#1 2018-08-24 08:40:56

tjensen
Member
Registered: 2017-04-26
Posts: 6

Remote job is prompting for password

After updating to the new Version I get the massage at the remote host:

[J2018-08-24T08:30:56|  ###############################################################################
2018-08-24T08:30:56|     XSIBACKUP-PRO 11.0.2: new execution request                     
2018-08-24T08:30:56|  ###############################################################################
2018-08-24T08:30:56| 

2018-08-24T08:30:57|  NOTICE: (c) XSIBackup kills any user launched jobs, make sure you don't overlap manual jobs

XSIBackup PID:         28364416                                                TheaterFL.intern
Fri, 24 Aug 2018 08:30:56 +0000                                 IPv4: xxx.xxx.xxx.xxx/255.255.255.0
VMware ESXi 6.0.0 build-3620759                              (c) Rsync 3.1.0 as opt. dependency

Backup Id:                   03                 Intel(R) Xeon(R) CPU           E5645  @ 2.40GHz

2018-08-24T08:30:58|  Backup description: Flensburg

2018-08-24T08:30:58|  Message: crontab is installed for user root

2018-08-24T08:31:00|  ADVICE: no SSD disks, please consider adding an SSD cache disk to improve performance

2018-08-24T08:31:00|  Backup user is: root

2018-08-24T08:31:00|  Backup program is: rsync

2018-08-24T08:31:02|  Service OpenSSH ready at server xxx.xxx.xxx.xxx:22

2018-08-24T08:31:02|  Info: XSIBACKUP-PRO will now try to determine the remote's XSIBACKUP-PRO installation point...
2018-08-24T08:31:02|  Tip: should this process take too long, use the --remote-xsipath argument to set it

Password:

this happens on serveral hosts.

Offline

#2 2018-08-24 09:33:33

admin
Administrator
Registered: 2017-04-21
Posts: 1,370

Re: Remote job is prompting for password

You have removed the RSA key pair. Restore them from the previous installation, if you used the install script you will find them in the /tmp folder.

If you can't restore the RSA key pair, just re-link to the remote host.

Offline

#3 2018-10-04 10:14:09

tjensen
Member
Registered: 2017-04-26
Posts: 6

Re: Remote job is prompting for password

I'm not able to link the remote again.

He is telling: permission denied...

*snip*
Enter remote systems's password for user root, checking OS type...
Password:
Password:
Almost done, enter root password to add RSA key and restart SSH service...
Password:
Password:
Password:
Permission denied (publickey,keyboard-interactive).
The RSA key has been added to the authorized_keys file at 192.168.2.2.
Rebooting local SSH service...
SSH login disabled
SSH login enabled
Rebooting remote SSH service...

All other remote hosts are working fine...

Offline

#4 2018-10-04 20:34:11

admin
Administrator
Registered: 2017-04-21
Posts: 1,370

Re: Remote job is prompting for password

This is very weird.
As you know, all there is to public key authentication is copying the public key to the remote authorized_keys file. Just as long as it is there and the remote authorized_keys file has the appropiate permissions 0600, which BTW are reset on every reboot, public authentication will work.

Check that you have your XSIBackup RSA public key at the file /etc/ssh/keys-root/authorized_keys in the remote host, you can just cat compare visually for the matter.

cat /etc/ssh/keys-root/authorized_keys

Take on account that if you try to backup from different ESXi versions, let's say ESXi 5.5 to ESXi 6.7, the OpenSSH versions will differ a lot. Due to some security problems, OpenSSH has removed some KEX protocols from newer versions and when mixing older versions like OpenSSH 5.6 with some newer ones, like 7.3, they just can't find a valid KEX protocol in common and drop key auth.

To verify this point just issue this command:

ssh -vv -4 -o PreferredAuthentications=publickey -o StrictHostKeyChecking=no \
-i /vmfs/volumes/backup/xsi-dir/xsibackup_id_rsa root@192.168.X.X

Accomodate paths and IPs to your own and see if you can connect to the other end passwordlessly.
In case you cant, inspect the verbose output and you will probably see that the reason is no agreement in KEX protocols available.

WORKAROUND:

You should use ESXi versions which are not too far away from each other in time. If you can't upgrade, you can still manually enable diffie-hellman KEX (per instance) in the /etc/ssh/sshd_config of the server side.

Also, just check whether key authentication has been disabled on the same config file.

Offline

#5 2018-10-05 08:32:50

tjensen
Member
Registered: 2017-04-26
Posts: 6

Re: Remote job is prompting for password

Thanks a lot!

I've found the issue. bad permissions on ../xsi-dir/xsibackup_id_rsa. Was 0640 must 0600, so the file was inaccessable.

Now the backup is working fine.

Offline

#6 2018-10-05 13:33:29

admin
Administrator
Registered: 2017-04-21
Posts: 1,370

Re: Remote job is prompting for password

Thank you for posting your feedback. Regards.

Offline

Board footer