Closed tehfink closed 8 years ago
The ssh-key-filename
comment might have been a brain fart. It is the filename of a privat key. It's the equivalent of the -i
option of ssh
.
This:
ERROR: Fingerprint doesn't match for [x.x.x.x] (got xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx, expected SHA256:xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx)
Is most likely due to the changed output in newer ssh-keygen versions. I thought I worked on that issue before, but it might be in a local branch. I hope to look into it soon, but can't promise that at the moment.
This is fixed in ploy 1.3.0.
I'm still seeing this error in ploy 1.3.1
ERROR: Failed to connect to plain-instance:meenix (207.154.239.110)
ERROR: username: 'freebsd'
ERROR: port: 22
ERROR: Couldn't validate fingerprint for ssh connection.
ERROR: Fingerprint doesn't match for 207.154.239.110 (got ['24:d0:a1:37:38:88:5e:ac:c0:e7:bf:31:40:75:63:0f'], expected: ['9e:5a:5d:3f:52:a3:bf:2b:6e:a0:34:f7:e5:20:11:af'])
ERROR: Is the server finished starting up?
(bsdploy) bsdploy ǃ ~/s/m/meenix ploy --version (1) (902ms)
bsdploy 2.2.0 (/home/igalic/src/me/meenix/bsdploy/lib/python2.7/site-packages)
ploy 1.3.1 (/home/igalic/src/me/meenix/bsdploy/lib/python2.7/site-packages)
ploy-ansible 1.3.2 (/home/igalic/src/me/meenix/bsdploy/lib/python2.7/site-packages)
ploy-ezjail 1.4.0 (/home/igalic/src/me/meenix/bsdploy/lib/python2.7/site-packages)
ploy-fabric 1.1.0 (/home/igalic/src/me/meenix/bsdploy/lib/python2.7/site-packages)
(bsdploy) bsdploy ~/s/m/meenix
or is this, again, a regression?
Did you check the fingerprints manually to see if they match? So far I haven't seen this issue anymore. Which OS versions do you use?
Client:
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 16.10
Release: 16.10
Codename: yakkety
jailhost: FreeBSD meenix 11.0-RELEASE-p8 FreeBSD 11.0-RELEASE-p8 #0: Wed Feb 22 06:12:04 UTC 2017 root@amd64-builder.daemonology.net:/usr/obj/usr/src/sys/GENERIC amd64
I don't know how to compare the keys (i.e.: how to get the hex representation), so here's ssh-keyscan:
# 207.154.239.110:22 SSH-2.0-OpenSSH_7.2 FreeBSD-20160310
207.154.239.110 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDFhL2G2N0tb4MH3icV7Cewhd/Cr3rvA8O+Sa5iabxyapMlxk9PezfHoPQo5cYia7iojMALVxr9XEAqnJnYXE4jVsZnXPRFAdCc62RGbHqIuoVJ2WGi0mS4AYKT52OQoj8m9+5jDloLL3vOyWpLiiHK00RCTI6kAuVtuReKEOo5AswBUeRHVGNvF0/gyWWD0AP5gVyeEU/8mjP6Wi6pSPQ+ijAAGjHrrWeme3htTocd59OCMTXnxPBPUte1fSMe9oMeP6Rczqmus1IpXqK+n7uh8nOug2/W7cf1fI4/x1MQ2X/1XpT6F8MVGjNIHFijtD3O2SVTQPj6baOMz5Xnr8kJ
# 207.154.239.110:22 SSH-2.0-OpenSSH_7.2 FreeBSD-20160310
207.154.239.110 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBLcBsYLIeinjct1u1IyuOMeI7TfsgL5D2QrKFxcofWIfs0sNCUGueLP3ia1C25bo7AlWoSnSUzVKaou3ZRWoGyk=
# 207.154.239.110:22 SSH-2.0-OpenSSH_7.2 FreeBSD-20160310
207.154.239.110 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPdL0xwCo0Akax5CFVQqqkUsfBVTgvJszNdEBXqoX6rl
Your rsa key matches:
% ssh-keygen -lf rsa.pub -E md5
2048 MD5:24:d0:a1:37:38:88:5e:ac:c0:e7:bf:31:40:75:63:0f 207.154.239.110 (RSA)
Do you have 9e:5a:5d:3f:52:a3:bf:2b:6e:a0:34:f7:e5:20:11:af
in your ploy.conf, or is it using an automatically generated key from bootstrap
? If so, look for *.pub
in your ploy folder structure and check them with ssh-keygen
like above. If one matches, report what kind of key matched (RSA, etc).
I should add more logging for the ssh stuff.
Thanks for a great project! According to the docs:
After setting the following in
ploy.conf
:Then running
ploy ssh jailhost
results in the following error:How can one change the type of fingerprinting of the public key from SHA256?
Also according to the docs:
However, according to this comment, ssh-key-filename should be used with a public key? https://github.com/ployground/bsdploy/issues/24#issuecomment-50225565 Following this advice results in another error:
I understand that this error might be due to another bug in Paramiko: https://github.com/paramiko/paramiko/issues/521