1. Help needed to ssh into fabric from a personal machine

Help needed to ssh into fabric from a personal machine

Home Forums FABRIC General Questions and Discussion Help needed to ssh into fabric from a personal machine

Viewing 7 posts - 1 through 7 (of 7 total)
  • Author
  • #2547
    Manas Das

    Hi, I want to connect my laptop to fabric, i did everything given in https://learn.fabric-testbed.net/knowledge-base/logging-into-fabric-vms/

    Then I used the following command from my laptop:

    >ssh -F ~/.ssh/fabric-ssh-config -i /home/orky/.ssh/Sliver_key rocky@

    The ssh config file is as follows:

    UserKnownHostsFile /dev/null
    StrictHostKeyChecking no
    ServerAliveInterval 120

    Host bastion-?.fabric-testbed.net
    User mjdbz4_0000018266
    ForwardAgent yes
    Hostname %h
    IdentityFile /home/orky/.ssh/Bastion_key
    IdentitiesOnly yes

    Host * !bastion-?.fabric-testbed.net
    ProxyJump mjdbz4_0000018266@bastion-1.fabric-testbed.net:22
    ##ProxyJump <your bastion host username>@bastion-2.fabric-testbed.net:22

    The error is:

    Warning: Permanently added ‘bastion-1.fabric-testbed.net’ (ED25519) to the list of known hosts.
    Warning: Permanently added ‘’ (ED25519) to the list of known hosts.
    rocky@ Permission denied (publickey,gssapi-keyex,gssapi-with-mic).


    I cannot even ssh inside the jupyterHub of fabric by using:

    > ssh -i /home/fabric/work/fabric_config/slice_key -J mjdbz4_0000018266@bastion-1.fabric-testbed.net rocky@

    It throws an error:

    mjdbz4_0000018266@bastion-1.fabric-testbed.net: Permission denied (publickey,gssapi-keyex,gssapi-with-mic).
    kex_exchange_identification: Connection closed by remote host


    Please help me finding a solution to this problem.

    Thank you.

    Paul Ruth

    That all looks correct to me.  The only thing I can’t check is if the keys are the correct ones.

    The error suggests that it was able to get through the bastion host and was able to add the VM’s host key.  This would indicate that the sliver key is the one that is incorrect.

    Can you confirm the sliver key is correct? Can you use a Jupyter notebook to run a simple “execute” command on the VM (i.e. like in the Hello, FABRIC example)?

    Also, are you trying to ssh to the VM from the same place you created the VM? If not, did you copy the sliver keys from the place you created the slice? For example, if you created the slice on our JupyterHub and are trying to ssh from your laptop, you will need to copy the keys from your Jupyter environment to your laptop.


    Manas Das

    Thank you very much for the reply Paul. Let me write you the steps that i did from my memory:

    1. Created the Bastion key in fabric UI, download both the keys.

    2. Created the Sliver key in fabric UI, download both the keys.

    3. uploaded the Bastion key to the Jupyter in, /home/fabric/work/fabric_config. But there is already a key called slice_key and slice_key.pub in there.

    4. Run the hello fabric example

    5. From there i got the rocky@IP_address

    6. Fire up the terminal and configure it as stated in the previous comment.

    7. Still can use the slice in the notebook of fabric, in browser. But, I cannot access it from my laptop or within the terminal of Jupyter notebook in fabric itself (in browser) as stated above.

    What is this slice_key? should I copy it and put it as sliver key in my laptop. Or should I upload the Sliver_key from my laptop to /home/fabric/work/fabric_config directory in fabric.

    So, should I copy the slice_key to my laptop? if I do, will this be the sliver_key for this command:

    >ssh -F ~/.ssh/fabric-ssh-config -i /home/orky/.ssh/Sliver_key rocky@


    Please do reply.

    Thank you.

    Manas Das

    Hi Thanks once again, we have to use the Jupyter environment key to get access. Thanks for the pointer @Paul

    Paul Ruth

    Note there is some inconsistency in our use of the terms slice/sliver keys.  They are the same thing. They are the keys that FABRIC puts in the VMs in your slice.

    Your message helps. I am now certain this is an issue with which slice/sliver keys you are using.  It is an understandable mixup because the slice/sliver key handling is only half implemented and needs to be used carefully until the full implementation is complete.

    Eventually users will create slice/sliver keys in the FABRIC portal and name them.  Then the FABRIC API (FABlib) will require the user to specify a key (by name) to be used in the VMs of a slice.  FABRIC will then put the public half of the key in the VMs and the user can access the VMs using the private half.  This is similar to how AWS or OpenStack works.

    Currently, the FABRIC API does not have the ability to use  slice/sliver keys that are specified in the portal.  As a work around, the API uses a keypair that needs to be accessible wherever the API is run.  In the case of our JupyterHub, there is a keypair in /home/fabric/work/fabric_config and when you load a fablib manager it will be configured to use those keys (or whichever keys are specified in the /home/fabric/work/fabric_config/fabric_rc file). You can check to see which keys you are using with the fablib.show_config() method.

    The fix for your situation is to ignore the slice/sliver keys in the portal and copy the keys used by fablib from your Jupyter environment to your laptop. Then setup the ssh config file and keys exactly like you have been except use the slice/sliver keys you copied from your Jupyter environment.

    Let me know if this works for you.

    Manas Das

    Hi Paul,


    You are correct, there is inconsistency in slice/sliver key name. I figured it out from your 1st comment. Now everything is working fine. I checked which are the keys used in /home/fabric/work/fabric_config, and used those keys only to login via ssh to the VM. Yes, I ignored the portal key and used only Jupyter environment keys.

    @Paul just a tangent question, how to use one slice on multiple notebooks

    Thank you.

    Paul Ruth

    You should able to get the slice in another notebook using its name (or ID).   Create a slice in one notebook and then in another notebook do this:

    slice = fablib.get_slice(name=”MySliceName”)

    The you should able to get the nodes from the slice or whatever else you need to do.

    You should be aware that your token can only be used by one notebook at a time.  You can switch back and forth between notebooks but you won’t be able to use the token simultaneously.  However, if you want to run multiple notebooks simultaneously, you can manually get a second token and configure a second notebook to use the second token.

Viewing 7 posts - 1 through 7 (of 7 total)
  • You must be logged in to reply to this topic.