PDA

View Full Version : ssh client not accepting remote commands.



shaggyrol
04-Oct-2011, 00:46
HI,

today i upgrade from SLES 10 SP3, to SLES 10 SP4, i have a cluster
working with several SLES machines, one of them works as management
node, and several commands are executed from mgmt node to the client
nodes over ssh, i can ssh directly to each node in my environment, but
when i try to execute a command from the mgmt node (ssh nodename.com
'whatever' ) i got the following message : bash: whatever: command not
found. i first thought of PATH not being exported on the client nodes,
but if login into each single node, PATH seems to be fine, and all
commands are executed with no problem. Also by checking the
/etc/ssh/ssh_config file i found Protocol 2 is not commented on SP4, and
it is on SP3, i commented this line on SP3, and restart sshd daemon, but
still not able to execute remotely commands on SP4 machines. Any other
parameter i might be missing? (system is configiured with RSA keys for
passworless), what changed between SP3 and SP4 that this is blocked now?


comments:
no firewall
ssh passwordless
SP4 can run remote commands on SP3 machines
PATH is properly configured across the cluster


--
shaggyrol
------------------------------------------------------------------------
shaggyrol's Profile: http://forums.novell.com/member.php?userid=117616
View this thread: http://forums.novell.com/showthread.php?t=445938

shaggyrol
04-Oct-2011, 15:56
Today i see there is a difference in the file /etc/pam.d/sshd
This is SP3 file:
auth include common-auth
auth requiered pam_nologin.so
account include common-account
password include common-password
session include common-session

SP4 :
auth requisite pam_nologin.so
auth include common-auth
account include common-account
password include common-password
session required pam_loginuid.so
session include common-session

Could any of this changes prevent the execution of commands from
remote shell? anyone who could advise if its safe to put old pam.d/sshd
file into SP4?


--
shaggyrol
------------------------------------------------------------------------
shaggyrol's Profile: http://forums.novell.com/member.php?userid=117616
View this thread: http://forums.novell.com/showthread.php?t=445938

Mysterious
04-Oct-2011, 16:24
On 04/10/11 16:56, shaggyrol wrote:
>
> Today i see there is a difference in the file /etc/pam.d/sshd
> This is SP3 file:
> auth include common-auth
> auth requiered pam_nologin.so
> account include common-account
> password include common-password
> session include common-session
>
> SP4 :
> auth requisite pam_nologin.so
> auth include common-auth
> account include common-account
> password include common-password
> session required pam_loginuid.so
> session include common-session
>
> Could any of this changes prevent the execution of commands from
> remote shell? anyone who could advise if its safe to put old pam.d/sshd
> file into SP4?
>
>


check tid7009233

shaggyrol
04-Oct-2011, 16:36
what do you mean with tid7009233, any link to it? Thanks!


--
shaggyrol
------------------------------------------------------------------------
shaggyrol's Profile: http://forums.novell.com/member.php?userid=117616
View this thread: http://forums.novell.com/showthread.php?t=445938

malcolmlewis
04-Oct-2011, 16:42
On Tue, 04 Oct 2011 15:36:02 GMT
shaggyrol <shaggyrol@no-mx.forums.novell.com> wrote:

>
> what do you mean with tid7009233, any link to it? Thanks!
>
>
Hi
Jump onto the Knowledge base and search on the number;
http://www.novell.com/support/php/searchEntry.do

<http://www.novell.com/support/php/search.do?cmd=displayKC&docType=kc&externalId=7009233&sliceId=1&docTypeID=DT_TID_1_1&dialogID=271119342&stateId=0%200%20271117635>

--
Cheers Malcolm °¿° (Linux Counter #276890)
openSUSE 11.4 (x86_64) Kernel 2.6.37.6-0.7-desktop
up 8 days 2:27, 3 users, load average: 0.07, 0.13, 0.20
GPU GeForce 8600 GTS Silent - Driver Version: 280.13

