Details
-
Type: extRequest
-
Status: Closed
-
Priority: Major
-
Resolution: Done
-
Fix Version/s: Sprint 4.1.3
-
Component/s: FIWARE-LAB-HELP
-
Labels:None
-
Sender Email:
-
HD-Node:Spain
Description
Hi, i have problem with login to instance using SSH client.
Instance is running image : accesscontrol-gei-tha-3.3.3-1
<https://cloud.lab.fi-ware.org/#nova/images/c0f0a684-7323-49cb-a6fe-3a231f76241e>
After i try to login with putty ssh client i got in response :
Using username "root".
Authenticating with public key "imported-openssh-key"
Server refused public-key signature despite accepting key!
I tried other image with same key and logged in without problems.
–
Kind regards,
Mirsad Bulbulušić | Android developer
DevLogic | Sarajevo | Bosnia and Herzegovina
Office : +387 33 942 123
<http://t.senaldos.com/link?url=&ukey=agxzfnNpZ25hbHNjcnhyGAsSC1VzZXJQcm9maWxlGICAgK2Y-8IKDA&k=0608aae5-ed8b-4a5e-f1d2-674e094cf3ca>
Mobile: +387 61 692 271
<http://t.senaldos.com/link?url=&ukey=agxzfnNpZ25hbHNjcnhyGAsSC1VzZXJQcm9maWxlGICAgK2Y-8IKDA&k=6bb29d70-72c7-4039-dde0-a2fa5c8dffa5>
Website: www.devlogic.eu
<http://t.senaldos.com/link?url=http%3A%2F%2Fwww.devlogic.eu%2F&ukey=agxzfnNpZ25hbHNjcnhyGAsSC1VzZXJQcm9maWxlGICAgK2Y-8IKDA&k=ca0746ba-ab85-4e0e-8bf6-80696e4ed83a>
E-mail : @devlogic.eu <aavdic@devlogic.eu>
–
---------------------------------------------------------------------
This e-mail and any attachment is for authorised use by the intended
recipient(s) only. This email contains confidential information. It should
not be copied, disclosed to, retained or used by, any party other than the
intended recipient. Any unauthorised distribution, dissemination or copying
of this E-mail or its attachments, and/or any use of any information
contained in them, is strictly prohibited and may be illegal. If you are
not an intended recipient then please promptly delete this e-mail and any
attachment and all copies and inform the sender directly via email. Any
emails that you send to us may be monitored by systems or persons other
than the named communicant for the purposes of ascertaining whether the
communication complies with the law and company policies.
_______________________________________________
Fiware-lab-help mailing list
Fiware-lab-help@lists.fi-ware.org
https://lists.fi-ware.org/listinfo/fiware-lab-help
[Created via e-mail received from: Mirsad Bulbulusic <mbulbulusic@devlogic.eu>]
-
- text.html
- 48 kB
- José Ignacio Carretero Guarde
-
- text.html
- 18 kB
- José Ignacio Carretero Guarde
-
- text.html
- 13 kB
- José Ignacio Carretero Guarde
-
- text.html
- 6 kB
- José Ignacio Carretero Guarde
-
- ATT00001.png
- 37 kB
-
- ATT00001.png
- 37 kB
-
- ATT00001.png
- 37 kB
-
- ATT00001.png
- 37 kB
-
- ATT00001.png
- 37 kB
-
- ATT00002.png
- 39 kB
-
- ATT00002.png
- 39 kB
-
- ATT00002.png
- 39 kB
-
- ATT00002.png
- 39 kB
-
- ATT00002.png
- 39 kB
-
- image.png
- 37 kB
-
- image.png
- 39 kB
Activity
I was tried with new instance with Spain region key but still not working.
Now i tried with console ssh client and got this:
$ ssh -vT -i ../../spain-key.pem root@130.206.126.218
OpenSSH_6.4, OpenSSL 1.0.1e 11 Feb 2013
debug1: Connecting to 130.206.126.218 [130.206.126.218] port 22.
debug1: Connection established.
debug1: identity file ../../spain-key.pem type -1
debug1: identity file ../../spain-key.pem-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.4
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.9p1
Debian-5ubuntu1
debug1: match: OpenSSH_5.9p1 Debian-5ubuntu1 pat OpenSSH_5*
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: sending SSH2_MSG_KEX_ECDH_INIT
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ECDSA
ad:0d:bf:37:8d:9d:3a:d8:be:1a:59:46:51:d8:be:62
The authenticity of host '130.206.126.218 (130.206.126.218)' can't be
established.
ECDSA key fingerprint is ad:0d:bf:37:8d:9d:3a:d8:be:1a:59:46:51:d8:be:62.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '130.206.126.218' (ECDSA) to the list of known
hosts.
debug1: ssh_ecdsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Trying private key: ../../spain-key.pem
debug1: read PEM private key done: type RSA
debug1: Authentications that can continue: publickey
debug1: No more authentication methods to try.
Permission denied (publickey).
On Mon, Dec 15, 2014 at 1:18 PM, JOSE IGNACIO CARRETERO GUARDE <
–
Kind regards,
Mirsad Bulbulušić | Android developer
DevLogic | Sarajevo | Bosnia and Herzegovina
Office : +387 33 942 123
<http://t.senaldos.com/link?url=&ukey=agxzfnNpZ25hbHNjcnhyGAsSC1VzZXJQcm9maWxlGICAgK2Y-8IKDA&k=0608aae5-ed8b-4a5e-f1d2-674e094cf3ca>
Mobile: +387 61 692 271
<http://t.senaldos.com/link?url=&ukey=agxzfnNpZ25hbHNjcnhyGAsSC1VzZXJQcm9maWxlGICAgK2Y-8IKDA&k=6bb29d70-72c7-4039-dde0-a2fa5c8dffa5>
Website: www.devlogic.eu
<http://t.senaldos.com/link?url=http%3A%2F%2Fwww.devlogic.eu%2F&ukey=agxzfnNpZ25hbHNjcnhyGAsSC1VzZXJQcm9maWxlGICAgK2Y-8IKDA&k=ca0746ba-ab85-4e0e-8bf6-80696e4ed83a>
E-mail : mbulbulusic@devlogic.eu <aavdic@devlogic.eu>
–
---------------------------------------------------------------------
This e-mail and any attachment is for authorised use by the intended
recipient(s) only. This email contains confidential information. It should
not be copied, disclosed to, retained or used by, any party other than the
intended recipient. Any unauthorised distribution, dissemination or copying
of this E-mail or its attachments, and/or any use of any information
contained in them, is strictly prohibited and may be illegal. If you are
not an intended recipient then please promptly delete this e-mail and any
attachment and all copies and inform the sender directly via email. Any
emails that you send to us may be monitored by systems or persons other
than the named communicant for the purposes of ascertaining whether the
communication complies with the law and company policies.
_______________________________________________
Fiware-lab-help mailing list
Fiware-lab-help@lists.fi-ware.org
https://lists.fi-ware.org/listinfo/fiware-lab-help
Good. You have create 7 different keypairs in the Spanish region. That keypair (spain-key.pem) isn't the keypair for that VM. — The key pair can't be changed when the instance is done.
Best regards,
José Ignacio.
El 15/12/14 a las 13:35, Mirsad Bulbulusic escribió:
I was tried with new instance with Spain region key but still not working. Now i tried with console ssh client and got this:
$ ssh -vT -i ../../spain-key.pem root@130.206.126.218<root@130.206.126.218>
OpenSSH_6.4, OpenSSL 1.0.1e 11 Feb 2013
debug1: Connecting to 130.206.126.218 [130.206.126.218] port 22.
debug1: Connection established.
debug1: identity file ../../spain-key.pem type -1
debug1: identity file ../../spain-key.pem-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.4
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.9p1 Debian-5ubuntu1
debug1: match: OpenSSH_5.9p1 Debian-5ubuntu1 pat OpenSSH_5*
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: sending SSH2_MSG_KEX_ECDH_INIT
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ECDSA ad:0d:bf:37:8d:9d:3a:d8:be:1a:59:46:51:d8:be:62
The authenticity of host '130.206.126.218 (130.206.126.218)' can't be established.
ECDSA key fingerprint is ad:0d:bf:37:8d:9d:3a:d8:be:1a:59:46:51:d8:be:62.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '130.206.126.218' (ECDSA) to the list of known hosts.
debug1: ssh_ecdsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Trying private key: ../../spain-key.pem
debug1: read PEM private key done: type RSA
debug1: Authentications that can continue: publickey
debug1: No more authentication methods to try.
Permission denied (publickey).
On Mon, Dec 15, 2014 at 1:18 PM, JOSE IGNACIO CARRETERO GUARDE <joseignacio.carreteroguarde@telefonica.com<joseignacio.carreteroguarde@telefonica.com>> wrote:
Hi,
In the Spanish node you only have one VM (as far as I can see with your user) – Its name is "auth-test" and there's no reason why you can't access that VM using your Keypair.
Maybe, you can have another VM in another region (if so, please tell us which one), but the key-pairs do only work in the region they were created at this moment.
Best regards,
José Ignacio.
El 15/12/14 a las 11:49, Mirsad Bulbulusic escribió:
Hi, i have problem with login to instance using SSH client.
Instance is running image : accesscontrol-gei-tha-3.3.3-1<https://cloud.lab.fi-ware.org/#nova/images/c0f0a684-7323-49cb-a6fe-3a231f76241e>
After i try to login with putty ssh client i got in response :
Using username "root".
Authenticating with public key "imported-openssh-key"
Server refused public-key signature despite accepting key!
I tried other image with same key and logged in without problems.
–
Kind regards,
Mirsad Bulbulušić | Android developer
DevLogic | Sarajevo | Bosnia and Herzegovina
Office : +387 33 942 123<http://t.senaldos.com/link?url=&ukey=agxzfnNpZ25hbHNjcnhyGAsSC1VzZXJQcm9maWxlGICAgK2Y-8IKDA&k=0608aae5-ed8b-4a5e-f1d2-674e094cf3ca>
Mobile: +387 61 692 271<http://t.senaldos.com/link?url=&ukey=agxzfnNpZ25hbHNjcnhyGAsSC1VzZXJQcm9maWxlGICAgK2Y-8IKDA&k=6bb29d70-72c7-4039-dde0-a2fa5c8dffa5>
Website: www.devlogic.eu<http://t.senaldos.com/link?url=http%3A%2F%2Fwww.devlogic.eu%2F&ukey=agxzfnNpZ25hbHNjcnhyGAsSC1VzZXJQcm9maWxlGICAgK2Y-8IKDA&k=ca0746ba-ab85-4e0e-8bf6-80696e4ed83a>
E-mail : @devlogic.eu<aavdic@devlogic.eu>
---------------------------------------------------------------------
This e-mail and any attachment is for authorised use by the intended recipient(s) only. This email contains confidential information. It should not be copied, disclosed to, retained or used by, any party other than the intended recipient. Any unauthorised distribution, dissemination or copying of this E-mail or its attachments, and/or any use of any information contained in them, is strictly prohibited and may be illegal. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender directly via email. Any emails that you send to us may be monitored by systems or persons other than the named communicant for the purposes of ascertaining whether the communication complies with the law and company policies.
I removed other keys and instance from Spain and made this one
spain-key.pem and after that i made new instance with keypair:
spain-key.pem.
[image: Inline image 1][image: Inline image 1]
On Mon, Dec 15, 2014 at 1:49 PM, JOSE IGNACIO CARRETERO GUARDE <
–
Kind regards,
Mirsad Bulbulušić | Android developer
DevLogic | Sarajevo | Bosnia and Herzegovina
Office : +387 33 942 123
<http://t.senaldos.com/link?url=&ukey=agxzfnNpZ25hbHNjcnhyGAsSC1VzZXJQcm9maWxlGICAgK2Y-8IKDA&k=0608aae5-ed8b-4a5e-f1d2-674e094cf3ca>
Mobile: +387 61 692 271
<http://t.senaldos.com/link?url=&ukey=agxzfnNpZ25hbHNjcnhyGAsSC1VzZXJQcm9maWxlGICAgK2Y-8IKDA&k=6bb29d70-72c7-4039-dde0-a2fa5c8dffa5>
Website: www.devlogic.eu
<http://t.senaldos.com/link?url=http%3A%2F%2Fwww.devlogic.eu%2F&ukey=agxzfnNpZ25hbHNjcnhyGAsSC1VzZXJQcm9maWxlGICAgK2Y-8IKDA&k=ca0746ba-ab85-4e0e-8bf6-80696e4ed83a>
E-mail : mbulbulusic@devlogic.eu <aavdic@devlogic.eu>
–
---------------------------------------------------------------------
This e-mail and any attachment is for authorised use by the intended
recipient(s) only. This email contains confidential information. It should
not be copied, disclosed to, retained or used by, any party other than the
intended recipient. Any unauthorised distribution, dissemination or copying
of this E-mail or its attachments, and/or any use of any information
contained in them, is strictly prohibited and may be illegal. If you are
not an intended recipient then please promptly delete this e-mail and any
attachment and all copies and inform the sender directly via email. Any
emails that you send to us may be monitored by systems or persons other
than the named communicant for the purposes of ascertaining whether the
communication complies with the law and company policies.
_______________________________________________
Fiware-lab-help mailing list
Fiware-lab-help@lists.fi-ware.org
https://lists.fi-ware.org/listinfo/fiware-lab-help
Is it working? Do you have any further problems?
Regards,
José Ignacio.
El 15/12/14 a las 13:57, Mirsad Bulbulusic escribió:
I removed other keys and instance from Spain and made this one spain-key.pem and after that i made new instance with keypair: spain-key.pem.
[Inline image 1][Inline image 1]
On Mon, Dec 15, 2014 at 1:49 PM, JOSE IGNACIO CARRETERO GUARDE <joseignacio.carreteroguarde@telefonica.com<joseignacio.carreteroguarde@telefonica.com>> wrote:
Good. You have create 7 different keypairs in the Spanish region. That keypair (spain-key.pem) isn't the keypair for that VM. — The key pair can't be changed when the instance is done.
Best regards,
José Ignacio.
El 15/12/14 a las 13:35, Mirsad Bulbulusic escribió:
I was tried with new instance with Spain region key but still not working. Now i tried with console ssh client and got this:
$ ssh -vT -i ../../spain-key.pem root@130.206.126.218<root@130.206.126.218>
OpenSSH_6.4, OpenSSL 1.0.1e 11 Feb 2013
debug1: Connecting to 130.206.126.218 [130.206.126.218] port 22.
debug1: Connection established.
debug1: identity file ../../spain-key.pem type -1
debug1: identity file ../../spain-key.pem-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.4
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.9p1 Debian-5ubuntu1
debug1: match: OpenSSH_5.9p1 Debian-5ubuntu1 pat OpenSSH_5*
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: sending SSH2_MSG_KEX_ECDH_INIT
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ECDSA ad:0d:bf:37:8d:9d:3a:d8:be:1a:59:46:51:d8:be:62
The authenticity of host '130.206.126.218 (130.206.126.218)' can't be established.
ECDSA key fingerprint is ad:0d:bf:37:8d:9d:3a:d8:be:1a:59:46:51:d8:be:62.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '130.206.126.218' (ECDSA) to the list of known hosts.
debug1: ssh_ecdsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Trying private key: ../../spain-key.pem
debug1: read PEM private key done: type RSA
debug1: Authentications that can continue: publickey
debug1: No more authentication methods to try.
Permission denied (publickey).
On Mon, Dec 15, 2014 at 1:18 PM, JOSE IGNACIO CARRETERO GUARDE <joseignacio.carreteroguarde@telefonica.com<joseignacio.carreteroguarde@telefonica.com>> wrote:
Hi,
In the Spanish node you only have one VM (as far as I can see with your user) – Its name is "auth-test" and there's no reason why you can't access that VM using your Keypair.
Maybe, you can have another VM in another region (if so, please tell us which one), but the key-pairs do only work in the region they were created at this moment.
Best regards,
José Ignacio.
El 15/12/14 a las 11:49, Mirsad Bulbulusic escribió:
Hi, i have problem with login to instance using SSH client.
Instance is running image : accesscontrol-gei-tha-3.3.3-1<https://cloud.lab.fi-ware.org/#nova/images/c0f0a684-7323-49cb-a6fe-3a231f76241e>
After i try to login with putty ssh client i got in response :
Using username "root".
Authenticating with public key "imported-openssh-key"
Server refused public-key signature despite accepting key!
I tried other image with same key and logged in without problems.
–
Kind regards,
Mirsad Bulbulušić | Android developer
DevLogic | Sarajevo | Bosnia and Herzegovina
Office : +387 33 942 123<http://t.senaldos.com/link?url=&ukey=agxzfnNpZ25hbHNjcnhyGAsSC1VzZXJQcm9maWxlGICAgK2Y-8IKDA&k=0608aae5-ed8b-4a5e-f1d2-674e094cf3ca>
Mobile: +387 61 692 271<http://t.senaldos.com/link?url=&ukey=agxzfnNpZ25hbHNjcnhyGAsSC1VzZXJQcm9maWxlGICAgK2Y-8IKDA&k=6bb29d70-72c7-4039-dde0-a2fa5c8dffa5>
Website: www.devlogic.eu<http://t.senaldos.com/link?url=http%3A%2F%2Fwww.devlogic.eu%2F&ukey=agxzfnNpZ25hbHNjcnhyGAsSC1VzZXJQcm9maWxlGICAgK2Y-8IKDA&k=ca0746ba-ab85-4e0e-8bf6-80696e4ed83a>
E-mail : @devlogic.eu<aavdic@devlogic.eu>
---------------------------------------------------------------------
This e-mail and any attachment is for authorised use by the intended recipient(s) only. This email contains confidential information. It should not be copied, disclosed to, retained or used by, any party other than the intended recipient. Any unauthorised distribution, dissemination or copying of this E-mail or its attachments, and/or any use of any information contained in them, is strictly prohibited and may be illegal. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender directly via email. Any emails that you send to us may be monitored by systems or persons other than the named communicant for the purposes of ascertaining whether the communication complies with the law and company policies.
Nope, still same problem...
On Mon, Dec 15, 2014 at 2:23 PM, JOSE IGNACIO CARRETERO GUARDE <
–
Kind regards,
Mirsad Bulbulušić | Android developer
DevLogic | Sarajevo | Bosnia and Herzegovina
Office : +387 33 942 123
<http://t.senaldos.com/link?url=&ukey=agxzfnNpZ25hbHNjcnhyGAsSC1VzZXJQcm9maWxlGICAgK2Y-8IKDA&k=0608aae5-ed8b-4a5e-f1d2-674e094cf3ca>
Mobile: +387 61 692 271
<http://t.senaldos.com/link?url=&ukey=agxzfnNpZ25hbHNjcnhyGAsSC1VzZXJQcm9maWxlGICAgK2Y-8IKDA&k=6bb29d70-72c7-4039-dde0-a2fa5c8dffa5>
Website: www.devlogic.eu
<http://t.senaldos.com/link?url=http%3A%2F%2Fwww.devlogic.eu%2F&ukey=agxzfnNpZ25hbHNjcnhyGAsSC1VzZXJQcm9maWxlGICAgK2Y-8IKDA&k=ca0746ba-ab85-4e0e-8bf6-80696e4ed83a>
E-mail : mbulbulusic@devlogic.eu <aavdic@devlogic.eu>
–
---------------------------------------------------------------------
This e-mail and any attachment is for authorised use by the intended
recipient(s) only. This email contains confidential information. It should
not be copied, disclosed to, retained or used by, any party other than the
intended recipient. Any unauthorised distribution, dissemination or copying
of this E-mail or its attachments, and/or any use of any information
contained in them, is strictly prohibited and may be illegal. If you are
not an intended recipient then please promptly delete this e-mail and any
attachment and all copies and inform the sender directly via email. Any
emails that you send to us may be monitored by systems or persons other
than the named communicant for the purposes of ascertaining whether the
communication complies with the law and company policies.
_______________________________________________
Fiware-lab-help mailing list
Fiware-lab-help@lists.fi-ware.org
https://lists.fi-ware.org/listinfo/fiware-lab-help
Hi Jose,
sorry Im jumping in - first of all thanks for very fast response and
valuable comments.
Are you sure that this instance is actually working properly since when we
do same procedure on another instance type it works?
Procedure is that we generate key, allow security to use port 22 and than
we try to ssh -i thatkey.pem root@ip ...
If you could do the same it would be great - your comments would be
valuable...
Best,
Dino
–
Kind regards,
Dino Osmanovic | Business Consultant / Innovation Manager
DevLogic | Sarajevo | Bosnia and Herzegovina
Office : +387 33 942 123
Mobile: +387 61 216 927
Web: www.devlogic.eu
E-mail: dosmanovic@devlogic.eu
On Mon, Dec 15, 2014 at 3:04 PM, Mirsad Bulbulusic <mbulbulusic@devlogic.eu>
–
---------------------------------------------------------------------
This e-mail and any attachment is for authorised use by the intended
recipient(s) only. This email contains confidential information. It should
not be copied, disclosed to, retained or used by, any party other than the
intended recipient. Any unauthorised distribution, dissemination or copying
of this E-mail or its attachments, and/or any use of any information
contained in them, is strictly prohibited and may be illegal. If you are
not an intended recipient then please promptly delete this e-mail and any
attachment and all copies and inform the sender directly via email. Any
emails that you send to us may be monitored by systems or persons other
than the named communicant for the purposes of ascertaining whether the
communication complies with the law and company policies.
_______________________________________________
Fiware-lab-help mailing list
Fiware-lab-help@lists.fi-ware.org
https://lists.fi-ware.org/listinfo/fiware-lab-help
Well, analyzing in depth the image you have used, accesscontrol-gei-tha-3.3.3-1, it seems that the sshd demon configuration isn't right to be used as a FIWARE-LAB image – It doesn't allow people to login.
So I've taken these 2 actions:
— I've updated the image in order not to be public - It won't be instanciated anymore.
— I've changed the configuration of your VM so you can access using your public key.
Regards,
José Ignacio.
El 16/12/14 a las 16:01, Dino Osmanovic escribió:
Hi Jose,
sshd on the instance? We never managed to connect there so we couldnt change it? We just newly created instance and tried to access it with no luck. We want to have ability to use access control test instance?
Best,
DIno
–
Kind regards,
Dino Osmanovic | Business Consultant / Innovation Manager
DevLogic | Sarajevo | Bosnia and Herzegovina
Office : +387 33 942 123
Mobile: +387 61 216 927
Web: www.devlogic.eu <http://www.devlogic.eu>
E-mail: dosmanovic@devlogic.eu<dosmanovic@devlogic.eu>
On Tue, Dec 16, 2014 at 3:55 PM, JOSE IGNACIO CARRETERO GUARDE <joseignacio.carreteroguarde@telefonica.com<joseignacio.carreteroguarde@telefonica.com>> wrote:
I was wondering if you had done something with your sshd.config file?
El 16/12/14 a las 13:45, Mirsad Bulbulusic escribió:
Hi Jose, any update on this issue ?
On Mon, Dec 15, 2014 at 3:35 PM, Mirsad Bulbulusic <mbulbulusic@devlogic.eu<mbulbulusic@devlogic.eu>> wrote:
here is log:
$ ssh -vvv -i ../../spain-key.pem root@130.206.126.218<root@130.206.126.218>
OpenSSH_6.4, OpenSSL 1.0.1e 11 Feb 2013
debug2: ssh_connect: needpriv 0
debug1: Connecting to 130.206.126.218 [130.206.126.218] port 22.
debug1: Connection established.
debug3: Incorrect RSA1 identifier
debug3: Could not load "../../spain-key.pem" as a RSA1 public key
debug1: identity file ../../spain-key.pem type -1
debug1: identity file ../../spain-key.pem-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.4
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.9p1 Debian-5ubuntu1
debug1: match: OpenSSH_5.9p1 Debian-5ubuntu1 pat OpenSSH_5*
debug2: fd 3 setting O_NONBLOCK
debug3: load_hostkeys: loading entries for host "130.206.126.218" from file "/home/mbulbulusic/.ssh/known_hosts"
debug3: load_hostkeys: found key type ECDSA in file /home/mbulbulusic/.ssh/known_hosts:2
debug3: load_hostkeys: loaded 1 keys
debug3: order_hostkeyalgs: prefer hostkeyalgs: ecdsa-sha2-nistp256-cert-v01@openssh.com<ecdsa-sha2-nistp256-cert-v01@openssh.com>,ecdsa-sha2-nistp384-cert-v01@openssh.com<ecdsa-sha2-nistp384-cert-v01@openssh.com>,ecd
sha2-nistp521-cert-v01@openssh.com<sha2-nistp521-cert-v01@openssh.com>,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit: ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hell
-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ecdsa-sha2-nistp256-cert-v01@openssh.com<ecdsa-sha2-nistp256-cert-v01@openssh.com>,ecdsa-sha2-nistp384-cert-v01@openssh.com<ecdsa-sha2-nistp384-cert-v01@openssh.com>,ecdsa-sha2-nistp521-cer
01@openssh.com<01@openssh.com>,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-rsa-cert-v01@openssh.com<ssh-rsa-cert-v01@openssh.com>,ssh-dss-cert-v01@openssh.com<ssh-dss-cert-v01@openssh.com>
