SSH issues with Incomplete SOE Build VMs

October 21, 2014 · by dbversity · in Linux, PostgresSQL

Do you have issues with you SSH in your lab/test VMs which has no proper builds and thus it's effecting SSH Tectia functionality.
No issues, below works for me - please have a try. Not sure how far this is the correct procedure. If you have any further correction procedures, please do reply to this post.

1) Take the backup & remove all the existing dsa/rsa and authorized keys in /etc/opt/SSHtectia/keys/<user_id> & re-generate using generate_keys command for your user being in root.
2) Add the rsa files in the authorization files for the required hosts.
3) Repeat the same in other host if you want vice-versa.
 
For detailed procedure, please refer below.

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\

At host myhostname-04
 
[root@myhostname-04 root]# ll -lhtr
total 24K
-r--r--r-- 1 root root 532 Jul 7 07:11 id_rsa_2048_a.pub
-r-------- 1 root root 1.5K Jul 7 07:11 id_rsa_2048_a
-r--r--r-- 1 root root 136 Jul 7 07:11 identification
-r--r--r-- 1 root root 532 Jul 7 07:14 root_myhostname-04_id_rsa_2048_a.pub
-rw-rw-r-- 1 root root 532 Jul 7 07:16 root_myhostname-03_id_rsa_2048_a.pub
-r--r--r-- 1 root root 285 Jul 7 07:21 authorization
[root@myhostname-04 root]#
[root@myhostname-04 root]# rm -rf *
[root@myhostname-04 root]# cd
[root@myhostname-04 ~]# /opt/tectia/util/generate_keys root
Attempt to generate key pair for root...
Generating 2048-bit rsa key pair
 3 o.oOo.oOo.oO
Key generated.
2048-bit rsa, root@myhostname-04, Mon Jul 07 2014 07:22:26 -0400
Private key saved to /etc/opt/SSHtectia/keys/root/id_rsa_2048_a
Public key saved to /etc/opt/SSHtectia/keys/root/id_rsa_2048_a.pub
Successfully generated the key pair for user root.
Please enter IP address(es) or hostname(s) of trusted SSH client machine(s) separated by space:<Enter for ALL/Specify the HOSTNAME>
 
WARNING: Trusted host relationship is not set up.
[root@myhostname-04 ~]#
[root@myhostname-04 ~]#
[root@myhostname-04 ~]# cd -
/etc/opt/SSHtectia/keys/root
[root@myhostname-04 root]# ll -lhtr
total 16K
-r--r--r-- 1 root root 532 Jul 7 07:22 id_rsa_2048_a.pub
-r-------- 1 root root 1.5K Jul 7 07:22 id_rsa_2048_a
-r--r--r-- 1 root root 136 Jul 7 07:22 identification
-r--r--r-- 1 root root 203 Jul 7 07:22 authorization
[root@myhostname-04 root]# cp id_rsa_2048_a.pub root_myhostname-04_id_rsa_2048_a.pub
[root@myhostname-04 root]#
[root@myhostname-04 root]#
[root@myhostname-04 root]# ll -lhtr
total 20K
-r--r--r-- 1 root root 532 Jul 7 07:22 id_rsa_2048_a.pub
-r-------- 1 root root 1.5K Jul 7 07:22 id_rsa_2048_a
-r--r--r-- 1 root root 136 Jul 7 07:22 identification
-r--r--r-- 1 root root 203 Jul 7 07:22 authorization
-r--r--r-- 1 root root 532 Jul 7 07:24 root_myhostname-04_id_rsa_2048_a.pub
[root@myhostname-04 root]#
[root@myhostname-04 root]#
[root@myhostname-04 root]# scp root_myhostname-04_id_rsa_2048_a.pub hpadmin@myhostname-03:/tmp
Red Hat Enterprise Linux Server release 6.4 (Santiago)
Kernel \r on an \m
 
==================== WARNING - Incomplete SOE Build ====================
 
The DCA Tivoli Common Agent failed to register with your TPM environement.
If you need more help, please contact "*GT DCA Unix Support" or your
regional DCA admin team.
 
