Closed yokawasa closed 2 years ago
@nippyin
For debugging, I added verbose option -v|--verbose
to this version. Can you please try the script with verbose option like this below and share the ouptut with me? 🙏
# download kubectl-ssh-jump
curl https://raw.githubusercontent.com/yokawasa/kubectl-plugin-ssh-jump/fix-connection-closed-by-remote-host-issue/kubectl-ssh-jump -o kubectl-ssh-jump
# make it executable
chmod +x kubectl-ssh-jump
# use the script "kubectl-ssh-jump" directly instead of "kubectl ssh-jump" with -v option like this:
./kubectl-ssh-jump -v -u azureuser -i ./id_rsa -p ./id_rsa.pub --cleanup-jump --cleanup-agent aks-nodepool1-20050870-vmss000000
./kubectl-ssh-jump -v -u azureuser -i ~/.ssh/id_rsa -p ~/.ssh/id_rsa.pub --cleanup-jump --cleanup-agent aks-agentpool-15787878-vmss00000b
using: port=22
using: args= -vvv
Agent pid 3247
ssh-agent is already running
Creating SSH jump host (Pod)...
pod/sshjump created
Forwarding from 127.0.0.1:2222 -> 22
Forwarding from [::1]:2222 -> 22
OpenSSH_8.9p1 Ubuntu-3, OpenSSL 3.0.2 15 Mar 2022
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: include /etc/ssh/ssh_config.d/*.conf matched no files
debug1: /etc/ssh/ssh_config line 21: Applying options for *
debug3: expanded UserKnownHostsFile '~/.ssh/known_hosts' -> '/home/star/.ssh/known_hosts'
debug3: expanded UserKnownHostsFile '~/.ssh/known_hosts2' -> '/home/star/.ssh/known_hosts2'
debug1: Executing proxy command: exec ssh root@127.0.0.1 -p 2222 -i /home/star/.ssh/id_rsa -o "StrictHostKeyChecking=no" "nc aks-agentpool-15787878-vmss00000b 22"
debug1: identity file /home/star/.ssh/id_rsa type 0
debug1: identity file /home/star/.ssh/id_rsa-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_8.9p1 Ubuntu-3
Handling connection for 2222
root@127.0.0.1: Permission denied (publickey).
kex_exchange_identification: Connection closed by remote host
Connection closed by UNKNOWN port 65535
Clearning up SSH Jump host (Pod)...
pod "sshjump" deleted
Killing ssh-agent...
unset SSH_AUTH_SOCK;
unset SSH_AGENT_PID;
echo Agent pid 3247 killed;
@nippyin
thanks for sharing the output with me I kind of figured out why this occurs.
According to the output you shared, your local openssh version is 8.9
( OpenSSH_8.9p1 ).
Actually, RSA was deprecated in OpenSSH 8.8 according to OpenSSH 8.8 release note.
So the following options need to be added in all ssh connections (from your local to ssh jump host & from your local to k8s node)
options to add: -o HostkeyAlgorithms=+ssh-rsa -o PubkeyAcceptedAlgorithms=+ssh-rsa
In https://github.com/yokawasa/kubectl-plugin-ssh-jump/pull/17, I actually added the options above only to ssh connection from your local to k8s node via ssh jump. But I didn't add the ones to ssh connections specified in ProxyCommand
. Therefore I added the options to ssh connections specified in ProxyCommand
as well in this version
Very sorry that I asked many time but could you please try again with the following command??
# download kubectl-ssh-jump
curl https://raw.githubusercontent.com/yokawasa/kubectl-plugin-ssh-jump/5f4285547565188a9147197da79e973dd086ad12/kubectl-ssh-jump -o kubectl-ssh-jump
# make it executable
chmod +x kubectl-ssh-jump
# use the script "kubectl-ssh-jump" directly instead of "kubectl ssh-jump" with -v option like this:
./kubectl-ssh-jump -v -u azureuser -i ./id_rsa -p ./id_rsa.pub --cleanup-jump --cleanup-agent aks-nodepool1-20050870-vmss000000
Hope it would work
@yokawasa it works here the output.
