Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

read_passphrase: can't open /dev/tty: No such device or address

Discussion in 'Security' started by durangod, Jan 29, 2018.

  1. durangod

    durangod Well-Known Member

    Joined:
    May 12, 2012
    Messages:
    365
    Likes Received:
    15
    Trophy Points:
    68
    cPanel Access Level:
    Root Administrator
    Hi i am trying to connect from WHM to my remote backup server to test the connection.

    This is the first time i have tried to connect, its a new backup server. I can ping the server no problem but it wont connect. I did remove my ip for display here.

    My backup server only has centOS 6 on it, nothing else.


    Thanks
     
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    41,502
    Likes Received:
    1,616
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello,

    It looks like the remote server is expecting key authentication and is unable to determine the key you are using to connect. Try defining the specific key file you have setup. EX:

    Code:
    ssh -i /path/to/key.file root@$IP
    Thank you.
     
  3. durangod

    durangod Well-Known Member

    Joined:
    May 12, 2012
    Messages:
    365
    Likes Received:
    15
    Trophy Points:
    68
    cPanel Access Level:
    Root Administrator
    hi and thanks, i never set up a key file, i was never told i had to do that to connect. Do you have a link to docs that i can see how to make one and install it?

    ps.. remember that my backup server only has centOS 6 on it, no web service, its just OS thats all.

    thanks
     
  4. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    41,502
    Likes Received:
    1,616
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
  5. durangod

    durangod Well-Known Member

    Joined:
    May 12, 2012
    Messages:
    365
    Likes Received:
    15
    Trophy Points:
    68
    cPanel Access Level:
    Root Administrator
    Thanks, so i created the key pair on my Cpanel server and then i logged into my backup server and did the following:


    i signed on as root on backup server
    i created the .ssh dir
    then i created the authorized_keys file
    then i pasted the public key in the file and saved it
    then i changed the owner of the file from root to my special user just for backup connection named whmback
    then i changed the group of the file from root to my special group just for backups called backup
    then i gave the .ssh folder permission of 0700
    then i gave the file authorized_keys permission of 0600


    This was the creation part

    Code:
    [root@s111581 ~]# cd /.ssh
    -bash: cd: /.ssh: No such file or directory
    [root@s111581 ~]# mkdir .ssh
    [root@s111581 ~]# cd .ssh
    [root@s111581 .ssh]# vi authorized_keys
    [root@s111581 .ssh]# ls -a
    .  ..  authorized_keys
    [root@s111581 .ssh]# ls -l
    -rw-r--r-- 1 root root 381 Feb  1 06:29 authorized_keys
    
    owner and group change
    [root@s111581 .ssh]# chown whmback authorized_keys
    [root@s111581 .ssh]# ls -l
    total 4
    -rw-r--r-- 1 whmback root 381 Feb  1 06:29 authorized_keys
    [root@s111581 .ssh]# chgrp backup authorized_keys
    [root@s111581 .ssh]# ls -l
    -rw-r--r-- 1 whmback backup 381 Feb  1 06:29 authorized_keys
    
    permissions change
    [root@s111581 ~]# ls -l .ssh
    total 4
    -rw-r--r-- 1 whmback backup 381 Feb  1 06:29 authorized_keys
    [root@s111581 ~]# chmod -R 0700 .ssh
    [root@s111581 ~]# ls -l .ssh
    total 4
    -rwx------ 1 whmback backup 381 Feb  1 06:29 authorized_keys
    [root@s111581 ~]# ls -l .ssh/authorized_keys
    -rwx------ 1 whmback backup 381 Feb  1 06:29 .ssh/authorized_keys
    [root@s111581 ~]# chmod -R 0600 .ssh/authorized_keys
    [root@s111581 ~]# ls -l .ssh/authorized_keys
    -rw------- 1 whmback backup 381 Feb  1 06:29 .ssh/authorized_keys
    [root@s111581 ~]#
    
    
    when i run this it comes back as not ok
    i did remove my ip from the command before posting here.

    Code:
    root [/]# ssh -q -o "BatchMode=yes" BACKUP_SERVER_IP_HERE "echo 2>&1" && echo $host SSH_OK || echo $host SSH_NOK
    SSH_NOK
    root [/]# _
    
    does that look right?

    now how do i test it so i can see (actually see it on the screen) if it connects?
     
    #5 durangod, Jan 31, 2018
    Last edited: Feb 1, 2018
  6. durangod

    durangod Well-Known Member

    Joined:
    May 12, 2012
    Messages:
    365
    Likes Received:
    15
    Trophy Points:
    68
    cPanel Access Level:
    Root Administrator
    i tried to run a test using the xfter tool also in WHM

    This was the attempt at using the new username of whmback

    And this was the attempt at using root user

    yep i tried with ssh key from xfer tool and got the same message

    so maybe that means its connecting which is good because it sees that the other server is not cpanel.