PAM Authentication
Password:
root_myhostname-04_id_rsa_2048_a.pub | 532B | 87.6kiB/s | TOC: 00:00:00 | 100%
[root@myhostname-04 root]#
[root@myhostname-04 root]#
[root@myhostname-04 root]#
[root@myhostname-04 root]# cp /tmp/root_myhostname-03_id_rsa_2048_a.pub .
[root@myhostname-04 root]#
[root@myhostname-04 root]# ll -lhtr
total 24K
-r--r--r-- 1 root root 532 Jul 7 07:22 id_rsa_2048_a.pub
-r-------- 1 root root 1.5K Jul 7 07:22 id_rsa_2048_a
-r--r--r-- 1 root root 136 Jul 7 07:22 identification
-r--r--r-- 1 root root 203 Jul 7 07:22 authorization
-r--r--r-- 1 root root 532 Jul 7 07:24 root_myhostname-04_id_rsa_2048_a.pub
-rw-r--r-- 1 root root 532 Jul 7 07:25 root_myhostname-03_id_rsa_2048_a.pub
[root@myhostname-04 root]#
 
 
Modify the authorization file as below.
 
[root@myhostname-04 root]# cat authorization
# SSH Tectia authorized public key in UserConfigDirectory
Key id_rsa_2048_a.pub
Options command="eval $SSH_ORIGINAL_COMMAND"
Key root_myhostname-03_id_rsa_2048_a.pub
Options command="eval $SSH_ORIGINAL_COMMAND"
 
# OpenSSH authorized public key in UserConfigDirectory
Key authorized_keys2
[root@myhostname-04 root]#
 
To test
 
[root@myhostname-04 root]# ssh localhost
Red Hat Enterprise Linux Server release 6.4 (Santiago)
Kernel \r on an \m
 
==================== WARNING - Incomplete SOE Build ====================
 
The DCA Tivoli Common Agent failed to register with your TPM environement.
If you need more help, please contact "*GT DCA Unix Support" or your
regional DCA admin team.
 
Last login: Mon Jul 07 2014 07:49:44 -0400 from localhost,localhost.localdomain,localhost4,localhost4.localdomain4
 
[root@myhostname-04 root]# ssh myhostname-03 "hostname"
Red Hat Enterprise Linux Server release 6.4 (Santiago)
Kernel \r on an \m
 
==================== WARNING - Incomplete SOE Build ====================
 
The DCA Tivoli Common Agent failed to register with your TPM environement.
If you need more help, please contact "*GT DCA Unix Support" or your
regional DCA admin team.
 
myhostname-03
[root@myhostname-04 root]#
 
 
 
 
------------------------------------------------------
 
At host myhostname-03
 
 
 
[root@myhostname-03 root]# ll -lhtr
total 24K
-r--r--r-- 1 root root 532 Jul 7 07:11 id_rsa_2048_a.pub
-r-------- 1 root root 1.5K Jul 7 07:11 id_rsa_2048_a
-r--r--r-- 1 root root 136 Jul 7 07:11 identification
-r--r--r-- 1 root root 532 Jul 7 07:14 root_myhostname-03_id_rsa_2048_a.pub
-rw-rw-r-- 1 root root 532 Jul 7 07:16 root_myhostname-04_id_rsa_2048_a.pub
-r--r--r-- 1 root root 244 Jul 7 07:19 authorization
[root@myhostname-03 root]#
[root@myhostname-03 root]#
[root@myhostname-03 root]# rm -rf *
[root@myhostname-03 root]#
[root@myhostname-03 root]# cd
[root@myhostname-03 ~]# /opt/tectia/util/generate_keys root
Attempt to generate key pair for root...
Generating 2048-bit rsa key pair
 5 .oOo.oOo.oOo
Key generated.
2048-bit rsa, root@myhostname-03, Mon Jul 07 2014 07:22:20 -0400
Private key saved to /etc/opt/SSHtectia/keys/root/id_rsa_2048_a
Public key saved to /etc/opt/SSHtectia/keys/root/id_rsa_2048_a.pub
Successfully generated the key pair for user root.
Please enter IP address(es) or hostname(s) of trusted SSH client machine(s) separated by space: :<Enter for ALL/Specify the HOSTNAME>
 