`./kubectl-ssh-jump -v -u azureuser -i ~/.ssh/id_rsa -p ~/.ssh/id_rsa.pub --cleanup-jump --cleanup-agent aks-agentpool-65656565-vmss00000b
using: port=22
using: args= -vvv
Started ssh-agent: pid=3920
Agent pid 3920
Identity added: /home/star/.ssh/id_rsa (star@mac-star)
Creating SSH jump host (Pod)...
pod/sshjump created
Forwarding from 127.0.0.1:2222 -> 22
Forwarding from [::1]:2222 -> 22
OpenSSH_8.9p1 Ubuntu-3, OpenSSL 3.0.2 15 Mar 2022
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: include /etc/ssh/ssh_config.d/.conf matched no files
debug1: /etc/ssh/ssh_config line 21: Applying options for
debug3: expanded UserKnownHostsFile '~/.ssh/known_hosts' -> '/home/star/.ssh/known_hosts'
debug3: expanded UserKnownHostsFile '~/.ssh/known_hosts2' -> '/home/star/.ssh/known_hosts2'
debug1: Executing proxy command: exec ssh root@127.0.0.1 -p 2222 -i /home/star/.ssh/id_rsa -vvv -o StrictHostKeyChecking=no -o HostkeyAlgorithms=+ssh-rsa -o PubkeyAcceptedAlgorithms=+ssh-rsa "nc aks-agentpool-65656565-vmss00000b 22"
debug1: identity file /home/star/.ssh/id_rsa type 0
debug1: identity file /home/star/.ssh/id_rsa-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_8.9p1 Ubuntu-3
OpenSSH_8.9p1 Ubuntu-3, OpenSSL 3.0.2 15 Mar 2022
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: include /etc/ssh/ssh_config.d/.conf matched no files
debug1: /etc/ssh/ssh_config line 21: Applying options for
debug2: resolve_canonicalize: hostname 127.0.0.1 is address
debug3: expanded UserKnownHostsFile '~/.ssh/known_hosts' -> '/home/star/.ssh/known_hosts'
debug3: expanded UserKnownHostsFile '~/.ssh/known_hosts2' -> '/home/star/.ssh/known_hosts2'
debug3: ssh_connect_direct: entering
debug1: Connecting to 127.0.0.1 [127.0.0.1] port 2222.
debug3: set_sock_tos: set socket 3 IP_TOS 0x10
debug1: Connection established.
debug1: identity file /home/star/.ssh/id_rsa type 0
debug1: identity file /home/star/.ssh/id_rsa-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_8.9p1 Ubuntu-3
Handling connection for 2222
debug1: Remote protocol version 2.0, remote software version OpenSSH_6.6.1p1 Ubuntu-2ubuntu2
debug1: compat_banner: match: OpenSSH_6.6.1p1 Ubuntu-2ubuntu2 pat OpenSSH_6.6.1* compat 0x04000002
debug2: fd 3 setting O_NONBLOCK
debug1: Authenticating to 127.0.0.1:2222 as 'root'
debug3: put_host_port: [127.0.0.1]:2222
debug3: record_hostkey: found key type ED25519 in file /home/star/.ssh/known_hosts:6
debug3: load_hostkeys_file: loaded 1 keys from [127.0.0.1]:2222
debug1: load_hostkeys: fopen /home/star/.ssh/known_hosts2: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts2: No such file or directory
debug3: order_hostkeyalgs: have matching best-preference key type ssh-ed25519-cert-v01@openssh.com, using HostkeyAlgorithms verbatim
debug3: send packet: type 20
debug1: SSH2_MSG_KEXINIT sent
debug3: receive packet: type 20
debug1: SSH2_MSG_KEXINIT received
debug2: local client KEXINIT proposal
debug2: KEX algorithms: curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,sntrup761x25519-sha512@openssh.com,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,ext-info-c
debug2: host key algorithms: ssh-ed25519-cert-v01@openssh.com,ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,sk-ssh-ed25519-cert-v01@openssh.com,sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,rsa-sha2-512-cert-v01@openssh.com,rsa-sha2-256-cert-v01@openssh.com,ssh-ed25519,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,sk-ssh-ed25519@openssh.com,sk-ecdsa-sha2-nistp256@openssh.com,rsa-sha2-512,rsa-sha2-256,ssh-rsa
debug2: ciphers ctos: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
debug2: ciphers stoc: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
debug2: MACs ctos: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: MACs stoc: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: compression ctos: none,zlib@openssh.com,zlib
debug2: compression stoc: none,zlib@openssh.com,zlib
debug2: languages ctos:
debug2: languages stoc:
debug2: first_kex_follows 0
debug2: reserved 0
debug2: peer server KEXINIT proposal
debug2: KEX algorithms: curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: host key algorithms: ssh-rsa,ssh-dss,ecdsa-sha2-nistp256,ssh-ed25519
debug2: ciphers ctos: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: ciphers stoc: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: MACs ctos: hmac-md5-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-ripemd160-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,hmac-md5,hmac-sha1,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: MACs stoc: hmac-md5-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-ripemd160-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,hmac-md5,hmac-sha1,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: compression ctos: none,zlib@openssh.com
debug2: compression stoc: none,zlib@openssh.com
debug2: languages ctos:
debug2: languages stoc:
debug2: first_kex_follows 0
debug2: reserved 0
debug1: kex: algorithm: curve25519-sha256@libssh.org
debug1: kex: host key algorithm: ssh-ed25519
debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC:
Authorized uses only. All activity may be monitored and reported. debug3: receive packet: type 51 debug1: Authentications that can continue: publickey debug3: start over, passed a different list publickey debug3: preferred gssapi-with-mic,publickey,keyboard-interactive,password debug3: authmethod_lookup publickey debug3: remaining preferred: keyboard-interactive,password debug3: authmethod_is_enabled publickey debug1: Next authentication method: publickey debug1: Offering public key: /home/star/.ssh/id_rsa RSA SHA256:13Fw1q22KNk2uQ1PvBVk8No7jmL0uQAglGxPqEIoCgY explicit agent debug3: send packet: type 50 debug2: we sent a publickey packet, wait for reply debug3: receive packet: type 60 debug1: Server accepts key: /home/star/.ssh/id_rsa RSA SHA256:13Fw1q22KNk2uQ1PvBVk8No7jmL0uQAglGxPqEIoCgY explicit agent debug3: sign_and_send_pubkey: using publickey with RSA SHA256:13Fw1q22KNk2uQ1PvBVk8No7jmL0uQAglGxPqEIoCgY debug3: sign_and_send_pubkey: signing using rsa-sha2-512 SHA256:13Fw1q22KNk2uQ1PvBVk8No7jmL0uQAglGxPqEIoCgY debug3: send packet: type 50 debug3: receive packet: type 52 Authenticated to aks-agentpool-65656565-vmss00000b (via proxy) using "publickey". debug1: channel 0: new [client-session] debug3: ssh_session2_open: channel_new: 0 debug2: channel 0: send open debug3: send packet: type 90 debug1: Requesting no-more-sessions@openssh.com debug3: send packet: type 80 debug1: Entering interactive session. debug1: pledge: proc debug3: receive packet: type 80 debug1: client_input_global_request: rtype hostkeys-00@openssh.com want_reply 0 debug3: receive packet: type 91 debug2: channel_input_open_confirmation: channel 0: callback start debug2: client_session2_setup: id 0 debug2: channel 0: request pty-req confirm 1 debug3: send packet: type 98 debug1: Sending environment. debug3: Ignored env SHELL debug3: Ignored env LESS debug3: Ignored env HISTCONTROL debug3: Ignored env WSL_DISTRO_NAME debug3: Ignored env WT_SESSION debug3: Ignored env HISTSIZE debug3: Ignored env LESS_TERMCAP_se debug3: Ignored env LESS_TERMCAP_so debug3: Ignored env SSH_AUTH_SOCK debug3: Ignored env VIRTUALMACHINES debug3: Ignored env GOPRIVATE debug3: Ignored env DOCUMENTS debug3: Ignored env CLIP_SCREEN debug3: Ignored env CLIP_VOLUME debug3: Ignored env PICTURES debug3: Ignored env SSH_AGENT_PID debug3: Ignored env EDITOR debug3: Ignored env GOBIN debug3: Ignored env NAME debug3: Ignored env PWD debug3: Ignored