Symptoms

PBA for Linux migration fails with the SSH connection failure like in the example below:

[1m 14s] [DEBUG] [SSH::Connection] _scp: root@192.168.1.101:/etc/resolv.conf /migration/pba.app-resolv.conf
[1m 14s] [DEBUG] [SSH::Connection] SCP: Executed local command `scp  -r -o 'Protocol 2' -o 'BatchMode yes'  -o 'StrictHostKeychecking no'  -P 22 root@192.168.1.101:/etc/resolv.conf /migration/pba.app-resolv.conf &>/dev/null`
[1m 14s] [WARN] [SSH::Connection] Failure [256] (scp root@192.168.1.101:/etc/resolv.conf /migration/pba.app-resolv.conf)
[1m 14s] [DIE] [main] Can't get resolv.conf from `pba.app`

The attempt to run the failing command manually on the machine where the PBA Migration script is being executed fails too with the error message:

Permission denied (publickey,password).

The following entry appears in the /var/log/messages file on the PBA Application server during attempt to run the PBA Migration script or the failing command manually:

Oct 23 17:25:49 bm sshd(pam_unix)[2746]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.1.111  user=root

where 192.168.1.111 is the IP address of the server where the migration script is being run.

Cause

The server where the PBA Migration script is being run cannot connect to the PBA Application server using SSH.

Resolution

Allow password-less SSH connection from the migration server (the server where the PBA Migration utility is being run) to the PBA Application server:

  1. Put the content of the RSA key /root/.ssh/id_rsa.pub from the migration server to the /root/.ssh/authorized_keys file on the PBA Application server.

  2. Put the content of the RSA key /root/.ssh/id_dsa.pub from the migration server to the /root/.ssh/authorized_keys2 file on the PBA Application server.

  3. Check that you may log from the migration server to the PBA Apllication server using SSH without password.

Important:

  1. The content of the id_rsa.pub file must be put into the authorized_keys file as single line, without line breaks.
  2. If the .ssh folder is absent on servers - create it using the following commands:

    # mkdir .ssh
    # chmod 700 .ssh
    
  3. If the authorized_keys file is absent - create it:

    # touch .ssh/authorized_keys
    # chmod 600 .ssh/authorized_keys
    
  4. You may use the 'ssh-copy-id' utility to configure password-less SSH connections between the migration server and the PBA Application server.

Internal content