prologic
commented
3 years ago Why are you providing the public key?
Open 0xtavian opened 3 years ago
prologic
commented
3 years ago Why are you providing the public key?
0xtavian
commented
3 years ago @prologic You can see in the above even with no key provided it still fails, but good point.
orgalorg -o op@55.55.55.55:2266 -C id -k /Users/desktop/.ssh/id_rsa
2021-07-24 00:43:32 [FATAL] connecting to cluster failed
└─ connection to 1 of 1 nodes failed
└─ can't connect to nodes
└─ can't connect to address: [op@55.55.55.55:2266]
└─ ssh: handshake failed: ssh: unable to authenticate, attempted methods [none publickey], no supported methods remainls -la
total 24
drwx------ 5 desktop staff 160 Jul 23 23:23 .
drwxr-xr-x+ 65 desktop staff 2080 Jul 24 00:45 ..
-rw------- 1 desktop staff 2635 Jul 7 18:49 id_rsa
-rw-r--r-- 1 desktop staff 590 Jul 7 18:49 id_rsa.pub
-rw-r--r-- 1 desktop staff 2174 Jul 23 23:11 known_hostsIs your key passphrase protected?
0xtavian
commented
3 years ago @prologic No
prologic
commented
3 years ago I'll try on my Mac soon and see
prologic
commented
3 years ago Seems to work okay for me:
(⎈ |local:default)
prologic@Jamess-iMac
Sat Jul 24 16:08:06
~
130
$ killall ssh-agent
(⎈ |local:default)
prologic@Jamess-iMac
Sat Jul 24 16:08:08
~
0
$ ps aux | grep ssh-agent
prologic 16843 0.0 0.0 4361304 784 s002 U+ 4:08PM 0:00.00 grep ssh-agent
(⎈ |local:default)
prologic@Jamess-iMac
Sat Jul 24 16:08:10
~
0 0
$ orgalorg -u rancher -o dm1 -k ~/.ssh/rancher_rsa -C id
dm1 uid=1100(rancher) gid=1100(rancher) groups=1100(rancher),27(sudo),1101(docker)I regenerated my SSH key and created a new cloud VSI, made sure orgalorg is up to date but still unable to auth with orgalorg.
orgalorg -o op@167.172.27.115:2266 -C id
2021-07-24 01:22:54 [FATAL] connecting to cluster failed
└─ connection to 1 of 1 nodes failed
└─ can't connect to nodes
└─ can't connect to address: [op@167.172.27.115:2266]
└─ ssh: handshake failed: ssh: unable to authenticate, attempted methods [none publickey], no supported methods remain
➜ ~
➜ ~
➜ ~
➜ ~
➜ ~
➜ ~ ssh op@167.172.27.115 -p2266
To run a command as administrator (user "root"), use "sudo <command>".
See "man sudo_root" for details.
op@mclean21:~$ id
uid=1000(op) gid=1000(op) groups=1000(op),27(sudo)
op@mclean21:~$ exit
logout
Connection to 167.172.27.115 closed.uname -a
Darwin DESKTOPs-MBP 20.5.0 Darwin Kernel Version 20.5.0: Sat May 8 05:10:33 PDT 2021; root:xnu-7195.121.3~9/RELEASE_X86_64 x86_64
go version
go version go1.16.6 darwin/amd64echo $SHELL
/bin/zshTried with -u argument, still no dice.
./orgalorg -u op -o op@167.172.231.169:2266 -C id
2021-07-24 01:32:19 [FATAL] connecting to cluster failed
└─ connection to 1 of 1 nodes failed
└─ can't connect to nodes
└─ can't connect to address: [op@167.172.231.169:2266]
└─ ssh: handshake failed: ssh: unable to authenticate, attempted methods [none publickey], no supported methods remain
➜ bin ./orgalorg -u op -o 167.172.231.169:2266 -C id
2021-07-24 01:32:24 [FATAL] connecting to cluster failed
└─ connection to 1 of 1 nodes failed
└─ can't connect to nodes
└─ can't connect to address: [op@167.172.231.169:2266]
└─ ssh: handshake failed: ssh: unable to authenticate, attempted methods [none publickey], no supported methods remain
➜ bin ssh op@167.172.231.169 -p2266
To run a command as administrator (user "root"), use "sudo <command>".
See "man sudo_root" for details.
op@perl27:~$ id
uid=1000(op) gid=1000(op) groups=1000(op),27(sudo)
op@perl27:~$ exit
logout
Connection to 167.172.231.169 closed.Does verbose logging -v give you any hints as to what's going on for you?
0xtavian
commented
3 years ago @prologic No, that would be great to add.
