CWP to CWP migration does not connect

Hi!

I have some CWP servers and I need to transfer accounts fromold CWP to new CWP but does not work.
The CWP are in the same version, but OS not, the older is Centos 7 and new is Centos 8.

I done this migrations before with other servers but in this case isn't working.

I have the follow log on /var/log/cwp/account_transfer.log of new server:

2024-05-28 17:58:39 export SSHPASS=************; /usr/bin/sshpass -e /usr/bin/ssh -pXXXX -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -o LogLevel=quiet  root@XXXXXX
2024-05-28 17:58:39 test -d /usr/local/cwp/ && echo 'true' || echo 'false'
2024-05-28 17:58:39 true

2024-05-28 17:58:40 /usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys

Number of key(s) added: 1

Now try logging into the machine, with:   "ssh -p ' XXX' -o 'StrictHostKeyChecking=no' 'root@XXXXXX'"
and check to make sure that only the key(s) you wanted were added.


2024-05-28 17:58:40 export SSHPASS=**********;/usr/bin/sshpass -e ssh-copy-id "-p XXX" root@XXXXXX -o StrictHostKeyChecking=no 2>&1
2024-05-28 17:58:40 /usr/bin/ssh -p XXX -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -o LogLevel=quiet root@XXXXXXXX test -d /usr/local/cwp/ && echo 'true' || echo 'false' 2>&1
2024-05-28 17:58:40 false

We have the first command returned true and the last returned false.

I can connect using SSH to old server in command line.
The port 2403 (API) is open.

I can't figure out what is wrong.

Some one can help me?

Thanks!

Have you temporarily dropped the firewall? Also, a few years back, I had to shorten my r00t password and allow password login to get the API transfer to work. Not sure about currently...

Hi.

Yes, I have disabled the 2 firewalls.
I have read about ahorten password, tried too.

Without success.

Thanks.

You have to make sure port 2304 is open on BOTH servers & networks.
If that still fails, you might have to temporality disable CSF on both. Which you said you did.

The Old server is where you generate the API key.

Then on the New server, you add the API key info under User Accounts -> CWP->CWP Migration, along with the Old servers Public IP, root UN/PW and the correct SSH port.

If you are having other issues, make sure there isn't a hardware firewall somewhere in between.
Same goes if you use SSH Keys, instead of just UN/PW for SSH.

Hi Starbust.

Yes, port 2403 is opened in both servers and firewalls. I can connect to it.

Yes, the API server is generated in old server.

All the informations on new server are valid.
Im trying using root password. I can connect from outside to both servers using root password.
I would like to try to connect using ssh key but I don't find where I put ssh key file on CWP Panel. Can you show me where?
It must be configured in ssh files using console?

I have only these fields in panel:

Server IP
User
Pass
Port ssh
Api Key CWP
Maximum simultaneous transfers

Thanks!

Hi all!

Just to add to this thread a important information about ssh connections.

In log file /var/log/secure on old server, I see two successful connections and two failled connections.

Jun  4 15:08:40 XXXX sshd[21327]: Accepted password for root from xx.xx.xx.xx port 50776 ssh2
Jun  4 15:08:40 XXXX sshd[21327]: pam_unix(sshd:session): session opened for user root by (uid=0)
Jun  4 15:08:41 XXXX sshd[21327]: Received disconnect from xx.xx.xx.xx port 50776:11: disconnected by user
Jun  4 15:08:41 XXXX sshd[21327]: Disconnected from xx.xx.xx.xx port 50776
Jun  4 15:08:41 XXXX sshd[21327]: pam_unix(sshd:session): session closed for user root
Jun  4 15:08:41 XXXX sshd[21339]: Connection closed by xx.xx.xx.xx port 50792 [preauth]
Jun  4 15:08:41 XXXX sshd[21341]: Connection closed by xx.xx.xx.xx port 50798 [preauth]
Jun  4 15:08:41 XXXX sshd[21343]: Accepted password for root from xx.xx.xx.xx port 50808 ssh2
Jun  4 15:08:41 XXXX sshd[21343]: pam_unix(sshd:session): session opened for user root by (uid=0)
Jun  4 15:08:41 XXXX sshd[21343]: Received disconnect from xx.xx.xx.xx port 50808:11: disconnected by user
Jun  4 15:08:41 XXXX sshd[21343]: Disconnected from xx.xx.xx.xx port 50808
Jun  4 15:08:41 XXXX sshd[21343]: pam_unix(sshd:session): session closed for user root
Jun  4 15:08:41 XXXX sshd[21359]: Failed password for root from xx.xx.xx.xx port 50820 ssh2
Jun  4 15:08:41 XXXX sshd[21359]: Failed password for root from xx.xx.xx.xx port 50820 ssh2
Jun  4 15:08:41 XXXX sshd[21359]: Connection closed by xx.xx.xx.xx port 50820 [preauth]


Im still not able to connect and do migrations.

Thanks!

And you have

Code: [Select]

PermitRootLogin yeson both servers sshd_config ?

Hi overseer.

Yes, I have.

I can connect with root using ssh in both servers.
Both servers has key file to login with other ssh user but with "PermitRootLogin yes" it will override key and allow login root with pw.

In my last post, with logs, we can see that ssh does 2 successfull connections.

The last 2 attempts is blocked because password fail.

I can't debug this.

Hi all.

I got this working.

In old (origin) server had following block to enable the user root to login with password in file sshd_config:

Match User root
   PubkeyAuthentication no
   PasswordAuthentication yes
   PermitRootLogin yes

Without success and without any additional information on /var/log/secure log.

Searching on the internet I see this parameter and enabled it on sshd_config:

ChallengeResponseAuthentication yes

Without success too but with addicional log telling me:

pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"

The user root is 0, always. So strange.
Searching on internet again I see this site https://www.ezeelogin.com/kb/article/sshd3167-pam_succeed_if-40;sshdauth-41;-requirement-uid-=-1000-not-met-by-user-root-306.html showing to enable root login by IP with bellow block on sshd_config file:

Match Address NEW_SERVER_IP
       PermitRootLogin yes
       PubkeyAuthentication no
       PasswordAuthentication yes

Done this, restarted SSHD and connection was successful.

Here is the solution in case anyone facing this problem too.

Thanks you all for help!