Control Web Panel
WebPanel => Migration from other control panels => Topic started by: adrianofnatal on May 28, 2024, 06:32:20 PM
-
Hi!
I have some CWP servers and I need to transfer accounts fromold CWP to new CWP but does not work.
The CWP are in the same version, but OS not, the older is Centos 7 and new is Centos 8.
I done this migrations before with other servers but in this case isn't working.
I have the follow log on /var/log/cwp/account_transfer.log of new server:
2024-05-28 17:58:39 export SSHPASS=************; /usr/bin/sshpass -e /usr/bin/ssh -pXXXX -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -o LogLevel=quiet root@XXXXXX
2024-05-28 17:58:39 test -d /usr/local/cwp/ && echo 'true' || echo 'false'
2024-05-28 17:58:39 true
2024-05-28 17:58:40 /usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
Number of key(s) added: 1
Now try logging into the machine, with: "ssh -p ' XXX' -o 'StrictHostKeyChecking=no' 'root@XXXXXX'"
and check to make sure that only the key(s) you wanted were added.
2024-05-28 17:58:40 export SSHPASS=**********;/usr/bin/sshpass -e ssh-copy-id "-p XXX" root@XXXXXX -o StrictHostKeyChecking=no 2>&1
2024-05-28 17:58:40 /usr/bin/ssh -p XXX -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -o LogLevel=quiet root@XXXXXXXX test -d /usr/local/cwp/ && echo 'true' || echo 'false' 2>&1
2024-05-28 17:58:40 false
We have the first command returned true and the last returned false.
I can connect using SSH to old server in command line.
The port 2403 (API) is open.
I can't figure out what is wrong.
Some one can help me?
Thanks!
-
Have you temporarily dropped the firewall? Also, a few years back, I had to shorten my r00t password and allow password login to get the API transfer to work. Not sure about currently...
-
Hi.
Yes, I have disabled the 2 firewalls.
I have read about ahorten password, tried too.
Without success.
Thanks.
-
You have to make sure port 2304 is open on BOTH servers & networks.
If that still fails, you might have to temporality disable CSF on both. Which you said you did.
The Old server is where you generate the API key.
Then on the New server, you add the API key info under User Accounts -> CWP->CWP Migration, along with the Old servers Public IP, root UN/PW and the correct SSH port.
If you are having other issues, make sure there isn't a hardware firewall somewhere in between.
Same goes if you use SSH Keys, instead of just UN/PW for SSH.
-
Hi Starbust.
Yes, port 2403 is opened in both servers and firewalls. I can connect to it.
Yes, the API server is generated in old server.
All the informations on new server are valid.
Im trying using root password. I can connect from outside to both servers using root password.
I would like to try to connect using ssh key but I don't find where I put ssh key file on CWP Panel. Can you show me where?
It must be configured in ssh files using console?
I have only these fields in panel:
Server IP
User
Pass
Port ssh
Api Key CWP
Maximum simultaneous transfers
Thanks!
-
Hi all!
Just to add to this thread a important information about ssh connections.
In log file /var/log/secure on old server, I see two successful connections and two failled connections.
Jun 4 15:08:40 XXXX sshd[21327]: Accepted password for root from xx.xx.xx.xx port 50776 ssh2
Jun 4 15:08:40 XXXX sshd[21327]: pam_unix(sshd:session): session opened for user root by (uid=0)
Jun 4 15:08:41 XXXX sshd[21327]: Received disconnect from xx.xx.xx.xx port 50776:11: disconnected by user
Jun 4 15:08:41 XXXX sshd[21327]: Disconnected from xx.xx.xx.xx port 50776
Jun 4 15:08:41 XXXX sshd[21327]: pam_unix(sshd:session): session closed for user root
Jun 4 15:08:41 XXXX sshd[21339]: Connection closed by xx.xx.xx.xx port 50792 [preauth]
Jun 4 15:08:41 XXXX sshd[21341]: Connection closed by xx.xx.xx.xx port 50798 [preauth]
Jun 4 15:08:41 XXXX sshd[21343]: Accepted password for root from xx.xx.xx.xx port 50808 ssh2
Jun 4 15:08:41 XXXX sshd[21343]: pam_unix(sshd:session): session opened for user root by (uid=0)
Jun 4 15:08:41 XXXX sshd[21343]: Received disconnect from xx.xx.xx.xx port 50808:11: disconnected by user
Jun 4 15:08:41 XXXX sshd[21343]: Disconnected from xx.xx.xx.xx port 50808
Jun 4 15:08:41 XXXX sshd[21343]: pam_unix(sshd:session): session closed for user root
Jun 4 15:08:41 XXXX sshd[21359]: Failed password for root from xx.xx.xx.xx port 50820 ssh2
Jun 4 15:08:41 XXXX sshd[21359]: Failed password for root from xx.xx.xx.xx port 50820 ssh2
Jun 4 15:08:41 XXXX sshd[21359]: Connection closed by xx.xx.xx.xx port 50820 [preauth]
Im still not able to connect and do migrations.
