I am trying to use rsync to upload files to my server alongside Travis and GitHub, I have this line in a deploy.sh script rsync -avhP $f deploy#multicrew.co.uk:/var/www/test/ and whenever I try to upload the $f files I get this error:
ssh: connect to host multicrew.co.uk port 22: Cannot assign requested address
Within my .travis.yml file I have this code
addons:
ssh_known_hosts: multicrew.co.uk
before_install:
- openssl aes-256-cbc -K $encrypted_8c9513462553_key -iv $encrypted_8c9513462553_iv -in deploy/deploy_rsa.enc -out /tmp/deploy_rsa -d
- eval "$(ssh-agent -s)"
- chmod 600 /tmp/deploy_rsa
- ssh-add /tmp/deploy_rsa
- chmod +x deploy/deploy.sh
after_success: "deploy/deploy.sh"
I do not know why rsync cannot assign the requested address, I have an A name record set up within CloudFlare that forwards multicrew.co.uk to my server's IP
The error you are getting looks like it is caused by an outstanding issue with IPv6 on Travis CI.
However because, at the time of writing, your multicrew.co.uk domain is proxied by Cloudflare and Cloudflare only proxies HTTP traffic, the suggested fix of disabling IPv6 will not work.
You'll need to either create a separate non-proxied (grey cloud) hostname to use with SSH/RSYNC, change the rsync command to connect directly to the server IP address or disable Cloudflare proxying for the multiview.co.uk hostname.
Note that adding a non-proxied hostname in DNS will expose your server's IP address. You might want to restrict access on your server to just the Travis CI and Cloudflare IP ranges (e.g. with firewall rules or in the web server configuration).
Related
Having problems when using the "sudo" command to make requests through a proxy server:
If i don't use sudo, the request goes through the proxy 10.139.212.25:8080
wget http://www.proxypronto com/
Connecting to 10.139.212.25:8080... connected.
Proxy request sent, awaiting response... 403 Forbidden (Blocked by Trustwave Secure Web Gateway)
2015-12-01 13:11:47 ERROR 403: Forbidden (Blocked by Trustwave Secure Web Gateway).
If I use sudo, the request does not go through the proxy 10.139.212.25:8080
sudo wget http://www.proxypronto com/
Resolving www.proxypronto com ... 96.31.64.186
Connecting to www.proxypronto com |96.31.64.186|:80... failed: Connection refused.
How can I make the requests to go through the proxy when using "sudo"?
Firstly, try the following comand:
sudo http_proxy=$http_proxy wget "http://stackoverflow.com"
At first glance, you need to add enviroment variables to sudoers config:
sudo visudo
add these lines
Defaults env_keep += "ftp_proxy http_proxy https_proxy no_proxy"
or, use separate lines:
Defaults env_keep +="http_proxy"
Defaults env_keep +="https_proxy"
Defaults env_keep +="HTTP_PROXY"
Defaults env_keep +="HTTPS_PROXY"
I want a fast and flexible file server but I don't need encryption or authentication. How can I use SFTP for this on Linux systems?
SFTP happens to be used by SSH servers but it's a well-developed protocol that works well on its own. The sftp-server developed by OpenSSH has no dependency on an SSH server; sftp-server uses standard input/output. (Other SFTP servers are similar.)
It is trivial to share a filesystem via SFTP, similar to what you might do with NFS but without the need for root access. I'll use socat as the daemon for this ad-hoc example, but xinetd would make a more permanent solution. The location of sftp-server is from my Ubuntu installation of the openssh-sftp-server package.
On the server:
$ mkdir shared_to_the_world
$ cd shared_to_the_world
$ socat tcp-listen:1234,reuseaddr,fork exec:/usr/lib/openssh/sftp-server
On the client:
$ mkdir /tmp/sftp_test
$ sshfs -o reconnect,ssh_command="nc my_sftp_server_address 1234 --" : /tmp/sftp_test
$ cd /tmp/sftp_test
Now your client (and anyone else's!) can seamlessly work with the files in the shared directory on the server. Both read and write are enabled, so be careful.
Consider using socat listen's "bind" and "range" options to limit the access to your server.
You can’t use SFTP without SSH. Take a look at : https://www.ssh.com/ssh/sftp/ (emphasis mine) :
“ SFTP (SSH File Transfer Protocol) is a secure file transfer protocol. It runs over the SSH protocol.. It supports the full security and authentication functionality of SSH.
...
SFTP port number is the SSH port 22 ... It is basically just an SSH server. Only once the user has logged in to the server using SSH can the SFTP protocol be initiated. There is no separate SFTP port exposed on servers. “
Currently, I'm trying to use a docker image gitlab file inorder to connect to my production server and overwrite my code within the production on deployment. While I can ssh from my local machine with the private key given, whenever I try to copy the private key as a variable and connect I consistently get the error of:
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
...
debug1: read_passphrase: can't open /dev/tty: No such device or address
Host key verification failed.
lost connection
I've verified that the /dev/tty address exists on both machines and that my .pem can be read appropriately on the gitlab runner post copying, I've established appropriate permissions with chmod and also have tried multiple permutations of calling the scp script. I'm currently running my connection within the before_script of my gitlab.yml file to avoid the delay of building the docker images within my file and the relevant portion is enclosed below.
