I am using aws java sdk to launch EC2 instances (running Ubuntu 12.04) and run a distributed tool on them, the tool uses openMPI for message passing between the nodes and openMPI uses SSH to connect nodes with each other.
The problem is that the EC2 instances don't authenticate each other for SSH connections by default, this tutorial shows how to set up SSH by generating keys and adding them to nodes, However, when I tried to add the generated key to the slaves using the command
$ scp /home/mpiuser/.ssh/id_dsa.pub mpiuser#slave1:.ssh/authorized_keys
I still got permission denied. Also, after generating new keys, I was not able to log in using the ".pem" key that I got from amazon.
I am not experienced with SSH keys, but I would like to have some way of configuring each EC2 instance (when its firstly created) to authenticate the others, for example by coping a key into each of them. Is this possible and how It could be done?
P.S.: I can connect to each instance once it is launched and can execute any commands on them over SSH.
I found the solution, I added the amazon private key (.pem) in the image (AMI) that I use to create the EC2 instances and I changed the /etc/ssh/ssh_config file by adding a new identity file
IdentityFile /path/to/the/key/file
This made SSH recognize the .pem private key when it tries to connect to any other EC2 instance created with the same key.
I also changed StrictHostKeyChecking to no, which stopped the message "authenticity of host xxx can't be established" which requires users interaction to proceed with connecting to that host.
Related
I am getting error while trying to do ssh gcloud instance.
I have removed old ssh key and regenerated new ssh key and tried to connect but still the problem remains as it is.
Please share your suggestions.
Check whether the port 22 is open in the firewall for that specific instance. You can follow this document to manage your firewall rules. You can try connecting via serial console instead. The issue you are facing could arise due to many different reasons. It is worth trying different troubleshooting steps for SSH connectivity.
If you created new SSH key properly then check if you added the key to your instance or project-wide metadata. This article is a good read.
Problem:
I cannot connect via ssh to my vm instance on gcloud
Description:
I am using gcloud with my own domain as the user userid#mydomain.com
I created a vm instance on Google Cloud Engine
I installed "WordPress Multisite Certified by Bitnami" via Cloud Launcher
The vm is up and running, I can even access a wordpress page.
In the section "VM Instances", I click the button SSH, but cannot connect, the window prompts:
Transferring SSH keys to the VM.
Could not connect, retrying (1/3)...
The log does not contain any errors.
Attempt 1: Gcloud API
In the Windows CMD, I can successfully connect by calling
gcloud compute ssh userid_mydomain_com#MY_INSTANCE_NAME
It generates file in C:\Users\ACCOUNT_NAME.ssh, but the file google_compute_engine.pub contains my Windows account name at the end in the format HOST\account_name#host, not my gcloud user name (userid#mydomain.com)!
I retried the ssh button, but it still failed.
I then pasted the content from the file google_compute_engine.pub into the ssh key field, but it still doesnt work, perhaps due to the wrong user name? I changed the name, but that didnt help.
Attempt 2: PuttyGen
I also tried generating ssh key with PuttyGen as described here and used userid#mydomain.com in the key comment. With or without the newly generated public key in the vm instance configuraton, I can not ssh into the vm.
Question:
How can I access my vm on gcloud via the ssh button and via putty?
Update:
I can connect to my vm instance using Putty and WinSCP.
I entered the keyfile provided in the Bitnami launchpad and the user name 'bitnami'. The ssh buttons, however, still dont make me enter.
You might not be using the right credentials. However, it's pretty weird the Web Browser Terminal Google offers
you through the SSH button doesn't work.
Please take a look to the documentation below and try to follow the steps, it might help you:
https://docs.bitnami.com/google/faq/#how-to-connect-to-the-server-through-ssh
You can connect to a VM instance via many ways:
SSH from Google cloud console
Connect via Cloud shell
Connect via your local terminal with gcloud command with IAP by using --tunnel-through-iap parameter.
gcloud compute ssh userid_mydomain_com#MY_INSTANCE_NAME --tunnel-through-iap
before asking this question i looked through google and tried different alternatives none of which were successful for me, sadly. I'm a little above the noob level. What i want is to basicaly host a wordpress site on a google cloud debian machine.
I was doing good installing services through their SSH access until i got to the point where i installed an ftp service and wanted to access it through a remote computer(my own) i only got as far as to:
Status: Waiting to retry...
Status: Connecting to 104.197.183.19...
Response: fzSftp started
Command: open "root#104.197.183.19" 22
Error: Connection timed out
Error: Could not connect to server
I kept on looking and trying new ways until i found the gcloud documentation for ftp but it is not aimed at new ones, so my questions are:
Where do i input the commands for gcloud, on my computer or on the SSH console(Google cloud machine)?
Do i need to use gcloud for ftp remote access or can i do it entirely through my computer and their SSH machine?
Do i really need to add an ssh authorization file to FileZilla or is there a way i can disable that check on my vps so it lets me sign in with just a username and a password?
What i already tried and didn't work for me:
gCloud documentation for ssh and ftp
Google cloud documention for setting up a wordpress site
Many others
Basically what i need in short is to manage to access the vps through ftp so i can continue with my learning.. Been stuck there two days.
