Hey Guys!
Using RHEL v5.7, I am trying to make a connection between two servers with rsa key auth. I need to connect directly to the root as it's privileges are needed for changing password. RSA key is working for normal users but I cannot connect to root. I changed the sshd_config file as
PermitRootLogin without-password
RSAAuthentication yes
PubkeyAuthentication yes
and restart it (on both sides). Files permissions are below:
(Sender server=> /root/.ssh directory's permission is 700)
-rw------- 1 root root 1675 May 25 15:14 id_rsa
-rw-r--r-- 1 root root 392 May 25 15:14 id_rsa.pub
-rw------- 1 root root 2743 May 21 09:13 known_hosts
-rw-r--r-- 1 root root 1177 Mar 30 09:38 known_hosts.old
(Remote server to connect)
-rw------- 1 root root 392 Apr 20 15:35 authorized_keys
-rw------- 1 root root 668 Mar 30 10:08 id_dsa
-rw-r--r-- 1 root root 601 Mar 30 10:08 id_dsa.pub
-rw------- 1 root root 1675 Apr 28 11:09 id_rsa
-rw-r--r-- 1 root root 393 Apr 14 14:40 id_rsa.pub
-rw-r--r-- 1 root root 1178 Apr 28 08:58 known_hosts
Also I provide the verbose output when I run the ssh connection:
Username: user_of_remote_server
New Password: OpenSSH_4.3p2, OpenSSL 0.9.8e-fips-rhel5 01 Jul 2008
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Applying options for *
debug2: ssh_connect: needpriv 0
debug1: Connecting to remote_IP [remote_IP] port 44.
debug1: Connection established.
debug1: permanently_set_uid: 0/0
debug1: identity file /root/.ssh/identity type -1
debug3: Not a RSA1 key file /root/.ssh/id_rsa.
debug2: key_type_from_name: unknown key type '-----BEGIN'
debug3: key_read: missing keytype
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug2: key_type_from_name: unknown key type '-----END'
debug3: key_read: missing keytype
debug1: identity file /root/.ssh/id_rsa type 1
debug1: identity file /root/.ssh/id_dsa type -1
debug1: loaded 3 keys
debug1: Remote protocol version 2.0, remote software version OpenSSH_4.3
debug1: match: OpenSSH_4.3 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_4.3
debug2: fd 3 setting O_NONBLOCK
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib@openssh.com
debug2: kex_parse_kexinit: none,zlib@openssh.com
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: mac_init: found hmac-md5
debug1: kex: server->client aes128-ctr hmac-md5 none
debug2: mac_init: found hmac-md5
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug2: dh_gen_key: priv key bits set: 118/256
debug2: bits set: 512/1024
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug3: check_host_in_hostfile: filename /root/.ssh/known_hosts
debug3: check_host_in_hostfile: match line 1
debug1: Host 'remote_IP' is known and matches the RSA host key.
debug1: Found key in /root/.ssh/known_hosts:1
debug2: bits set: 498/1024
debug1: ssh_rsa_verify: signature correct
debug2: kex_derive_keys
debug2: set_newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug2: set_newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug2: key: /root/.ssh/id_rsa (0x2b9f25eb6cf0)
debug2: key: /root/.ssh/identity ((nil))
debug2: key: /root/.ssh/id_dsa ((nil))
debug3: input_userauth_banner
debug1: Authentications that can continue: publickey,gssapi-with-mic,password
debug3: start over, passed a different list publickey,gssapi-with-mic,password
debug3: preferred publickey,keyboard-interactive,password
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Offering public key: /root/.ssh/id_rsa
debug3: send_pubkey_test
debug2: we sent a publickey packet, wait for reply
debug1: Authentications that can continue: publickey,gssapi-with-mic,password
debug1: Trying private key: /root/.ssh/identity
debug3: no such identity: /root/.ssh/identity
debug1: Trying private key: /root/.ssh/id_dsa
debug3: no such identity: /root/.ssh/id_dsa
debug2: we did not send a packet, disable method
debug3: authmethod_lookup password
debug3: remaining preferred: ,password
debug3: authmethod_is_enabled password
debug1: Next authentication method: password
root@remote_IP's password:
debug3: packet_send2: adding 64 (len 60 padlen 4 extra_pad 64)
debug2: we sent a password packet, wait for reply
debug1: Authentications that can continue: publickey,gssapi-with-mic,password
Permission denied, please try again.
root@remote_IP's password:
Where is the problem ? I do not want to be asked password for root during rsa connection. That's why I am using without-password mode for PermitRootLogin. Thanks for your helps!
