Despite my best efforts, I cannot seem to get agent forwarding on Vagrant. I'm running OS X with the following vagrant/virtualbox combo:
[chrisshorrock:~]$ vboxwebsrv --version
Oracle VM VirtualBox web service Version 4.2.18
(C) 2007-2013 Oracle Corporation
All rights reserved.
4.2.18r88780
[chrisshorrock:~]$ vagrant --version
Vagrant 1.3.5
Firstly - in my vagrant file I have
config.ssh.forward_agent = true
I've confirmed that my key (on my os x box) is added to my ssh agent with:
ssh-add -L
My ~/.ssh/config file contains the following:
Host 127.0.0.1
ForwardAgent yes
I can connect to outside servers, and have confirmed that something like:
ssh -T git#github.com
Works properly (both locally and remotely indicating that ssh agent forwarding functionality seems correct on the OS X box), however, when I connect to my vagrant instance, I have no such luck:
[chrisshorrock:~]$ ssh -v vagrant#127.0.0.1 -p 2222
OpenSSH_6.2p2, OSSLShim 0.9.8r 8 Dec 2011
debug1: Reading configuration data /Users/chrisshorrock/.ssh/config
debug1: /Users/chrisshorrock/.ssh/config line 35: Applying options for 127.0.0.1
debug1: Reading configuration data /etc/ssh_config
debug1: /etc/ssh_config line 20: Applying options for *
debug1: Connecting to 127.0.0.1 [127.0.0.1] port 2222.
debug1: Connection established.
debug1: identity file /Users/chrisshorrock/.ssh/id_rsa type 1
debug1: identity file /Users/chrisshorrock/.ssh/id_rsa-cert type -1
debug1: identity file /Users/chrisshorrock/.ssh/id_dsa type -1
debug1: identity file /Users/chrisshorrock/.ssh/id_dsa-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.2
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.9p1 Debian-5ubuntu1.1
debug1: match: OpenSSH_5.9p1 Debian-5ubuntu1.1 pat OpenSSH_5*
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Server host key: RSA 50:db:75:ba:11:2f:43:c9:ab:14:40:6d:7f:a1:ee:e3
debug1: Host '[127.0.0.1]:2222' is known and matches the RSA host key.
debug1: Found key in /Users/chrisshorrock/.ssh/known_hosts:29
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /Users/chrisshorrock/.ssh/id_rsa
debug1: Server accepts key: pkalg ssh-rsa blen 277
debug1: Authentication succeeded (publickey).
Authenticated to 127.0.0.1 ([127.0.0.1]:2222).
debug1: channel 0: new [client-session]
debug1: Requesting no-more-sessions#openssh.com
debug1: Entering interactive session.
debug1: Requesting authentication agent forwarding.
debug1: Sending environment.
debug1: Sending env LANG = en_CA.UTF-8
debug1: Sending env LC_CTYPE = en_CA.UTF-8
Welcome to Ubuntu 12.04.3 LTS (GNU/Linux 3.2.0-56-generic x86_64)
* Documentation: https://help.ubuntu.com/
Welcome to your Vagrant-built virtual machine.
Last login: Fri Nov 22 09:58:24 2013 from 10.0.2.2
[vagrant:~]$ ssh -T git#github.com
Warning: Permanently added the RSA host key for IP address '192.30.252.130' to the list of known hosts.
Permission denied (publickey).
I'm at a loss of things to try.
Problem solved. The box was using oh-my-zsh, which had the plugins defined as:
plugins=(git cp command-not-found git-extras gnu-utils history pip python ruby screen ssh-agent svn)
The culprit here was the ssh-agent helper for oh-my-zsh.
Related
I have two EC2 instances in a VPC - a bastion and dev machine.
I can ssh into the bastion and run X11 apps. However when I ssh from the bastion to the dev machine, X forwarding fails:
> ssh -vX -i ~/.ssh/my_key.pem ec2-user#X.X.X.X
…
debug1: Requesting X11 forwarding with authentication spoofing.
debug1: Sending environment.
debug1: Sending env LANG = en_US.UTF-8
debug1: Remote: Can't get IP address for X11 DISPLAY.
X11 forwarding request failed on channel 0
The full log is below.
