Closed zonca closed 4 years ago
See how I can ssh from an outside machine:
then that folder is mounted in Jupyter:
I have uploaded the ssh private key to the secrets repository
@pibion or @ziqinghong, can you test if you can copy data there?
@zonca when I try to log in I get asked for a password.
@zonca ah sorry it appears the permissions on my key are too open.
@zonca yes, I'm able to connect via ssh! I updated the instructions in the secrets repository a bit.
@zonca when I try to use scp
to copy a file I get asked for a password. Is this expected?
I'm specifying the identity file the same as when I successfully ssh.
when I need to understand an issue you are having I need all information you can provide. For example here can you paste the command you are running? mask out the full address
Okay, it appears the way I'm passing the identity key to scp isn't working.
(base) aroberts@rhel6-64j:~> scp -v ~/secrets/ssh/cdms_nfs_ssh_key -p 30022 helloAmy.txt root@xxxxxxx.jetstream-cloud.org:/cvmfs/data
Executing: program /usr/bin/ssh host xxxxxxxx.jetstream-cloud.org, user root, command scp -v -d -t /cvmfs/data
OpenSSH_5.3p1, OpenSSL 1.0.1e-fips 11 Feb 2013
debug1: Reading configuration data /u/dm/aroberts/.ssh/config
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: /etc/ssh/ssh_config line 20: Deprecated option "FallBackToRsh"
debug1: Connecting to xxxxxxx.jetstream-cloud.org [149.165.156.119] port 22.
debug1: Connection established.
debug1: identity file /u/dm/aroberts/.ssh/identity type -1
debug1: identity file /u/dm/aroberts/.ssh/identity-cert type -1
debug1: identity file /u/dm/aroberts/.ssh/id_dsa type -1
debug1: identity file /u/dm/aroberts/.ssh/id_dsa-cert type -1
debug1: identity file /u/dm/aroberts/.ssh/id_rsa type 1
debug1: identity file /u/dm/aroberts/.ssh/id_rsa-cert type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_7.6
debug1: match: OpenSSH_7.6 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.3
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-sha1 none
debug1: kex: client->server aes128-ctr hmac-sha1 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<2048<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host 'xxxxxxxxx.jetstream-cloud.org' is known and matches the RSA host key.
debug1: Found key in /u/dm/aroberts/.ssh/known_hosts:7
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
debug1: Next authentication method: gssapi-keyex
debug1: No valid Key exchange context
debug1: Next authentication method: gssapi-with-mic
debug1: Unspecified GSS failure. Minor code may provide more information
Server not found in Kerberos database
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
debug1: Next authentication method: publickey
debug1: Trying private key: /u/dm/aroberts/.ssh/identity
debug1: Trying private key: /u/dm/aroberts/.ssh/id_dsa
debug1: Offering public key: /u/dm/aroberts/.ssh/id_rsa
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
debug1: Next authentication method: password
root@xxxxxxxx.jetstream-cloud.org's password:
I'll try setting up my .ssh/config properly and report back.
identity is -i
Okay, the identity verification is working. I'm now getting a new error:
(base) aroberts@rhel6-64j:~> scp -v helloAmy.txt root@xxxxxxx.jetstream-cloud.org:/cvmfs/data
Executing: program /usr/bin/ssh host xxxxxxx.jetstream-cloud.org, user root, command scp -v -t /cvmfs/data
OpenSSH_5.3p1, OpenSSL 1.0.1e-fips 11 Feb 2013
debug1: Reading configuration data /u/dm/aroberts/.ssh/config
debug1: Applying options for xxxxxxxx.jetstream-cloud.org
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: /etc/ssh/ssh_config line 20: Deprecated option "FallBackToRsh"
debug1: Connecting to xxxxxxxx.jetstream-cloud.org [yyy] port 30022.
debug1: Connection established.
debug1: identity file /u/dm/aroberts/jupyterhub-deploy-kubernetes-jetstream-secrets/ssh/cdms_nfs_ssh_key type 1
debug1: identity file /u/dm/aroberts/jupyterhub-deploy-kubernetes-jetstream-secrets/ssh/cdms_nfs_ssh_key-cert type -1
debug1: identity file /u/dm/aroberts/.ssh/identity type -1
debug1: identity file /u/dm/aroberts/.ssh/identity-cert type -1
debug1: identity file /u/dm/aroberts/.ssh/id_dsa type -1
debug1: identity file /u/dm/aroberts/.ssh/id_dsa-cert type -1
debug1: identity file /u/dm/aroberts/.ssh/id_rsa type 1
debug1: identity file /u/dm/aroberts/.ssh/id_rsa-cert type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_7.4
debug1: match: OpenSSH_7.4 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.3
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-sha1 none
debug1: kex: client->server aes128-ctr hmac-sha1 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<2048<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: checking without port identifier
debug1: Host '[xxxxxxxx.jetstream-cloud.org]:30022' is known and matches the RSA host key.
debug1: Found key in /u/dm/aroberts/.ssh/known_hosts:6
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
debug1: Next authentication method: gssapi-keyex
debug1: No valid Key exchange context
debug1: Next authentication method: gssapi-with-mic
debug1: Unspecified GSS failure. Minor code may provide more information
Server not found in Kerberos database
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
debug1: Next authentication method: publickey
debug1: Offering public key: /u/dm/aroberts/jupyterhub-deploy-kubernetes-jetstream-secrets/ssh/cdms_nfs_ssh_key
debug1: Server accepts key: pkalg ssh-rsa blen 279
debug1: read PEM private key done: type RSA
debug1: Authentication succeeded (publickey).
debug1: channel 0: new [client-session]
debug1: Requesting no-more-sessions@openssh.com
debug1: Entering interactive session.
debug1: client_input_global_request: rtype hostkeys-00@openssh.com want_reply 0
debug1: Sending command: scp -v -t /cvmfs/data
bash: scp: command not found
debug1: client_input_channel_req: channel 0 rtype exit-status reply 0
debug1: client_input_channel_req: channel 0 rtype eow@openssh.com reply 0
debug1: channel 0: free: client-session, nchannels 1
debug1: fd 0 clearing O_NONBLOCK
debug1: fd 1 clearing O_NONBLOCK
Transferred: sent 2520, received 3464 bytes, in 0.2 seconds
Bytes per second: sent 11211.8, received 15411.7
debug1: Exit status 127
lost connection
(base) aroberts@rhel6-64j:~>
ok, fixed this, scp
needed openssh-clients installed
also implemented fix in image https://github.com/zonca/docker-cvmfs-client/commit/8e198eb7d0a2b95d53bfde6f84253afa531e30dd
@zonca wonderful, I'm able to scp data over and have informed my test analyzers. Also added scp examples in secrets repository README.
thank you very much for helping out with the docs!
Implementation of #14