Hi,
I try to co connect to a linux server and get following message:
Code:
me@host:~> ssh -X target -vvv
OpenSSH_5.1p1, OpenSSL 0.9.8j-fips 07 Jan 2009
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug2: ssh_connect: needpriv 0
debug1: Connecting to target [192.103.143.9] port 22.
debug1: Connection established.
debug3: Not a RSA1 key file /users/me/.ssh/id_rsa.
debug2: key_type_from_name: unknown key type '-----BEGIN'
debug3: key_read: missing keytype
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug2: key_type_from_name: unknown key type '-----END'
debug3: key_read: missing keytype
debug1: identity file /users/me/.ssh/id_rsa type 1
debug1: identity file /users/me/.ssh/id_dsa type -1
ssh_exchange_identification: Connection closed by remote host
Now I am trying to figure out what the problem is but I cannot connect to the target server. Is there any other way to connect except using ssh?
Thanx
Hi guys,
I have a problem using scp within following verbose statements:
debug1: Authentications that can continue: publickey,gssapi-with-mic,password
debug1: Next authentication method: publickey
debug1: Trying private key: /root/.ssh/identity
debug1: Offering public key: /root/.ssh/id_rsa
debug1: Authentications that can continue: publickey,gssapi-with-mic,password
debug1: Trying private key: /root/.ssh/id_dsa
debug1: Next authentication method: password
user@remote_machine1IP's password:
debug1: Authentication succeeded (password).
debug1: channel 0: new [client-session]
debug1: Entering interactive session.
debug1: Sending environment.
debug1: Sending env LANG = en_US.UTF-8
debug1: Sending command: scp -v httpd_ip_change2.conf. user2@remote_machine2IP:/usr/local/apache/conf
Executing: program /usr/bin/ssh host remote_machine2IP, user user2, command scp -v -t /usr/local/apache/conf
OpenSSH_4.3p2, OpenSSL 0.9.8e-fips-rhel5 01 Jul 2008
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Applying options for *
debug1: Connecting to remote_machine2IP [remote_machine2IP] port 44.
debug1: Connection established.
debug1: identity file /home/user1/.ssh/identity type -1
debug1: identity file /home/user1/.ssh/id_rsa type 1
debug1: identity file /home/user1/.ssh/id_dsa type -1
debug1: loaded 3 keys
debug1: Remote protocol version 2.0, remote software version OpenSSH_4.3
debug1: match: OpenSSH_4.3 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_4.3
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host 'remote_machine2IP' is known and matches the RSA host key.
debug1: Found key in /home/user1/.ssh/known_hosts:1
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,gssapi-with-mic,password
debug1: Next authentication method: publickey
debug1: Trying private key: /home/user1/.ssh/identity
debug1: Offering public key: /home/user1/.ssh/id_rsa
debug1: Authentications that can continue: publickey,gssapi-with-mic,password
debug1: Trying private key: /home/user1/.ssh/id_dsa
debug1: Next authentication method: password
debug1: read_passphrase: can't open /dev/tty: No such device or address
debug1: Authentications that can continue: publickey,gssapi-with-mic,password
Permission denied, please try again.
debug1: read_passphrase: can't open /dev/tty: No such device or address
debug1: Authentications that can continue: publickey,gssapi-with-mic,password
Permission denied, please try again.
debug1: read_passphrase: can't open /dev/tty: No such device or address
debug1: Authentications that can continue: publickey,gssapi-with-mic,password
debug1: No more authentication methods to try.
Permission denied (publickey,gssapi-with-mic,password).
lost connection
debug1: client_input_channel_req: channel 0 rtype exit-status reply 0
debug1: channel 0: free: client-session, nchannels 1
debug1: Transferred: stdin 0, stdout 0, stderr 0 bytes in 0.1 seconds
debug1: Bytes per second: stdin 0.0, stdout 0.0, stderr 0.0
debug1: Exit status 1
I have been trying to copy files between two remote machines. (RHEL 5.7 on Windows by Mremote).
Thank you !
I have been asked to setup an SFTP which uses RSA public key authentication.
AS it was already in use I have opted to use CygWin and I can get it to work with passwords fine.
we are going to be hosting the SFTP server with users from the clients office connecting to it. The client has sent me their public key.
