Results 1 to 4 of 4

Thread: Unable to run commands on remote server

  1. #1
    malayo is offline Special Member
    Join Date
    Apr 2011
    Posts
    117
    Rep Power
    3

    Default Unable to run commands on remote server

    ZCS NE 7.1.4
    CentOS 5.5 64-bit

    when testing live sync provided in the wiki -> Server Live sync - Zimbra :: Wiki

    i had ssh related error
    Code:
    [zimbra@mailbox2 live_sync]$ ./live_syncd start
    Warning: Permanently added '192.168.30.233' (RSA) to the list of known hosts.
    Permission denied (publickey,gssapi-with-mic,password).
    Unable to run commands on remote server
    i also found below error in /var/log/audit/audit.log during that failure

    Code:
    type=USER_LOGIN msg=audit(1334666310.826:1131726): user pid=16430 uid=0 auid=4294967295 msg='acct="zimbra": exe="/usr/sbin/sshd" (hostname=?, addr=192.168.30.234, terminal=sshd res=failed)'
    type=USER_ERR msg=audit(1334666310.828:1131727): user pid=16430 uid=0 auid=4294967295 msg='PAM: bad_ident acct="?" : exe="/usr/sbin/sshd" (hostname=192.168.30.234, addr=192.168.30.234, terminal=ssh res=failed)'
    how do i solve this?

    note: i also tried chmod 700 to /opt/zimbra/.ssh/, 600 to /opt/zimbra/.ssh/authorized_keys on both live and mirror servers but with the same result
    Last edited by malayo; 04-17-2012 at 06:19 AM.

  2. #2
    malayo is offline Special Member
    Join Date
    Apr 2011
    Posts
    117
    Rep Power
    3

    Default

    here's the verbose output of ssh to the live server from mirror server

    Code:
    [root@mailbox2 ~]# ssh -v root@mailserver01.mydomain.com
    OpenSSH_4.3p2, OpenSSL 0.9.8e-fips-rhel5 01 Jul 2008
    debug1: Reading configuration data /etc/ssh/ssh_config
    debug1: Applying options for *
    debug1: Connecting to mailserver01.mydomain.com [192.168.30.233] port 22.
    debug1: Connection established.
    debug1: permanently_set_uid: 0/0
    debug1: identity file /root/.ssh/identity type -1
    debug1: identity file /root/.ssh/id_rsa type -1
    debug1: identity file /root/.ssh/id_dsa type -1
    debug1: loaded 3 keys
    debug1: Remote protocol version 2.0, remote software version OpenSSH_4.3
    debug1: match: OpenSSH_4.3 pat OpenSSH*
    debug1: Enabling compatibility mode for protocol 2.0
    debug1: Local version string SSH-2.0-OpenSSH_4.3
    debug1: SSH2_MSG_KEXINIT sent
    debug1: SSH2_MSG_KEXINIT received
    debug1: kex: server->client aes128-ctr hmac-md5 none
    debug1: kex: client->server aes128-ctr hmac-md5 none
    debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
    debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
    debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
    debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
    The authenticity of host 'mailserver01.mydomain.com (192.168.30.233)' can't be established.
    RSA key fingerprint is 5e:f0:19:4d:d8:a7:88:6a:ac:22:67:38:3e:18:36:97.
    Are you sure you want to continue connecting (yes/no)? yes
    Warning: Permanently added 'mailserver01.mydomain.com' (RSA) to the list of known hosts.
    debug1: ssh_rsa_verify: signature correct
    debug1: SSH2_MSG_NEWKEYS sent
    debug1: expecting SSH2_MSG_NEWKEYS
    debug1: SSH2_MSG_NEWKEYS received
    debug1: SSH2_MSG_SERVICE_REQUEST sent
    debug1: SSH2_MSG_SERVICE_ACCEPT received
    debug1: Authentications that can continue: publickey,gssapi-with-mic,password
    debug1: Next authentication method: gssapi-with-mic
    debug1: Unspecified GSS failure.  Minor code may provide more information
    No credentials cache found
    
    debug1: Unspecified GSS failure.  Minor code may provide more information
    No credentials cache found
    
    debug1: Unspecified GSS failure.  Minor code may provide more information
    No credentials cache found
    
    debug1: Next authentication method: publickey
    debug1: Trying private key: /root/.ssh/identity
    debug1: Trying private key: /root/.ssh/id_rsa
    debug1: Trying private key: /root/.ssh/id_dsa
    debug1: Next authentication method: password
    root@mailserver01.mydomain.com's password:

  3. #3
    malayo is offline Special Member
    Join Date
    Apr 2011
    Posts
    117
    Rep Power
    3

    Default

    With sshd_config contents like below in live server, I can finally start live sync

    Code:
    Protocol 2
    
    
    
    SyslogFacility AUTHPRIV
    
    
    PermitRootLogin yes
    StrictModes no
    
    PubkeyAuthentication yes
    
    
    PasswordAuthentication yes
    
    ChallengeResponseAuthentication no
    
    
    GSSAPIAuthentication yes
    GSSAPICleanupCredentials yes
    
    UsePAM no
    
    AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES 
    AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT 
    AcceptEnv LC_IDENTIFICATION LC_ALL
    X11Forwarding yes
    
    
    Subsystem	sftp	/usr/libexec/openssh/sftp-server
    But what if this is a multinode (e.g.: 2+1 mailbox setup) install?

    How would I restart the live_syncd when zimbra cluster service got restarted on standby mailbox? If it can be done on cluster.conf, how would I do it?

  4. #4
    malayo is offline Special Member
    Join Date
    Apr 2011
    Posts
    117
    Rep Power
    3

    Default

    Quote Originally Posted by spyngamerman View Post
    Im also having this same issue any help?

    changed my config file to same as yours too no luck either
    delete that live_sync folder and start all over again. also check the permission. should be owned by zimbra

    Sent from my Acqua using Tapatalk 2

Thread Information

Users Browsing this Thread

There are currently 2 users browsing this thread. (1 members and 1 guests)

  1. jobe

Similar Threads

  1. Replies: 2
    Last Post: 05-01-2012, 01:21 AM
  2. Unable to receive mail from relay server
    By quantix in forum Administrators
    Replies: 4
    Last Post: 02-27-2012, 10:03 AM
  3. Replies: 1
    Last Post: 02-11-2008, 07:47 PM
  4. Replies: 1
    Last Post: 07-18-2007, 04:01 AM
  5. need advice on configuring zimbra to work with fax server
    By pheonix1t in forum Administrators
    Replies: 0
    Last Post: 07-11-2007, 07:46 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •