Opened 3 years ago
Closed 3 years ago
#2663 closed task (fixed)
Get access to osgeo7-*
Reported by: | jsanz | Owned by: | |
---|---|---|---|
Priority: | normal | Milestone: | Unplanned |
Component: | SysAdmin | Keywords: | |
Cc: |
Description
Following up from #2660, I'd like to get access to osgeo7-*
servers. At this moment, after adding the configuration to .ssh/config
I get this output
$ ssh jsanz@osgeo7-old-webextra jsanz@hop.osgeo7.osgeo.org: Permission denied (publickey). kex_exchange_identification: Connection closed by remote host
My current public key is the second entry in osgeo6:/home/jsanz/.ssh/authorized_keys
finishing with jorge.sanz@elastic.co
.
Thanks!
Change History (8)
follow-up: 2 comment:1 by , 3 years ago
follow-up: 3 comment:2 by , 3 years ago
Replying to robe:
jsanz -- I don't see your key in your ldap profile, did you try adding it?
Go to https://id.osgeo.org/ldap/edit
Login and put your public key there.
Done, I've added my public key on that form. I waited a day but I still get a permission denied
error.
comment:3 by , 3 years ago
Replying to jsanz:
Done, I've added my public key on that form. I waited a day but I still get a
permission denied
error.
The change takes effect immediately so you don't need to wait. I do see the key now on your ldap account and confirmed it matches what you have in osgeo6 second key aside from linebreaks and spaces which shouldn't matter as the ldap one is chunked on mine too and I don't have a authorized_keys in my hop home drive and can get in with my account.
I've manually added the key to your home drive on hop.osgeo7.osgeo.org to rule out any weird whitespace issues.
If that still doesn't work perhaps your issue is the one described below.
Here: https://wiki.osgeo.org/wiki/SAC_Service_Status#Accessing_osgeo7_containers_via_ssh
Troubleshooting: In case of "Permission denied (publickey)." after an update to a modern openSSH version, it might well be that your ssh key (RSH key) is disabled in your client in favour of more modern cyphers. Ugly workaround: add one line `PubkeyAcceptedKeyTypes ...` in `.ssh/config`, to re-enable RSA keys for now (consider to generate a new key): vim .ssh/config ... Host * ... PubkeyAcceptedKeyTypes +ssh-rsa
comment:4 by , 3 years ago
Thanks for the suppport Regina.
Now I can access hop.osgeo.org
without issues but I still can't get into the lxd container with the ProxyCommand
setup.
I'm fine with having to log first into the download server but ssh jsanz@old-webextra.lxd
server is asking for a password for my handle and the OSGeo ldap password is not working.
The PubkeyAcceptedKeyTypes
is not working for me 😥
... few minutes later ...
I've realized I can get into other containers like osgeo7-web
, osgeo7-download
, or osgeo7-pycsw
so there's something different with old-webextra
. Hope this helps.
comment:5 by , 3 years ago
Odd timing but I'm in the exact same situation now as @jsanz: cannot ProxyJump
into old-webextra, but can jump into the other containers.
comment:6 by , 3 years ago
try now. Was same issue with letsencrypt and old-webextra being so old it didn't trust the new authority.
Feel free to close if all set. Jsanz can you by chance also try removing your key on hop server to see if the ssh still works. I want to make sure your key registered in ldap works so if you need to access other servers on other hosts you'll be able to.
comment:8 by , 3 years ago
Resolution: | → fixed |
---|---|
Status: | new → closed |
Confirmed here as well, I renamed the .ssh/authorized_keys
file in the hop server just in case is needed again but I could get into the old-webextra
server with my LDAP password and check the status of the planet, etc.
Thanks again 👏👏
jsanz -- I don't see your key in your ldap profile, did you try adding it?
Go to https://id.osgeo.org/ldap/edit
Login and put your public key there.