    But i need to get a scp connection going asap.
     
    #6 durangod, Feb 1, 2018
    Last edited: Feb 1, 2018
  7. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    41,502
    Likes Received:
    1,616
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello,

    The user and group ownership of the /root/.ssh directory and the /root/.ssh/authorized_keys file should be set to root, since that's the user you are logging in as via SSH. Try that, and then try accessing SSH from the cPanel server as the "root" user with the authorized public key to verify that works first. If so, then you can proceed with removing the key from root's authorized_keys file and set it up separately for an individual user.

    Thank you.
     
  8. durangod

    durangod Well-Known Member

    Joined:
    May 12, 2012
    Messages:
    365
    Likes Received:
    15
    Trophy Points:
    68
    cPanel Access Level:
    Root Administrator
    Thanks so much.... do you think if i did a ticket they could help me get this going. I have gone a week without backups now and i dont want to have to try to download a huge backup file just to have a backup for the weekend. I really dont understand why this is so hard to do, i log into the server easily with username and pass, why cant the computer do the same thing?

    I really need to connect from the reseller whm not the root whm. But ill try to get it going using the root whm first then ill try the reseller whm.

    I just tried this too

    Code:
    root [/]# ssh serveriphere '[ -w .ssh/authorized_keys ]'
    Host key verification failed.
    root [/]# _
    
    
    Then i tried the xfter tool from whm again, just using root and pw and got this

    So i guess the xfter tool does not support another server unless its running cpanel as well. I dont know any other way to test this... shucks.

    yep i just tried using the xfter tool with ssh key too and got the same message.

    So maybe that means its connecting since it seems its not a cpanel server. But i need to get this going because the end game is to get a scp connection up asap.
     
    #8 durangod, Feb 1, 2018
    Last edited: Feb 1, 2018
  9. durangod

    durangod Well-Known Member

    Joined:
    May 12, 2012
    Messages:
    365
    Likes Received:
    15
    Trophy Points:
    68
    cPanel Access Level:
    Root Administrator
    Can anyone recommend maybe some linux software that i can install on the backup server to make this easier?
     
  10. rpvw

    rpvw Well-Known Member

    Joined:
    Jul 18, 2013
    Messages:
    579
    Likes Received:
    177
    Trophy Points:
    43
    Location:
    Spain
    cPanel Access Level:
    Root Administrator
    You can get the proftpd (probably from the epel repo) and then you can use the cPanel FTP backup settings.

    For more security, use a firewall to limit the connectivity to the ftpd to your production server etc
     
    cPanelMichael likes this.
  11. durangod

    durangod Well-Known Member

    Joined:
    May 12, 2012
    Messages:
    365
    Likes Received:
    15
    Trophy Points:
    68
    cPanel Access Level:
    Root Administrator
    Just as a helpfull tip to anyone reading this, if you have connections issues. First step is to find a sample of the command and go directly to a putty connection and try it. That way you get exactly what the issue is and dont have to mess with any middleman software.

    So after i got my server zapped and a fresh OS and starting over again. I went directly to a putty to putty connection, meaning i had both boxes open, sending and receiving side.

    Then i tried the command and it told me it could not resolve the hostname (i used the name provided by my server company)
    Then i used the ip instead and it gave me this which was the problem and why whmeasybackup could not send the file. Im sure whmeasybackup has something inside it to handle this, ill have to ask them to be sure, they are good people.

    This is the sending side

    Code:
    The authenticity of host '00.00.00.00 (00.00.00.00)' can't be established.
    RSA key fingerprint is c0:0c:00b:00:00c:00:ff:00d:f00:00f:ba:00:0000:00:f00:00d.
    Are you sure you want to continue connecting (yes/no)? y
    Please type 'yes' or 'no': yes
    Warning: Permanently added '00.00.00.00' (RSA) to the list of known hosts.
    [username@hostname ~]$ cd public_html
    [username@hostname public_html]$ scp samplefile.txt   root@00.00.00.00:/backup
    root@00.00.00.00's password:
    samplefile.txt                                0000%   002     0.00KB/s   00:00
    [username@hostname public_html]$
    
    So the problem was there was a question before the login question which was hanging up the software. It also appears that somewhere i missed a step and i should have added the backup server to the known hosts list somehow. I guess thats what the rsa key does that was talked about earlier in this past, but i didnt know that exactly, and it was not on the server this time.


    But i dont know what this means here.

    does it mean that even though my cpanel machine is calling the other machine it still has to recognize it before it will send the file?

    If so then cPanelMichael was on the right track :)

    Also this is first time i have ever logged into my reseller whm via putty, so when i did it gave me this.

    is that normal?


