SSH not authorized on monitoring solution

[zaibon]

I've deployed a monitoring solution: https://explorer.devnet.grid.tf/explorer/reservations/675

But when I try to SSH any of the container I still get ask the password, which I guess mean the SSH key was not properly configured during installation.

[ranatrk]

I can't seem to be able to reproduce, I tried deploying and was able to ssh to the redis and prometheus container.The ssh key from your reservation seems to also be added correctly in with the correct env variable name in the env variables of the container reservation SSH is not setup in the grafana container is that the machine you weren't able to access?

My trial: Prometheus container Redis

[zaibon]

weird. I retry on both devnet and testnet and I get the same problem. I also checked the actual file system of the container directly on the node, and inded it seems my key is where it should:

 cat .ssh/authorized_keys 
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMtml/KgilrDqSeFDBRLImhoAfIqikR2N9XH3pVbb7ex zaibon@tesla

[ranatrk]

thats weird, this is the redis or prometheus container? I'll try to deploy it separately to check if maybe the issue is in the flist itself

[ranatrk]

The issue is because the ssh server used in redis and prometheus is Dropbear which doesn't support ed25519 keys. I retried it now with a new ed25519 key and was able to reproduce. The idea is prometheus flist is created based on alpine where openssh didn't work, that's why dropbear was used in the first place. Updating only the redis flist(based on ubuntu) won't be any help as the key provided will also need to work with the prometheus container and so a dropbear compatible key is required

[zaibon]

@ranatrk haaa that explains a lot. I didn't know Dropear had this limitation.

I can work with rsa key of course, no problem. But would be nice if we could remove this limitation.

@muhamadazmy what's your input on this ? Do you think it's doable to have openSSH working in those flist or it's just a no go ? I would like to avoid having to limit the type of SSH key used.

[muhamadazmy]

@zaibon Openssh has weird issues with alpine, my original plan was to use open-ssh but i completely could not connect to it, so I went for dropbear. Even if try to start openssh in an alpine docker container, it will work but never manage to connect with a key.

If we can find a fix for this issue of openssh/alpine we can switch back to openssh on both alpine and ubuntu base images.