Unable to run commands on remote server

[malayo]

ZCS NE 7.1.4
CentOS 5.5 64-bit

when testing live sync provided in the wiki -> Server Live sync - Zimbra :: Wiki

i had ssh related error

Code:

[zimbra@mailbox2 live_sync]$ ./live_syncd start
Warning: Permanently added '192.168.30.233' (RSA) to the list of known hosts.
Permission denied (publickey,gssapi-with-mic,password).
Unable to run commands on remote server

i also found below error in /var/log/audit/audit.log during that failure

Code:

type=USER_LOGIN msg=audit(1334666310.826:1131726): user pid=16430 uid=0 auid=4294967295 msg='acct="zimbra": exe="/usr/sbin/sshd" (hostname=?, addr=192.168.30.234, terminal=sshd res=failed)'
type=USER_ERR msg=audit(1334666310.828:1131727): user pid=16430 uid=0 auid=4294967295 msg='PAM: bad_ident acct="?" : exe="/usr/sbin/sshd" (hostname=192.168.30.234, addr=192.168.30.234, terminal=ssh res=failed)'

how do i solve this?

note: i also tried chmod 700 to /opt/zimbra/.ssh/, 600 to /opt/zimbra/.ssh/authorized_keys on both live and mirror servers but with the same result

[malayo]

here's the verbose output of ssh to the live server from mirror server

Code:

[root@mailbox2 ~]# ssh -v root@mailserver01.mydomain.com
OpenSSH_4.3p2, OpenSSL 0.9.8e-fips-rhel5 01 Jul 2008
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Connecting to mailserver01.mydomain.com [192.168.30.233] port 22.
debug1: Connection established.
debug1: permanently_set_uid: 0/0
debug1: identity file /root/.ssh/identity type -1
debug1: identity file /root/.ssh/id_rsa type -1
debug1: identity file /root/.ssh/id_dsa type -1
debug1: loaded 3 keys
debug1: Remote protocol version 2.0, remote software version OpenSSH_4.3
debug1: match: OpenSSH_4.3 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_4.3
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
The authenticity of host 'mailserver01.mydomain.com (192.168.30.233)' can't be established.
RSA key fingerprint is 5e:f0:19:4d:d8:a7:88:6a:ac:22:67:38:3e:18:36:97.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'mailserver01.mydomain.com' (RSA) to the list of known hosts.
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,gssapi-with-mic,password
debug1: Next authentication method: gssapi-with-mic
debug1: Unspecified GSS failure.  Minor code may provide more information
No credentials cache found

debug1: Unspecified GSS failure.  Minor code may provide more information
No credentials cache found

debug1: Unspecified GSS failure.  Minor code may provide more information
No credentials cache found

debug1: Next authentication method: publickey
debug1: Trying private key: /root/.ssh/identity
debug1: Trying private key: /root/.ssh/id_rsa
debug1: Trying private key: /root/.ssh/id_dsa
debug1: Next authentication method: password
root@mailserver01.mydomain.com's password:

[malayo]

With sshd_config contents like below in live server, I can finally start live sync

Code:

Protocol 2



SyslogFacility AUTHPRIV


PermitRootLogin yes
StrictModes no

PubkeyAuthentication yes


PasswordAuthentication yes

ChallengeResponseAuthentication no


GSSAPIAuthentication yes
GSSAPICleanupCredentials yes

UsePAM no

AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES 
AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT 
AcceptEnv LC_IDENTIFICATION LC_ALL
X11Forwarding yes


Subsystem	sftp	/usr/libexec/openssh/sftp-server

But what if this is a multinode (e.g.: 2+1 mailbox setup) install?

How would I restart the live_syncd when zimbra cluster service got restarted on standby mailbox? If it can be done on cluster.conf, how would I do it?

[spyngamerman]

Im also having this same issue any help?

changed my config file to same as yours too no luck either

[malayo]

Im also having this same issue any help?

changed my config file to same as yours too no luck either

delete that live_sync folder and start all over again. also check the permission. should be owned by zimbra

Sent from my Acqua using Tapatalk 2