env LOGNAME debug3: Ignored env CLIP_DATA debug3: Ignored env CDPATH debug3: Ignored env HOME debug1: channel 0: setting env LANG = "C.UTF-8" debug2: channel 0: request env confirm 0 debug3: send packet: type 98 debug3: Ignored env WSL_INTEROP debug3: Ignored env LS_COLORS debug3: Ignored env VIDEOS debug3: Ignored env GHREPOS debug3: Ignored env ANSIBLE_INVENTORY debug3: Ignored env PDFS debug3: Ignored env HELP_BROWSER debug3: Ignored env LESSCLOSE debug3: Ignored env SCRIPTS debug3: Ignored env TERM debug3: Ignored env SNIPPETS debug3: Ignored env LESS_TERMCAP_mb debug3: Ignored env LESS_TERMCAP_me debug3: Ignored env LESS_TERMCAP_md debug3: Ignored env LESSOPEN debug3: Ignored env USER debug3: Ignored env GITUSER debug3: Ignored env EDITOR_PREFIX debug3: Ignored env VISUAL debug3: Ignored env GOPROXY debug3: Ignored env SHLVL debug3: Ignored env LESS_TERMCAP_ue debug3: Ignored env ZETDIR debug3: Ignored env LESS_TERMCAP_us debug3: Ignored env TEMPLATES debug3: Ignored env DESKTOP debug3: Ignored env ZETTELCASTS debug3: Ignored env PYTHONDONTWRITEBYTECODE debug3: Ignored env WORKSPACES debug3: Ignored env HRULEWIDTH debug3: Ignored env WSLENV debug3: Ignored env REPOS debug1: channel 0: setting env LC_COLLATE = "C" debug2: channel 0: request env confirm 0 debug3: send packet: type 98 debug3: Ignored env XDG_DATA_DIRS debug3: Ignored env PATH debug3: Ignored env HISTFILESIZE debug3: Ignored env CFLAGS debug3: Ignored env PRIVATE debug3: Ignored env CLIP_DIR debug3: Ignored env CGO_ENABLED debug3: Ignored env FZF_DEFAULT_OPTS debug3: Ignored env MUSIC debug3: Ignored env HOSTTYPE debug3: Ignored env DOWNLOADS debug3: Ignored env WT_PROFILE_ID debug3: Ignored env PUBLIC debug3: Ignored env DOTFILES debug3: Ignored env GOPATH debug3: Ignored env BASH_FUNC_clone%% debug3: Ignored env BASH_FUNC_envx%% debug3: Ignored env BASH_FUNC_new-cmd%% debug3: Ignored env BASH_FUNC_new-bonzai%% debug3: Ignored env BASH_FUNC__swaggercomp%% debug3: Ignored env BASH_FUNCnew-from%% debug3: Ignored env debug2: channel 0: request shell confirm 1 debug3: send packet: type 98 debug2: channel_input_open_confirmation: channel 0: callback done debug2: channel 0: open confirm rwindow 0 rmax 32768 debug3: receive packet: type 99 debug2: channel_input_status_confirm: type 99 id 0 debug2: PTY allocation request accepted on channel 0 debug2: channel 0: rcvd adjust 2097152 debug3: receive packet: type 99 debug2: channel_input_status_confirm: type 99 id 0 debug2: shell request accepted on channel 0 Welcome to Ubuntu 18.04.6 LTS (GNU/Linux 5.4.0-1074-azure x86_64)
Documentation: https://help.ubuntu.com
Management: https://landscape.canonical.com
Support: https://ubuntu.com/advantage
Super-optimized for small spaces - read how we shrank the memory footprint of MicroK8s to make it the smallest full K8s around.
42 updates can be applied immediately. To see these additional updates run: apt list --upgradable
New release '20.04.4 LTS' available. Run 'do-release-upgrade' to upgrade to it.
System restart required Last login: Sat Aug 13 15:27:11 2022 from 10.36.84.242`
@nippyin Thanks alot for your testing!! I'll release the next version shortly, which will resolve the issue.
@nippyin
ssh-jump-0.7.3 has been released. It can be upgraded via krew:
$ kubectl krew upgrade ssh-jump
$ kubectl krew info ssh-jump
NAME: ssh-jump
INDEX: default
URI: https://github.com/yokawasa/kubectl-plugin-ssh-jump/archive/0.7.3.zip
SHA256: 0c2ec4c54d8fcee93f525e119a2883931d73a55e27379b9b2b5626afebed2555
VERSION: v0.7.3
...
Thank you so much for your help!
Open a new issue to discuss the issue reported by @nippyin
https://github.com/yokawasa/kubectl-plugin-ssh-jump/issues/13#issuecomment-1207464351
it works from macOS however while trying on WSL2 i get same error