Tool labs crontabs are stored/executed on tools-cron-01, but it is currently inaccessible within a service user:
tools.yifeibot@tools-bastion-02:~$ crontab -l Connection closed by 10.68.23.89
Debug log while sshing manually:
1 | tools.yifeibot@tools-bastion-02:~$ crontab -l |
---|---|
2 | Connection closed by 10.68.23.89 |
3 | tools.yifeibot@tools-bastion-02:~$ ssh -vvv tools-cron-01 |
4 | OpenSSH_6.9p1 Ubuntu-2~trusty1, OpenSSL 1.0.1f 6 Jan 2014 |
5 | debug1: Reading configuration data /etc/ssh/ssh_config |
6 | debug1: /etc/ssh/ssh_config line 20: Applying options for * |
7 | debug2: ssh_connect: needpriv 0 |
8 | debug1: Connecting to tools-cron-01 [10.68.23.89] port 22. |
9 | debug1: Connection established. |
10 | debug1: key_load_private_type: No such file or directory |
11 | debug1: key_load_private_cert: Permission denied |
12 | debug1: key_load_private_cert: Permission denied |
13 | debug1: key_load_private_cert: Permission denied |
14 | debug1: key_load_private_cert: Permission denied |
15 | debug1: key_load_private_type: Permission denied |
16 | debug1: key_load_private_type: Permission denied |
17 | debug1: key_load_private_type: Permission denied |
18 | debug1: key_load_private_type: Permission denied |
19 | debug1: key_load_cert: No such file or directory |
20 | debug1: key_load_cert: No such file or directory |
21 | debug1: key_load_cert: No such file or directory |
22 | debug1: key_load_cert: No such file or directory |
23 | debug1: key_load_public: No such file or directory |
24 | debug1: identity file /data/project/yifeibot/.ssh/id_rsa type -1 |
25 | debug1: key_load_public: No such file or directory |
26 | debug1: identity file /data/project/yifeibot/.ssh/id_rsa-cert type -1 |
27 | debug1: key_load_public: No such file or directory |
28 | debug1: identity file /data/project/yifeibot/.ssh/id_dsa type -1 |
29 | debug1: key_load_public: No such file or directory |
30 | debug1: identity file /data/project/yifeibot/.ssh/id_dsa-cert type -1 |
31 | debug1: key_load_public: No such file or directory |
32 | debug1: identity file /data/project/yifeibot/.ssh/id_ecdsa type -1 |
33 | debug1: key_load_public: No such file or directory |
34 | debug1: identity file /data/project/yifeibot/.ssh/id_ecdsa-cert type -1 |
35 | debug1: key_load_public: No such file or directory |
36 | debug1: identity file /data/project/yifeibot/.ssh/id_ed25519 type -1 |
37 | debug1: key_load_public: No such file or directory |
38 | debug1: identity file /data/project/yifeibot/.ssh/id_ed25519-cert type -1 |
39 | debug1: Enabling compatibility mode for protocol 2.0 |
40 | debug1: Local version string SSH-2.0-OpenSSH_6.9p1 Ubuntu-2~trusty1 |
41 | debug1: Remote protocol version 2.0, remote software version OpenSSH_6.9p1 Ubuntu-2~trusty1 |
42 | debug1: match: OpenSSH_6.9p1 Ubuntu-2~trusty1 pat OpenSSH* compat 0x04000000 |
43 | debug2: fd 3 setting O_NONBLOCK |
44 | debug1: Authenticating to tools-cron-01:22 as 'tools.yifeibot' |
45 | debug3: hostkeys_foreach: reading file "/data/project/yifeibot/.ssh/known_hosts" |
46 | debug3: hostkeys_foreach: reading file "/etc/ssh/ssh_known_hosts" |
47 | debug3: record_hostkey: found key type RSA in file /etc/ssh/ssh_known_hosts:11 |
48 | debug3: record_hostkey: found key type ECDSA in file /etc/ssh/ssh_known_hosts:12 |
49 | debug3: load_hostkeys: loaded 2 keys from tools-cron-01 |
50 | debug3: order_hostkeyalgs: prefer hostkeyalgs: ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,ssh-rsa-cert-v00@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-rsa |
51 | debug1: SSH2_MSG_KEXINIT sent |
52 | debug1: SSH2_MSG_KEXINIT received |
53 | debug2: kex_parse_kexinit: curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1 |
54 | debug2: kex_parse_kexinit: ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,ssh-rsa-cert-v00@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-rsa,ssh-ed25519-cert-v01@openssh.com,ssh-dss-cert-v01@openssh.com,ssh-dss-cert-v00@openssh.com,ssh-ed25519,ssh-dss |
55 | debug2: kex_parse_kexinit: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se |
56 | debug2: kex_parse_kexinit: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se |
57 | debug2: kex_parse_kexinit: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5-etm@openssh.com,hmac-ripemd160-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,hmac-md5,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96 |