Thanks!
-
And you have
PermitRootLogin yeson both servers sshd_config ?
-
Hi overseer.
Yes, I have.
I can connect with root using ssh in both servers.
Both servers has key file to login with other ssh user but with "PermitRootLogin yes" it will override key and allow login root with pw.
In my last post, with logs, we can see that ssh does 2 successfull connections.
The last 2 attempts is blocked because password fail.
I can't debug this.
-
Hi all.
I got this working.
In old (origin) server had following block to enable the user root to login with password in file sshd_config:
Match User root
PubkeyAuthentication no
PasswordAuthentication yes
PermitRootLogin yes
Without success and without any additional information on /var/log/secure log.
Searching on the internet I see this parameter and enabled it on sshd_config:
ChallengeResponseAuthentication yes
Without success too but with addicional log telling me:
pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
The user root is 0, always. So strange.
Searching on internet again I see this site https://www.ezeelogin.com/kb/article/sshd3167-pam_succeed_if-40;sshdauth-41;-requirement-uid-=-1000-not-met-by-user-root-306.html showing to enable root login by IP with bellow block on sshd_config file:
Match Address NEW_SERVER_IP
PermitRootLogin yes
PubkeyAuthentication no
PasswordAuthentication yes
Done this, restarted SSHD and connection was successful.
Here is the solution in case anyone facing this problem too.
Thanks you all for help!
-
I'm glad you managed to do it, because I'm now having the same problem, I even hired the managed service, from cwp itself and they can't or don't want to do it, including restoring backups doesn't work either.
-
I am having the same issue. CWP Almalinux 8 to CWP Almalinux 8
Connection not reached
I am having the same issue. CWP Almalinux 8 to CWP Almalinux 8
Connection not reached
Account_Transfer.Log
2025-01-06 22:50:33 /usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the ECDSA key sent by the remote host is
SHA256:rbaIoOc/asdf09a8sd90f890as8df9a0sdf8.
Please contact your system administrator.
Add correct host key in /root/.ssh/known_hosts to get rid of this message.
Offending ECDSA key in /root/.ssh/known_hosts:1
Password authentication is disabled to avoid man-in-the-middle attacks.
Keyboard-interactive authentication is disabled to avoid man-in-the-middle attacks.
root@IPADDRESS: Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password).
2025-01-06 22:50:33 export SSHPASS=**********;/usr/bin/sshpass -e ssh-copy-id root@IPADDRESS -o StrictHostKeyChecking=no 2>&1
2025-01-06 22:50:33 /usr/bin/ssh -p 22 -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -o LogLevel=quiet root@IPADDRESS test -d /usr/local/cwp/ && echo 'true' || echo 'false' 2>&1
2025-01-06 22:50:33 false
-
cat /dev/null > /root/.ssh/known_hosts
then try again.
-
Same error
-
Did you do it on both (source and destination) servers ?
-
Make sue Port 2304 is open as mentioned before.
Usually it's the firewall blocking a connection, if you have your whitelisted on both and that port open.
Temporarily disable CSF, and try to connect, if it does, then you've narrowed it down to the firewall.
-
disable firewall both server
-
Hi all.
I got this working.
In old (origin) server had following block to enable the user root to login with password in file sshd_config:
Match User root
PubkeyAuthentication no
PasswordAuthentication yes
PermitRootLogin yes
Without success and without any additional information on /var/log/secure log.
