Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Failed to create SSH tunnel to $IP #1189

Open
paulbrie opened this issue Sep 19, 2016 · 36 comments

Comments

@paulbrie
Copy link

commented Sep 19, 2016

Hi, I have the following error on my Mac (OS X Yosemite - 10.10.5 )

Error:
Resource temporarily unavailable. Authentication by key (/Users/paulbrie/.ssh/id_rsa) failed (Error -16). (Error #35)

It is not a key issue because it works in the terminal. I also tried with a key which works for a colleague: same result. Can you give me more details about the issue and its origin?

Thanks,
Paul

@simsekgokhan

This comment has been minimized.

Copy link
Collaborator

commented Sep 20, 2016

Hi @paulbrie , thanks a lot for reporting the issue.
Unfortunately, this issue has been reported before, we have done many testing with different conditions and servers, but we are unable to reproduce this problem in our labs.

Our initial investigation showed that this issue is related to maximum process count limitation of MAC. But we are unable to confirm. (If this is the root cause, issue should be gone after system reboot)

We will be more than happy to investigate your problem as "critical" priority if you can give us as much as information you can. Firstly, can you tell us Robomongo version, OS version of your remote server and is this issue reproduced all the time or sometimes? It is also good to know if password authentication has the same problem.

@tanushshukla

This comment has been minimized.

Copy link

commented Nov 21, 2016

I can help you out with the info. I have all environments setup at my place. For now, I've tried with two laptops on windows 8.1 and 10 and both are giving me the same issue. I know the key is right because Mongochef is working fine on both machines.

RoboMongo version 0.9.0.
OS of remote server -> Ubuntu 16 LTS.
Issue reproduced all the time or sometimes -> All the times.
password authentication -> Can't check as I've disabled it.

The other thing if it matters is that the key was generated with 4096 bits rather than 2048.
Also, I can share you the key and password with you guys of my test environment if that helps.

@simsekgokhan

This comment has been minimized.

Copy link
Collaborator

commented Nov 21, 2016

Hi @hellrokr , thanks a lot for reporting the problem and trying to help. We appreciate.
Yes, if you can share the key that would be awesome. If we can reproduce this issue all the times, solving will be much easier.

Note:
Here is another interesting finding about keys: #1125 (comment)

@macpham

This comment has been minimized.

Copy link

commented Apr 7, 2017

I can also reproduce this problem with RoboMongo 1.0.0 RC1 on Mac OSX El Capitan.

My key is also working with MongoHub to the same server.

@simsekgokhan

This comment has been minimized.

Copy link
Collaborator

commented Apr 11, 2017

Hi @macpham , thanks for reporting the problem.

Any chance you are using *.ppk key files? Or any detail about your key format will be useful, seems like that's the problem (Robomongo does not support all formats), but we did not fully identify which ones yet. More: #1125 (comment)

@irworks

This comment has been minimized.

Copy link

commented Jun 9, 2017

Just want to confirm that this issue occurred to me too. After using the same connection in Robomongo for weeks it suddenly stopped working.

Error: Resource temporarily unavailable. Authentication by key (/Users/irworks/.ssh/id_rsa) failed (Error -18). (Error #35)

Robomongo 1.0.0 on macOS Sierra.

I managed to work around this issue by changing the username which I use to connect via ssh, changing back to the initial user repeats the issue.

@crebuh

This comment has been minimized.

Copy link

commented Jun 16, 2017

I've got the same error with Robomongo 0.9.0 and also the new Robo3T 1.1. The funny thing is that I can cannot via ssh to amazon servers, but not to our servers on linode. Any idea?

@simsekgokhan

This comment has been minimized.

Copy link
Collaborator

commented Jul 5, 2017

Hi @crebuh , thanks for reporting the problem.
The root cause of this issue still remains a secret and under investigation. We are unable to reproduce in our systems.

There has been very interesting and simple solutions reported like using a new username, key/password or key type solved their problems.

@waxyhexagon

This comment has been minimized.

Copy link

commented Oct 12, 2017

Apologies for reviving a somewhat dead thread. It's the top result in google.

For those who are googling and still looking for a response (Like me), the issue and answer somewhat lies in here. As @simsekgokhan has mentioned, if you are using a *.ppk file the connection will fail. The resolution (if using putty and putty gen) is to open up the ppk file in putty gen and save it as an openssh file. Do not force the new file format as that will also fail. It needs to be the general openssh format.

Instructions:
Open putty gen
Select "Load" and select your *.ppk
Go to the "Conversions" drop down
Export OpenSSH --NOT the new format
Use the new file generated to connect.

@agarcian

This comment has been minimized.

Copy link

commented Dec 5, 2017

We are experiencing this issue as well. We are using Robo 3T 1.1.1 and when connecting to a server, the SSH channel cannot be established, however it works well from Terminal (Mac OS High Sierra)

This was working before, and one day stopped working. Other servers still connect OK. Something about this specific server doesn't like it.
Private key is a pem file.

@Chunlin-Li

This comment has been minimized.

Copy link

commented Dec 6, 2017

See the same error on Mac OS Sierra. Robo 3T 1.1.1
use ssh command to target server by rsa key works well. Only Robo connect failed.
I check the ip, port, username, and key path again and again. I'm sure the settings are correct.

log :

2:06:57 PM Error: Resource temporarily unavailable. Error when starting up SSH session: -8
. (Error #35)

@stephan-nordnes-eriksen

This comment has been minimized.

Copy link

commented Dec 11, 2017

I am seeing the same issue on Robo 3T 1.1.1 on MacOS High Sierra as @Chunlin-Li and @agarcian are reporting.

Strangely enough, the same exact connection settings works in Studio 3T. This might be some sort of clue to the mystery?

@simsekgokhan simsekgokhan added this to Ready-For-Testing in Robo 3T 1.2 Dec 20, 2017

@simsekgokhan

This comment has been minimized.

Copy link
Collaborator

commented Dec 21, 2017

Hi All, sorry for the inconvenience and for the delay. We have an SSH enhancement to fix this problem and some other SSH issues. But, we cannot verify our fix for the problem in this ticket, since we are still unable to reproduce this problem in our systems. We are asking your help to test the following beta for us (fingers crossed).

Robo 3T 1.2 - Beta

Note:
Please also be aware that Putty (*.ppk) key files cause problems and not supported. Robo supports OpenSSH format. Steps to convert ppk to OpenSSH is here #484 (comment).

@simsekgokhan simsekgokhan added this to SSH failure (Resources temporarily unavailable) in Robo 3T 1.2 - Beta Testing Dec 21, 2017

@stephan-nordnes-eriksen

This comment has been minimized.

Copy link

commented Dec 21, 2017

That version works for me at least, on MacOS High Sierra 10.13.2 (17C88) 🎉

Thanks a lot!

@agarcian

This comment has been minimized.

Copy link

commented Dec 22, 2017

@Chunlin-Li

This comment has been minimized.

Copy link

commented Dec 22, 2017

@simsekgokhan Thank you! That version works for me.

@mephi1984

This comment has been minimized.

Copy link

commented Dec 22, 2017

This solved for me too, thanks!
Windows 10
Amazon Linux 2 on remote server

@davisford

This comment has been minimized.

Copy link

commented Dec 24, 2017

This just happened to me too. Actually corroborated also with a co-worker. Our servers are in EC2. We use Robo 3T probably daily for years and the SSH tunnel has always just worked. Yesterday we had an issue where I had to step down our Primary in the replica set and elect a new primary, so our replica set status got jogged around a bit, but IP addresses remained the same.

The other thing I did was a sudo yum update on the servers, so it's very likely openssh or other related libs probably got upgraded.

Since that time, we can no longer tunnel with Robo 3T, but we can still connect just fine using Mac Terminal.

My guess is something changed in the openssh server libs and people only see it if they get that update, which causes the problem. Would have to scour logs on server side to see if we can track something down.

We use Amazon Linux -- could test by spawning a brand new Amazon Linux AMI, running sudo yum update and install mongo on it, and see if you can connect. My guess is some openssh lib update probably broke the integration.

Edit: Robo 3T 1.2 Beta fix posted above also fixes the issue for me.

@WingGithub

This comment has been minimized.

Copy link

commented Dec 28, 2017

SSH connections now works for me with 1.2 beta. Thanks.
Windows 10 -> CentOS Linux release 7.4.1708

@thomasj02

This comment has been minimized.

Copy link

commented Jan 7, 2018

Still having problems with 1.2 Beta. Perhaps this logging is related?

2018-01-06T23:47:14.746-0600 W NETWORK [thread1] SSL peer certificate validation failed: unable to get local issuer certificate
2018-01-06T23:47:14.746-0600 W NETWORK [thread1] The server certificate does not match the host name. Hostname: 127.0.0.1 does not match SAN(s): my-mongo-primary.domain.com

(edited hostname)

@WingGithub

This comment has been minimized.

Copy link

commented Jan 7, 2018

The log seems to indicate a setup issue. Did you try doing an ssh to the server your instance is on? If that doesn't work then robomongo won't work either.

@thomasj02

This comment has been minimized.

Copy link

commented Jan 7, 2018

@simsekgokhan

This comment has been minimized.

Copy link
Collaborator

commented Jan 9, 2018

Hi @thomasj02, thanks for reporting the problem. That 1.2 beta is for some specific SSH errors which you can see in the description section after clicking the link to beta. I see that your logs indicate an SSL hostname error not SSH.

One suggestion might be enabling "Invalid Hostnames" option from SSL advanced options to understand the root cause of your problem.

And I assume you are using SSH & SSL enabled together, please also be informed that support for using SSL & SSH together is also limited to some basic cases. That might be your problem's root cause as well.

@bernardodesousa

This comment has been minimized.

Copy link

commented Jan 15, 2018

Hello, @simsekgokhan! I am getting the same error on a Windows 10 machine, Robo 3T 1.2 Beta, server runs Ubuntu 16.04.2 LTS (GNU/Linux 2.6.32-042stab120.19 x86_64), but I am not using SSL+SSH. Only SSH. I generated the key with PuTTygen following this instructions. Connection works fine with PuTTy, but Robo 3T says:

Failed to create SSH tunnel to host.name:7822.
Error: Authentication by key (C:/path/to/ssh/id_rsa.pub) failed (Error -16)

I tried both id_rsa.ppk and id_rsa.pub files. Same error.

Thanks for the whole investigation there!

@Bene-Graham

This comment has been minimized.

Copy link

commented Jan 15, 2018

@simsekgokhan 1.2 Beta worked for me

I also had to reexport my private keys to openssh from putty not using the new format

@simsekgokhan

This comment has been minimized.

Copy link
Collaborator

commented Jan 16, 2018

@Bene-Graham thanks for the feedback, very happy to hear that :)

@bernardodesousa , I could not understand clearly, have you tried this suggestion in this comment: #484 (comment)

@bernardodesousa

This comment has been minimized.

Copy link

commented Jan 16, 2018

After @Bene-Graham's comment, I did and it works. I read the 20+ comments on this thread too quickly. My bad.

Would it be possible to tell the user what caused the key to fail? Trouble-shooting this connection issue would have been much easier if the error message was not so generic. Read the file extension ---> "Please, use an OpenSSH key".

Thanks for the help. Awesome piece of software, btw. Great job!

@angwe

This comment has been minimized.

Copy link

commented Jan 20, 2018

Please note that the previous version supported PuTTY keys (.ppk), but since I have other reasons to export my keys to OpenSSH, it worked once I switched. The note above from @bernardodesousa about a better error message would be useful.

@dalu

This comment has been minimized.

Copy link

commented Jun 26, 2018

what is (Error -16). (Error #11) ?

maybe choose a different ssh lib? Because this obviously doesn't do what it's supposed to.

@jakegsy

This comment has been minimized.

Copy link

commented Jul 3, 2018

I'm still getting (Error -16) (Error #35) on Robo 3T 1.2.1, any fixes?

@andrewjkrull

This comment has been minimized.

Copy link

commented Jul 13, 2018

All,
I experienced this issue when attempting to harden the SSH server. I added the following lines to SSH which broke the connection:

Ciphers aes256-ctr,aes192-ctr,aes128-ctr
KexAlgorithms diffie-hellman-group-exchange-sha256
MACs hmac-sha2-512,hmac-sha2-256,hmac-ripemd160

Just more information for the cause. Do we have documentation that defines what Robo 3T needs/expects with regards to the above to work?

@feiniaoying

This comment has been minimized.

Copy link

commented Aug 27, 2018

Since the compatible SSH versions in the Robo 3T version are inconsistent, the Robo 3T version should be upgraded, and the OpenSSL library is updated in the new version.

@WingGithub

This comment has been minimized.

Copy link

commented Aug 27, 2018

There does not seem to be any updates to robomongo since March 2018, which is coincidentally one year after robomongo was acquired. Draw whatever conclusion you may, but I think if anyone has an issue with robomongo, they would probably have to roll up their own sleeves to fix it and hopefully contribute the fix.

@jlyonsmith

This comment has been minimized.

Copy link

commented Dec 12, 2018

I think I have some more data to help reproduce this problem. I was getting this error on macOS using a 4096 bit key with a pass phrase. I get the same error whether I supply the pass phrase or not. So I suspect it is either the long key length or an encrypted private key/pass phrase issue. My pass phrase is stored in the KeyChain app using ssh-add, so with ssh no the command line I don't have to supply it.

When I switch to a shorter key with no pass phrase everything works fine.

@lscarneiro

This comment has been minimized.

Copy link

commented Dec 12, 2018

Hi,
I'm on macOS Mojave (10.14.1)
Robo 3T 1.2.1

using private key in openssh format

-----BEGIN OPENSSH PRIVATE KEY----- 
....
-----END OPENSSH PRIVATE KEY-----

And I'm getting:

Failed to create SSH tunnel to $IP

Error:
Resource temporarily unavailable. Authentication by key (/path/pvt_key) failed (Error -16). (Error #35)

The key was not "converted" from PuTTY, it was generated directly to ssh-keygen locally, and I can use it normally to connect to my server hosted on Google Cloud.

Any ideas?

(I see a lot of issues related with PuTTY and with the solution being to use 1.2 Beta, but I'm on a later version with a OpenSSH key already, so...)

@lscarneiro

This comment has been minimized.

Copy link

commented Dec 13, 2018

After a lot of pain, I finally achieved connection with Robo 3T through SSH Tunnel.

The SO post that helped me was this one

Basically, you should use a private key generated through openssl instead of ssh-keygen (why? IDK)

Generate the private key:

openssl genpkey -algorithm RSA -out private.pem

Then, get the public key to add to your server .ssh/authorized_keys file with:

ssh-keygen -y -f private.pem

Then, finally connect Robo 3T using this private.pem key file and voilá

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.