- This topic has 5 replies, 3 voices, and was last updated 3 years ago by .
Viewing 6 posts - 1 through 6 (of 6 total)
Viewing 6 posts - 1 through 6 (of 6 total)
- You must be logged in to reply to this topic.
Home › Forums › FABRIC General Questions and Discussion › SSH Permission Denied
I’m having trouble using the ssh command from the hello_fabric tutorial. My bastion key is uploaded and I’m able to use paramiko but if I try to use the automatically generated ssh command I get this error:
ssh -i /home/fabric/.ssh/id_rsa_fabric -i /home/fabric/.ssh/id_rsa -J susanna_moser_0051524387@bastion-1.fabric-testbed.net centos@63.239.135.94
susanna_moser_0051524387@bastion-1.fabric-testbed.net: Permission denied (publickey,gssapi-keyex,gssapi-with-mic).
kex_exchange_identification: Connection closed by remote host
Any advice? I’m confused on why it would work with paramiko but not ssh.
Try eval
ssh-agent -s
followed by ssh-add /path/to/<fabric key file>
. Then take your ssh command above, remove the first key option/value and run it again.
That worked, thank you!
Extended answer: For my personal sanity I added a pattern resembling to ~/.ssh/config
file:
### The External Fabric Bastion host Host fabric-bastion-host HostName bastion-1.fabric-testbed.net Port 22 User susanna_moser_0051524387 IdentityFile ~/work/id_rsa_fabric
This transforms ssh commands into ssh -J fabric-bastion-host -i ~/.ssh/id_rsa centos@63.239.135.94
without the need for the ssh-agent voodoo.
That’s smart, thank you!
Here is my version of the ssh config file. Its advisable to save it in ~/work/.ssh/config rather than ~/.ssh/config since ~/work is persistent upon re-creation of the jupyterhub instance
UserKnownHostsFile /dev/null
StrictHostKeyChecking no
ServerAliveInterval 120Host bastion-?.fabric-testbed.net
User <your bastion host username>
ForwardAgent yes
Hostname %h
IdentityFile <path to your bastion host private key>
IdentitiesOnly yesHost * !bastion-?.fabric-testbed.net
ProxyJump <your bastion host username>@bastion-1.fabric-testbed.net:22
##ProxyJump <your bastion host username>@bastion-2.fabric-testbed.net:22
Once this file is saved, you no longer need the -J param as long as this file is included in your ssh command .
For example.
ssh -F ~/work/.ssh/config centos@63.239.135.94 should work