Migration stuck

Discussion in 'Plugins/Modules/Addons' started by Stokesy, Feb 26, 2024.

  1. Stokesy

    Stokesy Member

    I am using the ISPConfig migration tool to try and migrate an ISPConfig 3 installation from a very old Ubuntu 14.04 VPS to a new 22.04 linode.
    I have installed ISPConfig on the destination and setup remote user (following the guide here@: https://www.howtoforge.com/tutorial...-confixx-plesk-to-ispconfig-31-single-server/ ).
    running migrate (dry run) on the source is getting stuck in a loop repeating:

    What is the ip for the target web server to connect via SSH? []:
    What is the SSH port? [22]:
    Now we transfer the key to the target server.
    /usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
    /usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
    [email protected]'s password:
    Number of key(s) added: 1
    Now try logging into the machine, with: "ssh -p '22' -o 'StrictHostKeyChecking=no' -o 'ConnectTimeout=5' '[email protected]'"
    and check to make sure that only the key(s) you wanted were added.

    ...any ideas how I can move it on?
  2. pyte

    pyte Well-Known Member HowtoForge Supporter

    Did the ssh-copy-id work? Can you login to the remote host without a password now?
  3. Stokesy

    Stokesy Member

    SSH as root - No actually I can't - what might be causing this to fail? and can I bypass the issue?
  4. Stokesy

    Stokesy Member

    BTW I did enable root login in ssh (and I can login with password)
  5. pyte

    pyte Well-Known Member HowtoForge Supporter

    In the guide you posted there are two possible solutions mentioned:
    You could temporiarily enable SSH root login on the remote host.
  6. Stokesy

    Stokesy Member

    I was trying the second route - I'll have a go at the first... Thanks
  7. pyte

    pyte Well-Known Member HowtoForge Supporter

    Just set "PermitRootLogin yes" in the sshd config on the remote system and try to login with root@remoteserver from the other system. This should work
  8. Stokesy

    Stokesy Member

    Yeah that has been in place all along.
    Manually used ssh-copy-id [email protected] to copy key to destination and it is appearing in .ssh/authorized_keys there
    but still can't login without password
    THe sshd_config authorization on destination now (I changed PubkeyAuthentication to yes and uncommmented AuthorizedKeysFile line) reads:

    #LoginGraceTime 2m PermitRootLogin yes #StrictModes yes #MaxAuthTries 6 #MaxSessions 10
    PubkeyAuthentication yes
    Expect .ssh/authorized_keys2 to be disregarded by default in future.
    AuthorizedKeysFile .ssh/authorized_keys .ssh/authorized_keys2
    #AuthorizedPrincipalsFile none
    #AuthorizedKeysCommand none #AuthorizedKeysCommandUser nobody
    For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
    #HostbasedAuthentication no
    Change to yes if you don't trust ~/.ssh/known_hosts for
    #IgnoreUserKnownHosts no
    Don't read the user's ~/.rhosts and ~/.shosts files
    #IgnoreRhosts yes

    Last edited: Feb 26, 2024
  9. pyte

    pyte Well-Known Member HowtoForge Supporter

    You don't need key-based authentification at all. Just enable root login via PermitRootLogin as you already have and try to login to the remote host with root@remoteserverip and the password. If that is working you can use the migration toolkit

    Just remember to disable root login after the migration, for obvious security reasons
  10. Stokesy

    Stokesy Member

    My understanding is that migrate doesn't just use password authentification, it just uses it to setup the passwordless ssh (don't know why!) - from the guide:
    '...Or allow root access via ssh to the target by password (temporarily). The Migration Tool will then call ssh-keygen and ssh-copy-id for you...'
    I tried it with just password authentification several times and it falls over when it copies the key and (presumably) tries to establish a connection... starts looping back to 'What is the ip for the target web server to connect via SSH?'
    I ended up with loads of copies of the key in authorized_keys on destination....
    I have now run out of ideas...
  11. pyte

    pyte Well-Known Member HowtoForge Supporter

    That is true. But i do not understand why it shouldn't work.

    So just to make this clear:

    You generate a keypair on the Source with (Don't specify a password for the key itself just hit enter):
    ssh-keygen -t rsa -b 2048

    Then you use this command on the Source system:
    ssh-copy-id root@remote_host

    Make sure you are logged in with the user you are running the migration toolkit with!

    After that connect to the remote system:
    ssh -vvv root@remote_host

    May provide the output of that verbose ssh connect command to see what might cause the issue
  12. till

    till Super Moderator Staff Member ISPConfig Developer

    Try adding:

    PubkeyAcceptedAlgorithms +ssh-rsa
    in /etc/ssh/sshd_config on the Ubuntu 22.04 system and restart sshd afterwards. Most likely, the ssh client from Ubuntu 14.04 is too old to connect to Ubuntu 22.04 as Ubuntu 22.04 has disabled some of the older ciphers.
    pyte likes this.
  13. pyte

    pyte Well-Known Member HowtoForge Supporter

    That is a good hint indeed. The ssh -vvv option will confirm this if thats the case
  14. Stokesy

    Stokesy Member

    Nice one Til - that solved it!
    Many thanks

    till likes this.
  15. Stokesy

    Stokesy Member

    ...and thanks for your help @pyte!

Share This Page