Closed kevinushey closed 3 years ago
@kevinushey Thank you for the report! The AWS key pair in question should be exactly the same name as your github username, and it's not something that you need to manage out of band. Whatever set up kevinushey-key
is not Fuzzbucket. If the RSA public key listed here is not the same as any of the RSA keys you have locally, then you will need to:
fuzzbucket-client delete-key
fuzzbucket-client delete
any boxes you created beforefuzzbucket-client create
a new boxThe creation of a new box after deleting your key will re-import the first RSA public key from github into AWS.
The key that Kevin's referring to is not actually the one we had to delete to get this working. It was called kevinushey
and it was in the subaccount. The issue was probably related to a mismatch between the first key in Github, the key in AWS, and the id_rsa.pub
.
It is a bit fragile that only the first key in Github will be recognized, as people often have multiple keys for their different computers or OS-es and the order is a bit difficult to control. Out of curiosity, why is the GitHub key used at all, instead of just the id_rsa
? If the GitHub key is necessary, would it be possible to iterate through the listed keys and find the one that matches the current id_rsa.pub
?
Another (potentially separate) feature request, would be to allow the use of fuzzbucket from multiple computers. I know it would be necessary to create a different key-pair for each computer for a given user, but it would be nice not to have to switch from my macbook to my ubuntu when I want to test a problem from a support ticket (if I were actively working on my macbook).
I would love for the SSH everything to be a lot more flexible 😭
The current design is limited by what AWS understands with key pairs (must be RSA, must be imported before use). Assigning a key pair to an instance is a first-class feature, so it tends to be a lot more reliable than any solution that relies on userdata
, which is where I'm assuming we're going to have to turn in order to improve the flexibility.
Just an idea - not sure how feasible. What about something like a per-computer profile? As an example you could use hostname as part of the name of the key. So for my ubuntu machine, my key in AWS might be called MariaSemple-ubuntu
and for my mac the key might be called MariaSemple-mac
. Then the client can check the hostname before launching the AWS instance and put that together with the GitHub username to find the already created key pair.
I am still a bit confused at the purpose of the GitHub login. I'd be interested to know how GitHub is involved, besides looking up the top RSA key. If that's all we use it for, couldn't we just look for ~/.ssh/id_rsa.pub
on the host machine and create the AWS key pair based on that? That's what you need it to match for SSH anyway, IIUC.
The primary purpose of the GitHub login is to authorize access to Fuzzbucket based on one's GitHub team membership. The SSH key use was mostly built out of convenience since GitHub publicly exposes the public keys for each user.
I can definitely see the niceness of a mode where you can tell fuzzbucket-client
to use whatever keys you have locally. Given that AWS key pairs are created for each one, would it be OK to have that interaction require human action? For example;
:warning: (this is all vaporware)
# explicitly add a key from filename
fuzzbucket-client add-key -f ~/.ssh/fancy_rsa.pub
# the AWS key pair would get an automatic name like `MariaSemple-fancy`
# and the fuzzbucket config cache would store `default_key = fancy`
# automatically add an RSA key with an explicit alias
fuzzbucket-client add-key --alias ubuntu
# ~/.ssh/id_rsa.pub is found and automatically selected
# the AWS key pair would be named `MariaSemple-ubuntu`
# and the fuzzbucket config cache would store `default_key = ubuntu`
.... then during create
fuzzbucket-client create ubuntu20
# the cached config value of `default_key = ubuntu` is used
# explicitly use the key with alias `fancy`
fuzzbucket-client create -k fancy ubuntu20
That seems very useful! I don't have any objection to that method.
I agree that would be very useful :-)
I spent some time with @MariaSemple trying to figure out why I couldn't
ssh
into my fuzzbucket instances:If I understand correctly, this ultimately came down to the SSH key on my local machine not matching the one currently available as
kevinushey-key
at https://us-west-2.console.aws.amazon.com/ec2/v2/home?region=us-west-2#KeyPairs:.Could the documentation and / or diagnostics around this be improved? (Or, is this already documented somewhere and I just happened to miss it?)