58 | debug2: kex_parse_kexinit: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5-etm@openssh.com,hmac-ripemd160-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,hmac-md5,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96 |
59 | debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib |
60 | debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib |
61 | debug2: kex_parse_kexinit: |
62 | debug2: kex_parse_kexinit: |
63 | debug2: kex_parse_kexinit: first_kex_follows 0 |
64 | debug2: kex_parse_kexinit: reserved 0 |
65 | debug2: kex_parse_kexinit: curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1 |
66 | debug2: kex_parse_kexinit: ssh-rsa,ssh-dss,ecdsa-sha2-nistp256,ssh-ed25519 |
67 | debug2: kex_parse_kexinit: chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr |
68 | debug2: kex_parse_kexinit: chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr |
69 | debug2: kex_parse_kexinit: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1 |
70 | debug2: kex_parse_kexinit: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1 |
71 | debug2: kex_parse_kexinit: none,zlib@openssh.com |
72 | debug2: kex_parse_kexinit: none,zlib@openssh.com |
73 | debug2: kex_parse_kexinit: |
74 | debug2: kex_parse_kexinit: |
75 | debug2: kex_parse_kexinit: first_kex_follows 0 |
76 | debug2: kex_parse_kexinit: reserved 0 |
77 | debug1: kex: server->client chacha20-poly1305@openssh.com <implicit> none |
78 | debug1: kex: client->server chacha20-poly1305@openssh.com <implicit> none |
79 | debug1: expecting SSH2_MSG_KEX_ECDH_REPLY |
80 | debug1: Server host key: ecdsa-sha2-nistp256 SHA256:gOfWfj+BwGF5QxfNzI27E5LsiXAJzRekrKClX3D6gZc |
81 | debug3: hostkeys_foreach: reading file "/data/project/yifeibot/.ssh/known_hosts" |
82 | debug3: hostkeys_foreach: reading file "/etc/ssh/ssh_known_hosts" |
83 | debug3: record_hostkey: found key type RSA in file /etc/ssh/ssh_known_hosts:11 |
84 | debug3: record_hostkey: found key type ECDSA in file /etc/ssh/ssh_known_hosts:12 |
85 | debug3: load_hostkeys: loaded 2 keys from tools-cron-01 |
86 | debug3: hostkeys_foreach: reading file "/data/project/yifeibot/.ssh/known_hosts" |
87 | debug3: hostkeys_foreach: reading file "/etc/ssh/ssh_known_hosts" |
88 | debug3: record_hostkey: found key type RSA in file /etc/ssh/ssh_known_hosts:11 |
89 | debug3: record_hostkey: found key type ECDSA in file /etc/ssh/ssh_known_hosts:12 |
90 | debug3: load_hostkeys: loaded 2 keys from 10.68.23.89 |
91 | debug1: Host 'tools-cron-01' is known and matches the ECDSA host key. |
92 | debug1: Found key in /etc/ssh/ssh_known_hosts:12 |
93 | debug2: set_newkeys: mode 1 |
94 | debug1: SSH2_MSG_NEWKEYS sent |
95 | debug1: expecting SSH2_MSG_NEWKEYS |
96 | debug2: set_newkeys: mode 0 |
97 | debug1: SSH2_MSG_NEWKEYS received |
98 | debug1: Roaming not allowed by server |
99 | debug1: SSH2_MSG_SERVICE_REQUEST sent |
100 | debug2: service_accept: ssh-userauth |
101 | debug1: SSH2_MSG_SERVICE_ACCEPT received |
102 | debug2: key: /data/project/yifeibot/.ssh/id_rsa ((nil)), |
103 | debug2: key: /data/project/yifeibot/.ssh/id_dsa ((nil)), |
104 | debug2: key: /data/project/yifeibot/.ssh/id_ecdsa ((nil)), |
105 | debug2: key: /data/project/yifeibot/.ssh/id_ed25519 ((nil)), |
106 | debug1: Authentications that can continue: publickey,hostbased |
107 | debug3: start over, passed a different list publickey,hostbased |
108 | debug3: preferred gssapi-keyex,gssapi-with-mic,hostbased,publickey,keyboard-interactive,password |
109 | debug3: authmethod_lookup hostbased |
110 | debug3: remaining preferred: publickey,keyboard-interactive,password |
111 | debug3: authmethod_is_enabled hostbased |
112 | debug1: Next authentication method: hostbased |
113 | debug3: userauth_hostbased: trying key type * |
114 | debug1: userauth_hostbased: trying hostkey ecdsa-sha2-nistp256 SHA256:OfgR6GTw8ObBQ1LbS+6NBVik1eEXrpSUvRkKOueUnQc |
115 | debug2: userauth_hostbased: chost tools-bastion-02.tools.eqiad.wmflabs. |
116 | debug3: ssh_msg_send: type 2 |
117 | debug1: permanently_drop_suid: 51201 |
118 | debug3: ssh_msg_recv entering |
119 | debug3: ssh_keysign: [child] pid=5015, exec /usr/lib/openssh/ssh-keysign |
120 | debug2: we sent a hostbased packet, wait for reply |
121 | Connection closed by 10.68.23.89 |
SSHing from user account (i.e. before using become) works. Crontabs are intact.