I was wondering if anyone has tried using teamcity's command line builder to perform ssh remote login.
Right now, I would like to automate some testing on a QNX neutrino OS which is currently unsupported by teamcity. As a work around, I setup a ssh server on the target qnx machine so i could ssh and sftp the executables in.
Firstly, the source are compiled on Windows XP using qnx's compiler (based on g++). Followed by sftp-ing the executables into qnx neutrino.
Next, using ssh, script the login to remotely start the test apps and send the results back to the remote agent for publishing.
The batch script I created works well standalone, however, after hooking it up on the remote agent, it fails to login ssh and hangs indefinitely at the following command:
ssh -l "./.sh"
Notes:
I have added the remote agent's RSA public key in the QNX .ssh/authorized keys file, automatic login is working.
Is there a need to add the teamcity server's RSA public key in too?
Anyone has any idea on this problem?
I had a few weird problems with key-based SSH logins on QNX related to file permissions for the keys in .ssh. and permissions of parent folders (/home/username and /root).
Add
LogLevel DEBUG3
to /etc/openssh/sshd_config, make sure syslog is configured and is logging sshd output, restart sshd and try again - it will most likely complain about something.
Also, ssh -l "./.sh" makes no sense - -l is used to specify the user name, something is off there.
Related
I have connected to a remote Ubuntu host from Windows using VS Code and using it for remote development. Often times I open different code repositories in VS Code but every time I have to open a different folder despite having the connection established the VS Code ask for password.
It seems that once we are commented to a remote host then successive opening of different folder from same host should not prompt for password.
Is there any setting I am missing or should do to resolve this or save password.
I'm assuming you're connecting to an ssh remote.
There are two ways to authenticate an ssh connection, via password and via public/private key. When using the latter you don't need to enter the password each time.
To use the public/private keys here's what you have to do:
You first need a pair (public/private) of ssh keys. On windows you can use ssh-keygen to generate them for you and put them in the default ssh config folder ( ~/.ssh/)
You then have to configure the remote server to allow your ssh key, you can do this in two ways:
with the ssh-copy-id command if available (I think on windows it's not there, but you can try)
by manually add your public key (~/.ssh/id_rsa.pub) to the.ssh/authorized_keys file on the host machine
Here's a link to know more about passwordless logins via ssh: https://www.redhat.com/sysadmin/passwordless-ssh
Open git bash on Windows
cd .ssh
ssh-copy-id -i id_ed25519.pub your-username#your-server
Is it possible in VSCode to edit files within WSL2 of a remote PC. (This is like a combination of Remote-WSL and Remote-SSH.) I can connect to that remote PC via ssh and RDP.
The path \\wsl$\ does not seem to be available in my remote-ssh connection.
PCA - me, local, VSCode
^
|
ssh and/or RDP
|
V
PCB - remote, WSL2
(I currently have Windows OpenSSH set up on the remote PC, with the default CMD shell. I tried setting the shell to Bash but then the remote extension wouldn't install.)
Update Setting PC-B's ssh server shell to bash.exe does solve all my problems. I'm not sure why it didn't work before. See my answer below for more details.
Answering my own question I was certain I'd tried this before and it had not worked, but now that I try it again it works. Perhaps I just needed a reboot of Windows and WSL2.
Enable Windows SSH server on PC-B and set the shell to be bash.exe
# Powershell as Administrator
Add-WindowsCapability -Online -Name OpenSSH.Server~~~~0.0.1.0
Set-Service -Name sshd -StartupType 'Automatic'
New-ItemProperty -Path "HKLM:\SOFTWARE\OpenSSH" -Name DefaultShell -Value "C:\WINDOWS\System32\bash.exe" -PropertyType String -Force
If you want authorized_keys-based login to this PC and your account is an Administrator account, you will need to follow the special instructions here: https://learn.microsoft.com/en-us/windows-server/administration/openssh/openssh_keymanagement (I have heard of having to manually fix the administrator_authorized_keys file permission at some point too. https://stackoverflow.com/a/64868357/600360 )
Using Remote-SSH connect VSCode from PC-A to PC-B (using Windows credentials) and tell VSCode that it is a linux server (because you're connecting to bash.exe within WSL2).
If you're behind a proxy server, add the proxy to your ~/.wgetrc.
Voila.
These steps taken from THE EASY WAY how to SSH into Bash and WSL2 on Windows 10 from an external machine where you can find more details.
