search

rationalmatter / Juno-Issue-Tracker

Defect Tracker for Juno
76 stars 1 forks source link

Connection authorisation failure #330

Open rajbooth opened 1 year ago

rajbooth commented 1 year ago

Describe the bug Juno Connect was working fine until the system admin at my host site added password verificiation in addition to ssh-key authentication. Now I get Authorisation Failed message when trying to connect.

I guess this may be more of a feature request than a bug report as this seems to be an unusual security configuration. Nevertheless, I would like to be able to continue using Juno Connect on this host.

Environment (please complete the following information):

alexstaravoitau commented 1 year ago

Apologies for a late reply @rajbooth. Juno Connect should be able to handle Jupyter's standard password verification, showing login prompt when you first connect to the server. Perhaps it's not showing up because configuration has changed recently, could you please try selecting Clear All Sessions in the app settings (at the bottom)? Hopefully this will clear any cached login information and will let you authenticate.

Unless I misunderstood something about your configuration — you connect via SSH port forwarding, and the password verification is within the Jupyter web app, right?

rajbooth commented 1 year ago

Hi Alex

I have tried the Clear All Settings in the Juno connect app, with no success. The login process is not getting as far as the Jupyter Hub app. The failure is occurring at the host operating system security stage. Previously the host would merely verify the SSH RSA key (and passphrase) before connecting to the Jupyter web app, and Juno connect worked OK with that setup. Now the system admins at the host site have added an additional password verification stage before invoking the Jupyter application. If I perform the SSH port forwarding connection manually, the response from the host looks like this:

PS C:\Users\rajbo> ssh -N -L 8443:login8b.cosma.dur.ac.uk:443 @.*** Enter passphrase for key 'C:\Users\rajbo/.ssh/id_rsa': Password:

I can then connect my browser to Jupyter using Https://localhost:8443, and get the usual Jupyter logon screen.

Another app I use on the iPad is WebSSH. This is able to connect to the host Jupyterhub node via local port forwarding, and when it receives the Password: prompt from the host, this is displayed and I am able to manually enter the password and complete the connection setup process. I was hoping that Juno Connect would be able to handle this in a similar way.

Is there some diagnostic log I could enable at my end so that you can see what is going on?

Regards

Robin Booth

From: Alex Staravoitau @.> Sent: 30 November 2022 12:41 To: rationalmatter/Juno-Issue-Tracker @.> Cc: Robin Booth @.>; Mention @.> Subject: Re: [rationalmatter/Juno-Issue-Tracker] Connection authorisation failure (Issue #330)

Apologies for a late reply @rajboothhttps://github.com/rajbooth. Juno Connect should be able to handle Jupyter's standard password verification, showing login prompt when you first connect to the server. Perhaps it's not showing up because configuration has changed recently, could you please try selecting Clear All Sessions in the app settings (at the bottom)? Hopefully this will clear any cached login information and will let you authenticate.

Unless I misunderstood something about your configuration — you connect via SSH port forwarding, and the password verification is within the Jupyter web app, right?

— Reply to this email directly, view it on GitHubhttps://github.com/rationalmatter/Juno-Issue-Tracker/issues/330#issuecomment-1332086073, or unsubscribehttps://github.com/notifications/unsubscribe-auth/ABLFQ5UYVW7PIC7QXXHUWPDWK5DRLANCNFSM6AAAAAASGTP6QM. You are receiving this because you were mentioned.Message ID: @.***>

mmmuir commented 1 year ago

I'm having the same issue. No problems connecting to the VM from my other machines.

alexstaravoitau commented 1 year ago

@rajbooth Ah OK, I see — I'll see if I can try and handle this in Juno Connect one way or another.

Meanwhile, you should be able to connect using another SSH app that supports additional password and port forwarding (WebSSH does by the looks of it), and then configuring a direct connection in Juno Connect, pointing it at localhost and local port mapped by WebSSH's port forwarding connection.