1. Help needed to ssh into fabric from a personal machine

Help needed to ssh into fabric from a personal machine

Home Forums FABRIC General Questions and Discussion Help needed to ssh into fabric from a personal machine

Viewing 7 posts - 1 through 7 (of 7 total)
  • Author
    Posts
  • #2547
    Manas Das
    Participant

      Hi, I want to connect my laptop to fabric, i did everything given in https://learn.fabric-testbed.net/knowledge-base/logging-into-fabric-vms/

      Then I used the following command from my laptop:

      >ssh -F ~/.ssh/fabric-ssh-config -i /home/orky/.ssh/Sliver_key rocky@129.114.110.74

      The ssh config file is as follows:

      UserKnownHostsFile /dev/null
      StrictHostKeyChecking no
      ServerAliveInterval 120

      Host bastion-?.fabric-testbed.net
      User mjdbz4_0000018266
      ForwardAgent yes
      Hostname %h
      IdentityFile /home/orky/.ssh/Bastion_key
      IdentitiesOnly yes

      Host * !bastion-?.fabric-testbed.net
      ProxyJump mjdbz4_0000018266@bastion-1.fabric-testbed.net:22
      ##ProxyJump <your bastion host username>@bastion-2.fabric-testbed.net:22

      The error is:

      Warning: Permanently added ‘bastion-1.fabric-testbed.net’ (ED25519) to the list of known hosts.
      Warning: Permanently added ‘129.114.110.74’ (ED25519) to the list of known hosts.
      rocky@129.114.110.74: Permission denied (publickey,gssapi-keyex,gssapi-with-mic).

      **************************************************************************************

      I cannot even ssh inside the jupyterHub of fabric by using:

      > ssh -i /home/fabric/work/fabric_config/slice_key -J mjdbz4_0000018266@bastion-1.fabric-testbed.net rocky@129.114.110.74

      It throws an error:

      mjdbz4_0000018266@bastion-1.fabric-testbed.net: Permission denied (publickey,gssapi-keyex,gssapi-with-mic).
      kex_exchange_identification: Connection closed by remote host

       

      Please help me finding a solution to this problem.

      Thank you.

      #2549
      Paul Ruth
      Keymaster

        That all looks correct to me.  The only thing I can’t check is if the keys are the correct ones.

        The error suggests that it was able to get through the bastion host and was able to add the VM’s host key.  This would indicate that the sliver key is the one that is incorrect.

        Can you confirm the sliver key is correct? Can you use a Jupyter notebook to run a simple “execute” command on the VM (i.e. like in the Hello, FABRIC example)?

        Also, are you trying to ssh to the VM from the same place you created the VM? If not, did you copy the sliver keys from the place you created the slice? For example, if you created the slice on our JupyterHub and are trying to ssh from your laptop, you will need to copy the keys from your Jupyter environment to your laptop.

         

        #2550
        Manas Das
        Participant

          Thank you very much for the reply Paul. Let me write you the steps that i did from my memory:

          1. Created the Bastion key in fabric UI, download both the keys.

          2. Created the Sliver key in fabric UI, download both the keys.

          3. uploaded the Bastion key to the Jupyter in, /home/fabric/work/fabric_config. But there is already a key called slice_key and slice_key.pub in there.

          4. Run the hello fabric example

          5. From there i got the rocky@IP_address

          6. Fire up the terminal and configure it as stated in the previous comment.

          7. Still can use the slice in the notebook of fabric, in browser. But, I cannot access it from my laptop or within the terminal of Jupyter notebook in fabric itself (in browser) as stated above.

          What is this slice_key? should I copy it and put it as sliver key in my laptop. Or should I upload the Sliver_key from my laptop to /home/fabric/work/fabric_config directory in fabric.

          So, should I copy the slice_key to my laptop? if I do, will this be the sliver_key for this command:

          >ssh -F ~/.ssh/fabric-ssh-config -i /home/orky/.ssh/Sliver_key rocky@129.114.110.74

           

          Please do reply.

          Thank you.

          #2551
          Manas Das
          Participant

            Hi Thanks once again, we have to use the Jupyter environment key to get access. Thanks for the pointer @Paul

            #2552
            Paul Ruth
            Keymaster

              Note there is some inconsistency in our use of the terms slice/sliver keys.  They are the same thing. They are the keys that FABRIC puts in the VMs in your slice.

              Your message helps. I am now certain this is an issue with which slice/sliver keys you are using.  It is an understandable mixup because the slice/sliver key handling is only half implemented and needs to be used carefully until the full implementation is complete.

              Eventually users will create slice/sliver keys in the FABRIC portal and name them.  Then the FABRIC API (FABlib) will require the user to specify a key (by name) to be used in the VMs of a slice.  FABRIC will then put the public half of the key in the VMs and the user can access the VMs using the private half.  This is similar to how AWS or OpenStack works.

              Currently, the FABRIC API does not have the ability to use  slice/sliver keys that are specified in the portal.  As a work around, the API uses a keypair that needs to be accessible wherever the API is run.  In the case of our JupyterHub, there is a keypair in /home/fabric/work/fabric_config and when you load a fablib manager it will be configured to use those keys (or whichever keys are specified in the /home/fabric/work/fabric_config/fabric_rc file). You can check to see which keys you are using with the fablib.show_config() method.

              The fix for your situation is to ignore the slice/sliver keys in the portal and copy the keys used by fablib from your Jupyter environment to your laptop. Then setup the ssh config file and keys exactly like you have been except use the slice/sliver keys you copied from your Jupyter environment.

              Let me know if this works for you.

              #2553
              Manas Das
              Participant

                Hi Paul,

                Hi,Paul

                You are correct, there is inconsistency in slice/sliver key name. I figured it out from your 1st comment. Now everything is working fine. I checked which are the keys used in /home/fabric/work/fabric_config, and used those keys only to login via ssh to the VM. Yes, I ignored the portal key and used only Jupyter environment keys.

                @Paul just a tangent question, how to use one slice on multiple notebooks

                Thank you.

                #2554
                Paul Ruth
                Keymaster

                  You should able to get the slice in another notebook using its name (or ID).   Create a slice in one notebook and then in another notebook do this:

                  slice = fablib.get_slice(name=”MySliceName”)

                  The you should able to get the nodes from the slice or whatever else you need to do.

                  You should be aware that your token can only be used by one notebook at a time.  You can switch back and forth between notebooks but you won’t be able to use the token simultaneously.  However, if you want to run multiple notebooks simultaneously, you can manually get a second token and configure a second notebook to use the second token.

                Viewing 7 posts - 1 through 7 (of 7 total)
                • You must be logged in to reply to this topic.