./orgalorg -v -o op@55.55.55.55:2266 -C id
2021-07-24 01:54:16 [DEBUG] using 16 threads
2021-07-24 01:54:16 [DEBUG] connecting to 1 nodes
2021-07-24 01:54:16 [FATAL] connecting to cluster failed
└─ connection to 1 of 1 nodes failed
└─ can't connect to nodes
└─ can't connect to address: [op@55.55.55.55:2266]
└─ ssh: handshake failed: ssh: unable to authenticate, attempted methods [none publickey], no supported methods remainWhat does the remote end have to say when you attempt this via orgalorg from your Mac? 🤔
0xtavian
commented
3 years ago Jul 24 07:11:23 lamar22 sshd[1021]: rexec line 16: Deprecated option UsePrivilegeSeparation Jul 24 07:11:23 lamar22 sshd[1021]: rexec line 19: Deprecated option KeyRegenerationInterval Jul 24 07:11:23 lamar22 sshd[1021]: rexec line 20: Deprecated option ServerKeyBits Jul 24 07:11:23 lamar22 sshd[1021]: rexec line 31: Deprecated option RSAAuthentication Jul 24 07:11:23 lamar22 sshd[1021]: rexec line 38: Deprecated option RhostsRSAAuthentication Jul 24 07:11:23 lamar22 sshd[1021]: reprocess config line 31: Deprecated option RSAAuthentication Jul 24 07:11:23 lamar22 sshd[1021]: reprocess config line 38: Deprecated option RhostsRSAAuthentication Jul 24 07:11:24 lamar22 sshd[1021]: Connection closed by authenticating user op [redacted-home-ip] port 50606 [preauth]
0xtavian
commented
3 years ago This is with ssh op@IP -p2266
Jul 24 07:13:01 lamar22 sshd[1089]: rexec line 16: Deprecated option UsePrivilegeSeparation
Jul 24 07:13:01 lamar22 sshd[1089]: rexec line 19: Deprecated option KeyRegenerationInterval
Jul 24 07:13:01 lamar22 sshd[1089]: rexec line 20: Deprecated option ServerKeyBits
Jul 24 07:13:01 lamar22 sshd[1089]: rexec line 31: Deprecated option RSAAuthentication
Jul 24 07:13:01 lamar22 sshd[1089]: rexec line 38: Deprecated option RhostsRSAAuthentication
Jul 24 07:13:02 lamar22 sshd[1089]: reprocess config line 31: Deprecated option RSAAuthentication
Jul 24 07:13:02 lamar22 sshd[1089]: reprocess config line 38: Deprecated option RhostsRSAAuthentication
Jul 24 07:13:02 lamar22 sshd[1089]: Accepted publickey for op from [redacted-home-ip]port 50609 ssh2: RSA SHA256:tNND2kSER6wl60t3PUPABhKsHs8JqWF1HN/Z+wJL7YQ
Jul 24 07:13:02 lamar22 sshd[1089]: pam_unix(sshd:session): session opened for user op by (uid=0)
Jul 24 07:13:02 lamar22 systemd-logind[729]: New session 5 of user op.Hmmm 🤔 Bit puzzling 🤷♂️
0xtavian
commented
3 years ago Same. If im reading the logs right it seems like orgalorg isnt using the key file?
prologic
commented
3 years ago Did you manage to sort this out? 🤔
kovetskiy
commented
3 years ago Does the same setup work on Linux?
kovetskiy
commented
3 years ago Do you have a ssh-agent daemon running? You can start it and check the command again:
eval "$(ssh-agent -s)";
It is not required to have ssh-agent running, but orgalorg has lots of logic required to ssh-agent too.
AdjectiveAllison
commented
3 years ago I'm having the same issue. Yes the same setup works for linux. I'm using orgalorg with our CI/CD from gitlab and it's working in multiple different docker containers as well as on hosts themselves. But I cannot for the life of me get it to work locally on mac os.
kovetskiy
commented
3 years ago @Allieway could you take a look at this question? https://github.com/reconquest/orgalorg/issues/32#issuecomment-890800223
This information could help with the debugging.
arren-ru
commented
3 years ago This all looks strange, I'm operation on cluster with over 300 nodes by using orgalorg and all fine, with key or userpass auth.
prologic
commented
3 years ago I haven't been able to reproduce either 🤔
joshskidmore
commented
2 years ago I hope to debug this issue some more later, but my theory is this is some sort of cipher mismatch or deeper SSH compatibility issue with the instance/machine you're attempting to connect to. If I spin up an instance that has a more modern version of SSH, I get the same issue. But if I attempt to use orgalorg to connect to an older instance, I have no issues.
I also receive this same error if I attempt to use orgalorg to connect to (a newer SSH instance/machine) from a linux host as well - not just MacOS. (Which furthers my belief that this is related to something deeper within SSH.)
AdjectiveAllison
commented
1 year ago I don't have a mac anymore, I'm over a year late on commenting here, and it's been about the same amount of time since I used orgalorg.
But I'll add some more details from my memory.
@kovetskiy Yes, ssh-agent daemon was running when I had the issue.
I believe I tried all forms of authentication orgalorg offered when I tried it.
@joshskidmore I like where you're going with that idea.
I was trying the same hosts from MacOS as I did multiple docker images and some of the hosts themselves. All but MacOS worked. Maybe the linux host josh ran into the same problem with is an older SSH version itself but my docker images and hosts were all newer?
I was able to regularly ssh and scp as well as use pssh with the hosts, maybe that helps somehow?
I hope I helped a tiny bit, I loved using orgalorg when I did and this issue was a blocker to easily test prior to pushing CI changes.
Expected behavior:
I cant seem to get orgalorg to work on Mac. Tried by installing via go get and via the binary. Bug:
Running the same command from Ubuntu 20.04 works. SSH-ing normally from my Mac to 55.55.55.55 works
ssh op@55.55.55.55 -p2266< - works.orgalorg seems to not be able to find the key file? Even specifying the keyfile in the command line manually doesn't work. Not specifying in the command and letting orgalorg picks the default still doesnt work.