- This topic has 5 replies, 3 voices, and was last updated 2 years, 11 months ago by
.
-
Posts
-
I’m having trouble using the ssh command from the hello_fabric tutorial. My bastion key is uploaded and I’m able to use paramiko but if I try to use the automatically generated ssh command I get this error:
ssh -i /home/fabric/.ssh/id_rsa_fabric -i /home/fabric/.ssh/id_rsa -J susanna_moser_0051524387@bastion-1.fabric-testbed.net centos@63.239.135.94
susanna_moser_0051524387@bastion-1.fabric-testbed.net: Permission denied (publickey,gssapi-keyex,gssapi-with-mic).
kex_exchange_identification: Connection closed by remote hostAny advice? I’m confused on why it would work with paramiko but not ssh.
Extended answer: For my personal sanity I added a pattern resembling to
~/.ssh/configfile:### The External Fabric Bastion host Host fabric-bastion-host HostName bastion-1.fabric-testbed.net Port 22 User susanna_moser_0051524387 IdentityFile ~/work/id_rsa_fabric
This transforms ssh commands into
ssh -J fabric-bastion-host -i ~/.ssh/id_rsa centos@63.239.135.94without the need for the ssh-agent voodoo.Here is my version of the ssh config file. Its advisable to save it in ~/work/.ssh/config rather than ~/.ssh/config since ~/work is persistent upon re-creation of the jupyterhub instance
UserKnownHostsFile /dev/null
StrictHostKeyChecking no
ServerAliveInterval 120Host bastion-?.fabric-testbed.net
User <your bastion host username>
ForwardAgent yes
Hostname %h
IdentityFile <path to your bastion host private key>
IdentitiesOnly yesHost * !bastion-?.fabric-testbed.net
ProxyJump <your bastion host username>@bastion-1.fabric-testbed.net:22
##ProxyJump <your bastion host username>@bastion-2.fabric-testbed.net:22Once this file is saved, you no longer need the -J param as long as this file is included in your ssh command .
For example.
ssh -F ~/work/.ssh/config centos@63.239.135.94 should work
- You must be logged in to reply to this topic.