    Thanks
     
    #11 durangod, Feb 3, 2018
    Last edited: Feb 3, 2018
  12. durangod

    durangod Well-Known Member

    Joined:
    May 12, 2012
    Messages:
    365
    Likes Received:
    15
    Trophy Points:
    68
    cPanel Access Level:
    Root Administrator
    So even though i can connect putty to putty i cant connect whm to sch to the backup server it tells me

    so i remade the .ssh dir (left the permissions alone to test) on the backup server
    i remade the authorized_keys file and put it in the .ssh dir on the backup server

    and still stil get Host key verification failed

    where does the id_rsa.pub go on the remote server, or if it exists how do i find it so i can edit it?

    my .ssh dir is in ~ .ssh not / .ssh does that make a dif?

    in ect/ssh/sshd_config i uncommented the line for authorized_keys location and still the same.... why cant it find my key?
     
    #12 durangod, Feb 3, 2018
    Last edited: Feb 3, 2018
  13. durangod

    durangod Well-Known Member

    Joined:
    May 12, 2012
    Messages:
    365
    Likes Received:
    15
    Trophy Points:
    68
    cPanel Access Level:
    Root Administrator
    here is where i am now... i did a verbose output so i can see exactly why its failing and here is the output, but i dont understand it, it does look like its connecting but its failing.

    and its not this (this is the backup server) this looks fine

    and then i thought that maybe it was because i was using another user besides root so that user was not part of tty group. However, i get the same error with root.

    and here are my tty permisions on the backup server.


    so why is it failing?

    UPDATE: i found this on google groups.. the OP had the same verbose output as i did almost word for word. This was the reply that someone gave.

    however i have no clue how to tell it now to open dev tty
     
    #13 durangod, Feb 4, 2018
    Last edited: Feb 4, 2018
  14. durangod

    durangod Well-Known Member

    Joined:
    May 12, 2012
    Messages:
    365
    Likes Received:
    15
    Trophy Points:
    68
    cPanel Access Level:
    Root Administrator
    AHHHHHH HAAAAAAA.... so when i did the key i used a passphrase, and the connection is asking me for that key passphrase and since i am not sitting at a terminal to enter the passprase (dev/tty) then it fails....

    Im gonna try to do a key without a passphrase first and then no key at all and see what happens...
     
  15. durangod

    durangod Well-Known Member

    Joined:
    May 12, 2012
    Messages:
    365
    Likes Received:
    15
    Trophy Points:
    68
    cPanel Access Level:
    Root Administrator
    Lesson learned: read_passphrase is as clear as the server can get, its not reading a passphrase. Any time you see that imagine a terminal in front of you and its asking you for something to enter (passphrase in this case)

    I solved it..... i dont need rsa key just pw authent is fine... so i took away the ssh key and set rsaauthent to no on the ssh_config file and bam works.

    The main issue is that i didnt understand that i was not comparing apples to apples in my testing. When i use the code on putty i am sitting right there and can enter data, when the software is doing this it has to be told what to do.

    So when i went into cpanel to test this, of course it is going to need ssh key because its not terminal based and it has no php code to enter key passphrases.

    The software howerver (whmeasybackup) has code inside it to answer those questions when the server asked it. So the bottom line is that testing outside of a script via commandline you have to remember that they are two diff processes with dif needs to work. That is where i got confused.

    i have logged in as the user, entered the password (which the php script will do for me) and it xfered the test file perfectly.

    now all i need to do is limit the permissions for the special user so they cant go around into other stuff and done...

    Thanks everyone for your patience and help on this..... i tried to warn you all i was not good at this at all.. :) LMAO
     
  16. durangod

    durangod Well-Known Member

    Joined:
    May 12, 2012
    Messages:
    365
    Likes Received:
    15
    Trophy Points:
    68
    cPanel Access Level:
    Root Administrator
    I wonder why noone suggested i use the new backup config section of WHM to do this, it does exactly what i want to do lol :)
     
  17. rpvw

    rpvw Well-Known Member

    Joined:
    Jul 18, 2013
    Messages:
    579
    Likes Received:
    177
    Trophy Points:
    43
    Location:
    Spain
    cPanel Access Level:
    Root Administrator
     
    #17 rpvw, Feb 5, 2018
    Last edited: Feb 5, 2018
  18. durangod

    durangod Well-Known Member

    Joined:
    May 12, 2012
    Messages:
    365
    Likes Received:
    15
    Trophy Points:
    68
    cPanel Access Level:
    Root Administrator
    i was going to use rsync but it says that rsync can mess up sql backup files. So i just set up the backup config normal and used the sftp and the validate button to validate the connection, easy peasy, thank you Cpanel! , it validated fine. So i removed my whmeasybackup script all together and we will see by tomorrow what happens. If there are backup files on my other server then we are good to go, i just need to shrink the privy for that user to only that dir and it should be secure.

    Thanks
     
Loading...

Share This Page