EDIT: /dev/tty also has the correct permissions, I've viewed the previous stack overflow posts related to this issue and they either weren't relevant to the problem or weren't the solution
image: docker:19.03.5
services:
- docker:19.03.1-dind
before_script:
- docker info
- apk update
- apk add --no-cache openssh
- touch $SSH_KEY_NAME
- echo "$SSH_KEY" > "./$SSH_KEY_NAME"
- chmod 700 $SSH_KEY_NAME
- ls -la /dev/tty
- scp -v -P 22 $SSH_KEY_NAME -i $SSH_KEY_NAME $PROD_USER#$SERVER_URL:.
Apologies if it feels dumb, but I have little experience within the technical nature of private key setup from another machine, currently I'm unsure if I need to link the private key within my gitlab runner in a specific way? If it's possible that the echo isn't saving the .pem as a private key. My IP inbound for the aws instance is set for all traffic on port 22, and copying this key and connecting from my PC works fine. It's just the runner that has problems. Thanks for your help!
The best solution I found to this is to either run an ubuntu gitlab-image and manually call docker inside it with a volume tied to ssh or use a aws instance with a password to gitlab secrets if you're hardpressed on the dind image in gitlab. Neither is truly optimal, but due to the containerization's effectiveness in isolation, you have to resolve it in one of the two method's.
I am new to moovweb. Using gitbash to login to moov server . After logging in I try to clone a project created successfully at moov web site from gitbash(as admin). I get the below error
$git clone moov#git.moovweb.com:bharath2k5/wikipedia.git
ssh:connect to host git.moovweb.com port 443: Bad file number
fatal:could not read from remote repository.
Please make sure you have the correct access rights and the repository exists.
Also this is my .ssh/config.
Host git.moovweb.com
IdentityFile ~/.ssh/id_rsa
PreferredAuthentications publickey
Port 443
Thanks for your help.
It looks like your computer failed to connect to the moovweb git server (git.moovweb.com) so it didn't even get to the authentication step. I noticed you have a rule in your ssh config to use port 443 instead of 22. Does your network block port 22 access? It's possible that even with the configuration, git is still using port 22. You can check by running the following command:
Best way to check is to run the following command in git bash:
$ ssh -vv moov#git.moovweb.com
That should give you a lot of information, including which port ssh is trying to use.
Anyways, you can force git to use port 443 on a particular project by changing the URI used to clone the project. Try the following and see if it works:
$ git clone ssh://moov#git.moovweb.com:443/bharath2k5/wikipedia.git
If that works, it seems that the Port configuration in .ssh/config doesn't seem to apply to git operations.
I'm having an hard time trying to configure Capistrano 3.1 to deploy an app hosted on Github.
I'm following Capistrano Documentation and I have successfully completed the first step (SSH keys from workstation to servers) and on the second one (From our servers to the repository host) I'm able to successfully run ssh -A deploy#one-of-my-servers.com 'git ls-remote git#github.com:my_user/my_repo.git':
18f38afz261df35d462f7f4e2ca847d22f148a06 HEAD
18f38afz261df35d462f7f4e2ca847d22f148a06 refs/heads/master
however, ssh deploy#one-of-my-servers.com 'git ls-remote git#github.com:my_user/my_repo.git' fails:
Permission denied (publickey).
Capistrano docs suggests
If you get the error "host key verification failed." log in into your server and run as the deploy user the command ssh git#github.com to add github.com to the list of known hosts.
SO, I tried so but I get
ssh git#github.com
Warning: Permanently added the RSA host key for IP address '192.30.252.131' to the list of known hosts.
Permission denied (publickey).
And I'm basically not able to successfully access the Github repo.
SSH documentation states:
-A Enables forwarding of the authentication agent connection. This
can also be specified on a per-host basis in a configuration
file.
How can I specified on a per-host basis in a configuration file?
My local machine runs Mac OSX Mavericks.
The VPS runs Ubuntu 12.04
Thanks.
Do you have your ssh key added to the list of agent identites ?
You can check with ssh-add -L , you should see the key your are using to connect to github :
$ ssh-add -L
ssh-rsa AAAAB3N.....0VmSiRvTzBrbU0ww== /Users/youruser/.ssh/id_rsa
If you don't see the ssh key you use for github or a message like
The agent has no identities.
Then you should add your key with :
ssh-add ~/.ssh/id_rsa
(replace with the path to the key you use for github)
See the ssh-add doc for more info
Add following lines to .ssh/config file on your local computer
Host Server_Address
ForwardAgent yes
Check your local key whether listed in ssh-add list or not with
ssh-add -L
If not add key to SSH Agent
ssh-add -K
Connect to Remote Server
ssh -v username#Server_Address
Check SSH Agent forwarding is enabled by running following command. It should list a socket file
echo "$SSH_AUTH_SOCK"
Run connection test against GitHub
ssh -T git#github.com
Run ls remote test against targeted git repository
git ls-remote --heads git#github.com:account/repo.git
Finally logout and run following from your local machine
cap production git:check
Add the following to ~/.ssh/config
Host one-of-my-servers.com
ForwardAgent yes
Yet another cause: If the target host's fingerprint doesn't match with your ~/.ssh/known_hosts, SSH automatically disables Agent Forwarding.
The solution is:
$ ssh -A -o UserKnownHostsFile=/dev/null my-target-host