Home › Forums › FABRIC General Questions and Discussion › Help needed to ssh into fabric from a personal machine
Tagged: computer, laptop, permission denied, publickey, ssh
- This topic has 6 replies, 2 voices, and was last updated 2 years, 4 months ago by Paul Ruth.
-
AuthorPosts
-
July 29, 2022 at 12:02 pm #2547
Hi, I want to connect my laptop to fabric, i did everything given in https://learn.fabric-testbed.net/knowledge-base/logging-into-fabric-vms/
Then I used the following command from my laptop:
>ssh -F ~/.ssh/fabric-ssh-config -i /home/orky/.ssh/Sliver_key rocky@129.114.110.74
The ssh config file is as follows:
UserKnownHostsFile /dev/null
StrictHostKeyChecking no
ServerAliveInterval 120Host bastion-?.fabric-testbed.net
User mjdbz4_0000018266
ForwardAgent yes
Hostname %h
IdentityFile /home/orky/.ssh/Bastion_key
IdentitiesOnly yesHost * !bastion-?.fabric-testbed.net
ProxyJump mjdbz4_0000018266@bastion-1.fabric-testbed.net:22
##ProxyJump <your bastion host username>@bastion-2.fabric-testbed.net:22The error is:
Warning: Permanently added ‘bastion-1.fabric-testbed.net’ (ED25519) to the list of known hosts.
Warning: Permanently added ‘129.114.110.74’ (ED25519) to the list of known hosts.
rocky@129.114.110.74: Permission denied (publickey,gssapi-keyex,gssapi-with-mic).**************************************************************************************
I cannot even ssh inside the jupyterHub of fabric by using:
> ssh -i /home/fabric/work/fabric_config/slice_key -J mjdbz4_0000018266@bastion-1.fabric-testbed.net rocky@129.114.110.74
It throws an error:
mjdbz4_0000018266@bastion-1.fabric-testbed.net: Permission denied (publickey,gssapi-keyex,gssapi-with-mic).
kex_exchange_identification: Connection closed by remote hostPlease help me finding a solution to this problem.
Thank you.
July 29, 2022 at 12:51 pm #2549That all looks correct to me. The only thing I can’t check is if the keys are the correct ones.
The error suggests that it was able to get through the bastion host and was able to add the VM’s host key. This would indicate that the sliver key is the one that is incorrect.
Can you confirm the sliver key is correct? Can you use a Jupyter notebook to run a simple “execute” command on the VM (i.e. like in the Hello, FABRIC example)?
Also, are you trying to ssh to the VM from the same place you created the VM? If not, did you copy the sliver keys from the place you created the slice? For example, if you created the slice on our JupyterHub and are trying to ssh from your laptop, you will need to copy the keys from your Jupyter environment to your laptop.
July 29, 2022 at 1:25 pm #2550Thank you very much for the reply Paul. Let me write you the steps that i did from my memory:
1. Created the Bastion key in fabric UI, download both the keys.
2. Created the Sliver key in fabric UI, download both the keys.
3. uploaded the Bastion key to the Jupyter in, /home/fabric/work/fabric_config. But there is already a key called slice_key and slice_key.pub in there.
4. Run the hello fabric example
5. From there i got the rocky@IP_address
6. Fire up the terminal and configure it as stated in the previous comment.
7. Still can use the slice in the notebook of fabric, in browser. But, I cannot access it from my laptop or within the terminal of Jupyter notebook in fabric itself (in browser) as stated above.
What is this slice_key? should I copy it and put it as sliver key in my laptop. Or should I upload the Sliver_key from my laptop to /home/fabric/work/fabric_config directory in fabric.
So, should I copy the slice_key to my laptop? if I do, will this be the sliver_key for this command:
>ssh -F ~/.ssh/fabric-ssh-config -i /home/orky/.ssh/Sliver_key rocky@129.114.110.74
Please do reply.
Thank you.
July 29, 2022 at 2:46 pm #2551Hi Thanks once again, we have to use the Jupyter environment key to get access. Thanks for the pointer @Paul
July 30, 2022 at 7:16 am #2552Note there is some inconsistency in our use of the terms slice/sliver keys. They are the same thing. They are the keys that FABRIC puts in the VMs in your slice.
Your message helps. I am now certain this is an issue with which slice/sliver keys you are using. It is an understandable mixup because the slice/sliver key handling is only half implemented and needs to be used carefully until the full implementation is complete.
Eventually users will create slice/sliver keys in the FABRIC portal and name them. Then the FABRIC API (FABlib) will require the user to specify a key (by name) to be used in the VMs of a slice. FABRIC will then put the public half of the key in the VMs and the user can access the VMs using the private half. This is similar to how AWS or OpenStack works.
Currently, the FABRIC API does not have the ability to use slice/sliver keys that are specified in the portal. As a work around, the API uses a keypair that needs to be accessible wherever the API is run. In the case of our JupyterHub, there is a keypair in
/home/fabric/work/fabric_config
and when you load a fablib manager it will be configured to use those keys (or whichever keys are specified in the/home/fabric/work/fabric_config/fabric_rc
file). You can check to see which keys you are using with thefablib.show_config()
method.The fix for your situation is to ignore the slice/sliver keys in the portal and copy the keys used by fablib from your Jupyter environment to your laptop. Then setup the ssh config file and keys exactly like you have been except use the slice/sliver keys you copied from your Jupyter environment.
Let me know if this works for you.
July 30, 2022 at 11:41 am #2553Hi Paul,
Hi,Paul
You are correct, there is inconsistency in slice/sliver key name. I figured it out from your 1st comment. Now everything is working fine. I checked which are the keys used in /home/fabric/work/fabric_config, and used those keys only to login via ssh to the VM. Yes, I ignored the portal key and used only Jupyter environment keys.
@Paul just a tangent question, how to use one slice on multiple notebooks
Thank you.
July 30, 2022 at 1:10 pm #2554You should able to get the slice in another notebook using its name (or ID). Create a slice in one notebook and then in another notebook do this:
slice = fablib.get_slice(name=”MySliceName”)
The you should able to get the nodes from the slice or whatever else you need to do.
You should be aware that your token can only be used by one notebook at a time. You can switch back and forth between notebooks but you won’t be able to use the token simultaneously. However, if you want to run multiple notebooks simultaneously, you can manually get a second token and configure a second notebook to use the second token.
-
AuthorPosts
- You must be logged in to reply to this topic.