The remote instance (ie. the dev machine) has the xauth package installed, and the /etc/ssh/sshd_config file (on the dev machine) has the following entries:
X11Forwarding yes
X11UseLocalhost no
Does anyone know what the problem could be?
cheers
steve
OpenSSH_6.6.1, OpenSSL 1.0.1e-fips 11 Feb 2013
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 56: Applying options for *
debug1: Connecting to X.X.X.X [X.X.X.X] port 22.
debug1: Connection established.
debug1: identity file /home/ec2-user/.ssh/my_key.pem type -1
debug1: identity file /home/ec2-user/.ssh/my_key.pem-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.6.1
debug1: Remote protocol version 2.0, remote software version OpenSSH_6.6.1
debug1: match: OpenSSH_6.6.1 pat OpenSSH_6.6.1* compat 0x04000000
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5-etm#openssh.com none
debug1: kex: client->server aes128-ctr hmac-md5-etm#openssh.com none
debug1: kex: curve25519-sha256#libssh.org need=16 dh_need=16
debug1: kex: curve25519-sha256#libssh.org need=16 dh_need=16
debug1: sending SSH2_MSG_KEX_ECDH_INIT
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ECDSA Y:Y:Y:Y:Y:Y:Y:Y:Y
debug1: Host 'X.X.X.X' is known and matches the ECDSA host key.
debug1: Found key in /home/ec2-user/.ssh/known_hosts:1
debug1: ssh_ecdsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Trying private key: /home/ec2-user/.ssh/my_key.pem
debug1: key_parse_private2: missing begin marker
debug1: read PEM private key done: type RSA
debug1: Authentication succeeded (publickey).
Authenticated to X.X.X.X ([X.X.X.X]:22).
debug1: channel 0: new [client-session]
debug1: Requesting no-more-sessions#openssh.com
debug1: Entering interactive session.
debug1: Requesting X11 forwarding with authentication spoofing.
debug1: Sending environment.
debug1: Sending env LANG = en_US.UTF-8
debug1: Remote: Can't get IP address for X11 DISPLAY.
X11 forwarding request failed on channel 0
The solution was to set X11UseLocalhost to "yes".
I'm trying to ssh into a running container with
ssh -X user#IP
ssh -Y user#IP
I've launched with
docker run -it image:latest /bin/bash -c 'sudo service ssh stop;sudo service ssh start;/bin/bash'
I'm able to ssh into the container, but I can't run a GUI application. When I use echo $DISPLAY, I get localhost:10.0
I've tried dozens of solutions of ForwardX11, X11Forwarding, ForwardX11Trusted, etc.
I get this warning on login:
Warning: No xauth data; using fake authentication data for X11 forwarding.
I read the because it's a warning, it can be ignored. When trying to run a GUI application, I get
Invalid MIT-MAGIC-COOKIE-1 keyCan't open display: localhost:10.0
I've tried so many things but none have worked thus far. What can I do?
Thanks.
Just in case, here's a verbose output:
j#laptop:~/Documents/tmp/Docker/docker-system> ssh -vY moos#192.168.1.100
OpenSSH_6.6, OpenSSL 0.9.8zc 15 Oct 2014
debug1: Reading configuration data /home/j/.ssh/config
debug1: /home/j/.ssh/config line 1: Applying options for *
debug1: Reading configuration data /etc/centrifydc/ssh/ssh_config
debug1: /etc/centrifydc/ssh/ssh_config line 49: Applying options for *
debug1: Connecting to - [-] port 22.
debug1: Connection established.
debug1: identity file /home/j/.ssh/id_rsa type 1
debug1: identity file /home/j/.ssh/id_rsa-cert type -1
debug1: identity file /home/j/.ssh/id_dsa type -1
debug1: identity file /home/j/.ssh/id_dsa-cert type -1
debug1: identity file /home/j/.ssh/id_ecdsa type -1
debug1: identity file /home/j/.ssh/id_ecdsa-cert type -1
debug1: identity file /home/j/.ssh/id_ed25519 type -1
debug1: identity file /home/j/.ssh/id_ed25519-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.6
debug1: Remote protocol version 2.0, remote software version OpenSSH_6.6.1p1 Ubuntu-2ubuntu2.7
debug1: match: OpenSSH_6.6.1p1 Ubuntu-2ubuntu2.7 pat OpenSSH* compat 0x04000000
debug1: An invalid name was supplied
Cannot determine realm for numeric host address
debug1: An invalid name was supplied
Cannot determine realm for numeric host address
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5-etm#openssh.com none
debug1: kex: client->server aes128-ctr hmac-md5-etm#openssh.com none
debug1: sending SSH2_MSG_KEX_ECDH_INIT
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ECDSA 9b:dc:35:c2:f3:5f:86:54:58:91:fa:87:cd:58:d9:bb
debug1: Host '-' is known and matches the ECDSA host key.
debug1: Found key in /home/j/.ssh/known_hosts:11
debug1: ssh_ecdsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentication succeeded (none).
Authenticated to - ([-]:22).
debug1: channel 0: new [client-session]
debug1: Requesting no-more-sessions#openssh.com
debug1: Entering interactive session.
debug1: No xauth program.