Mysterious
04-Oct-2011, 16:43
On 04/10/11 17:36, shaggyrol wrote:
>
> what do you mean with tid7009233, any link to it? Thanks!
>
>

http://support.novell.com and search on the Knowledgebase for this tid
number. It talks about the behaviour changes of sshd after sp4. I do not
know if it will help

shaggyrol
04-Oct-2011, 16:56
Thanks for the quick reply, unfortunately it does not provide an
answer, im comparing to another colleague with SP4 and he does have
the full ssh functionality , he installed SP4 from scratch, different
to what i did, i upgrade from SP3. all ssh congif files look the same
when we compare


--
shaggyrol
------------------------------------------------------------------------
shaggyrol's Profile: http://forums.novell.com/member.php?userid=117616
View this thread: http://forums.novell.com/showthread.php?t=445938

malcolmlewis
04-Oct-2011, 17:03
On Tue, 04 Oct 2011 15:56:02 GMT
shaggyrol <shaggyrol@no-mx.forums.novell.com> wrote:

>
> Thanks for the quick reply, unfortunately it does not provide an
> answer, im comparing to another colleague with SP4 and he does have
> the full ssh functionality , he installed SP4 from scratch, different
> to what i did, i upgrade from SP3. all ssh congif files look the same
> when we compare
>
>
Hi
File permissions all ok?

--
Cheers Malcolm °¿° (Linux Counter #276890)
openSUSE 11.4 (x86_64) Kernel 2.6.37.6-0.7-desktop
up 8 days 2:48, 3 users, load average: 0.35, 0.19, 0.24
GPU GeForce 8600 GTS Silent - Driver Version: 280.13

shaggyrol
04-Oct-2011, 17:16
yes, file permissions look ok, i cant even use scp, it says :

bash: scp: command not found
lost connection


--
shaggyrol
------------------------------------------------------------------------
shaggyrol's Profile: http://forums.novell.com/member.php?userid=117616
View this thread: http://forums.novell.com/showthread.php?t=445938

malcolmlewis
04-Oct-2011, 17:36
On Tue, 04 Oct 2011 16:16:02 GMT
shaggyrol <shaggyrol@no-mx.forums.novell.com> wrote:

>
> yes, file permissions look ok, i cant even use scp, it says :
>
> bash: scp: command not found
> lost connection
>
>
Hi
So where is scp located on the remote machines, have some modifications
been done to the ~/.bashrc file? What about /etc/profile?

--
Cheers Malcolm °¿° (Linux Counter #276890)
openSUSE 11.4 (x86_64) Kernel 2.6.37.6-0.7-desktop
up 8 days 3:21, 3 users, load average: 0.16, 0.15, 0.17
GPU GeForce 8600 GTS Silent - Driver Version: 280.13

shaggyrol
04-Oct-2011, 18:26
HI

No modifications to bashrc or profile.



Code:
--------------------
echo $PATH
/opt/lsi/pegasus/bin:/sbin:/bin:/usr/sbin:/usr/bin:/usr/X11R6/bin


--------------------



Code:
--------------------
which scp
/usr/bin/scp

--------------------



Code:
--------------------
cat .bashrc

export LANG=en_US
export PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/X11R6/bin
export LD_LIBRARY_PATH=/opt/lsi/pegasus/lib:/opt/lsi/openssl/lib:/opt/lsi/openslp/lib:/opt/lsi/pegasus/lib
export PEGASUS_HOME=/opt/lsi/pegasus
export PEGASUS_ROOT=/opt/lsi/pegasus
export PATH=/opt/lsi/pegasus/bin:$PATH
export LD_LIBRARY_PATH=/opt/lsi/pegasus/lib:/opt/lsi/openssl/lib:/opt/lsi/openslp/lib:$LD_LIBRARY_PATH


--------------------




Code:
--------------------
cat /etc/profile
# /etc/profile for SuSE Linux
#
# PLEASE DO NOT CHANGE /etc/profile. There are chances that your changes
# will be lost during system upgrades. Instead use /etc/profile.local for
# your local settings, favourite global aliases, VISUAL and EDITOR
# variables, etc ...

