Closed janbols closed 2 years ago
╚ $ k ssh-jump XX.XX.XX.XXX --clean-agent --clean-jump -i ~/.ssh/my_rsa -p ~/.ssh/my_rsa.pub -u azureuser
using: port=22
Agent pid 6022
ssh-agent is already running
Creating SSH jump host (Pod)...
pod/sshjump created
Forwarding from 127.0.0.1:2222 -> 22
Forwarding from [::1]:2222 -> 22
Handling connection for 2222
root@127.0.0.1: Permission denied (publickey).
kex_exchange_identification: Connection closed by remote host
Connection closed by UNKNOWN port 65535
@janbols @nippyin (I'm very sorry for the slow response) Thank you for reaching out!
First of all, please make sure you use the latest version of ssh-jump (0.7.0
). If it's not the latest one, please upgrade kubectl krew upgrade ssh-jump
kubectl krew info ssh-jump
NAME: ssh-jump
INDEX: default
URI: https://github.com/yokawasa/kubectl-plugin-ssh-jump/archive/0.7.0.zip
SHA256: 86a4729d84810274bdd010e15b564f89840d9f67fdb0d7dd0fe35d588e9d6391
VERSION: v0.7.0
...
@janbols
I try with the following options. It worked on both macOS and WSL2
kubectl ssh-jump sshjump -i ./id_rsa -p ./id_rsa.pub -a "-L 1443:someserver:443"
chmod 600 <private key>
and try againkubectl delete pod sshjump
and try again. let me know if you still get the same error@nippyin
I try with the following options. It worked on both macOS and WSL2
kubectl ssh-jump -u azureuser -i ./id_rsa -p ./id_rsa.pub --cleanpu-jump --cleanup-agent aks-nodepool1-20050870-vmss000000
--clean-agent --clean-jump
are wrong. Please try again with --cleanup-agent --cleanup-jump
chmod 600 <private key>
and try againkubectl delete pod sshjump
and try again. let me know if you still get the same error@nippyin @janbols
One more request from me 🙏
Can you please try this version directly like this and let me know how it works?
# download kubectl-ssh-jump
curl https://raw.githubusercontent.com/yokawasa/kubectl-plugin-ssh-jump/fix-permission-denied-issue/kubectl-ssh-jump -o kubectl-ssh-jump
# make it executable
chmod +x kubectl-ssh-jump
# use the script "kubectl-ssh-jump" directly instead of "kubectl ssh-jump" like this:
./kubectl-ssh-jump sshjump -i ./id_rsa -p ./id_rsa.pub -a "-L 1443:someserver:443"
./kubectl-ssh-jump -u azureuser -i ./id_rsa -p ./id_rsa.pub --cleanpu-jump --cleanup-agent aks-nodepool1-20050870-vmss000000
Was already using latest version. Same error message.
Note: did not use this command ./kubectl-ssh-jump sshjump -i ./id_rsa -p ./id_rsa.pub -a "-L 1443:someserver:443"
Hi @yokawasa ,
First, I upgraded the plugin to the latest 0.7.0.
I deleted any running sshjump pod and executed kubectl ssh-jump sshjump -i ./id_rsa -p ./id_rsa.pub -a "-L 1443:someserver:443"
:
Setting destination name as 'jumphost' allows to ssh into SSH jump Pod as 'root' user
using: port=22
using: args=-L 1443:someserver:443
Agent pid 252025
ssh-agent is already running
Creating SSH jump host (Pod)...
pod/sshjump created
Forwarding from 127.0.0.1:2222 -> 22
Forwarding from [::1]:2222 -> 22
Handling connection for 2222
root@127.0.0.1: Permission denied (publickey).
Unfortunately, no improvement there.
Then, I deleted the sshjump pod again and executed the local program:
./kubectl-ssh-jump sshjump -i ./id_rsa -p ./id_rsa.pub -a "-L 1443:someserver:443"
Setting destination name as 'jumphost' allows to ssh into SSH jump Pod as 'root' user
using: port=22
using: args=-L 1443:someserver:443
Agent pid 252025
ssh-agent is already running
Creating SSH jump host (Pod)...
pod/sshjump created
Forwarding from 127.0.0.1:2222 -> 22
Forwarding from [::1]:2222 -> 22
Handling connection for 2222
Welcome to Ubuntu 14.04 LTS (GNU/Linux 3.2.0-77-generic x86_64)
* Documentation: https://help.ubuntu.com/
The programs included with the Ubuntu system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.
Ubuntu comes with ABSOLUTELY NO WARRANTY, to the extent permitted by
applicable law.
root@sshjump:~#
So, yes, this looks much better!!!!
