1. SSH Permission Denied

SSH Permission Denied

Home Forums FABRIC General Questions and Discussion SSH Permission Denied

Viewing 6 posts - 1 through 6 (of 6 total)
  • Author
    Posts
  • #1164
    Susanna Moser
    Participant

      I’m having trouble using the ssh command from the hello_fabric tutorial. My bastion key is uploaded and I’m able to use paramiko but if I try to use the automatically generated ssh command I get this error:

      ssh -i /home/fabric/.ssh/id_rsa_fabric -i /home/fabric/.ssh/id_rsa -J susanna_moser_0051524387@bastion-1.fabric-testbed.net centos@63.239.135.94
      susanna_moser_0051524387@bastion-1.fabric-testbed.net: Permission denied (publickey,gssapi-keyex,gssapi-with-mic).
      kex_exchange_identification: Connection closed by remote host

      Any advice? I’m confused on why it would work with paramiko but not ssh.

      #1166
      ADAM GRIFFITH
      Participant

        Try eval ssh-agent -s followed by ssh-add /path/to/<fabric key file>. Then take your ssh command above, remove the first key option/value and run it again.

        #1168
        Susanna Moser
        Participant

          That worked, thank you!

          #1169
          ADAM GRIFFITH
          Participant

            Extended answer: For my personal sanity I added a pattern resembling to ~/.ssh/config file:

            ### The External Fabric Bastion host
            Host fabric-bastion-host
              HostName bastion-1.fabric-testbed.net
              Port 22
              User susanna_moser_0051524387
              IdentityFile ~/work/id_rsa_fabric
            

            This transforms ssh commands into ssh -J fabric-bastion-host -i ~/.ssh/id_rsa centos@63.239.135.94 without the need for the ssh-agent voodoo.

            #1170
            Susanna Moser
            Participant

              That’s smart, thank you!

              #1187
              Hussam Nasir
              Moderator

                Here is my version of the ssh config file. Its advisable to save it in ~/work/.ssh/config rather than ~/.ssh/config since ~/work is persistent upon re-creation of the jupyterhub instance

                 

                UserKnownHostsFile /dev/null
                StrictHostKeyChecking no
                ServerAliveInterval 120

                Host bastion-?.fabric-testbed.net
                User <your bastion host username>
                ForwardAgent yes
                Hostname %h
                IdentityFile <path to your bastion host private key>
                IdentitiesOnly yes

                Host * !bastion-?.fabric-testbed.net
                ProxyJump <your bastion host username>@bastion-1.fabric-testbed.net:22
                ##ProxyJump <your bastion host username>@bastion-2.fabric-testbed.net:22

                Once this file is saved, you no longer need the -J param as long as this file is included in your ssh command .

                For example.

                ssh -F ~/work/.ssh/config centos@63.239.135.94 should work

              Viewing 6 posts - 1 through 6 (of 6 total)
              • You must be logged in to reply to this topic.