I'm trying to use a jump/bastion host to connect to other hosts that are within a private subnet. I'm getting the following error:
{
"msg": "Failed to connect to the host via ssh: OpenSSH_7.4p1, OpenSSL 1.0.2k-fips 26 Jan 2017\r\ndebug1: Reading configuration data /etc/ssh/ssh_config\r\ndebug1: /etc/ssh/ssh_config line 58: Applying options for *\r\ndebug1: auto-mux: Trying existing master\r\ndebug1: Control socket \"/tmp/awx_50_8n6bocmz/cp/1f25cf0a60\" does not exist\r\ndebug1: Executing proxy command: exec ssh -W 10.0.15.63:8888 -q user#123.123.989.4\r\ndebug3: timeout: 10000 ms remain after connect\r\ndebug1: permanently_set_uid: 0/0\r\ndebug1: key_load_public: No such file or directory\r\ndebug1: identity file /root/.ssh/id_rsa type -1\r\ndebug1: key_load_public: No such file or directory\r\ndebug1: identity file /root/.ssh/id_rsa-cert type -1\r\ndebug1: key_load_public: No such file or directory\r\ndebug1: identity file /root/.ssh/id_dsa type -1\r\ndebug1: key_load_public: No such file or directory\r\ndebug1: identity file /root/.ssh/id_dsa-cert type -1\r\ndebug1: key_load_public: No such file or directory\r\ndebug1: identity file /root/.ssh/id_ecdsa type -1\r\ndebug1: key_load_public: No such file or directory\r\ndebug1: identity file /root/.ssh/id_ecdsa-cert type -1\r\ndebug1: key_load_public: No such file or directory\r\ndebug1: identity file /root/.ssh/id_ed25519 type -1\r\ndebug1: key_load_public: No such file or directory\r\ndebug1: identity file /root/.ssh/id_ed25519-cert type -1\r\ndebug1: Enabling compatibility mode for protocol 2.0\r\ndebug1: Local version string SSH-2.0-OpenSSH_7.4\r\ndebug1: permanently_drop_suid: 0\r\nConnection timed out during banner exchange",
"unreachable": true,
"changed": false
}
I'm trying to connect to the hosts via a bastion. I'm using AWX/Ansible Tower.
CentOS 7
AWX 6.1.0
Ansible 2.8
This is my current config:
ansible_connection: ssh
ansible_ssh_common_args: '-o ProxyCommand="ssh -W %h:%p -q user#123.123.989.4"'
ansible_ssh_port: 8888
ansible_user: user
host_key_checking: false
pipelining: true
The jump host ssh key has also been added into awx and is used in job templates, however I'm still not able to create the ssh tunnel to access the hosts in the private subnet through the jump host.
It's probably something simple that I'm missing but I just can't see it! Thanks for any help in advance!
Try to create a tunnel.
open a shell and run:
ssh -f -N -D 1085 -o TCPKeepAlive=yes -o ServerAliveInterval=60 user#123.123.989.4:8888
and after change the yaml file as below:
ansible_ssh_common_args: -o ProxyCommand="/bin/nc -x 127.0.0.1:1085 %h %p"
and re-try to run ansible-playbook
Related
I have successfully been connecting to Bitbucket cloud via my SSH key set up on my laptop for the past three years with no issue, but suddenly today I started seeing this error when trying to pull from remote branch:
kex_exchange_identification: write: Broken pipe
fatal: Could not read from remote repository.
Please make sure you have the correct access rights
and the repository exists.
I followed the instructions here: https://support.atlassian.com/bitbucket-cloud/docs/set-up-an-ssh-key/ for Mac OS (I am using Big Sur). So I deleted the old ssh key, both from my machine and from my Bitbucket account, and replaced it with a newly generated one.
My .ssh config file contains this as recommended:
Host *
UseKeychain yes
So I have added the new key id_rsa to ssh agent:
ssh-add -K ~/.ssh/id_rsa
and added id_rsa.pub to my Bitbucket account as described in the instructions.
Still when I run ssh -T git#bitbucket.org I see: "kex_exchange_identification: write: Broken pipe"
Here is the output with the -v flag enabled:
daniel#North ~ % ssh -T -v git#bitbucket.org
OpenSSH_8.1p1, LibreSSL 2.7.3
debug1: Reading configuration data /Users/daniel/.ssh/config
debug1: /Users/daniel/.ssh/config line 1: Applying options for *
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 47: Applying options for *
debug1: Connecting to bitbucket.org port 22.
debug1: Connection established.
debug1: identity file /Users/daniel/.ssh/id_rsa type 0
debug1: identity file /Users/daniel/.ssh/id_rsa-cert type -1
debug1: identity file /Users/daniel/.ssh/id_dsa type -1
debug1: identity file /Users/daniel/.ssh/id_dsa-cert type -1
debug1: identity file /Users/daniel/.ssh/id_ecdsa type -1
debug1: identity file /Users/daniel/.ssh/id_ecdsa-cert type -1
debug1: identity file /Users/daniel/.ssh/id_ed25519 type -1
debug1: identity file /Users/daniel/.ssh/id_ed25519-cert type -1
debug1: identity file /Users/daniel/.ssh/id_xmss type -1
debug1: identity file /Users/daniel/.ssh/id_xmss-cert type -1
kex_exchange_identification: write: Broken pipe
The strange thing is, when I try the exact same steps on a different Macbook, also running Big Sur, it actually works and I see 'authenticated via ssh key' when running the above command.
Anyone have any idea what might be causing the failure to connect?
my colleague has the same problem, strange thing is that it works when putting the mac in safe mode.
I've reinstalled the QNX RTOS 6.5.0 on virtualbox of which I was able to ssh into using the following command: ssh root#127.0.0.1 -p 3022. The network settings inside my VirtualBox environment is set to NAT, and port forwarding set to:
When attempting to connect with -vvv flags:
$ ssh -vvv root#127.0.0.1 -p 3022
OpenSSH_7.6p1 Ubuntu-4ubuntu0.3, OpenSSL 1.0.2n 7 Dec 2017
debug1: Reading configuration data /home/main/.ssh/config
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug2: resolving "127.0.0.1" port 3022
debug2: ssh_connect_direct: needpriv 0
debug1: Connecting to 127.0.0.1 [127.0.0.1] port 3022.
debug1: Connection established.
debug1: identity file /home/main/.ssh/id_rsa type 0
debug1: key_load_public: No such file or directory
debug1: identity file /home/main/.ssh/id_rsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/main/.ssh/id_dsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/main/.ssh/id_dsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/main/.ssh/id_ecdsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/main/.ssh/id_ecdsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/main/.ssh/id_ed25519 type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/main/.ssh/id_ed25519-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_7.6p1 Ubuntu-4ubuntu0.3
ssh_exchange_identification: Connection closed by remote host
On QNX I have the following options modified in /etc/ssh/sshd_config:
PermitRootLogin yes
PermitEmptyPasswords yes
Subsystem sftpd /usr/libexec/sftp-server
I am also able to ssh into my laptop via the vm, however not the other way around. I also tried ssh'ing into my laptop which works, then ssh'ing back into the vm in the same vm session and am presented with the same error.
Solved. The solution was to generate new rsa and dsa keys with:
random -t
ssh-keygen -t rsa -f /etc/ssh/ssh_host_key -b 1024
ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key
ssh-keygen -t dsa -f /etc/ssh/ssh_host_dsa_key
and then add sshd to the /etc/group list: sshd:x:6:root
then re-run sshd: /usr/sbin/sshd
source: How do you install an ssh server on qnx?
To extend on the above sourced solution, I found that on reboot I was no longer able to ssh into the VM. This was solved by going into /etc/rc.d/ and adding the line /usr/sbin/sshd to the rc.local file.
It worked fine before I installed zsh to decorate my terminal. Actually I am not sure if this caused a problem.
I am getting an error saying :
ssh_exchange_identification: Connection closed by remote host
➜ ssh test_ssh
ssh_exchange_identification: Connection closed by remote host
➜ ssh -v test_ssh
OpenSSH_7.6p1, LibreSSL 2.6.2
debug1: Reading configuration data /Users/mike/.ssh/config
debug1: /Users/mike/.ssh/config line 34: Applying options for test_ssh
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 48: Applying options for *
debug1: /etc/ssh/ssh_config line 52: Applying options for *
debug1: Connecting to 15.164.49.113 port 7779.
debug1: Connection established.
debug1: key_load_public: No such file or directory
debug1: identity file /Users/mike/.ssh/key/admin.pem type -1
debug1: key_load_public: No such file or directory
debug1: identity file /Users/mike/.ssh/key/admin.pem-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_7.6
debug1: ssh_exchange_identification: HTTP/1.1 400 Bad Request
in my own case, I was able to log in from my ssh and got this error when I try to login directly to my VPS from my MacBook terminal
HOW I SOLVE THIS ERROR
ssh_exchange_identification: Connection closed by the remote host
(this always occur when you create a new user on your VPS. you will get this error because you have only ssh configuration for root, not the new user)
on your mac book terminal
type
$ cd ~/.ssh
now
~/.ssh create a config file with the following content:
$ nano config
and copy this
Host *
ForwardAgent no
ForwardX11 no
ForwardX11Trusted yes
User shapeshed
Port 22
Protocol 2
save and exit
type
$ ls
result
authorized_keys id_rsa id_rsa1.pub
config id_rsa.pub known_hosts
$ cat id_rsa.pub (to view your public key on macOS terminal )
copy your mac os terminal public key and contr X to exit (if you also use nano text editor)
now on your VPS(remote server)
make sure you are login as the new user created
user#...... not root
$ cd ~/.ssh
$ ls
note that you have just
authorized_keys known_hostsas your result ... no public key for the VPS to recognize signing in from your computer
now let's create new id_rsa.pub on our VPS
$ nano id_rsa.pub
paste your mac os id_rsa.pub you copied save and exit.
type
$ ssh -vvv user#**.**.**.**
replace ** with your IP and see your VPS logged in from your terminal without asking for a password.
bazzlylinksSolution
Why find .ssh/iddsa file. there is no such a file. just id_rsa.
So the issue is that I can login to my server just fine using:
ssh root#SERVER_IP_ADRESS
But when I try to login with a user I created from root:
ssh USERNAME#SERVER_IP_ADRESS5
I get:
Permission denied (publickey).
The steps I went through before this.
SSH generated a key
Created an Ubuntu 16.04 droplet with given SSH key.
SSH into server with root
$ adduser username
usermod -aG sudo username
`$ ssh -vvv root#serverip
OpenSSH7.6p1, LibreSSL 2.6.2
debug1: Reading configuration data /etc/ssh/sshconfig
debug1: /etc/ssh/sshconfig line 48: Applying options for *
debug2: sshconnectdirect: needpriv 0
debug1: Connecting to cleanproject port 22.
debug1: Connection established.
debug1: identity file /Users/happy/.ssh/idrsa type 0
....
...
debug1: Authentications that can continue: publickey
debug1: Trying private key: /Users/happy/.ssh/id_dsa
debug3: no such identity: /Users/happy/.ssh/id_dsa: No such file or directory
debug1: Trying private key: /Users/happy/.ssh/id_ecdsa
debug3: no such identity: /Users/happy/.ssh/id_ecdsa: No such file or directory
debug1: Trying private key: /Users/happy/.ssh/id_ed25519
debug3: no such identity: /Users/happy/.ssh/id_ed25519: No such file or directory
debug2: we did not send a packet, disable method
debug1: No more authentication methods to try.
root#server: Permission denied (publickey).`
Below steps should help to create and authenticate the new user on the instance.
Ssh into your instance using public key.
Create a new user: $ sudo adduser test123
Change the shell session: $ sudo su test123
Create .ssh folder: $mkdir .ssh
Change the permission: $ chmod 700 .ssh
Confirm $pwd is /home/test123
In .ssh folder, execute these
$ touch authorized_keys
$ chmod 600 authorized_keys
paste your public key here from your local system, id_rsa.pub is the default name if not edited while saving. make sure no extra spaces are copied.
It should work!.
$ssh test123#ip-address
I am trying to login to my server through a bastion host and my configuration file is like this:
Host 10.10.10.1
User ec2-user
ProxyCommand ssh -W %h:%p xxx.xxx.xxx.xxx
IdentityFile key.pem
Host xxx.xxx.xxx.xxx
User ec2-user
IdentityFile key.pem
ForwardAgent yes
It works fine if I save this configuration in to ~/.ssh with name "config",which is the default configuration file of ssh. I can login with "ssh -v 10.10.10.1" and the debuglog is like:
OpenSSH_6.9p1, LibreSSL 2.1.8
debug1: Reading configuration data ~/.ssh/config
debug1: /Users/twer/.ssh/config line 2: Applying options for 10.10.10.1
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 21: Applying options for *
debug1: Executing proxy command: exec ssh -W 10.10.10.1:22 xxx.xxx.xxx.xxx
debug1: permanently_drop_suid: 501
debug1: key_load_public: No such file or directory
debug1: identity file key.pem type -1
debug1: key_load_public: No such file or directory
debug1: identity file key.pem-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.9
debug1: Remote protocol version 2.0, remote software version OpenSSH_6.6.1
debug1: match: OpenSSH_6.6.1 pat OpenSSH_6.6.1* compat 0x04000000
debug1: Authenticating to 10.10.10.1:22 as 'ec2-user'
...
But if I save the configuration somewhere else(delete the config in ~/.ssh) and login with "ssh -v -F ~/mysshconfig 10.10.10.1", It failed. the debug log is :
OpenSSH_6.9p1, LibreSSL 2.1.8
debug1: Reading configuration data ansible-ssh.conf
debug1: ansible-ssh.conf line 1: Applying options for 10.10.10.1
debug1: Executing proxy command: exec ssh -W 10.10.10.1:22 xxx.xxx.xxx.xxx
debug1: permanently_drop_suid: 501
debug1: key_load_public: No such file or directory
debug1: identity file key.pem type -1
debug1: key_load_public: No such file or directory
debug1: identity file key.pem-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.9
Permission denied (publickey).
Since I want to use ansible, I need to specify a sshconfig with this "-F" option.
Finally I figured out that I should also specify the configuration file in the ProxyCommand since it is not a default one. The configuration should be like this:
Host 10.10.10.1
User ec2-user
ProxyCommand ssh ssh -F mysshconfig -W %h:%p xxx.xxx.xxx.xxx
IdentityFile key.pem
Host xxx.xxx.xxx.xxx
User ec2-user
IdentityFile key.pem
ForwardAgent yes
Since your config file is in a different location, the relative path to the key file no longer points to the same place, so you're getting "no such file" errors when ssh tries to read your key file.
Use an absolute path instead: change key.pem to ~/.ssh/key.pem.