[Openstack-operators] ssh inside instance

Salvatore Orlando salv.orlando at gmail.com
Mon Aug 3 23:32:39 UTC 2015


More details about your environment might be useful.
For instance, are you running neutron with the "reference implementation" -
or some other plugin/driver?
Is the logical router where the floating IP is attached a distributed
router?

Also, if you run tcpdump on the receiving instance, you should probably be
able to see the SSH packet coming in. What source address does it have?
Finally - I'm not sure if you already stated this - are you able to ping
the instance using its floating IP from another instance?

Salvatore


On 3 August 2015 at 11:08, <aishwarya.adyanthaya at accenture.com> wrote:

> Yes, I did notice that it isn’t receiving from the line:
>
> debug1: SSH2_MSG_KEXINIT received
>
>
>
> I have an internal IP and an external IP (floating IP) attached to the
> instance. If I make use of the internal IP to ssh itself from the very same
> node I’m able to do it but External IP isn’t working.
>
>
>
> I am able to ssh to the same machine with the floating IP outside
> Openstack but internally it doesn’t seem to work. My goal here is to ssh
> within an instance using the floating IP.
>
>
>
> Thank you,
>
> Aishwarya
>
>
>
>
>
> *From:* Salvatore Orlando [mailto:salv.orlando at gmail.com]
> *Sent:* Friday, July 31, 2015 5:56 PM
> *To:* Adyanthaya, Aishwarya
> *Cc:* Neil.Jerram at metaswitch.com; openstack-operators at lists.openstack.org
>
> *Subject:* Re: [Openstack-operators] ssh inside instance
>
>
>
> Why are you focusing on authentication issues when it seems you have
> either a sshd config issue or a connectivity problem?
>
>
>
> Indeed your ssh handshake is stopping quite early - see below:
>
>
>
> debug1: Connecting to 192.168.1.250 [192.168.1.250] port 22.
>
> debug1: Connection established.
>
> debug1: Enabling compatibility mode for protocol 2.0
>
> debug1: Local version string SSH-2.0-OpenSSH_6.6.1p1 Ubuntu-2ubuntu2
>
> debug1: Remote protocol version 2.0, remote software version OpenSSH_5.6
>
> debug1: match: OpenSSH_5.6 pat OpenSSH_5* compat 0x0c000000
>
> debug1: SSH2_MSG_KEXINIT sent
>
> debug1: SSH2_MSG_KEXINIT received
>
> debug1: kex: server->client aes128-ctr hmac-sha1 none
>
> debug1: kex: client->server aes128-ctr hmac-sha1 none
>
> debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<7680<8192) sent
>
> debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
>
> debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
>
> debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
>
> debug1: Server host key: <MEH>
>
> debug1: Host '192.168.1.250' is known and matches the RSA host key.
>
> debug1: Found key in /home/salvatore/.ssh/known_hosts:21
>
> debug1: ssh_rsa_verify: signature correct
>
> debug1: SSH2_MSG_NEWKEYS sent
>
> debug1: expecting SSH2_MSG_NEWKEYS
>
> debug1: SSH2_MSG_NEWKEYS received
>
> debug1: Roaming not allowed by server
>
> debug1: SSH2_MSG_SERVICE_REQUEST sent
>
> debug1: SSH2_MSG_SERVICE_ACCEPT received
>
> debug1: Authentications that can continue: publickey,keyboard-interactive
>
> debug1: Next authentication method: publickey
>
> debug1: Offering RSA public key: /home/salvatore/.ssh/id_rsa
>
> debug1: Authentications that can continue: publickey,keyboard-interactive
>
>
>
> Your instance seem to not be receiving back SSH2_MSG_KEXINIT.
>
> Note: this question is more suitable for ask.openstack.org than for this
> ML imho.
>
>
>
> Salvatore
>
>
>
>
>
>
>
> On 30 July 2015 at 10:14, <aishwarya.adyanthaya at accenture.com> wrote:
>
> Hi Neil,
>
>
>
> I did the same as you have suggested. I have created an instance A and
> generated a private_key, giving it 600 permission. Using the key I launched
> the instance B but when I ssh from the instance A after a while it reads:
>
>
>
> Read from socket failed: Connection timed out
>
>
>
> I even tried with ssh –v hostname to test on one the machine outside
> openstack and the instance.
>
>
>
> root at new:/home/ubuntu# ssh -v new
>
> OpenSSH_6.6.1, OpenSSL 1.0.1f 6 Jan 2014
>
> debug1: Reading configuration data /etc/ssh/ssh_config
>
> debug1: /etc/ssh/ssh_config line 19: Applying options for *
>
> debug1: Connecting to new [10.x.x.x] port 22.
>
> debug1: Connection established.
>
> debug1: permanently_set_uid: 0/0
>
> debug1: identity file /root/.ssh/id_rsa type -1
>
> debug1: identity file /root/.ssh/id_rsa-cert type -1
>
> debug1: identity file /root/.ssh/id_dsa type -1
>
> debug1: identity file /root/.ssh/id_dsa-cert type -1
>
> debug1: identity file /root/.ssh/id_ecdsa type -1
>
> debug1: identity file /root/.ssh/id_ecdsa-cert type -1
>
> debug1: identity file /root/.ssh/id_ed25519 type -1
>
> debug1: identity file /root/.ssh/id_ed25519-cert type -1
>
> debug1: Enabling compatibility mode for protocol 2.0
>
> debug1: Local version string SSH-2.0-OpenSSH_6.6.1p1 Ubuntu-2ubuntu2
>
> debug1: Remote protocol version 2.0, remote software version
> OpenSSH_6.6.1p1 Ubuntu-2ubuntu2
>
> debug1: match: OpenSSH_6.6.1p1 Ubuntu-2ubuntu2 pat OpenSSH_6.6.1* compat
> 0x04000000
>
> debug1: SSH2_MSG_KEXINIT sent
>
>
>
> Read from socket failed: Connection timed out
>
>
>
> So this is what I’m getting again.
>
>
>
> Thank you,
>
> Aishwarya
>
>
>
> *From:* Neil Jerram [mailto:Neil.Jerram at metaswitch.com]
> *Sent:* Thursday, July 30, 2015 1:38 PM
> *To:* Adyanthaya, Aishwarya; openstack-operators at lists.openstack.org
> *Subject:* Re: [Openstack-operators] ssh inside instance
>
>
>
> Hi Aishwarya,
>
>
>
> The basic requirement here is that anyone - which really means a
> combination of a computer or instance, plus a user on that
> computer/instance - needs to have the private key that matches the public
> key that is installed on the target instance.
>
>
>
> You've asked about logging in from your first instance ‎- let's call it A
> - so you need to save the private key in a file on A - let's call it
> private_key - and give it 600 permissions:
>
>
>
>     chmod 600 private_key
>
>
>
> Then you can use this key with SSH like this:
>
>
>
>     ssh -i private_key USER at OTHER-INSTANCE
>
>
>
> Hope that helps.
>
>
>
> Regards,
>
>       Neil
>
>
>
> *From: *aishwarya.adyanthaya at accenture.com
>
> *Sent: *Thursday, 30 July 2015 05:24
>
> *To: *openstack-operators at lists.openstack.org
>
> *Subject: *[Openstack-operators] ssh inside instance
>
>
>
> Hi,
>
>
>
> I’ve launched two instances from my openstack dashboard. Firstly I created
> instance one, where I generated a key through the ssh-keygen command,
> pasting the public key contents to import key in the access and security.
> Using this key I launched second instance.
>
>
>
> I want to be able to ssh the second instance from my first instance. Could
> someone tell me how to work it out?
>
>
>
> Thank you,
>
> Aishwarya Adyanthaya
>
>
> ------------------------------
>
>
> This message is for the designated recipient only and may contain
> privileged, proprietary, or otherwise confidential information. If you have
> received it in error, please notify the sender immediately and delete the
> original. Any other use of the e-mail by you is prohibited. Where allowed
> by local law, electronic communications with Accenture and its affiliates,
> including e-mail and instant messaging (including content), may be scanned
> by our systems for the purposes of information security and assessment of
> internal compliance with Accenture policy.
>
> ______________________________________________________________________________________
>
> www.accenture.com
>
>
>
>
> _______________________________________________
> OpenStack-operators mailing list
> OpenStack-operators at lists.openstack.org
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-operators/attachments/20150804/e1981a5b/attachment-0001.html>


More information about the OpenStack-operators mailing list