New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

SSH login fails after letting karamel create its own key pair #21

Closed
steffengr opened this Issue Apr 10, 2015 · 2 comments

Comments

Projects
None yet
3 participants
@steffengr

steffengr commented Apr 10, 2015

Having a password protected key pair, I decided to let karamel create its own pair. However, karamel fails to log in to the created instances using the newly created key. The resulting error is shown below. Trying to log in to the created instances manually using the old key succeeds. Looking at the authorized_keys folder of the created instances it appears like the wrong public key was uploaded.

ERROR [2015-04-10 14:47:55,046] net.schmizz.concurrent.Promise: <> woke to: net.schmizz.sshj.userauth.UserAuthException: publickey auth failed
ERROR [2015-04-10 14:47:55,047] se.kth.karamel.backend.machines.MachinesMonitor:
! net.schmizz.sshj.userauth.UserAuthException: publickey auth failed
! at net.schmizz.sshj.userauth.UserAuthImpl.handle(UserAuthImpl.java:157) ~[sshj-0.8.1.jar:na]
! at net.schmizz.sshj.transport.TransportImpl.handle(TransportImpl.java:474) ~[sshj-0.8.1.jar:na]
! at net.schmizz.sshj.transport.Decoder.decode(Decoder.java:127) ~[sshj-0.8.1.jar:na]
! at net.schmizz.sshj.transport.Decoder.received(Decoder.java:195) ~[sshj-0.8.1.jar:na]
! at net.schmizz.sshj.transport.Reader.run(Reader.java:72) ~[sshj-0.8.1.jar:na]
! Causing: net.schmizz.sshj.userauth.UserAuthException: Exhausted available authentication methods
! at net.schmizz.sshj.userauth.UserAuthImpl.authenticate(UserAuthImpl.java:114) ~[sshj-0.8.1.jar:na]
! at net.schmizz.sshj.SSHClient.auth(SSHClient.java:205) ~[sshj-0.8.1.jar:na]
! at net.schmizz.sshj.SSHClient.authPublickey(SSHClient.java:305) ~[sshj-0.8.1.jar:na]
! at net.schmizz.sshj.SSHClient.authPublickey(SSHClient.java:324) ~[sshj-0.8.1.jar:na]
! at se.kth.karamel.backend.machines.SshMachine.connect(SshMachine.java:201) ~[karamel-core-0.1.jar:na]
! ... 7 common frames omitted
! Causing: se.kth.karamel.common.exception.KaramelException: net.schmizz.sshj.userauth.UserAuthException: Exhausted available authentication methods
! at se.kth.karamel.backend.machines.SshMachine.connect(SshMachine.java:210) ~[karamel-core-0.1.jar:na]
! at se.kth.karamel.backend.machines.SshMachine.ping(SshMachine.java:228) ~[karamel-core-0.1.jar:na]
! at se.kth.karamel.backend.machines.MachinesMonitor.run(MachinesMonitor.java:98) ~[karamel-core-0.1.jar:na]
! at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511) [na:1.8.0_40]
! at java.util.concurrent.FutureTask.run(FutureTask.java:266) [na:1.8.0_40]
! at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) [na:1.8.0_40]
! at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) [na:1.8.0_40]
! at java.lang.Thread.run(Thread.java:745) [na:1.8.0_40]

@thvasilo

This comment has been minimized.

Show comment
Hide comment
@thvasilo

thvasilo Apr 10, 2015

So adding more info: When providing the non-default keys to karamel (Using the Generate keys option in Cluster->Launch) your default .ssh/id_rsa.pub gets uploaded to the instances instead of the ones generated by karamel.

The confusing part was that you are still able to ssh into the machine even when providing -i .karamel/.ssh/id_rsa.pub as an ssh option. Why this happens is explained here: the default behavior according to ssh_config is to use a list of files, and the one provided by -i is just added to that list. That list of course includes your default .ssh/id_rsa.pub, which is how you are able to ssh into the machines.

If you disable that behavior through the config change mentioned in the article you are no longer able to ssh into the instances when using -i karamel/.ssh/id_rsa.pub, which is the expected behavior.

thvasilo commented Apr 10, 2015

So adding more info: When providing the non-default keys to karamel (Using the Generate keys option in Cluster->Launch) your default .ssh/id_rsa.pub gets uploaded to the instances instead of the ones generated by karamel.

The confusing part was that you are still able to ssh into the machine even when providing -i .karamel/.ssh/id_rsa.pub as an ssh option. Why this happens is explained here: the default behavior according to ssh_config is to use a list of files, and the one provided by -i is just added to that list. That list of course includes your default .ssh/id_rsa.pub, which is how you are able to ssh into the machines.

If you disable that behavior through the config change mentioned in the article you are no longer able to ssh into the instances when using -i karamel/.ssh/id_rsa.pub, which is the expected behavior.

@kamalhakim

This comment has been minimized.

Show comment
Hide comment
@kamalhakim

kamalhakim Apr 14, 2015

Member

This was happening because of mix of two issues:

  1. Karamel was not uploading they new keypair to ec2 if it was already existed (it was checking with the key-name), so in case you run Karamel once with your default key and retry it with the generated key it was keeping your default public key on ec2.
  2. As @thvasilo pointed out ssh -i falls back to your default key, so that is up to the user to do the configuration on his machine..

The first issue is resolved in Karamel now, I will mention the second one in our documentation..

Member

kamalhakim commented Apr 14, 2015

This was happening because of mix of two issues:

  1. Karamel was not uploading they new keypair to ec2 if it was already existed (it was checking with the key-name), so in case you run Karamel once with your default key and retry it with the generated key it was keeping your default public key on ec2.
  2. As @thvasilo pointed out ssh -i falls back to your default key, so that is up to the user to do the configuration on his machine..

The first issue is resolved in Karamel now, I will mention the second one in our documentation..

@kamalhakim kamalhakim closed this Apr 14, 2015

@kamalhakim kamalhakim self-assigned this Jul 21, 2015

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment