If I try to ssh or git push to openshift, I get the error "access not allowed". The SSH public key is listed on openshift and matches the key in ~/.ssh/id_rsa.pub Linux Mint 17.
dick#dick1 ~ $ ssh-keygen -l
Enter file in which the key is (/home/dick/.ssh/id_rsa):
2048 70:f1:92:9d:d8:7b:09:4c:8e:7d:60:94:53:a0:7a:8a OpenShift-Key (RSA)
dick#dick1 ~ $ rhc sshkey list
default (type: ssh-rsa)
-----------------------
Fingerprint: 70:f1:92:9d:d8:7b:09:4c:8e:7d:60:94:53:a0:7a:8a
Available: true
You have 1 SSH keys associated with your account.
dick#dick1 ~ $ cd /c/src/time
dick#dick1 /c/src/time $ git push
ssh: connect to host time-cronos.rhcloud.com port 22: Connection timed out
fatal: Could not read from remote repository.
Please make sure you have the correct access rights
and the repository exists.
dick#dick1 /c/src/time $ ssh time-cronos.rhcloud.com
ssh: connect to host time-cronos.rhcloud.com port 22: Connection timed out
dick#dick1 /c/src/time $
Sounds like maybe port 22 is blocked where you are? Can you telnet to port 22 at time-cronos.rhcloud.com? If not it might be time to involve your systems administrator or try from another location.
It seems that port 22 is blocked as the connection times out, I would suggest running an nmap scan in order to get more information regarding the port state provided that you have permission to port scan the server:
nmap -p 22 --reason -sT time-cronos.rhcloud.com
Related
I have connected to the server and I am root user,but my command failed
scp -p 10010 ~/Desktop/usb.sh root#localhost:/
Error:
ssh: connect to host localhost port 22: Connection refused
You'll need a capital P (-P) to specify a port, from the man page:
scp (1):
-P port
Specifies the port to connect to on the remote host. Note that this option is written with a capital 'P', because -p is already reserved for preserving the times and modes of the file in rcp(1).
Also, ensure you user can write to the document root (/), you can always write to your home folder: (root#localhost:/root/)
Fixed command:
scp -P 10010 ~/Desktop/usb.sh root#localhost:/
We have a RHEL 7 remote server where I created a dummy user called gitlabci.
While SSH'd into the remote server, I generated a public-private key pair (for use when grabbing files from GitLab)
Uploaded the public key as a deploy key for use later when we get our CI set up
Generated another public-private key pair in my local machine (for use when SSH'ing into the remote server from the GitLab Runner)
Added the public key to the remote server's authorized_keys
Added the private key to the project's CI environment variables
The idea is when the CI runs, the GitLab runner will SSH into the remote server as the gitlabci user I created then fetch the branch into the web directory using the deploy keys.
I thought I have set up the keys properly but whenever the runner tries to SSH, the connection gets refused.
$ which ssh-agent || ( apt-get update -y && apt-get install openssh-client git -y )
...
$ eval $(ssh-agent -s)
Agent pid 457
$ echo "$SSH_PRIVATE_KEY" | tr -d '\r' | ssh-add - > /dev/null
Identity added: (stdin) (GitLab CI)
$ mkdir -p ~/.ssh
$ chmod 700 ~/.ssh
$ [[ -f /.dockerenv ]] && echo -e "Host *\n\tStrictHostKeyChecking no\n\n" > ~/.ssh/config
$ ssh gitlabci#random.server.com
Pseudo-terminal will not be allocated because stdin is not a terminal.
ssh: connect to host random.server.com port 22: Connection refused
ERROR: Job failed: exit code 1
When I tried to SSH into the remote server via GitBash on my local machine using the key pair I generated it did work.
$ ssh -i ~/.ssh/gitlabci gitlabci#random.server.com
Last login: Mon Nov 4 13:49:59 2019 from machine01.work.server.com
ssh: connect to host random.server.com port 22: Connection refused
"Connection refused" means that the ssh client transmitted a connection request to the named host and port, and it received in response a so-called "reset" packet, indicating that the remote server was refusing to accept the connection.
If you can connect to random.server.com from one host but get connection refused from another host, a few possible explanations come to mind:
You might have an entry in your .ssh/config file which substitutes a different name or address for random.server.com. For example, an entry like the following would cause ssh to connect to random2.server.com when you request random.server.com:
Host random.server.com
Hostname random2.server.com
The IP address lookup for "random.server.com" is returning the wrong address somehow, so ssh is trying to connect to the wrong server. For example, someone might have added an entry to /etc/hosts for that hostname.
Some firewall or other packet inspection software is interfering with the connection attempt by responding with a fake reset packet.
I am running Ansible on my machine. And my machine does not have ssh access to the remote machine. Port 22 connection originating from local machine are blocked by the institute firewall. But I have access to a machine (ssh-tunnel), through which I can login to the remote machine. Now is there a way we can run ansible playbook from local machine on remote hosts.
In a way is it possible to make Ansible/ssh connect to the remote machine, via ssh-tunnel. But not exactly login to ssh-tunnel. The connection will pass through the tunnel.
Other way is I can install ansible on ssh-tunnel, but that is not the desired and run plays from there. But that would not be a desired solution.
Please let me know if this is possible.
There are two ways to achieve this without install the Ansible on the ssh-tunnel machine.
Solution#1:
Use these variables in your inventory:
[remote_machine]
remote ansible_ssh_host=127.0.0.1 ansible_ssh_port=2222 ansible_ssh_user='username' ansible_ssh_private_key_file='/home/user/private_key'
hope you understand above parameters, if need help please ask in comments
Solution#2:
Create ~/.ssh/config file and add the following parameters:
####### Access to the Private Server through ssh-tunnel/bastion ########
Host ssh-tunnel-server
HostName x.x.x.x
StrictHostKeyChecking no
User username
ForwardAgent yes
Host private-server
HostName y.y.y.y
StrictHostKeyChecking no
User username
ProxyCommand ssh -q ssh-tunnel-server nc -q0 %h %p
Hope that help you, if you need any help, feel free to ask
No request to install ansible on the jump and remote servers, ansible is ssh service only tool :-)
First make sure you can work it directly with SSH Tunnel.
On local machine (Local_A), you can login to Remote machine (Remote_B) via jump box (Jump_C).
login server Local_A
ssh -f user#remote_B -L 2000:Jump_C:22 -N
The other options are:
-f tells ssh to background itself after it authenticates, so you don't have to sit around running something on the remote server for the tunnel to remain alive.
-N says that you want an SSH connection, but you don't actually want to run any remote commands. If all you're creating is a tunnel, then including this option saves resources.
-L [bind_address:]port:host:hostport
Specifies that the given port on the local (client) host is to be forwarded to the given host and port on the remote side.
There will be a password challenge unless you have set up DSA or RSA keys for a passwordless login.
There are lots of documents teaching you how to do the ssh tunnel.
Then try below ansible command from Local_A:
ansible -vvvv remote_B -m shell -a 'hostname -f' --ssh-extra-args="-L 2000:Jump_C:22"
You should see the remote_B hostname. Let me know the result.
Let's say you can ssh into x.x.x.x from your local machine, and ssh into y.y.y.y from x.x.x.x, while y.y.y.y is the target of your ansible playbook.
inventory:
[target]
y.y.y.y
playbook.yml
---
- hosts: target
tasks: ...
Run:
ansible-playbook --ssh-common-args="-o ProxyCommand='ssh -W %h:%p root#x.x.x.x'" -i inventory playbook.yml
I tried to use ssh command to connect to another remote host.
ssh -p 21098 -i $OPENSHIFT_DATA_DIR/.ssh/host_key user#domain.com
The authenticity of host '[domain.com]:21098 ([124.219.148.93]:21098)' can't be established.
RSA key fingerprint is 12:15:79:55:c6:2a:66:1e:82:94:da:19:e1:ca:21:3d.
Are you sure you want to continue connecting (yes/no)?yes
Failed to add the host to the list of known hosts (/var/lib/openshift/541b685c5973cae7bbf006f4/.ssh/known_hosts).
Connection closed by 124.219.148.93
I suppose we do not have access to home/.ssh. So how to solve this problem?
One can pass options to SSH on command line, like this:
ssh -o UserKnownHostsFile=/tmp/known_host_file -p 21098 -i $OPENSHIFT_DATA_DIR/.ssh/host_key user#domain.com
Here is related answer: ssh use known_hosts other than $HOME/.ssh/known_hosts
I have an SSH tunnel from an EC2 instance (say A) to another with an Elastic IP (say B). It worked perfectly. Yet, B had a failure. So I had to stop it, and start a new instance with the same Elastic IP. And now the exact same SSH tunnel does not work anymore. Yet:
I can still SSH from A to B. So I know my keys are in place
I tried the exact same tunnel from another instance than A, and it works as expected.
So somehow, it is as if A detected a problem when B went down, and it is now blocking the traffic.
Tunnel:
/usr/bin/ssh -o StrictHostKeyChecking=no -i /path_to/id_dsa -f -p 22 -N -L 26:www.foo.com:80 ssh_tunnel#amazon_public_ip
And when I try Curl here is what I get:
curl -v -H "Host: www.foo.com" http://localhost:26/foofoo
* Hostname was NOT found in DNS cache
* Trying 127.0.0.1...
* connect to 127.0.0.1 port 26 failed: Connection refused
* Failed to connect to localhost port 26: Connection refused
* Closing connection 0
curl: (7) Failed to connect to localhost port 26: Connection refused
Am I missing something?
I found the issue. I did not pay attention, but when I was SSH-ing into the instance, I was getting a warning message: WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!. Since it worked anyway, I thought it was not a problem. It turns out it makes the tunnel fail.
So I just removed the offending RSA key from known_hosts and now it works.