WARNING: Trusted host relationship is not set up.
[root@myhostname-03 ~]#
[root@myhostname-03 ~]#
[root@myhostname-03 ~]# cd -
/etc/opt/SSHtectia/keys/root
[root@myhostname-03 root]#
[root@myhostname-03 root]# ll -lhtr
total 16K
-r--r--r-- 1 root root 532 Jul 7 07:22 id_rsa_2048_a.pub
-r-------- 1 root root 1.5K Jul 7 07:22 id_rsa_2048_a
-r--r--r-- 1 root root 136 Jul 7 07:22 identification
-r--r--r-- 1 root root 203 Jul 7 07:22 authorization
[root@myhostname-03 root]#
[root@myhostname-03 root]#
[root@myhostname-03 root]#
[root@myhostname-03 root]# cp id_rsa_2048_a.pub root_myhostname-03_id_rsa_2048_a.pub
[root@myhostname-03 root]#
[root@myhostname-03 root]#
[root@myhostname-03 root]#
[root@myhostname-03 root]# ll -lhtr
total 20K
-r--r--r-- 1 root root 532 Jul 7 07:22 id_rsa_2048_a.pub
-r-------- 1 root root 1.5K Jul 7 07:22 id_rsa_2048_a
-r--r--r-- 1 root root 136 Jul 7 07:22 identification
-r--r--r-- 1 root root 203 Jul 7 07:22 authorization
-r--r--r-- 1 root root 532 Jul 7 07:23 root_myhostname-03_id_rsa_2048_a.pub
[root@myhostname-03 root]#
[root@myhostname-03 root]# scp root_myhostname-03_id_rsa_2048_a.pub hpadmin@myhostname-04:/tmp
Red Hat Enterprise Linux Server release 6.4 (Santiago)
Kernel \r on an \m
 
==================== WARNING - Incomplete SOE Build ====================
 
The DCA Tivoli Common Agent failed to register with your TPM environement.
If you need more help, please contact "*GT DCA Unix Support" or your
regional DCA admin team.
 
PAM Authentication
Password:
root_myhostname-03_id_rsa_2048_a.pub | 532B | 54.7kiB/s | TOC: 00:00:00 | 100%
[root@myhostname-03 root]#
[root@myhostname-03 root]#
[root@myhostname-03 root]#
[root@myhostname-03 root]#
[root@myhostname-03 root]# cp /tmp/root_myhostname-04_id_rsa_2048_a.pub .
[root@myhostname-03 root]#
[root@myhostname-03 root]# ll -lhtr
total 24K
-r--r--r-- 1 root root 532 Jul 7 07:22 id_rsa_2048_a.pub
-r-------- 1 root root 1.5K Jul 7 07:22 id_rsa_2048_a
-r--r--r-- 1 root root 136 Jul 7 07:22 identification
-r--r--r-- 1 root root 203 Jul 7 07:22 authorization
-r--r--r-- 1 root root 532 Jul 7 07:23 root_myhostname-03_id_rsa_2048_a.pub
-rw-r--r-- 1 root root 532 Jul 7 07:26 root_myhostname-04_id_rsa_2048_a.pub
[root@myhostname-03 root]#
[root@myhostname-03 root]#
 
 
Modify the authorization file as below.
 