Hi @yokawasa ,
First, I upgraded the plugin to the latest 0.7.0. I deleted any running sshjump pod and executed
kubectl ssh-jump sshjump -i ./id_rsa -p ./id_rsa.pub -a "-L 1443:someserver:443"
:Setting destination name as 'jumphost' allows to ssh into SSH jump Pod as 'root' user using: port=22 using: args=-L 1443:someserver:443 Agent pid 252025 ssh-agent is already running Creating SSH jump host (Pod)... pod/sshjump created Forwarding from 127.0.0.1:2222 -> 22 Forwarding from [::1]:2222 -> 22 Handling connection for 2222 root@127.0.0.1: Permission denied (publickey).
Unfortunately, no improvement there.
Then, I deleted the sshjump pod again and executed the local program:
./kubectl-ssh-jump sshjump -i ./id_rsa -p ./id_rsa.pub -a "-L 1443:someserver:443" Setting destination name as 'jumphost' allows to ssh into SSH jump Pod as 'root' user using: port=22 using: args=-L 1443:someserver:443 Agent pid 252025 ssh-agent is already running Creating SSH jump host (Pod)... pod/sshjump created Forwarding from 127.0.0.1:2222 -> 22 Forwarding from [::1]:2222 -> 22 Handling connection for 2222 Welcome to Ubuntu 14.04 LTS (GNU/Linux 3.2.0-77-generic x86_64) * Documentation: https://help.ubuntu.com/ The programs included with the Ubuntu system are free software; the exact distribution terms for each program are described in the individual files in /usr/share/doc/*/copyright. Ubuntu comes with ABSOLUTELY NO WARRANTY, to the extent permitted by applicable law. root@sshjump:~#
So, yes, this looks much better!!!!
But the objective here is ssh to node itself. I think its WSL2 networking that does not allow script to directly connect with K8s nodes.
@janbols thanks for your testing! Your reported issue can be resolved with this version. I'll release a new version shortly. I'll let you know once the new version gets available via krew
@nippyin your reported issue is due to different cause. I opened another issue https://github.com/yokawasa/kubectl-plugin-ssh-jump/issues/16.
@janbols
Now ssh-jump-v0.7.1 is available. Please update it with krew
# update
kubectl krew update ssh-jump
# show info
kubectl krew info ssh-jump
NAME: ssh-jump
INDEX: default
URI: https://github.com/yokawasa/kubectl-plugin-ssh-jump/archive/0.7.1.zip
SHA256: dd912bb5a0e5813d0b2be10c1297d82aecce46125df540b82958f1a4de70bb55
VERSION: v0.7.1
HOMEPAGE: https://github.com/yokawasa/kubectl-plugin-ssh-jump
DESCRIPTION:
A kubectl plugin to access Kubernetes nodes or remote services using a SSH jump Pod.
A jump Pod is an intermediary Pod or an SSH gateway to Kubernetes node machines or
remote services, through which a connection can be made.
CAVEATS:
\
| This plugin needs the following programs:
| * ssh(1)
| * ssh-agent(1)
|
| Please follow the documentation: https://github.com/yokawasa/kubectl-plugin-ssh-jump
/
@janbols
Now ssh-jump-v0.7.1 is available. Please update it with krew
# update kubectl krew update ssh-jump # show info kubectl krew info ssh-jump NAME: ssh-jump INDEX: default URI: https://github.com/yokawasa/kubectl-plugin-ssh-jump/archive/0.7.1.zip SHA256: dd912bb5a0e5813d0b2be10c1297d82aecce46125df540b82958f1a4de70bb55 VERSION: v0.7.1 HOMEPAGE: https://github.com/yokawasa/kubectl-plugin-ssh-jump DESCRIPTION: A kubectl plugin to access Kubernetes nodes or remote services using a SSH jump Pod. A jump Pod is an intermediary Pod or an SSH gateway to Kubernetes node machines or remote services, through which a connection can be made. CAVEATS: \ | This plugin needs the following programs: | * ssh(1) | * ssh-agent(1) | | Please follow the documentation: https://github.com/yokawasa/kubectl-plugin-ssh-jump /
╚ $ k ssh-jump aks-agentpool-159999996-vmss00000b -i ~/.ssh/id_rsa -u azureuser --cleanup-jump using: pubkey=/home/star/.ssh/id_rsa.pub using: port=22 Agent pid 1090 ssh-agent is already running Creating SSH jump host (Pod)... pod/sshjump created Forwarding from 127.0.0.1:2222 -> 22 Forwarding from [::1]:2222 -> 22 Handling connection for 2222 root@127.0.0.1: Permission denied (publickey). kex_exchange_identification: Connection closed by remote host Connection closed by UNKNOWN port 65535 Clearning up SSH Jump host (Pod)... pod "sshjump" deleted
Still the same result. Do i need to do anything differently?
@nippyin I believe your issue is due to a different cause, which is why I open an another issue. Let's discuss on your issue here https://github.com/yokawasa/kubectl-plugin-ssh-jump/issues/16
Hi,
I followed the instructions on https://github.com/yokawasa/kubectl-plugin-ssh-jump#case-2-access-remote-serivces-via-ssh-local-port-forwarding but receive the following error: