Skip to:

  1. Skip to Jira Navigation
  2. Skip to Side Navigation
  3. Skip to Main Content

Can't connect to Karaf Shell in Minion on Debian/Ubuntu

Description

Karaf shell is listening on 127.0.0.1:8201 but I can't connect. The ssh -vvv output looks like the following:

root@minion:/usr/share/minion/bin# ssh -vvv admin@localhost -p 8201 OpenSSH_7.9p1 Debian-10, OpenSSL 1.1.1c 28 May 2019 debug1: Reading configuration data /etc/ssh/ssh_config debug1: /etc/ssh/ssh_config line 19: Applying options for * debug2: resolving "localhost" port 8201 debug2: ssh_connect_direct debug1: Connecting to localhost [::1] port 8201. debug1: connect to address ::1 port 8201: Connection refused debug1: Connecting to localhost [127.0.0.1] port 8201. debug1: Connection established. debug1: identity file /root/.ssh/id_rsa type -1 debug1: identity file /root/.ssh/id_rsa-cert type -1 debug1: identity file /root/.ssh/id_dsa type -1 debug1: identity file /root/.ssh/id_dsa-cert type -1 debug1: identity file /root/.ssh/id_ecdsa type -1 debug1: identity file /root/.ssh/id_ecdsa-cert type -1 debug1: identity file /root/.ssh/id_ed25519 type -1 debug1: identity file /root/.ssh/id_ed25519-cert type -1 debug1: identity file /root/.ssh/id_xmss type -1 debug1: identity file /root/.ssh/id_xmss-cert type -1 debug1: Local version string SSH-2.0-OpenSSH_7.9p1 Debian-10 debug1: Remote protocol version 2.0, remote software version SSHD-UNKNOWN debug1: no match: SSHD-UNKNOWN debug2: fd 3 setting O_NONBLOCK debug1: Authenticating to localhost:8201 as 'admin' debug3: put_host_port: [localhost]:8201 debug3: hostkeys_foreach: reading file "/root/.ssh/known_hosts" debug3: send packet: type 20 debug1: SSH2_MSG_KEXINIT sent Connection reset by 127.0.0.1 port 8201

Environment

OS: Debian 10 Java: openjdk-11-jre installed as dependency from opennms-minion

Acceptance / Success Criteria

None

Lucidchart Diagrams

Activity

Show:

Ronny Trommer August 7, 2019 at 6:43 PM

Merged to releases 24.1.3 branch.

Ronny Trommer August 7, 2019 at 11:49 AM
Edited

With OpenSSH 7.8+ the default format for RSA key pairs has been changed and writes by default the OpenSSH format.

ssh-keygen(1): write OpenSSH format private keys by default
instead of using OpenSSL's PEM format. The OpenSSH format,
supported in OpenSSH releases since 2014 and described in the
PROTOCOL.key file in the source distribution, offers substantially
better protection against offline password guessing and supports
key comments in private keys. If necessary, it is possible to write
old PEM-style keys by adding "-m PEM" to ssh-keygen's arguments
when generating or updating a key.

This file can't be processed correctly from our current Karaf version. The key needs to be generated with the old PEM format which is here enforced by adding the "-m PEM" as arguments.

Suggested PR to solve this issue: https://github.com/OpenNMS/opennms/pull/2633

Ronny Trommer August 7, 2019 at 11:34 AM

The host key is generated as a post-installation step on the system with the command:

ssh-keygen -t rsa -N "" -b 4096 -f "/usr/share/minion/etc/host.key"

The generated key is on a Debian 10 system defaults to a different key format "OPENSSH KEY PAIR" and not to "RSA KEY PAIR". The ssh-keygen command needs to be changed to

ssh-keygen -m PEM -t rsa -N "" -b 4096 -f "${ROOT_INST}/etc/host.key"
Fixed

Details

Assignee

Reporter

Components

Sprint

Fix versions

Affects versions

Priority

PagerDuty

Created August 7, 2019 at 9:34 AM
Updated August 7, 2019 at 6:43 PM
Resolved August 7, 2019 at 6:43 PM

Flag notifications