[root@myhostname-03 root]# cat authorization
# SSH Tectia authorized public key in UserConfigDirectory
Key id_rsa_2048_a.pub
Options command="eval $SSH_ORIGINAL_COMMAND"
Key root_myhostname-04_id_rsa_2048_a.pub
Options command="eval $SSH_ORIGINAL_COMMAND"
 
# OpenSSH authorized public key in UserConfigDirectory
Key authorized_keys2
[root@myhostname-03 root]#
 
To test
 
[root@myhostname-03 root]# ssh myhostname-04 ls -lhtr
Red Hat Enterprise Linux Server release 6.4 (Santiago)
Kernel \r on an \m
 
==================== WARNING - Incomplete SOE Build ====================
 
The DCA Tivoli Common Agent failed to register with your TPM environement.
If you need more help, please contact "*GT DCA Unix Support" or your
regional DCA admin team.
 
total 70M
-rwxr-xr-x 1 root root 8.6M Jun 3 07:07 mongo
-rw-r--r-- 1 root root 0 Jun 4 05:52 mongodb-cert.key
-rw-r--r-- 1 root root 61M Jul 2 08:05 hadoop-1.2.1.tar.gz
drwxr-xr-x 16 root root 4.0K Jul 2 08:23 hadoop-1.2.1
[root@myhostname-03 root]#

Any suggestions please!

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\

Example for detailed explanation for user postrges , not root
 
[Lab root @ 12d4-dl585-03 /etc/opt/SSHtectia/keys]# ll -lhtr
total 16K
d--x--x--x 2 root root 4.0K Jan 3 2013 bob
d--x--x--x 2 root root 4.0K Aug 27 16:07 nvmsc
d--x--x--x 2 root root 4.0K Aug 27 16:07 scpar
d--x--x--x 2 root root 4.0K Sep 17 05:17 root
[Lab root @ 12d4-dl585-03 /etc/opt/SSHtectia/keys]
[Lab root @ 12d4-dl585-03 /etc/opt/SSHtectia/keys]# /opt/tectia/util/generate_keys postgres
Attempt to generate key pair for postgres...
Generating 2048-bit rsa key pair
 9 oOo.ooOo.oOo
Key generated.
2048-bit rsa, postgres@12d4-dl585-03, Wed Sep 17 2014 05:38:04 -0400
Private key saved to /etc/opt/SSHtectia/keys/postgres/id_rsa_2048_a
Public key saved to /etc/opt/SSHtectia/keys/postgres/id_rsa_2048_a.pub
Successfully generated the key pair for user postgres.
Please enter IP address(es) or hostname(s) of trusted SSH client machine(s) separated by space:
12d4-dl585-04,12d4-dl585-03
[Lab root @ 12d4-dl585-03 /etc/opt/SSHtectia/keys]# cd postgres/
[Lab root @ 12d4-dl585-03 /etc/opt/SSHtectia/keys/postgres]# ll -lhtr
total 16K
-r-------- 1 postgres root 1.6K Sep 17 05:38 id_rsa_2048_a
-r--r--r-- 1 root root 540 Sep 17 05:38 id_rsa_2048_a.pub
-r--r--r-- 1 root root 244 Sep 17 05:38 authorization
-r--r--r-- 1 root root 136 Sep 17 05:38 identification
[Lab root @ 12d4-dl585-03 /etc/opt/SSHtectia/keys/postgres]#
[Lab root @ 12d4-dl585-03 /etc/opt/SSHtectia/keys/postgres]#
[Lab root @ 12d4-dl585-03 /etc/opt/SSHtectia/keys/postgres]# cp id_rsa_2048_a.pub postgres_12d4-dl585-03_04_id_rsa_2048_a.pub
[Lab root @ 12d4-dl585-03 /etc/opt/SSHtectia/keys/postgres]# 
[Lab root @ 12d4-dl585-03 /etc/opt/SSHtectia/keys/postgres]# scp postgres_12d4-dl585-03_04_id_rsa_2048_a.pub oracle@12d4-dl585-04:/tmp (to other host)
 
 
You are authorized to use this System for approved business purposes only.
Use for any other purpose is prohibited. All transactional records, reports,
email, software and other data generated by or residing upon this System,
to the extent permitted by local law, are the property of cmpnygroup Inc.
or one of its subsidiaries or their affiliates
(individually or collectively ' cmpnygroup ') and may be used by cmpnygroup
for any purpose authorized and permissible in your country of work.
Activities on this System are monitored to the extent permitted by local law.
 
