[Openstack-operators] ssh inside instance

aishwarya.adyanthaya at accenture.com aishwarya.adyanthaya at accenture.com
Mon Aug 3 09:08:34 UTC 2015


Yes, I did notice that it isn’t receiving from the line:
debug1: SSH2_MSG_KEXINIT received

I have an internal IP and an external IP (floating IP) attached to the instance. If I make use of the internal IP to ssh itself from the very same node I’m able to do it but External IP isn’t working.

I am able to ssh to the same machine with the floating IP outside Openstack but internally it doesn’t seem to work. My goal here is to ssh within an instance using the floating IP.

Thank you,
Aishwarya


From: Salvatore Orlando [mailto:salv.orlando at gmail.com]
Sent: Friday, July 31, 2015 5:56 PM
To: Adyanthaya, Aishwarya
Cc: Neil.Jerram at metaswitch.com; openstack-operators at lists.openstack.org
Subject: Re: [Openstack-operators] ssh inside instance

Why are you focusing on authentication issues when it seems you have either a sshd config issue or a connectivity problem?

Indeed your ssh handshake is stopping quite early - see below:

debug1: Connecting to 192.168.1.250 [192.168.1.250] port 22.
debug1: Connection established.
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.6.1p1 Ubuntu-2ubuntu2
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.6
debug1: match: OpenSSH_5.6 pat OpenSSH_5* compat 0x0c000000
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-sha1 none
debug1: kex: client->server aes128-ctr hmac-sha1 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<7680<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Server host key: <MEH>
debug1: Host '192.168.1.250' is known and matches the RSA host key.
debug1: Found key in /home/salvatore/.ssh/known_hosts:21
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,keyboard-interactive
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /home/salvatore/.ssh/id_rsa
debug1: Authentications that can continue: publickey,keyboard-interactive

Your instance seem to not be receiving back SSH2_MSG_KEXINIT.
Note: this question is more suitable for ask.openstack.org<http://ask.openstack.org> than for this ML imho.

Salvatore



On 30 July 2015 at 10:14, <aishwarya.adyanthaya at accenture.com<mailto:aishwarya.adyanthaya at accenture.com>> wrote:
Hi Neil,

I did the same as you have suggested. I have created an instance A and generated a private_key, giving it 600 permission. Using the key I launched the instance B but when I ssh from the instance A after a while it reads:

Read from socket failed: Connection timed out

I even tried with ssh –v hostname to test on one the machine outside openstack and the instance.

root at new:/home/ubuntu# ssh -v new
OpenSSH_6.6.1, OpenSSL 1.0.1f 6 Jan 2014
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug1: Connecting to new [10.x.x.x] port 22.
debug1: Connection established.
debug1: permanently_set_uid: 0/0
debug1: identity file /root/.ssh/id_rsa type -1
debug1: identity file /root/.ssh/id_rsa-cert type -1
debug1: identity file /root/.ssh/id_dsa type -1
debug1: identity file /root/.ssh/id_dsa-cert type -1
debug1: identity file /root/.ssh/id_ecdsa type -1
debug1: identity file /root/.ssh/id_ecdsa-cert type -1
debug1: identity file /root/.ssh/id_ed25519 type -1
debug1: identity file /root/.ssh/id_ed25519-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.6.1p1 Ubuntu-2ubuntu2
debug1: Remote protocol version 2.0, remote software version OpenSSH_6.6.1p1 Ubuntu-2ubuntu2
debug1: match: OpenSSH_6.6.1p1 Ubuntu-2ubuntu2 pat OpenSSH_6.6.1* compat 0x04000000
debug1: SSH2_MSG_KEXINIT sent

Read from socket failed: Connection timed out

So this is what I’m getting again.

Thank you,
Aishwarya

From: Neil Jerram [mailto:Neil.Jerram at metaswitch.com<mailto:Neil.Jerram at metaswitch.com>]
Sent: Thursday, July 30, 2015 1:38 PM
To: Adyanthaya, Aishwarya; openstack-operators at lists.openstack.org<mailto:openstack-operators at lists.openstack.org>
Subject: Re: [Openstack-operators] ssh inside instance

Hi Aishwarya,

The basic requirement here is that anyone - which really means a combination of a computer or instance, plus a user on that computer/instance - needs to have the private key that matches the public key that is installed on the target instance.

You've asked about logging in from your first instance ‎- let's call it A - so you need to save the private key in a file on A - let's call it private_key - and give it 600 permissions:

    chmod 600 private_key

Then you can use this key with SSH like this:

    ssh -i private_key USER at OTHER-INSTANCE

Hope that helps.

Regards,
      Neil

From: aishwarya.adyanthaya at accenture.com<mailto:aishwarya.adyanthaya at accenture.com>
Sent: Thursday, 30 July 2015 05:24
To: openstack-operators at lists.openstack.org<mailto:openstack-operators at lists.openstack.org>
Subject: [Openstack-operators] ssh inside instance


Hi,

I’ve launched two instances from my openstack dashboard. Firstly I created instance one, where I generated a key through the ssh-keygen command, pasting the public key contents to import key in the access and security. Using this key I launched second instance.

I want to be able to ssh the second instance from my first instance. Could someone tell me how to work it out?

Thank you,
Aishwarya Adyanthaya

________________________________

This message is for the designated recipient only and may contain privileged, proprietary, or otherwise confidential information. If you have received it in error, please notify the sender immediately and delete the original. Any other use of the e-mail by you is prohibited. Where allowed by local law, electronic communications with Accenture and its affiliates, including e-mail and instant messaging (including content), may be scanned by our systems for the purposes of information security and assessment of internal compliance with Accenture policy.
______________________________________________________________________________________

www.accenture.com<http://www.accenture.com>



_______________________________________________
OpenStack-operators mailing list
OpenStack-operators at lists.openstack.org<mailto:OpenStack-operators at lists.openstack.org>
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-operators/attachments/20150803/d2216b43/attachment.html>


More information about the OpenStack-operators mailing list