Having done LOts of reading and even more attempting to configure the server I just cant get it to work. Most of thetime I get..
ebug1: Host '127.0.0.1' is known and matches the ECDSA host key.
debug1: Found key in /home/ColoniAdmin/.ssh/known_hosts:1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,keyboard-interactive
debug1: Next authentication method: publickey
debug1: Trying private key: /home/ColoniAdmin/.ssh/id_rsa
debug1: Trying private key: /home/ColoniAdmin/.ssh/id_dsa
debug1: Trying private key: /home/ColoniAdmin/.ssh/id_ecdsa
debug1: Trying private key: /home/ColoniAdmin/.ssh/id_ed25519
debug1: Next authentication method: keyboard-interactive
debug1: Authentications that can continue: publickey,keyboard-interactive
debug1: No more authentication methods to try.
Permission denied (publickey,keyboard-interactive).
I have once managed to get it to the point of asking for a passphrase for the private key but I don't have a private key (that I know of) just the public key the client sent us. and I certainly don't want to have to use passphrases
Their public key is in the authorized_key file on our server within the .ssh folder of their home folder. I have amended paswd and sshd_config to set home location and to allow RSA authentication.
All and any advice is super welcome, I have been doing this for 2 weeks now and i just wont work.
HELP HELP HELP!!!!!! ;-)
Thanks
Dear all,
This is long story cut short, with vsftp, if i set this parameters in the vsftp.conf file below
Code:
local_enable=YES
chroot_local_users=YES
I am able to login to the ftp account, see and list my home/user directory, and if i do a cd / or cd .. , i will still be chroot to my /home/user directory.
without, the need to chmod or or chown anything to my /home/user directory
=============================================
With openSSH, internal_sftp, even though I have set the sshd_conf to
Code:
Match user alankoh
X11Forwarding no
AllowTcpForwarding no
ForceCommand internal-sftp
ChrootDirectory /home/%u
I will need to change owner my /home/user directory to have root becomes it owner.
============================================
Q1) why this difference ? How does vsftp chroot without changing the /home/user folder ownership ?
Q2) i realize that openssh ChrootDirectory parameter causes my default login directory to be set as that of the parameter.
(e.g. if i set to "/whatever/xyz", i will be brought to that /whatever/xyz everytime i login to the sftp instead of my /home/user folder.
Why ? I thought that ChrootDirectory is just a security measure to specify the directory to go to in case the user cd to root (e.g. cd /), else not, i should still go to my /home/user folder everytime i login to sftp.
Regards,
Noob
I set up a Ubuntu on a Virtualbox VM instance, using bridged network. External SSH to it is very slow. I am not sure if it's a Ubuntu problem or a Virtualbox problem. I labeled some delay gaps in a debug ssh session:
ssh -v mybox.mydomain.xxx -l myid
OpenSSH_4.3p2, OpenSSL 0.9.8e-fips-rhel5 01 Jul 2008
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Connecting to mybox.mydomain.xxx [129.186.142.168] port 22.
debug1: Connection established.
debug1: identity file /home/hu/.ssh/identity type -1
debug1: identity file /home/hu/.ssh/id_rsa type 1
debug1: identity file /home/hu/.ssh/id_dsa type -1
debug1: loaded 3 keys
debug1: Remote protocol version 2.0, remote software version OpenSSH_6.6p1 Ubuntu-2ubuntu1
debug1: match: OpenSSH_6.6p1 Ubuntu-2ubuntu1 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_4.3
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host 'mybox.mydomain.xxx' is known and matches the RSA host key.
debug1: Found key in /home/eded/.ssh/known_hosts:23
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
(-----pause 12 seconds------)
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: Trying private key: /home/hu/.ssh/identity
debug1: Offering public key: /home/hu/.ssh/id_rsa
debug1: Server accepts key: pkalg ssh-rsa blen 277
debug1: read PEM private key done: type RSA
(-----pause 5 seconds------)
debug1: Authentication succeeded (publickey).
debug1: channel 0: new [client-session]
debug1: Entering interactive session.
debug1: Sending environment.
debug1: Sending env LANG = en_US
(-----pause 31 seconds------)
Welcome to Ubuntu 14.04 LTS (GNU/Linux 3.13.0-24-generic i686)
Any suggestions? Thanks in advance.
joe
Hello, this is my first post
First i would like to thank you all for answering other people questions because I've been able to learn from the forum a lot.
I need your help with something.
I have standard output from 'ls -laR /etc' command which looks like this:
Code:
/etc/X11/xorg.conf.d:
total 4
drwxr-xr-x. 2 root root 29 Apr 1 00:46 .
drwxr-xr-x. 5 root root 54 Apr 1 00:43 ..
-rw-r--r--. 1 root root 232 Apr 1 00:46 00-keyboard.conf
/etc/xdg:
total 12
drwxr-xr-x. 4 root root 36 Apr 1 00:43 .
drwxr-xr-x. 87 root root 8192 Apr 12 13:53 ..
drwxr-xr-x. 2 root root 6 Jun 10 2014 autostart
drwxr-xr-x. 2 root root 17 Apr 7 01:25 systemd
by using sed command:
Code:
sed -e '/./!d' -e '/^total/d' -e '/\.$/d' -e 's/:$/\//' list.txt
I have transformed it to the following form:
Code:
/etc/X11/xorg.conf.d/
-rw-r--r--. 1 root root 232 Apr 1 00:46 00-keyboard.conf
/etc/xdg/
drwxr-xr-x. 2 root root 6 Jun 10 2014 autostart
drwxr-xr-x. 2 root root 17 Apr 7 01:25 systemd
and now I would like to achieve absolute paths at the end of each row
Code:
-rw-r--r--. 1 root root 232 Apr 1 00:46 /etc/X11/xorg.conf.d/00-keyboard.conf
drwxr-xr-x. 2 root root 6 Jun 10 2014 /etc/xdg/autostart
drwxr-xr-x. 2 root root 17 Apr 7 01:25 /etc/xdg/systemd
How do I join(merge) filenames with corresponding absolute path to their parent directory?
I know how to extract filenames using awk and get this:
Code:
00-keyboard.conf
autostart
systemd
but I don't know what to do next. Should I use some hitech sed option or go for loop or try with arrays? Help. Heeeelp
Hello,
I am facing an issue with a filesystem (/dev/sda3); I see space used on it (around 365GB) when I am looking at the host with "df -h" command.
Code:
[root@srv_omega /]# df -h
Filesystem Size Used Avail Use% Mounted on
/dev/sda3 443G 365G 56G 87% /
tmpfs 95G 56K 95G 1% /dev/shm
/dev/sda1 484M 39M 421M 9% /boot
/dev/sdb1 3.6T 1.3T 2.2T 36% /hadoop/disk1
/dev/sdc1 3.6T 1.3T 2.2T 37% /hadoop/disk2
/dev/sdd1 3.6T 1.3T 2.2T 36% /hadoop/disk3
/dev/sde1 3.6T 1.3T 2.2T 37% /hadoop/disk4
/dev/sdf1 3.6T 1.3T 2.2T 36% /hadoop/disk5
/dev/sdg1 3.6T 1.3T 2.2T 36% /hadoop/disk6
/dev/sdh1 3.6T 1.3T 2.2T 36% /hadoop/disk7
/dev/sdi1 3.6T 1.3T 2.2T 36% /hadoop/disk8
/dev/sdj1 3.6T 1.3T 2.2T 36% /hadoop/disk9
/dev/sdk1 3.6T 1.3T 2.2T 36% /hadoop/disk10
/dev/sdl1 3.6T 1.2T 2.3T 36% /hadoop/disk11
/dev/sdm1 3.6T 1.3T 2.2T 36% /hadoop/disk12
/dev/sdn1 3.6T 1.3T 2.2T 36% /hadoop/disk13
/dev/sdo1 3.6T 1.3T 2.2T 37% /hadoop/disk14
/dev/sdp1 3.6T 1.1T 2.4T 30% /hadoop/disk15
cm_processes 95G 8.2M 95G 1% /var/run/cloudera-scm-agent/process
I have looked if any hidden file might cause the issue, no joy.
Code:
[root@srv_omega /]# pwd
/
[root@srv_omega /]# ls -lrtha
total 121K
drwxr-xr-x 2 root root 4.0K Jun 28 2011 srv
drwxr-xr-x 2 root root 4.0K Jun 28 2011 mnt
drwxr-xr-x 2 root root 4.0K Jun 28 2011 media
drwxr-xr-x 2 root root 4.0K Dec 20 2012 cgroup
drwx------ 2 root root 16K Jun 2 2014 lost+found
drwxr-xr-x 2 root root 4.0K Jun 2 2014 selinux
-rw-r--r-- 1 root root 0 Jun 3 2014 .autorelabel
drwxr-xr-x 18 root root 4.0K Jun 5 2014 hadoop
drwxr-xr-x 21 root root 4.0K Jun 5 2014 var
dr-xr-xr-x 9 root root 12K Jun 20 2014 lib64
dr-xr-xr-x 2 root root 12K Jun 21 2014 sbin
dr-xr-xr-x 2 root root 4.0K Jun 21 2014 bin
dr-xr-xr-x 5 root root 1.0K Jun 22 2014 boot
dr-xr-x--- 5 root root 4.0K Jun 22 2014 root
drwxr-xr-x 6 root root 4.0K Jun 22 2014 opt
drwxr-xr-x 3 root root 4.0K Dec 10 19:11 home
dr-xr-xr-x 13 root root 4.0K Dec 12 16:18 lib
dr-xr-xr-x 1140 root root 0 Apr 30 15:11 proc
drwxr-xr-x 13 root root 0 Apr 30 15:11 sys
-rw-r--r-- 1 root root 0 Apr 30 15:11 .autofsck
drwxr-xr-x 2 root root 0 Apr 30 15:11 misc
drwxr-xr-x 2 root root 0 Apr 30 15:11 net
drwxr-xr-x 15 root root 4.0K Apr 30 15:12 usr
drwxr-xr-x 19 root root 4.6K Apr 30 15:12 dev
dr-xr-xr-x 27 root root 4.0K Apr 30 15:12 ..
dr-xr-xr-x 27 root root 4.0K Apr 30 15:12 .
drwxr-xr-x 122 root root 12K May 4 03:33 etc
drwxrwxrwt 16 root root 4.0K May 7 06:14 tmp
So I try to find where the space is used with a "du -sh" command
Code:
[root@srv_omega /]# pwd
/
[root@srv_omega /]# du -sh *
7.8M bin
29M boot
4.0K cgroup
280K dev
26M etc
19T hadoop
124K home
144M lib
26M lib64
16K lost+found
4.0K media
0 misc
4.0K mnt
0 net
7.9G opt
du: cannot access `proc/9170/task/27326/fdinfo/538': No such file or directory
du: cannot access `proc/45119/task/45119/fd/4': No such file or directory
du: cannot access `proc/45119/task/45119/fdinfo/4': No such file or directory
du: cannot access `proc/45119/fd/4': No such file or directory
du: cannot access `proc/45119/fdinfo/4': No such file or directory
du: cannot access `proc/45160': No such file or directory
0 proc
3.8M root
17M sbin
4.0K selinux
4.0K srv
0 sys
3.9M tmp
2.6G usr
16G var
So as far as I understand, only /hadoop is a suitable suspect (as cumulative size of all the other folders on "/" are well below the 365GB)
Code:
[root@srv_omega hadoop]# cd /
[root@srv_omega /]# cd /hadoop
[root@srv_omega hadoop]# ls -lrtha
total 72K
drwxr-xr-x 2 root root 4.0K Jun 5 2014 disk16
drwxr-xr-x 18 root root 4.0K Jun 5 2014 .
drwxr-xr-x 4 root root 4.0K Jun 22 2014 disk1
drwxr-xr-x 4 root root 4.0K Jun 22 2014 disk11
drwxr-xr-x 4 root root 4.0K Jun 22 2014 disk10
drwxr-xr-x 4 root root 4.0K Jun 22 2014 disk13
drwxr-xr-x 4 root root 4.0K Jun 22 2014 disk12
drwxr-xr-x 4 root root 4.0K Jun 22 2014 disk14
drwxr-xr-x 4 root root 4.0K Jun 22 2014 disk2
drwxr-xr-x 4 root root 4.0K Jun 22 2014 disk4
drwxr-xr-x 4 root root 4.0K Jun 22 2014 disk3
drwxr-xr-x 4 root root 4.0K Jun 22 2014 disk6
drwxr-xr-x 4 root root 4.0K Jun 22 2014 disk5
drwxr-xr-x 4 root root 4.0K Jun 22 2014 disk8
drwxr-xr-x 4 root root 4.0K Jun 22 2014 disk7
drwxr-xr-x 4 root root 4.0K Jun 22 2014 disk9
drwxr-xr-x 5 root root 4.0K Nov 19 20:02 disk15
dr-xr-xr-x 27 root root 4.0K Apr 30 15:12 ..
All folders from 1 to 15 are on different filesystems, so the folder disk16 seems to be the only option but there is nothing in it.
Code:
[root@srv_omega hadoop]# cd disk16/
[root@srv_omega disk16]# ls -lrtha
total 8.0K
drwxr-xr-x 18 root root 4.0K Jun 5 2014 ..
drwxr-xr-x 2 root root 4.0K Jun 5 2014 .
[root@srv_omega disk16]#
I just don't get it; no folder seems responsible for the "365Gb"...
Any idea on how I could try to find out where those "365GB" are ?
I have set up a SFTP which I can connect to, go to the right directory and read/write files to.
The full path is home/sftpuser/SFTP/Customer
The user "sftpuser" I am connecting with is in the group "ftpusers" which has read/write access.
That works fine.
Here is my sshd_config:
Code:
Match Group ftpusers ChrootDirectory /home/%u/
ForceCommand internal-sftp
AllowAgentForwarding no
AllowTcpForwarding no
X11Forwarding no
However, I made a samba share of the folder Customer, when I go to the IP adress on a Windows machine "\\10.0.0.1\" I can see the folder Customer, when entering it requests user/pass and afterwards gives an error: you have not the right permissions.
In Webmin:
Customer /home/sftpuser/SFTP/Customer Read/write to everyone
My smb.conf:
Code:
[global]
syslog = 0
log file = /var/log/samba/log.%m
read raw = no
write raw = no
passdb backend = tdbsam
workgroup = DOMAIN
usershare allow guests = yes
socket options = TCP_NODELAY
pam password change = yes
passwd program = /usr/bin/passwd %u
unix password sync = yes
obey pam restrictions = yes
passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
server role = standalone server
server string = %h server (Samba, Ubuntu)
max log size = 1000
map to guest = bad user
panic action = /usr/share/samba/panic-action %d
dns proxy = no
[Customer]
force create mode = 755
browsable = yes
public = yes
path = /home/sftpuser/SFTP/Customer
force directory mode = 755
writeable = yes
valid users = @ftpusers
force group = ftpusers
write list = @ftpusers
I have been struggling for 3 days and am totally out of ideas.
LS -L for the folder:
Code:
total 4
drwxrwx---+ 2 sftpuser ftpusers 4096 Apr 9 11:35 Customer
Is there an sftp package that can be used which is more flexible then the ssh internal ftp server. I have been tasked with providing an /srv/ftp/ directory which includes
mount -bind other_directory1 /srv/ftp/d1
mount -bind other_driectory2 /srv/ftp/q2
...etc
Since sftp via ssh demands that all directories be owned by root I have a problem. The 'other directories' are owned by different sets of groups. We have engineers who will have carte blanche access. I have another group 'manufacturing' who will need to be chrooted to /var/ftp/. They will need to see directories underneath /var/ftp/ and nothing else. We don't want them to be able to cd to any other part of the system. Manufacturing does not have any account on the machine. My last group sales has an account on the server. I have been able to chroot them to there home folder where they also have the same mount --binded directories. Management would like sales to be able to ftp as well as sftp with read only access to the sub directories under their home directory. It is allowable to have them sftp to /srv/ftp/ and ftp to /home/sale/. I would suppose that this may mean that I use a different tool to implement sftp rather then use ssh. Here are my setup files for ssh
Port 22
Protocol 2
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_dsa_key
HostKey /etc/ssh/ssh_host_ecdsa_key
UsePrivilegeSeparation yes
KeyRegenerationInterval 3600
ServerKeyBits 1024
SyslogFacility AUTH
LogLevel INFO
LoginGraceTime 120
PermitRootLogin yes
StrictModes yes
UseDNS no
RSAAuthentication yes
PubkeyAuthentication yes
IgnoreRhosts yes
RhostsRSAAuthentication no
HostbasedAuthentication no
PermitEmptyPasswords no
ChallengeResponseAuthentication no
GSSAPIAuthentication yes
X11Forwarding yes
X11DisplayOffset 10
PrintMotd no
PrintLastLog yes
TCPKeepAlive yes
UseLogin yes
Banner /etc/issue.net
AcceptEnv LANG LC_*
Subsystem sftp /usr/lib/openssh/sftp-server
UsePAM no
Match group ftpgroup
ChrootDirectory /srv/ftp
X11Forwarding no
AllowTcpForwarding no
ForceCommand /usr/lib/openssh/sftp-server
PasswordAuthentication yes