Open Waztom opened 7 months ago
Here's a public key created without a passphrase using ssh-keygen -o
: -
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDqTrmu9MFMMBzmGesIofQ2mTfVhpWpmT8VvrrPbMZHiAWULGFhrzQvU0ywSa66ZjvZAcKVGmScivRwM0ViKoELp7BinCINAQ51fHlaJgwmCi/sYWvO11yNuyA2PvPv3gdPYVGVC4qtURJuLCeiv49lvijX16mKZSu3RIhMXBoRelYDmVhI0A1Ejvl8VmqD8kaKxcJWI/yq5B1UctXklM7vVbtwRmbdu+3JyliU4Pv5lIsdr3JlB11pKdMK1gmk/JO5NPlrJUgf6naCVe/JXkst3b7XYwICJL0LDZ4p2Z4Wos/u2lON1lVeXFv9zE0QBYnCcpPDK3RyLhftcZX/BMYuUyp9zQmaaXQHkE50zTxcY1MxdgHA3RAKJz7EvxRiN9duc3wbhj/0wjlZ64HL8lM/nMNnEPMefya5ANEyP1DmJEsK+0oNIQ2OboAlgMIy4AET93JKf6v1n6RYWagUIC+NKQKZX3HHTVoIi9Yw8Oa6Harn6X0iMSvc4RVFmzt+go0= abc@Dallas
I'll keep the private file safe for now.
It is held in our KeePass vault under the Diamond group and the record is called Fragalysis Diamond SSH Key
@alanbchristie thank you! Have pinged SC (copied you and Tim in).
@alanbchristie has this authentication method been implemented but it stopped working along with the username and password as in #1316?
We can (in theory) create an SSH tunnel (which allows us to connect to the ISPyB database) using a username/password approach, and the fragalysis-stack "functional" account and a private key file.
When last tested a tunnel could be connected with either. But I suspect that the username/password approach now no longer works. Also, when last tested, the "functional" account did allow me to create a tunnel but I could not connect to the ISPyB database through it. Whereas the username/password resulted in a tunnel and connection to the DB.
The "functional" stack uses a private key file. The username is Fragalysis-stack
.
When we were able to create an SSH tunnel we were (and still are) using src15435
.
The host mane in both cases is ssh.diamond.ac.uk
.
Our connections are made from the Kubernetes cluster on the STFC hardware.
SSH connection attempts will come from 192.168.253.*
addresses and 130.246.212.100
.
I suspect: -
So ...
src15435
The ISPyB connection appear to have been working up to around 11:00 (GMT) today. there were some intermittent failures but it seems to have stopped completely at about 11:20, when the stack was restarted.
@alanbchristie please continue the conversation / ticket with Richard from SC to see if we can have more robust access
@tdudgeon @alanbchristie, what is the status of this ticket. Is there much left to do?
We are using a service (generic) account for the SSH tunnel using the user fragalysis-stack
and a keyfile. I believe we are also using a service account for the ISPyB queries, using the user ispyb_api_fragalysis
.
So this issue is effectively Done (in production)
@alanbchristie Diamond SC has agreed to setup a functional account for Fragalysis. I will include you in the ticket - they need a username and public key, can you please generate a public key for the pod.
@tdudgeon because you are a visiting scientist and considered staff at Diamond, you will very likely need to setup (SC to confirm after checking your fedid), like the rest of us, a FortiClient VPN.