h-rsa-cert-v00@openssh.com<h-rsa-cert-v00@openssh.com>,ssh-dss-cert-v00@openssh.com<ssh-dss-cert-v00@openssh.com>,ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-gcm@openssh.com<aes128-gcm@openssh.com>,aes256-gcm@openssh.com<aes256-gcm@openssh.com>,aes1
cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se<rijndael-cbc@lysator.liu.se>
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-gcm@openssh.com<aes128-gcm@openssh.com>,aes256-gcm@openssh.com<aes256-gcm@openssh.com>,aes1
cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se<rijndael-cbc@lysator.liu.se>
debug2: kex_parse_kexinit: hmac-md5-etm@openssh.com<hmac-md5-etm@openssh.com>,hmac-sha1-etm@openssh.com<hmac-sha1-etm@openssh.com>,umac-64-etm@openssh.com<umac-64-etm@openssh.com>,umac-128-etm@openssh.com<umac-128-etm@openssh.com>,hmac-
2-256-etm@openssh.com<2-256-etm@openssh.com>,hmac-sha2-512-etm@openssh.com<hmac-sha2-512-etm@openssh.com>,hmac-ripemd160-etm@openssh.com<hmac-ripemd160-etm@openssh.com>,hmac-sha1-96-etm@openssh.com<hmac-sha1-96-etm@openssh.com>,hmac-md5-96-etm@open
.com,hmac-md5,hmac-sha1,umac-64@openssh.com<umac-64@openssh.com>,umac-128@openssh.com<umac-128@openssh.com>,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160@openssh.c<hmac-ripemd160@openssh.c>
hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5-etm@openssh.com<hmac-md5-etm@openssh.com>,hmac-sha1-etm@openssh.com<hmac-sha1-etm@openssh.com>,umac-64-etm@openssh.com<umac-64-etm@openssh.com>,umac-128-etm@openssh.com<umac-128-etm@openssh.com>,hmac-
2-256-etm@openssh.com<2-256-etm@openssh.com>,hmac-sha2-512-etm@openssh.com<hmac-sha2-512-etm@openssh.com>,hmac-ripemd160-etm@openssh.com<hmac-ripemd160-etm@openssh.com>,hmac-sha1-96-etm@openssh.com<hmac-sha1-96-etm@openssh.com>,hmac-md5-96-etm@open
.com,hmac-md5,hmac-sha1,umac-64@openssh.com<umac-64@openssh.com>,umac-128@openssh.com<umac-128@openssh.com>,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160@openssh.c<hmac-ripemd160@openssh.c>
hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib@openssh.com<zlib@openssh.com>,zlib
debug2: kex_parse_kexinit: none,zlib@openssh.com<zlib@openssh.com>,zlib
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: kex_parse_kexinit: ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hell
-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss,ecdsa-sha2-nistp256
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes19
bc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se<rijndael-cbc@lysator.liu.se>
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes19
bc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se<rijndael-cbc@lysator.liu.se>
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com<umac-64@openssh.com>,hmac-sha2-256,hmac-sha2-256-96,hmac-sha2-512,hmac-sha2-512-96,hmac
pemd160,hmac-ripemd160@openssh.com<hmac-ripemd160@openssh.com>,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com<umac-64@openssh.com>,hmac-sha2-256,hmac-sha2-256-96,hmac-sha2-512,hmac-sha2-512-96,hmac
pemd160,hmac-ripemd160@openssh.com<hmac-ripemd160@openssh.com>,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib@openssh.com<zlib@openssh.com>
debug2: kex_parse_kexinit: none,zlib@openssh.com<zlib@openssh.com>
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: mac_setup: found hmac-md5
debug1: kex: server->client aes128-ctr hmac-md5 none
debug2: mac_setup: found hmac-md5
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: sending SSH2_MSG_KEX_ECDH_INIT
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ECDSA ad:0d:bf:37:8d:9d:3a:d8:be:1a:59:46:51:d8:be:62
debug3: load_hostkeys: loading entries for host "130.206.126.218" from file "/home/mbulbulusic/.ssh/known_hosts"
debug3: load_hostkeys: found key type ECDSA in file /home/mbulbulusic/.ssh/known_hosts:2
debug3: load_hostkeys: loaded 1 keys
debug1: Host '130.206.126.218' is known and matches the ECDSA host key.
debug1: Found key in /home/mbulbulusic/.ssh/known_hosts:2
debug1: ssh_ecdsa_verify: signature correct
debug2: kex_derive_keys
debug2: set_newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug2: set_newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug2: key: ../../spain-key.pem (0x0), explicit
debug1: Authentications that can continue: publickey
debug3: start over, passed a different list publickey
debug3: preferred publickey,keyboard-interactive,password
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Trying private key: ../../spain-key.pem
debug1: read PEM private key done: type RSA
debug3: sign_and_send_pubkey: RSA 8a:3e:28:68:19:56:51:83:09:6e:81:56:31:bc:c3:05
debug2: we sent a publickey packet, wait for reply
debug1: Authentications that can continue: publickey
debug2: we did not send a packet, disable method
debug1: No more authentication methods to try.
Permission denied (publickey).
