Could not contact remote server: verify passwordless SSH/RSH

Post Reply
rbadger
Posts: 6
Joined: Mon Jun 22, 2020 6:46 pm
Full Name: Robert Badger
Organization: University of Wisconsin-Stevens Point
Subdiscipline: Chemistry

Could not contact remote server: verify passwordless SSH/RSH

Post by rbadger »

As the subject suggests I am having trouble connecting to my remote compute servers under MacOS 10.15 Catalina. I had originally built our WebMO Enterprise Server on Mac OS 10.12 and didn't have much trouble connecting to remote MacOS compute servers using ssh. Unfortunately the hardware on our original server failed and I am moving to the Catalina server. After some experimentation I built this server from scratch using a user account called webmo. The install went fine and I can do calculations on the server. I have tested passwordless ssh connection to a MacOS 10.15 compute server successfully, but now I get:

Could not contact remote server: verify passwordless SSH/RSH from the WebMO Remote Server Manager page.

I did a little experimentation to examine what is presumably coming back from the server and got the following:

Could not create directory '/Library/WebServer/.ssh'.

Has anybody experienced this kind of problem?
Any help would be appreciated. Thanks, Robert Badger.

schmidt
Posts: 82
Joined: Sat May 30, 2020 3:00 pm
Full Name: JR Schmidt
Organization: WebMO, LLC

Re: Could not contact remote server: verify passwordless SSH/RSH

Post by schmidt »

I have not tried this explicitly on the newest builds of OS X, but the crux of the issue is that Apache runs as a unprivileged user without a home directory. Normally the '.ssh' directory is created under a users home directory, which in this case doesn't exist (or it cannot write to!).

On linux, this problem is circumvented because by default the 'suexec' tool will allow the WebMO scripts to run under user 'webmo'. The suexec tool is not included or installed by default on OS X. With older versions, it was possible to download / compile / install this manually, but I do not know if this is possible with all the new restrictions on OS X.

Here is one idea you could try: Manually create the directory '/Library/WebServer/.ssh' and ensure that it is owned by the user under which apache executes on OS X ('_www', I believe). Also make sure the permissions are right (0700, I believe). This might allow the SSH connection process to work! Let us know what you find!

rbadger
Posts: 6
Joined: Mon Jun 22, 2020 6:46 pm
Full Name: Robert Badger
Organization: University of Wisconsin-Stevens Point
Subdiscipline: Chemistry

Re: Could not contact remote server: verify passwordless SSH/RSH

Post by rbadger »

Your suggestion of copying the webmo/.ssh directory to /Library/WebServer and setting the owner with:

chown -R _www:_www /Library/WebServer/.ssh

gave me the ability to add more compute servers. I did find that, once I had set up and tested passwordless login from the webmo account, I needed to copy the known_hosts file from webmo/.ssh to /Library/WebServer/.ssh so the web server would have computer keys available.

Thanks for the suggestion. Now, if you have any ideas how I can gaussian16 to work, I could get our labs set for fall semester.

Bob Badger

schmidt
Posts: 82
Joined: Sat May 30, 2020 3:00 pm
Full Name: JR Schmidt
Organization: WebMO, LLC

Re: Could not contact remote server: verify passwordless SSH/RSH

Post by schmidt »

Can you be specific? Note that access to Gaussian usually is restricted to folks in the 'gaussian' group. You may need to add the '_www' to this secondary group as well.

polik
Posts: 22
Joined: Fri May 29, 2020 6:20 pm
Full Name: Will Polik
Organization: WebMO LLC

Re: Could not contact remote server: verify passwordless SSH/RSH

Post by polik »

See the Gaussian 16 instructions for adding the webmo user (or other users) to the gaussian group. The key points are to determine what the gaussian group is (499 in the case below) and then use 'usermod -a -G' to add the desired user to the gaussian group.
2. Setup gaussian group and add authorized users to this group

Code: Select all

$ su
# cd /etc
# cp -p group group.bak
# cp -p gshadow gshadow.bak
# grep 499 group
# groupadd -g 499 gaussian
# usermod -a -G gaussian webmo
# usermod -a -G gaussian smith
# usermod -a -G gaussian jones
...
6. Change ownership and permissions

Code: Select all

# chown -R root:gaussian g16
# chmod -R o-rwx g16
# exit

Post Reply