[Openstack-operators] ssh inside instance
Salvatore Orlando
salv.orlando at gmail.com
Fri Jul 31 12:25:40 UTC 2015
Why are you focusing on authentication issues when it seems you have either
a sshd config issue or a connectivity problem?
Indeed your ssh handshake is stopping quite early - see below:
debug1: Connecting to 192.168.1.250 [192.168.1.250] port 22.
debug1: Connection established.
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.6.1p1 Ubuntu-2ubuntu2
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.6
debug1: match: OpenSSH_5.6 pat OpenSSH_5* compat 0x0c000000
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-sha1 none
debug1: kex: client->server aes128-ctr hmac-sha1 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<7680<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Server host key: <MEH>
debug1: Host '192.168.1.250' is known and matches the RSA host key.
debug1: Found key in /home/salvatore/.ssh/known_hosts:21
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,keyboard-interactive
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /home/salvatore/.ssh/id_rsa
debug1: Authentications that can continue: publickey,keyboard-interactive
Your instance seem to not be receiving back SSH2_MSG_KEXINIT.
Note: this question is more suitable for ask.openstack.org than for this ML
imho.
Salvatore
On 30 July 2015 at 10:14, <aishwarya.adyanthaya at accenture.com> wrote:
> Hi Neil,
>
>
>
> I did the same as you have suggested. I have created an instance A and
> generated a private_key, giving it 600 permission. Using the key I launched
> the instance B but when I ssh from the instance A after a while it reads:
>
>
>
> Read from socket failed: Connection timed out
>
>
>
> I even tried with ssh –v hostname to test on one the machine outside
> openstack and the instance.
>
>
>
> root at new:/home/ubuntu# ssh -v new
>
> OpenSSH_6.6.1, OpenSSL 1.0.1f 6 Jan 2014
>
> debug1: Reading configuration data /etc/ssh/ssh_config
>
> debug1: /etc/ssh/ssh_config line 19: Applying options for *
>
> debug1: Connecting to new [10.x.x.x] port 22.
>
> debug1: Connection established.
>
> debug1: permanently_set_uid: 0/0
>
> debug1: identity file /root/.ssh/id_rsa type -1
>
> debug1: identity file /root/.ssh/id_rsa-cert type -1
>
> debug1: identity file /root/.ssh/id_dsa type -1
>
> debug1: identity file /root/.ssh/id_dsa-cert type -1
>
> debug1: identity file /root/.ssh/id_ecdsa type -1
>
> debug1: identity file /root/.ssh/id_ecdsa-cert type -1
>
> debug1: identity file /root/.ssh/id_ed25519 type -1
>
> debug1: identity file /root/.ssh/id_ed25519-cert type -1
>
> debug1: Enabling compatibility mode for protocol 2.0
>
> debug1: Local version string SSH-2.0-OpenSSH_6.6.1p1 Ubuntu-2ubuntu2
>
> debug1: Remote protocol version 2.0, remote software version
> OpenSSH_6.6.1p1 Ubuntu-2ubuntu2
>
> debug1: match: OpenSSH_6.6.1p1 Ubuntu-2ubuntu2 pat OpenSSH_6.6.1* compat
> 0x04000000
>
> debug1: SSH2_MSG_KEXINIT sent
>
>
>
> Read from socket failed: Connection timed out
>
>
>
> So this is what I’m getting again.
>
>
>
> Thank you,
>
> Aishwarya
>
>
>
> *From:* Neil Jerram [mailto:Neil.Jerram at metaswitch.com]
> *Sent:* Thursday, July 30, 2015 1:38 PM
> *To:* Adyanthaya, Aishwarya; openstack-operators at lists.openstack.org
> *Subject:* Re: [Openstack-operators] ssh inside instance
>
>
>
> Hi Aishwarya,
>
>
>
> The basic requirement here is that anyone - which really means a
> combination of a computer or instance, plus a user on that
> computer/instance - needs to have the private key that matches the public
> key that is installed on the target instance.
>
>
>
> You've asked about logging in from your first instance - let's call it A
> - so you need to save the private key in a file on A - let's call it
> private_key - and give it 600 permissions:
>
>
>
> chmod 600 private_key
>
>
>
> Then you can use this key with SSH like this:
>
>
>
> ssh -i private_key USER at OTHER-INSTANCE
>
>
>
> Hope that helps.
>
>
>
> Regards,
>
> Neil
>
>
>
> *From: *aishwarya.adyanthaya at accenture.com
>
> *Sent: *Thursday, 30 July 2015 05:24
>
> *To: *openstack-operators at lists.openstack.org
>
> *Subject: *[Openstack-operators] ssh inside instance
>
>
>
> Hi,
>
>
>
> I’ve launched two instances from my openstack dashboard. Firstly I created
> instance one, where I generated a key through the ssh-keygen command,
> pasting the public key contents to import key in the access and security.
> Using this key I launched second instance.
>
>
>
> I want to be able to ssh the second instance from my first instance. Could
> someone tell me how to work it out?
>
>
>
> Thank you,
>
> Aishwarya Adyanthaya
>
>
> ------------------------------
>
>
> This message is for the designated recipient only and may contain
> privileged, proprietary, or otherwise confidential information. If you have
> received it in error, please notify the sender immediately and delete the
> original. Any other use of the e-mail by you is prohibited. Where allowed
> by local law, electronic communications with Accenture and its affiliates,
> including e-mail and instant messaging (including content), may be scanned
> by our systems for the purposes of information security and assessment of
> internal compliance with Accenture policy.
>
> ______________________________________________________________________________________
>
> www.accenture.com
>
>
>
>
> _______________________________________________
> OpenStack-operators mailing list
> OpenStack-operators at lists.openstack.org
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-operators/attachments/20150731/fa0045bb/attachment.html>
More information about the OpenStack-operators
mailing list