 
 
 
PAM Authentication
Password:
postgres_12d4-dl585-03_04_id_rsa_2048_a.pub | 540B | 59.9kiB/s | TOC: 00:00:00 | 100%
[Lab root @ 12d4-dl585-03 /etc/opt/SSHtectia/keys/postgres]
[Lab root @ 12d4-dl585-03 /etc/opt/SSHtectia/keys/postgres]# cp /tmp/postgres_12d4-dl585-04_04_id_rsa_2048_a.pub . ( Copying it from other host)
[Lab root @ 12d4-dl585-03 /etc/opt/SSHtectia/keys/postgres]#
[Lab root @ 12d4-dl585-03 /etc/opt/SSHtectia/keys/postgres]# ll -lhtr
total 24K
-r-------- 1 postgres root 1.6K Sep 17 05:38 id_rsa_2048_a
-r--r--r-- 1 root root 540 Sep 17 05:38 id_rsa_2048_a.pub
-r--r--r-- 1 root root 244 Sep 17 05:38 authorization
-r--r--r-- 1 root root 136 Sep 17 05:38 identification
-r--r--r-- 1 root root 540 Sep 17 05:39 postgres_12d4-dl585-03_04_id_rsa_2048_a.pub
-rw-r--r-- 1 root root 540 Sep 17 05:44 postgres_12d4-dl585-04_04_id_rsa_2048_a.pub
[Lab root @ 12d4-dl585-03 /etc/opt/SSHtectia/keys/postgres]
[Lab root @ 12d4-dl585-03 /etc/opt/SSHtectia/keys/postgres]# vi authorization
# SSH Tectia authorized public key in UserConfigDirectory
Key id_rsa_2048_a.pub
Options command="eval $SSH_ORIGINAL_COMMAND",allow-from="12d4-dl585-04,12d4-dl585-03"
Key postgres_12d4-dl585-04_04_id_rsa_2048_a.pub
Options command="eval $SSH_ORIGINAL_COMMAND",allow-from="12d4-dl585-04,12d4-dl585-03"
 
 
 
 
# OpenSSH authorized public key in UserConfigDirectory
Key authorized_keys2
~
~
~
~
~
~
~
~
"authorization" 9L, 379C written
[Lab root @ 12d4-dl585-03 /etc/opt/SSHtectia/keys/postgres]#
[Lab root @ 12d4-dl585-03 /etc/opt/SSHtectia/keys/postgres]# su - postgres
-bash-4.1$
-bash-4.1$
-bash-4.1$
-bash-4.1$
-bash-4.1$
-bash-4.1$ ssh 12d4-dl585-04 hostname
 
 
You are authorized to use this System for approved business purposes only.
Use for any other purpose is prohibited. All transactional records, reports,
email, software and other data generated by or residing upon this System,
to the extent permitted by local law, are the property of cmpnygroup Inc.
or one of its subsidiaries or their affiliates
(individually or collectively ' cmpnygroup ') and may be used by cmpnygroup
for any purpose authorized and permissible in your country of work.
Activities on this System are monitored to the extent permitted by local law.
 
 
 
 
PAM Authentication
Password:
12d4-dl585-04
-bash-4.1$
-bash-4.1$
-bash-4.1$
-bash-4.1$

Leave a Reply

← MongoDB graceful shutdown script.

Knowing MongoDB opLog →