(SSHConnection.java:93\)
        at com.rubiconred.fusioncloud.myst.runtime.RemoteConnection.executeCommand\(RemoteConnection.java:38\)
        at com.rubiconred.myst.remote.SSHConnection.executeCommand\(SSHConnection.java:67\)
        at com.rubiconred.fusioncloud.myst.runtime.RemoteConnection.executeCommand\(RemoteConnection.java:32\)
        at com.rubiconred.fusioncloud.platform.core.provisioning.steps.SetNodeCredentialsAndCheckConnectivity.checkSSHConnection\(SetNodeCredentialsAndCheckConnectivity.java:186\)
... 7 more

Caused by: java.io.IOException: Authentication method password not supported by the server at this stage.
        at com.trilead.ssh2.auth.AuthenticationManager.authenticatePassword\(AuthenticationManager.java:316\)
        ... 15 more

General Items to Check

This type of error can occur for a number of reasons, but most commonly it is due to a misconfiguration of ssh on the target server. The first thing to check is the /etc/ssh/sshd_config file, in particular the following parameter is set

PasswordAuthentication yes

Issues when Running as a Different User

MyST Studio allows you to connect to a server as one user, and then perform the configuration tasks as another user. Behind the scenes, once logged into the shell MyST Studio will use the following command format to run commands as another user

sudo -i -u <SUDO_USER> bash -c "<COMMAND>"

Using the command above you can verify that the sudo is working correctly by logging to the target server, and manually executing the sudo command for the sudo user. Generally, it is recommended to provide the following access for the connection user to execute the sudo commands.

Cmnd_Alias      SHELLS=/usr/bin/sh,/usr/bin/ksh,/bin/sh,/bin/ksh
Cmnd_Alias      FULL=/usr/local/bin/*,/usr/bin/*,/bin/cp
User_Alias      MSYT_USERS=<user1-OS-ID>,<user2-OS-ID>
MYST_USERS      ALL=(oracle)!SHELLS,NOPASSWD:FULL

Last updated