Searching on the internet I see this parameter and enabled it on sshd_config:
ChallengeResponseAuthentication yes
Without success too but with addicional log telling me:
pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
The user root is 0, always. So strange.
Searching on internet again I see this site https://www.ezeelogin.com/kb/article/sshd3167-pam_succeed_if-40;sshdauth-41;-requirement-uid-=-1000-not-met-by-user-root-306.html showing to enable root login by IP with bellow block on sshd_config file:
Match Address NEW_SERVER_IP
PermitRootLogin yes
PubkeyAuthentication no
PasswordAuthentication yes
Done this, restarted SSHD and connection was successful.
Here is the solution in case anyone facing this problem too.
Thanks you all for help!
If i add match address ip sshd cant restart
-
Just omit that stanza in your SSH config. Good to lock things down after it is set up & working, but securing things prematurely will hinder your setup or potentially lock you at.
-
whch stanza r u saying and kindly help more than 48hrs am trying cwp migration both server are almalinux 8 only followed the procedure properly but getting msg connection not reached this error occured and source side amd getting this error msg
Jan 29 23:11:09 cwp.s4hosting.in sshd[87946]: error: PAM: Authentication failure for root from xxxxxxx
Jan 29 23:11:09 cwp.s4hosting.in sshd[87951]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ss>
Jan 29 23:11:12 cwp.s4hosting.in sshd[87946]: error: PAM: Authentication failure for root from xxxxxxx
Jan 29 23:11:12 cwp.s4hosting.in sshd[87960]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ss>
Jan 29 23:11:13 cwp.s4hosting.in sshd[87946]: error: PAM: Authentication failure for root from xxxxxxxx
Jan 29 23:11:13 cwp.s4hosting.in sshd[87946]: Failed password for root from xxxxxxxxxx port 58902 ssh2
Jan 29 23:11:13 cwp.s4hosting.in sshd[87946]: Failed password for root from xxxxxxxxxxx port 58902 ssh2
Jan 29 23:11:13 cwp.s4hosting.in sshd[87946]: Connection closed by authenticating user root xxxxxxxx port 58902 [>
Jan 29 23:14:20 cwp.s4hosting.in sshd[88181]: Accepted keyboard-interactive/pam for root from xxxxxxxx port 14457 >
Jan 29 23:14:21 cwp.s4hosting.in sshd[88181]: pam_unix(sshd:session): session opened for user root by (uid=0)
-
whch stanza r u saying and kindly help more than 48hrs am trying cwp migration both server are almalinux 8 only followed the procedure properly but getting msg connection not reached this error occured and source side amd getting this error msg
Jan 29 23:11:09 cwp.s4hosting.in sshd[87946]: error: PAM: Authentication failure for root from xxxxxxx
Jan 29 23:11:09 cwp.s4hosting.in sshd[87951]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ss>
Jan 29 23:11:12 cwp.s4hosting.in sshd[87946]: error: PAM: Authentication failure for root from xxxxxxx
Jan 29 23:11:12 cwp.s4hosting.in sshd[87960]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ss>
Jan 29 23:11:13 cwp.s4hosting.in sshd[87946]: error: PAM: Authentication failure for root from xxxxxxxx
Jan 29 23:11:13 cwp.s4hosting.in sshd[87946]: Failed password for root from xxxxxxxxxx port 58902 ssh2
Jan 29 23:11:13 cwp.s4hosting.in sshd[87946]: Failed password for root from xxxxxxxxxxx port 58902 ssh2
Jan 29 23:11:13 cwp.s4hosting.in sshd[87946]: Connection closed by authenticating user root xxxxxxxx port 58902 [>
Jan 29 23:14:20 cwp.s4hosting.in sshd[88181]: Accepted keyboard-interactive/pam for root from xxxxxxxx port 14457 >
Jan 29 23:14:21 cwp.s4hosting.in sshd[88181]: pam_unix(sshd:session): session opened for user root by (uid=0)
I have succeeded after 2 days of head brake the problem is in private key id_rsa permission issue it was in 644 and changed to 600 after so many reasearches and studies of sshd config......