SSH communication between ocrd-manager and ocrd-controller fails

[SvenMarcus]

It seems there is still an SSH key issue with ocrd-manager and ocrd-controller.
When executing the script step from Kitodo, the ocrd-manager logs show the following:

May  9 06:38:06 ocrd-manager for_production.sh: running with 3 26 /data/3 deu Fraktur ocr.sh CONTROLLER=ocrd-controller:22
May  9 06:38:06 ocrd-manager for_production.sh: '/data/3/images' -> 'ocr-d//data/3'
May  9 06:38:06 ocrd-manager for_production.sh: '/data/3/images/FILE_0010_ORIGINAL.jpg' -> 'ocr-d//data/3/FILE_0010_ORIGINAL.jpg'
May  9 06:38:06 ocrd-manager for_production.sh: '/data/3/images/FILE_0011_ORIGINAL.jpg' -> 'ocr-d//data/3/FILE_0011_ORIGINAL.jpg'
May  9 06:38:06 ocrd-manager for_production.sh: '/data/3/images/FILE_0012_ORIGINAL.jpg' -> 'ocr-d//data/3/FILE_0012_ORIGINAL.jpg'
May  9 06:38:06 ocrd-manager for_production.sh: '/data/3/images/FILE_0013_ORIGINAL.jpg' -> 'ocr-d//data/3/FILE_0013_ORIGINAL.jpg'
May  9 06:38:06 ocrd-manager for_production.sh: '/data/3/images/FILE_0014_ORIGINAL.jpg' -> 'ocr-d//data/3/FILE_0014_ORIGINAL.jpg'
May  9 06:38:06 ocrd-manager for_production.sh: async mode - exit and signal end of processing using active mq client
May  9 06:38:06 ocrd-manager for_production.sh: Warning: Permanently added the ECDSA host key for IP address '172.19.0.5' to the list of known hosts.#015
May  9 06:38:06 ocrd-manager for_production.sh: Permission denied, please try again.#015
May  9 06:38:06 ocrd-manager for_production.sh: Permission denied, please try again.#015
May  9 06:38:06 ocrd-manager for_production.sh: ocrd@ocrd-controller: Permission denied (publickey,password).#015

[markusweigelt]

@SvenMarcus Thx i will check the permissions

May  9 06:38:06 ocrd-manager for_production.sh: Warning: Permanently added the ECDSA host key for IP address '172.19.0.5' to the list of known hosts.#015

Last week i changed the behavior so that the ip is added to the known host. Is the ocrd manager submodule up to date?

[SvenMarcus]

We still got this error with the version from May 24th

Warning: Permanently added the ECDSA host key for IP address '172.19.0.5' to the list of known hosts.#015
Permission denied, please try again.#015
Permission denied, please try again.#015
ocrd@ocrd-controller: Permission denied (publickey,password).#015

Adding -i ~/.ssh/id_rsa in /usr/bin/ocr.sh in the ocrd-manager solves the issue.

ocrd_exec () {
    logger -p user.info -t $TASK "execute commands via ssh by the controller"
    {
        echo "set -e"
        for param in "$@"
        do
            $param
        done
    } | ssh -i ~/.ssh/id_rsa -T -p "${CONTROLLERPORT}" ocrd@${CONTROLLERHOST} 2>&1 | logger -p user.info -t $TASK
}

[bertsky]

Adding -i ~/.ssh/id_rsa in /usr/bin/ocr.sh in the ocrd-manager solves the issue.

That's odd. This is already the default search path for the OpenSSH client! (See IdentityFile in man ssh_config.)

The only relevant difference between the default and the CLI setting may be the time at which ~ is expanded: Perhaps it can be resolved to / by the shell correctly, but not by ssh?

[bertsky]

Still seems to be broken, says @SvenMarcus