To get access to a users public area, ie. public_html
Go to the accounts Cpanel area and under Security > SSH Access you can import a key file.
You can use PuttyGen to make one, you will need both a private and public key.
Past the keys into the box's.
You may get a warning message about the private key, this is ok.
Go to Manage under public key and authorize it.
Or
Make on using the interface in Cpanel and download both Keys.
Then in FileZilla
Host: IP of server
Protocol: SFTP
Logon Type: Key File
Key File: the PPK you made.
(if you asked Cpanel to make the file select the one that does not end in .pub and FileZilla will convert it for you to a .ppk file.
After clicking connect you should be in
If you still have an error make sure the SSH port (22) is open in your filewalls both Google cloud.google.com > Networks and WHM > LDF/CSF plugin
Use SSH File Transfer Protocol.
No need to install ftp service.
Use winscp for connecting with sftp.
The recommended way of transferring files to a Unix-based Google Compute Engine VM is via the gcloud compute copy-files command. For this, please install the Google Cloud SDK. Then, run a command such as the following:
gcloud compute copy-files --zone=<Compute Engine zone>/path/to/local/file.txt <Compute Engine instance name>:/path/to/destination/file.txt
If you'd like to use FileZilla, you'll have to configure it for access. The SSH daemon on Compute Engine VMs is set up for key-based authentication. This forum post indicates how this is possible in FileZilla. The catch is that you need to put your public key on the VM, which can be a little tricky. gcloud compute copy-files and gcloud compute ssh take care of this for you, which is why they are the recommended method.
I'm playing with Google Compute Engine(GCE) as I'm planning to migrate the cloud service provider from Rackspace(reason: GCE has good upgrade plans with best discount price).
I have few issues with GCE and one of them is Ubuntu os/image not supported by default. But there is an alternate method to run any linux distro in GCE, which is called Building an image from scratch for uploading custom images and creating instances(servers) from uploaded image.
I could able to create and run the instances from the Ubuntu image I uploaded to GCE following the link hagikuratakeshi.hatenablog.com. This is simply running ubuntu in general. I didn't face any problem but google's gcutil tool prompts for ssh passphrase and adds the key in GCE meta data but accepts only password logins(then why it prompts for passphrase).
I want to strictly follow Building an image from scratch as recommended by google. But after following all the steps, I could not able to login to my server instance via SSH. I guess this happens when I install Google Compute Engine image packages: google-startup-scripts_1.1.2-1_all.deb, google-compute-daemon_1.1.2-1_all.deb & python-gcimagebundle_1.1.2-1_all.deb. These packages/scripts make some changes to the instance at the startup and also to SSH configuration which are Strongly recommended. Once I strictly follow the link or once I install these packages I could not able to establish SSH connection once the instance is rebooted. The error message similar to the one below is shown while trying to connect:
test#machine1:~$ gcutil --service_version="v1" --project="mypro-555" ssh --zone="asia-east1-a" "server-instance-1"
INFO: Running command line: ssh o UserKnownHostsFile=/dev/null -o CheckHostIP=no -o StrictHostKeyChecking=no -i /home/test/.ssh/google_compute_engine -A -p 22 test#101.167.xxx.xxx -
ssh: connect to host 101.167.xxx.xxx port 22: Connection refused
NOTE: The user account test is available and common on both local and GCE server!.
My main problem is SSH connection when I strictly follow the steps. If I upload the fresh image and then follow the recommended steps connecting SSH, I could not do SSH again once I restart the instance (or) if I setup everything in the uploaded image before uploading, the created instance will be running but I could not able to connect atleast ones and the error is same.
Anybody using GCE with your custom image?, are you allowed to connected even after following the recommended settings?. Anyone already fixed this SSH issue?. Please post your comments!
EDIT 1
I could not figure out from the logs and here is the output of gcutil getserialportoutput server-instance-1.
The key here is that your ssh client says "connection refused". This indicates that there is indeed a machine at that IP address, but it's not accepting SSH connections. There are a few possible explanations:
The ssh daemon isn't running, or is listening on the wrong interface
Your instance is configured with a firewall that's denying SSH traffic
The GCE firewall rule to allow SSH traffic has been removed
I was going to do rsync, but rsync over SSH needs to have the private key on the second EC2 instance. I'm concerned about copying my private SSH key to the server. That can't be safe, right?
Is there another possibility, e.g. somehow getting authentication via my computer? If it's only a little auth check at the beginning of each sync, I don't mind that.
Or can I securely sync files between EC2 instances without the private key?
Thanks for your input,
MrB
You needn't use your EC2 keys to setup SSH between the two EC2 instances. Look at this guide - http://ask-leo.com/how_can_i_automate_an_sftp_transfer_between_two_servers.html .
Simple outline of the process is, lets say you want to transfer files from Server1 to Server2. You basically create a new key for your user on Server1 (note this is different from the key you downloaded to access your EC2 instance - Server1 in this case). Then load up the public part in Server2's authorized_keys and you should be able to setup SSH.
If the user that the rsync process is going to run under is not your user, then you will have to setup SSH keys for the user that the process will run under.
HTH
Just create a snapshot of the volume you have your modified files contained and attach it your outdated instance after detaching the outdated volume.