On Mon, Dec 15, 2014 at 3:23 PM, JOSE IGNACIO CARRETERO GUARDE <joseignacio.carreteroguarde@telefonica.com<joseignacio.carreteroguarde@telefonica.com>> wrote:
I remove the list to prevent spamming ----
It is working, and the public Key has being loaded. — And in this case, the public key you are telling me is the same as the one that has being injected in the VM.
Will you please provide me the -vvv output of the SSH?
Regards,
José Ignacio.
El 15/12/14 a las 15:18, Dino Osmanovic escribió:
Hi Jose,
sorry Im jumping in - first of all thanks for very fast response and valuable comments.
Are you sure that this instance is actually working properly since when we do same procedure on another instance type it works?
Procedure is that we generate key, allow security to use port 22 and than we try to ssh -i thatkey.pem root@ip ...
If you could do the same it would be great - your comments would be valuable...
Best,
Dino
–
Kind regards,
Dino Osmanovic | Business Consultant / Innovation Manager
DevLogic | Sarajevo | Bosnia and Herzegovina
Office : +387 33 942 123<tel:%2B387%2033%20942%20123>
Mobile: +387 61 216 927<tel:%2B387%2061%20216%20927>
Web: www.devlogic.eu <http://www.devlogic.eu>
E-mail: dosmanovic@devlogic.eu<dosmanovic@devlogic.eu>
On Mon, Dec 15, 2014 at 3:04 PM, Mirsad Bulbulusic <mbulbulusic@devlogic.eu<mbulbulusic@devlogic.eu>> wrote:
Nope, still same problem...
On Mon, Dec 15, 2014 at 2:23 PM, JOSE IGNACIO CARRETERO GUARDE <joseignacio.carreteroguarde@telefonica.com<joseignacio.carreteroguarde@telefonica.com>> wrote:
Is it working? Do you have any further problems?
Regards,
José Ignacio.
El 15/12/14 a las 13:57, Mirsad Bulbulusic escribió:
I removed other keys and instance from Spain and made this one spain-key.pem and after that i made new instance with keypair: spain-key.pem.
[Inline image 1][Inline image 1]
On Mon, Dec 15, 2014 at 1:49 PM, JOSE IGNACIO CARRETERO GUARDE <joseignacio.carreteroguarde@telefonica.com<joseignacio.carreteroguarde@telefonica.com>> wrote:
Good. You have create 7 different keypairs in the Spanish region. That keypair (spain-key.pem) isn't the keypair for that VM. — The key pair can't be changed when the instance is done.
Best regards,
José Ignacio.
El 15/12/14 a las 13:35, Mirsad Bulbulusic escribió:
I was tried with new instance with Spain region key but still not working. Now i tried with console ssh client and got this:
$ ssh -vT -i ../../spain-key.pem root@130.206.126.218<root@130.206.126.218>
OpenSSH_6.4, OpenSSL 1.0.1e 11 Feb 2013
debug1: Connecting to 130.206.126.218 [130.206.126.218] port 22.
debug1: Connection established.
debug1: identity file ../../spain-key.pem type -1
debug1: identity file ../../spain-key.pem-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.4
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.9p1 Debian-5ubuntu1
debug1: match: OpenSSH_5.9p1 Debian-5ubuntu1 pat OpenSSH_5*
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: sending SSH2_MSG_KEX_ECDH_INIT
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ECDSA ad:0d:bf:37:8d:9d:3a:d8:be:1a:59:46:51:d8:be:62
The authenticity of host '130.206.126.218 (130.206.126.218)' can't be established.
ECDSA key fingerprint is ad:0d:bf:37:8d:9d:3a:d8:be:1a:59:46:51:d8:be:62.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '130.206.126.218' (ECDSA) to the list of known hosts.
debug1: ssh_ecdsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Trying private key: ../../spain-key.pem
debug1: read PEM private key done: type RSA
debug1: Authentications that can continue: publickey
debug1: No more authentication methods to try.
Permission denied (publickey).
On Mon, Dec 15, 2014 at 1:18 PM, JOSE IGNACIO CARRETERO GUARDE <joseignacio.carreteroguarde@telefonica.com<joseignacio.carreteroguarde@telefonica.com>> wrote:
Hi,
In the Spanish node you only have one VM (as far as I can see with your user) – Its name is "auth-test" and there's no reason why you can't access that VM using your Keypair.
Maybe, you can have another VM in another region (if so, please tell us which one), but the key-pairs do only work in the region they were created at this moment.
Best regards,
José Ignacio.
El 15/12/14 a las 11:49, Mirsad Bulbulusic escribió:
Hi, i have problem with login to instance using SSH client.
Instance is running image : accesscontrol-gei-tha-3.3.3-1<https://cloud.lab.fi-ware.org/#nova/images/c0f0a684-7323-49cb-a6fe-3a231f76241e>
After i try to login with putty ssh client i got in response :
Using username "root".
Authenticating with public key "imported-openssh-key"
Server refused public-key signature despite accepting key!
I tried other image with same key and logged in without problems.
–
Kind regards,
Mirsad Bulbulušić | Android developer
DevLogic | Sarajevo | Bosnia and Herzegovina
Office : +387 33 942 123<http://t.senaldos.com/link?url=&ukey=agxzfnNpZ25hbHNjcnhyGAsSC1VzZXJQcm9maWxlGICAgK2Y-8IKDA&k=0608aae5-ed8b-4a5e-f1d2-674e094cf3ca>
Mobile: +387 61 692 271<http://t.senaldos.com/link?url=&ukey=agxzfnNpZ25hbHNjcnhyGAsSC1VzZXJQcm9maWxlGICAgK2Y-8IKDA&k=6bb29d70-72c7-4039-dde0-a2fa5c8dffa5>
Website: www.devlogic.eu<http://t.senaldos.com/link?url=http%3A%2F%2Fwww.devlogic.eu%2F&ukey=agxzfnNpZ25hbHNjcnhyGAsSC1VzZXJQcm9maWxlGICAgK2Y-8IKDA&k=ca0746ba-ab85-4e0e-8bf6-80696e4ed83a>
E-mail : @devlogic.eu<aavdic@devlogic.eu>
---------------------------------------------------------------------
This e-mail and any attachment is for authorised use by the intended recipient(s) only. This email contains confidential information. It should not be copied, disclosed to, retained or used by, any party other than the intended recipient. Any unauthorised distribution, dissemination or copying of this E-mail or its attachments, and/or any use of any information contained in them, is strictly prohibited and may be illegal. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender directly via email. Any emails that you send to us may be monitored by systems or persons other than the named communicant for the purposes of ascertaining whether the communication complies with the law and company policies.
There is a problem with the image he instanced – So I've moved the instance to be NON-Public and I've changed his instance. I haven't tell him to boot another instance because it wouldn't be possible with the current shortaged or resources in the Spanish node.
I think there are some answers to the mails that are not here.
Hi Jose,
Excellent we will try it in the morning and let you know if we still face
some issues.
Anyway thanks a lot for great support - hopefully we will not have any more
hickups
Best Regards,
Dino
On Dec 16, 2014 9:13 PM, "JOSE IGNACIO CARRETERO GUARDE" <
–
---------------------------------------------------------------------
This e-mail and any attachment is for authorised use by the intended
recipient(s) only. This email contains confidential information. It should
not be copied, disclosed to, retained or used by, any party other than the
intended recipient. Any unauthorised distribution, dissemination or copying
of this E-mail or its attachments, and/or any use of any information
contained in them, is strictly prohibited and may be illegal. If you are
not an intended recipient then please promptly delete this e-mail and any
attachment and all copies and inform the sender directly via email. Any
emails that you send to us may be monitored by systems or persons other
than the named communicant for the purposes of ascertaining whether the
communication complies with the law and company policies.
_______________________________________________
Fiware-lab-help mailing list
Fiware-lab-help@lists.fi-ware.org
https://lists.fi-ware.org/listinfo/fiware-lab-help
Hi,
In the Spanish node you only have one VM (as far as I can see with your user) – Its name is "auth-test" and there's no reason why you can't access that VM using your Keypair.
Maybe, you can have another VM in another region (if so, please tell us which one), but the key-pairs do only work in the region they were created at this moment.
Best regards,
José Ignacio.
El 15/12/14 a las 11:49, Mirsad Bulbulusic escribió:
Hi, i have problem with login to instance using SSH client.
Instance is running image : accesscontrol-gei-tha-3.3.3-1<https://cloud.lab.fi-ware.org/#nova/images/c0f0a684-7323-49cb-a6fe-3a231f76241e>
After i try to login with putty ssh client i got in response :
Using username "root".
Authenticating with public key "imported-openssh-key"
Server refused public-key signature despite accepting key!
I tried other image with same key and logged in without problems.
–
Kind regards,
Mirsad Bulbulušić | Android developer
DevLogic | Sarajevo | Bosnia and Herzegovina
Office : +387 33 942 123<http://t.senaldos.com/link?url=&ukey=agxzfnNpZ25hbHNjcnhyGAsSC1VzZXJQcm9maWxlGICAgK2Y-8IKDA&k=0608aae5-ed8b-4a5e-f1d2-674e094cf3ca>
Mobile: +387 61 692 271<http://t.senaldos.com/link?url=&ukey=agxzfnNpZ25hbHNjcnhyGAsSC1VzZXJQcm9maWxlGICAgK2Y-8IKDA&k=6bb29d70-72c7-4039-dde0-a2fa5c8dffa5>
Website: www.devlogic.eu<http://t.senaldos.com/link?url=http%3A%2F%2Fwww.devlogic.eu%2F&ukey=agxzfnNpZ25hbHNjcnhyGAsSC1VzZXJQcm9maWxlGICAgK2Y-8IKDA&k=ca0746ba-ab85-4e0e-8bf6-80696e4ed83a>
E-mail : @devlogic.eu<aavdic@devlogic.eu>
---------------------------------------------------------------------
This e-mail and any attachment is for authorised use by the intended recipient(s) only. This email contains confidential information. It should not be copied, disclosed to, retained or used by, any party other than the intended recipient. Any unauthorised distribution, dissemination or copying of this E-mail or its attachments, and/or any use of any information contained in them, is strictly prohibited and may be illegal. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender directly via email. Any emails that you send to us may be monitored by systems or persons other than the named communicant for the purposes of ascertaining whether the communication complies with the law and company policies.