Warning: No xauth data; using fake authentication data for X11 forwarding.
debug1: Requesting X11 forwarding with authentication spoofing.
debug1: Requesting authentication agent forwarding.
Last login: Thu May 19 15:15:45 2016 from -
j#3ce2104c8e2d:~$ gedit
debug1: client_input_channel_open: ctype x11 rchan 4 win 65536 max 16384
debug1: client_request_x11: request from ::1 39148
debug1: channel 1: new [x11]
debug1: confirm x11
debug1: channel 1: free: x11, nchannels 2
Invalid MIT-MAGIC-COOKIE-1 keyCan't open display: localhost:10.0
This command for connecting to my aws server works well:
ssh -i my_pem.pem ubuntu#ec2-xx-xx-xx-xx.eu-west-1.compute.amazonaws.com
But this not:
$ scp -v -i my_pem.pem file1 file2 ubuntu#ec2-xx-xx-xx-xx.eu-west-1.compute.amazonaws.com:/home/ubuntu/folder1
UPDATE1:
$ ssh -v -i 123.pem ubuntu#xx-xx-xx-xx.xx-west-1.compute.amazonaws.com
OpenSSH_6.6.1, OpenSSL 1.0.1f 6 Jan 2014
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug1: Connecting to xx-xx-xx-xx.xx-west-1.compute.amazonaws.com [11.22.33.44] port 22.
debug1: Connection established.
debug1: identity file docs/toh_server.pem type -1
debug1: identity file docs/toh_server.pem-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.6.1p1 Ubuntu-2ubuntu2.4
debug1: Remote protocol version 2.0, remote software version OpenSSH_6.6.1p1 Ubuntu-2ubuntu2.4
debug1: match: OpenSSH_6.6.1p1 Ubuntu-2ubuntu2.4 pat OpenSSH_6.6.1* compat 0x04000000
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5-etm#openssh.com none
debug1: kex: client->server aes128-ctr hmac-md5-etm#openssh.com none
debug1: sending SSH2_MSG_KEX_ECDH_INIT
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ECDSA xx:bb:cc:dd:ee:fdsfdsfdsfdsfdsfds
debug1: Host 'xx-xx-xx-xx.xx-west-1.compute.amazonaws.com' is known and matches the ECDSA host key.
debug1: Found key in /home/me123/.ssh/known_hosts:19
debug1: ssh_ecdsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Trying private key: docs/toh_server.pem
debug1: key_parse_private2: missing begin marker
debug1: read PEM private key done: type RSA
debug1: Authentication succeeded (publickey).
Authenticated to xx-xx-xx-xx.xx-west-1.compute.amazonaws.com ([11.33.44.55]:22).
debug1: channel 0: new [client-session]
debug1: Requesting no-more-sessions#openssh.com
debug1: Entering interactive session.
debug1: Sending environment.
debug1: Sending env LANG = en_HK.UTF-8
Welcome to Ubuntu 14.04.3 LTS (GNU/Linux 3.13.0-48-generic x86_64)
* Documentation: https://help.ubuntu.com/
System information disabled due to load higher than 2.0
Get cloud support with Ubuntu Advantage Cloud Guest:
http://www.ubuntu.com/business/services/cloud
Error:
Executing: program /usr/bin/ssh host ip-xx-xx-xx-xx, user ubuntu, command scp -v -d -t /home/ubuntu/folder1
OpenSSH_6.6.1, OpenSSL 1.0.1f 6 Jan 2014
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
ssh: Could not resolve hostname ip-xx-xx-xx-xx: Name or service not known
lost connection
What's the matter?
See the difference
debug1: Connecting to xx-xx-xx-xx.xx-west-1.compute.amazonaws.com [11.22.33.44] port 22.
and
Executing: program /usr/bin/ssh host ip-xx-xx-xx-xx, user ubuntu, command scp -v -d -t /home/ubuntu/folder1
ssh: Could not resolve hostname ip-xx-xx-xx-xx: Name or service not known
Your scp is connecting somewhere else and since you obfuscated the IPs/addresses I have no idea if that is intention or that the it really does.
The scp is parsing your files and probably found some : character in your file name (first guess about # was false) and parses that filename as host:path? Give it a try with only one of the files, post the real name of files.