If you want to connect to remote WSL, you probably should set it up to run own sshd instead of relying on hosting Windows to do the tunneling.
If I have got your problem statement right, the flow seems to be outlined in one of VS Code blog posts. Here I'll mention steps I think you will need to get to your target state.
Firstly, disable sshd on remote Windows so it does not occupy port 22. then, install and start sshd inside PCB:
# from PCB command prompt
# something like that, depending on your choice of distro
sudo apt remove openssh-server && sudo apt install openssh-server
# this would again depend on your chosen distro
sudo /etc/init.d/ssh start # after i do this - windows pops up a firewall prompt to allow me create a rule. you might need to add it manually
then you'd need to either enable password logins via ssh or (preferably) generate a key pair and put your public key into /home/your_name/.ssh/authorized_keys on PCB.
Assuming you have OpenSSH for Windows installed (this seems to be the client Remote SSH relies on), on your PCA follow something like so:
# something along these lines on your PCA
PS C:\WINDOWS\system32>ssh-keygen
# note location of .pub file and copy its contents into remote ./ssh/authorized_keys
# add generated private key to ssh-agent service
PS C:\WINDOWS\system32> Start-Service ssh-agent # if this fails - ensure service is installed and enabled
PS C:\WINDOWS\system32> ssh-add path\to\your\private_key # ensure you have dropped all permission except your own user
Watch out for permissions:
ssh keys are considered secret, so neither client nor server would start unless you drop all permissions from your key material. On linux do chmod 600 .ssh/authorized_keys, and for windows ssh-agent follow instructions from this SE answer.
The above may seem a bit daunting but is in fact very standard SSH setup procedure
easy steps
just update your vscode to the latest version
install Remote Development extension pack
allow WSL2 connection in the settings
if my answer helped you upvoted :D
I know it's been a while since the post, but here is a useful answer that uses Remote -- Tunnels extension.
https://stackoverflow.com/a/75389647
It appears that, for now, you need to manually install the CLI in WSL in order for it to work. The downloads can be found here. Since you are on Windows, I would recommend the x64 CLI download. When you extract the tar.gz file, you will get a file named code. I would recommend moving it to your home directory for ease. To open the tunnel, run ./code tunnel (from wherever you put the code file) to force the new CLI. If you use code tunnel it will still use the Windows version.
Source: https://github.com/microsoft/vscode/issues/171196
I'm trying to get Remote-SSH working with ssh-agent, from Windows 7 desktop to CentOs 7 server.
I'm using ssh, ssh-add and ssh-agent from the Git for windows package. From the cmd prompt, this is all working fine, I can "ssh-add -l" and see the keys, and I can run "ssh " and it runs with no problems and without asking for password:
C:\Users\gnb>"c:\Program Files\Git\usr\bin\ssh-add.exe" -l
4096 SHA256:zg2IR6OlPwCGP8SzcbriXIQjth5zuDc9rbO6uaNPmcU gnb#VDI028-MEL (RSA)
C:\Users\gnb>ssh vdi ls
Desktop
tsclient
wkspace
C:\Users\gnb>
From within VS-Code, I can't get this to work. Running the exact same ssh-add command from within the VS-Code Terminal does not seem to find the agent:
C:\Users\gnb>"c:\Program Files\Git\usr\bin\ssh-add.exe" -l
Could not open a connection to your authentication agent.
The actual remote functionality in VS-Code more or less works, but keeps stopping to ask for passwords.
What's missing here? Why can the vs-code environment not connect to the ssh-agent?
OK, I've had a few more hours playing around with this and I think I understand what's going on.
It only works from cmd if it is the same cmd window that was used to start the agent. Opening a new cmd window then ssh gets the same msg as starting vs-code from the menu - can't find the agent. It appears that the start-ssh-agent script that comes with git/ssh on Win7 is setting some environment variables or some such that the ssh client needs. This does make sense, Unix ssh-agent acts the same way, but I'm clearly not used to thinking about windows apps in those terms.
It also seems the start-ssg-agent script will set the environment variables to point to an existing agent if one is running, else will create a new agent. So a 2 line batch file
start-ssh-agent
code
will reliably start up VS Code with the ssh-agent. If you name the identity file in the ssh config, vs-code will add they key to the agent when required. Otherwise you need to manually add the key to the agent, or fall back to entering the password all the time.
Suspect the better solution is to be on Win10 and use ssh-agent as a service, which should mean VS-code should find the agent when run from a menu. But I can't test that.
I have a Linux machine where I have created a cgi script (JarPatch.cgi), the code of which looks like this:
#!/usr/bin/perl
use warnings;
print "Content-type: text/html\n\n";
system ("sh JarPatch.sh");
The code of JarPatch.sh looks like this:
#!/bin/bash
echo "Inside jar patching tool";
PJS_DEV=app4915#slcai833.us.oracle.com;
ssh -f $PJS_DEV "cd /slot/ems4915/appmgr/tmp; echo stopping server ; ./find_stop_servers.sh;"
echo "Exit jar patching tool";
This script will basically shut down a server running on the remote machine
Problem statement is this:
When I execute this cgi script through Linux terminal. I can see that the ssh commands are getting executed. Server is shut down.
When I access the cgi script through a windows machine in a browser, the shell script is invoked but ssh seems not to be working.
Can any one give me a pointer to resolve this issue please?
I am new to perl/shell integration. So might be missing something small as well.
Thanks
When you ssh from windows machine all connections are made as webuser which is not authorized to ssh into remote machine. On other hand when you ssh from linux terminal you are able to ssh as user there is authorized to do so. This is because linux user has its ssh key on remote server.
You can also try to look into ProxyCommand which might come to rescue but i have no idea how it will work with windows.
Other approach is to create ssh keys for webuser and put them into remomte server which will be security risk.
When you run it as yourself ssh is offering your keys to authenticate you. When you run it through the webserver, the webserver user is trying to run the ssh command, and does not have your ssh keys to offer, so is probably being prompted for a password, and not successfully logging in.
You could fix this by generating ssh keys for the webserver user and sharing that key with the target system as well, which has some security implications to say the least.
here's my situation.
I'm running Cruise Control as a Windows Service and trying to get it to connect to a Mercurial Repository on BitBucket over SSH.
I'm pretty sure that everything's configured OK (PuttyGen, Pagaent, etc). I'm remoting onto the server using the same account that I am using to run the service and if I issue hg pull -b ssh://#bitbucket.org// from a command line everything works. I added -v to the ssh configuration in mercurial.ini and I can see all of the steps that are taken.
If I run CC.NET from a command prompt then it builds fine. In the console window I can see the same logging from the SSH operation.
However, if I run CC.NET as a service (using the same user account that I'm logged in on) the call to BitBucket times out. I can find no way to work out why either. The build log doesn't help and neither do ccnet.log or ccnet.trace in the temp directory. I was expecting one of them to contain the logging from the SSH operation, but they don't.
Can anyone help? Is it that running as a service prevents it from connecting to Pagaent (I've started Pagaent by adding it to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run). When I did the pull from the command line I had to OK a dialog, but only once. Is it waiting on the same dialog now that it's running as a service?
Getting close to my wits end here.
Thanks
I did get it working in the end. The trick was to create the public key without a passphrase. When running as a service the solution has to be completely non-interactive and the passphrase option with pagaent.exe just isn't.
Here are the steps:
Use PutTTygen to generate a secure key WITHOUT a passphrase. If you really do need one then you can add it to the mercurial.ini file, but defeats the point for me as it's in plain sight anyway.
Copy a mercurial.ini to two locations: C:\Windows\System32\config\systemprofile and C:\Windows\SysWOW64\config\systemprofile. Probably only one of these was really necessary, but I didn't have the time to experiment. The first is the home directory for the system user when running 64 bit apps, the SysWOW64 location for 32 bit. Make sure that if you do the same as me then keep both files in sync - or go one further and work out which is the correct location.
Add something like this line under the [ui] key in both files:
ssh = "D:\Program Files\TortoiseHg\TortoisePlink.exe" -ssh -2 -C -batch -v -i "[Path to your ppk file]"
Add the passphrase to the end of the command if one was created in step 1.
Make sure that TortoisePlink.exe is specified, not Plink.exe. They should both be in the same directory.
Download psexec from http://technet.microsoft.com/en-gb/sysinternals/bb842062.aspx
Run d:\PSTools\PsExec.exe -s -i cmd.exe. This will open a command line as the system account in interactive mode.
Now do an hg pull, or hg clone or whatever.
A dialog should pop up with a confirmation message. This is a one time thing and the reason that you have to do the PsExec step. OK the dialog.
Now cc.net should be able to be run as a service under the local system account using SSH!