1

I've been struggling with this for 2 days already.

I have 2 linux machines A and B and trying to run the following command from A remotely (as it would be done on B locally):

sshpass -p 'somePassword' ssh userName@machineB "wget http://someUrl.com/someFile.zip"

someFile.zip should be downloaded and kept on B but I get connection timeout. Running this command directy on macnine B works fine. I presume there are some issues with SSH.

This script is needed for TeamCity continous integration.

p.s. sshpass is just an utility to run command via ssh without user interaction by specifying password.

What the issue and how to fix it? Thank you.

UPDATE: Proxy settings should be specified in ~/.bashrc file for non-interactive sessions. The reason is that proxy setting were in /etc/profile which works only for interactive sessions.

Ivan Voroshilin
  • 5,233
  • 3
  • 32
  • 61
  • How are A and B connected? – suspectus May 19 '14 at 08:20
  • via SSH. A runs that command which connects to B to execute "wget http://someUrl.com/someFile.zip" – Ivan Voroshilin May 19 '14 at 08:26
  • By the way, doing this manually works fine as well as below: ssh userName@machineB Password: ***** Connected... wget http://someUrl.com/someFile.zip Resolving someproxy.mySite.com... IP Connecting to someProxy.mySitecom|IP|:8080... connected. Proxy request sent, awaiting response... 200 OK Length: 22873 (22K) [application/zip-archive] Saving to: `someFile.zip' – Ivan Voroshilin May 19 '14 at 08:36

2 Answers2

2

I've not tried sshpass, but my guess is the connection timeout is A connecting to B, not B making the HTTP request. I would suggest using SSH keys instead, which I'm pretty sure will work for you.

To setup ssh keys, run this command on A:

ssh-keygen -t rsa -b 4096 -f ~/.ssh/id_rsa -N ''

The above will create an SSH RSA keypair that is 4096 bits in length with no passphrase (-N ''). It writes two files in ~/.ssh; copy the public key to B:

scp ~/.ssh/id_rsa.pub B:

On server B do this:

mkdir ~/.ssh chmod 0700 ~/.ssh cat id_rsa.pub >> ~/.ssh/authorized_keys chmod 0600 ~/.ssh/authorized_keys

On RedHat systems that have SELinux enabled, it may be necessary to run the following command in order for the system to accept using the authorized keys file:

restorecon -R -v ~/.ssh

The above allows the server containing the private key of any public key listed in the authorized_keys file to SSH into the machine.

Once you have that setup, you should be able to ssh from A to B without a password.

The following command works on my system even via cronjob:

ssh -i ~/.ssh/id_rsa foobar.local 'curl -O https://www.google.com/logos/doodles/2014/rubiks-cube-5658880499515392-res.png'

berto
  • 8,215
  • 4
  • 25
  • 21
  • Thanks berto for giving an idea with keys. I did as you wrote but it requires password from user. After typing in a password it connects me but the issue is not resolved. – Ivan Voroshilin May 19 '14 at 09:27
  • If you've created the keys and it's asking you for a password, there may be permissions issues with the keys, your .ssh directory, or your home directory. SSH is very particular about file permissions. Ensure your home directory permissions are 0755, .ssh is 0700, and `~/.ssh/id_rsa*` are 0600 on A and `~/.ssh/authorized_keys` is 0600 on B. Also try running the ssh command I gave you with the `-v` flag to see if it's offering up `id_rsa` as an authentication mechanism. – berto May 19 '14 at 09:31
  • UPDATE: Here's the debug info: Reading configuration data /etc/ssh/ssh_config identity file $HOME/.ssh/id_rsa type 1 Host 'B' is known and matches the RSA host key. Found key in HOME/.ssh/known_hosts:1 ssh_rsa_verify: signature correct Access to this computer is prohibited unless authorised Authentications that can continue: debug1: Offering public key:HOME/.ssh/id_rsa debug1: Authentications that can continue: publickey,password,keyboard-interactive debug1: Next authentication method: keyboard-interactive Password: – Ivan Voroshilin May 19 '14 at 09:47
  • Hosts A and B were Linux SUSE 11 and Linux RedHat respectively. I just tried doing the same among 2 Linux SUSE and it works! Seems something on Red Hat Linux gets in the way. – Ivan Voroshilin May 19 '14 at 13:32
  • Ah, that might be SELinux on RedHat preventing the key from being used. Take a look at the comment below, particularly the `restorecon` line: http://stackoverflow.com/a/9741581/703144 – berto May 19 '14 at 18:22
  • Just added the `restorecon` command to the answer above; let me know if it works! – berto May 19 '14 at 18:31
  • 'service sshd restart' did the trick! Before it I turned on: RSAAuthentication yes PubkeyAuthentication yes. But wget or curl yields "Connection timeout". – Ivan Voroshilin May 20 '14 at 08:42
  • debug1: Sending command: curl -O https://www.google.com/logos/doodles/2014/rubiks-cube-5658880499515392-res.png debug2: channel 0: request exec confirm 1 debug2: fd 3 setting TCP_NODELAY debug2: callback done debug2: channel 0: open confirm rwindow 0 rmax 32768 debug2: channel 0: rcvd adjust 2097152 debug2: channel_input_confirm: type 99 id 0 debug2: exec request accepted on channel 0. But it downloads the file if I do it with commands: 1. ssh server 2. curl url – Ivan Voroshilin May 20 '14 at 08:47
  • I think you're running into more SELinux policy restrictions. I'm not very familiar with SELinux so at this point I'm shooting in the dark. But, I have one more thing for you to try. Instead of connecting to the remote server to curl the file, why not download it on server A and copy it to B. For example: curl 'https://www.google.com/logos/doodles/2014/rubiks-cube-5658880499515392-res.png' | ssh -i ~/.ssh/id_rsa foobar.local 'cat > rubiks-cube-5658880499515392-res.png' – berto May 20 '14 at 22:29
  • Thanks berto. It was my fault I specified proxy settings in etc/profile which doesn't work for non-interactive sessions. To fix that I should've added these settings to ~/.bashrc – Ivan Voroshilin May 21 '14 at 06:47
0

I have had the same problem and tried all the ways to solve it.

My me the timeout has disappeared when I turned on the DHCP.

I use VMWare. So there the solution was the following:

Edit -> Virtual Network Editor -> Check the box Use local DHCP service to distribute IP address to VMs

And voila. Problem solved.

Kateridzhe
  • 227
  • 3
  • 4