#
# Check which shell is reading this file
#
if test -f /proc/mounts ; then
if ! is=$(/bin/ls -l /proc/$$/exe 2>/dev/null) ; then
case "$0" in
*pcksh) is=ksh ;;
*) is=sh ;;
esac
fi
case "$is" in
*/bash|*/rbash)
is=bash
case "$0" in
sh|-sh|*/sh)
is=sh ;;
esac ;;
*/ash) is=ash ;;
*/dash) is=ash ;;
*/ksh) is=ksh ;;
*/ksh93) is=ksh ;;
*/pdksh) is=ksh ;;
*/*pcksh) is=ksh ;;
*/zsh) is=zsh ;;
*/*) is=sh ;;
esac
else
is=sh
fi

#
# Initialize terminal
#
tty=`tty 2> /dev/null`
test $? -ne 0 && tty=""
if test -O "$tty" -a -n "$PS1"; then
test -z "${TERM}" && { TERM=linux; export TERM; }
test "${TERM}" = "unknown" && { TERM=linux; export TERM; }
# Do not change settings on local line if connected to remote
if test -z "$SSH_TTY" ; then
test -x /bin/stty && /bin/stty sane cr0 pass8 dec
test -x /usr/bin/tset && /usr/bin/tset -I -Q
fi
# on iSeries virtual console, detect screen size and terminal
if test -d /proc/iSeries -a \( "$tty" = "/dev/tty1" -o "$tty" = "/dev/console" \) ; then
LINES=24
COLUMNS=80
export LINES COLUMNS TERM
if test -x /bin/initviocons ; then
eval `/bin/initviocons -q -e`
fi
fi
fi
unset TERMCAP

#
# Time until a complete key sequence must have arrived
#
#ESCDELAY=2000
#export ESCDELAY

#
# The user file-creation mask
#
umask 022

#
# Setup for gzip and (t)csh users
#
if test -z "$PROFILEREAD" ; then
# GZIP=-9
# export GZIP
CSHEDIT=emacs
export CSHEDIT
fi

#
# ksh/ash sometimes do not know
#
test -z "$UID" && readonly UID=`id -ur 2> /dev/null`
test -z "$EUID" && readonly EUID=`id -u 2> /dev/null`
test -z "$USER" && USER=`id -un 2> /dev/null`
test -z "$MAIL" && MAIL=/var/spool/mail/$USER
test -z "$HOST" && HOST=`/bin/hostname -s 2> /dev/null`
test -z "$CPU" && CPU=`/bin/uname -m 2> /dev/null`
test -z "$HOSTNAME" && HOSTNAME=`/bin/hostname 2> /dev/null`
test -z "$LOGNAME" && LOGNAME=$USER
case "$CPU" in
i?86) HOSTTYPE=i386 ;;
*) HOSTTYPE=${CPU} ;;
esac
OSTYPE=linux
MACHTYPE=${CPU}-suse-${OSTYPE}
# Do NOT export UID, EUID, USER, and LOGNAME
export MAIL HOST CPU HOSTNAME HOSTTYPE OSTYPE MACHTYPE

#
# You may use /etc/initscript, /etc/profile.local or the
# ulimit package instead to set up ulimits and your PATH.
#
# if test "$is" != "ash" -a ! -r /etc/initscript; then
# ulimit -Sc 0 # don't create core files
# ulimit -Sd $(ulimit -Hd)
# ulimit -Ss $(ulimit -Hs)
# ulimit -Sm $(ulimit -Hm)
# fi

#
# Make path more comfortable
#
if test -z "$PROFILEREAD" ; then
PATH=/usr/local/bin:/usr/bin:/usr/X11R6/bin:/bin
if test "$HOME" != "/" ; then
for dir in $HOME/bin/$CPU $HOME/bin ; do
test -d $dir && PATH=$dir:$PATH
done
fi
if test "$UID" = 0 ; then
test -d /opt/gnome/sbin && PATH=/opt/gnome/sbin:$PATH
test -d /opt/kde3/sbin && PATH=/opt/kde3/sbin:$PATH
PATH=/sbin:/usr/sbin:/usr/local/sbin:$PATH
fi
for dir in /var/lib/dosemu \
/usr/games \
/opt/bin \
/opt/gnome/bin \
/opt/kde3/bin \
/opt/kde2/bin \
/opt/kde/bin \
/usr/openwin/bin \
/opt/cross/bin
do
test -d $dir && PATH=$PATH:$dir
done
unset dir
export PATH
fi

#
# Many programs using readline library for line editing
# should know about this (e.g. bash)
#
if test -z "$INPUTRC" ; then
INPUTRC=/etc/inputrc
test -s $HOME/.inputrc && INPUTRC=$HOME/.inputrc
export INPUTRC
fi

#
# Most bourn shell clones knows about this
#
if test -z "$PROFILEREAD" ; then
HISTSIZE=1000
export HISTSIZE
fi

#
# Set some environment variables for TeX/LaTeX
#
if test -n "$TEXINPUTS" ; then
TEXINPUTS=":$TEXINPUTS:$HOME/.TeX:/usr/share/doc/.TeX:/usr/doc/.TeX"
else
TEXINPUTS=":$HOME/.TeX:/usr/share/doc/.TeX:/usr/doc/.TeX"
fi
export TEXINPUTS

#
# Configure the default pager on SuSE Linux
#
if test -z "$LESS" ; then
LESS="-M -I"
LESSOPEN="lessopen.sh %s"
LESSCLOSE="lessclose.sh %s %s"
LESS_ADVANCED_PREPROCESSOR="no"
if test -s /etc/lesskey.bin ; then
LESSKEY=/etc/lesskey.bin
fi
PAGER=less
MORE=-sl
export LESSOPEN LESSCLOSE LESS LESSKEY PAGER LESS_ADVANCED_PREPROCESSOR MORE
fi

#
# Minicom
#
if test -z "$PROFILEREAD" ; then
MINICOM="-c on"
export MINICOM
fi

#
# Current manpath
#
if test -z "$PROFILEREAD" ; then
tmp="$MANPATH"
unset MANPATH
if test -n "$tmp" ; then
MANPATH="${tmp}:`test -x /usr/bin/manpath && /usr/bin/manpath -q`"
else
MANPATH="`test -x /usr/bin/manpath && /usr/bin/manpath -q`"
fi
unset tmp
export MANPATH
fi

#
# Some applications do not handle the XAPPLRESDIR environment properly,
# when it contains more than one directory. More than one directory only
# makes sense if you have a client with /usr mounted via nfs and you want
# to configure applications machine dependent. Uncomment the lines below
# if you want this.
#
#XAPPLRESDIR="$XAPPLRESDIR:/var/X11R6/app-defaults:/usr/X11R6/lib/X11/app-defaults"
#export XAPPLRESDIR

#
# Set INFOPATH to tell xemacs where he can find the info files
#
if test -z "$PROFILEREAD" ; then
tmp="$INFODIR"
if test -n "$tmp" ; then
INFODIR="${tmp}:/usr/local/info:/usr/share/info:/usr/info"
else
INFODIR="/usr/local/info:/usr/share/info:/usr/info"
fi
INFOPATH=$INFODIR
unset tmp
export INFODIR INFOPATH
fi

#
# These settings are recommended for old motif applications
#
if test -z "$PROFILEREAD" ; then
XKEYSYMDB=/usr/X11R6/lib/X11/XKeysymDB
export XKEYSYMDB
XNLSPATH=/usr/X11R6/lib/X11/nls
export XNLSPATH
fi

if test -s /etc/nntpserver ; then
read NNTPSERVER < /etc/nntpserver
export NNTPSERVER
else
NNTPSERVER=news
export NNTPSERVER
fi

if test -s /etc/organization ; then
read ORGANIZATION < /etc/organization
export ORGANIZATION
fi

#
# Midnight Commander needs this to run in color mode
#
if test -z "$PROFILEREAD" ; then
COLORTERM=1
export COLORTERM
fi

#
# For RCS
#
#VERSION_CONTROL=numbered
#export VERSION_CONTROL

#
# Source the files generated by SuSEconfig
#
# But do not source this if PROFILEREAD is already set to avoid
# overriding locale variables already present in the environment
#
if test -z "$PROFILEREAD" ; then
test -r /etc/profile.d/sh.ssh && . /etc/profile.d/sh.ssh
test -r /etc/SuSEconfig/profile && . /etc/SuSEconfig/profile
if test -z "$SSH_SENDS_LOCALE" ; then
if test -r /etc/sysconfig/language -a -r /etc/profile.d/sh.utf8 ; then
tmp="$(. /etc/sysconfig/language; echo $AUTO_DETECT_UTF8)"
test "$tmp" = "yes" && . /etc/profile.d/sh.utf8
unset tmp
fi
fi
fi

#
# Source profile extensions for certain packages
#
if test -d /etc/profile.d -a -z "$PROFILEREAD" ; then
for s in /etc/profile.d/*.sh ; do
test -r $s && . $s
done
unset s
fi

if test "$is" != "ash" ; then
#
# And now let's see if there is a local profile
# (for options defined by your sysadmin, not SuSE Linux)
#
test -s /etc/profile.local && . /etc/profile.local
fi

#
# System wide configuration of bourne shells like ash
#
if test "$is" != "ksh" -a -z "$PROFILEREAD" ; then
ENV=/etc/bash.bashrc
export ENV
fi

#
# Avoid overwriting user settings if called twice
#
if test -z "$PROFILEREAD" ; then
readonly PROFILEREAD=true
export PROFILEREAD
fi

#
# System BASH specials, maybe also good for other shells
# Note that ksh always reads /etc/ksh.kshrc
#
if test "$is" != ksh -a -r /etc/bash.bashrc ; then
. /etc/bash.bashrc
fi
if test "$is" = "bash" -a -z "$_HOMEBASHRC" ; then
# loop detection
readonly _HOMEBASHRC=true
test -r $HOME/.bashrc && . $HOME/.bashrc
fi

#
# KSH specials
#
if test "$is" = "ksh" -a -r /etc/ksh.kshrc ; then
if test ! /etc/bash.bashrc -ef /etc/ksh.kshrc ; then
test -r /etc/bash.bashrc && . /etc/bash.bashrc
fi
if test -n "$ENV" -a "$ENV" != "\$HOME/.kshrc" ; then
# loop detection
readonly _HOMEKSHRC=true
test -r $HOME/.kshrc && . $HOME/.kshrc
fi
fi

#
# End of /etc/profile
#

--------------------


--
shaggyrol
------------------------------------------------------------------------
shaggyrol's Profile: http://forums.novell.com/member.php?userid=117616
View this thread: http://forums.novell.com/showthread.php?t=445938

Thorsten Kampe
05-Oct-2011, 11:40
* shaggyrol (Mon, 03 Oct 2011 23:46:02 GMT)
> today i upgrade from SLES 10 SP3, to SLES 10 SP4, i have a cluster
> working with several SLES machines, one of them works as management
> node, and several commands are executed from mgmt node to the client
> nodes over ssh, i can ssh directly to each node in my environment, but
> when i try to execute a command from the mgmt node (ssh nodename.com
> 'whatever' ) i got the following message : bash: whatever: command not
> found.

So it's obvious that your problem is not the ssh client not "accepting"
remote commands but that the remote shell cannot find the executable.
The natural thing to do would be to specify the full path to the
executable.

> i first thought of PATH not being exported on the client nodes, but if
> login into each single node, PATH seems to be fine, and all commands
> are executed with no problem.

That only shows what you already know: that you can execute commands
after interactively logging in. What you need is the path if you do not
log in:
ssh nodename.com 'builtin echo $PATH'

Thorsten