Or rather use sftp. It does not care about the syntax on command line. Just sftp your host and then:
cd folder1
put my_file file2
I was connecting my ec2 instance via ssh well,after adding new EBS volume restarted the machine by 'sudo shutdown -r now'
And after that I tried to access by using follwing command:
ssh -v -i primary_key.pem ubuntu#ec2-23-22-245-160.compute-1.amazonaws.com
which is retuning like below:
OpenSSH_5.6p1, OpenSSL 0.9.8r 8 Feb 2011
debug1: Reading configuration data /Users/caveman/.ssh/config
debug1: Reading configuration data /etc/ssh_config
debug1: Applying options for *
debug1: Connecting to ec2-23-22-245-160.compute-1.amazonaws.com [23.22.245.160] port 22.
debug1: Connection established.
debug1: identity file primary_key.pem type -1
debug1: identity file primary_key.pem-cert type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.9p1 Debian-5ubuntu1
debug1: match: OpenSSH_5.9p1 Debian-5ubuntu1 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.6
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host 'ec2-23-22-245-160.compute-1.amazonaws.com' is known and matches the RSA host key.
debug1: Found key in /Users/caveman/.ssh/known_hosts:31
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Trying private key: primary_key.pem
debug1: read PEM private key done: type RSA
debug1: Authentications that can continue: publickey
debug1: No more authentication methods to try.
Permission denied (publickey).
What is wrong?Any point that I am missing?
This is normal Amazon EC2 behaviour. After restarting the instance, associated public Ip (yours was ec2-23-22-245-160.compute-1.amazonaws.com) will be changed.
There are 2 way to connect your instance via ssh
Log into your Amazon AWS Console and check running instance then copy Public DNS and try to connect with ssh. (ssk key is the same)
If you don't want your instance's public ip to change on every restart/termination use Elastic IP. Elastic Ips associated with account (not the instance) so you can assign Elastic Ip on any instance you want.
You can connect with ssh ssh -v -i primary_key.pem ubuntu#<ElasticIp>
I had the similar issue. Here is what I did..!
ssh -i < .pem file> -vvv <server IP>
The above command will show debug logs and after ECDSA key is accepted you are in.
I am quite out of my depths with a problem that I have faced with two different ssh-users on two different servers where I deploy to with Capistrano. I am sure I am not the only one to have come across this:
I set up an ssh-connection from the command line with passwordless authentication, using my public key, that is known to the remote server. This works: I can log into the remote system.
I execute »cap deploy:setup«. Surprisingly, I have to enter the password of the ssh-user, and from then I have to enter the password again each time I log into the server via ssh on the command line. The public key is not accepted any more, as shown by the output produced by ssh's -v option:
_
shell$ ssh -vp 5222 my_ssh_user#my-remote-host.de
OpenSSH_5.6p1, OpenSSL 0.9.8r 8 Feb 2011
debug1: Reading configuration data /etc/ssh_config
debug1: Applying options for *
debug1: Connecting to my-remote-host.de [1.2.3.4] port 5222.
debug1: Connection established.
debug1: identity file /Users/martin/.ssh/id_rsa type 1
debug1: identity file /Users/martin/.ssh/id_rsa-cert type -1
debug1: identity file /Users/martin/.ssh/id_dsa type -1
debug1: identity file /Users/martin/.ssh/id_dsa-cert type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.1p1 Debian-5ubuntu1
debug1: match: OpenSSH_5.1p1 Debian-5ubuntu1 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.6
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host '[my-remote-host.de]:5222' is known and matches the RSA host key.
debug1: Found key in /Users/martin/.ssh/known_hosts:9
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /Users/martin/.ssh/id_rsa
debug1: Authentications that can continue: publickey,password
debug1: Trying private key: /Users/martin/.ssh/id_dsa
debug1: Next authentication method: password
my_ssh_user#my-remote-host.de's password: <here I enter my password>
debug1: Authentication succeeded (password).
Authenticated to my-remote-host.de ([1.2.3.4]:5222).
debug1: channel 0: new [client-session]
debug1: Requesting no-more-sessions#openssh.com
debug1: Entering interactive session.
debug1: Sending environment.
debug1: Sending env LANG = de_DE.UTF-8
Linux ve2003 2.6.18-238.5.1.el5.028stab085.5 #1 SMP Thu Apr 14 15:42:34 MSD 2011 x86_64
The programs included with the Ubuntu system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.
Ubuntu comes with ABSOLUTELY NO WARRANTY, to the extent permitted by
applicable law.
To access official Ubuntu documentation, please visit:
http://help.ubuntu.com/
Last login: Fri Sep 23 13:05:55 2011 from
I am using Mac OS Lion locally and Ubuntu on the remote side. My Capistrano is extended by the multistage-extension. I have set
set :ssh_options, {:forward_agent => true}
and it works for the passwordless pulling of the git repository on the remote side.
How can I prevent Capistrano to scrumble up my SSH settings and make it use public key auth again?
Greatly appreciate any help!
EDIT: The problem is Server-side: I just found out that I cannot use other systems to passwordless log into my remote system. How can I know what is wrong with the server?