Infrastructure » sepia

Hi David,

I am unable to connect to ssh. It says "connection timed out". Do I miss anything?

--ssh log--
ssh -vv -i ~/.ssh/id_rsa rpavani1998@teuthology.front.sepia.ceph.com

OpenSSH_7.5p1 Ubuntu-10ubuntu0.1, OpenSSL 1.0.2g 1 Mar 2016
debug1: Reading configuration data /home/admin1/.ssh/config
debug1: /home/admin1/.ssh/config line 1: Applying options for teuthology.front.sepia.ceph.com
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug2: resolving "teuthology.front.sepia.ceph.com" port 22
debug2: ssh_connect_direct: needpriv 0
debug1: Connecting to teuthology.front.sepia.ceph.com [172.21.0.51] port 22.
debug1: connect to address 172.21.0.51 port 22: Connection timed out
ssh: connect to host teuthology.front.sepia.ceph.com port 22: Connection timed out

Bad timing :) We just had a planned outage. Try now.

Still the same!!

You don't appear to be connected to the VPN. Try restarting your VPN client and check system logs for hints.

https://wiki.sepia.ceph.com/doku.php?id=vpnaccess#vpn_client_access

you are right! It is not connected to VPN.

This is what I am getting when I am trying to connect.

$service openvpn restart
$journalctl f -u openvpn@sepia.service
- Logs begin at Mon 2018-03-26 12:47:10 IST. --
May 15 22:13:48 rajula ovpn-sepia²³⁰⁸⁹: UDP link local: (not bound)
May 15 22:13:48 rajula ovpn-sepia²³⁰⁸⁹: UDP link remote: [AF_INET]8.43.84.129:1194
May 15 22:13:48 rajula ovpn-sepia²³⁰⁸⁹: NOTE: UID/GID downgrade will be delayed because of --client, --pull, or --up-delay
May 15 22:13:49 rajula ovpn-sepia²³⁰⁸⁹: WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
May 15 22:13:49 rajula ovpn-sepia²³⁰⁸⁹: VERIFY OK: depth=1, O=Redhat, CN=openvpnca-sepia
May 15 22:13:49 rajula ovpn-sepia²³⁰⁸⁹: VERIFY KU OK
May 15 22:13:49 rajula ovpn-sepia²³⁰⁸⁹: Validating certificate extended key usage
May 15 22:13:49 rajula ovpn-sepia²³⁰⁸⁹: ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
May 15 22:13:49 rajula ovpn-sepia²³⁰⁸⁹: VERIFY EKU OK
May 15 22:13:49 rajula ovpn-sepia²³⁰⁸⁹: VERIFY OK: depth=0, O=Redhat, CN=openvpn-sepia
May 15 22:13:51 rajula ovpn-sepia²³⁰⁸⁹: Control Channel: TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 2432 bit RSA
May 15 22:13:51 rajula ovpn-sepia²³⁰⁸⁹: [openvpn-sepia] Peer Connection Initiated with [AF_INET]8.43.84.129:1194
May 15 22:13:53 rajula ovpn-sepia²³⁰⁸⁹: AUTH: Received control message: AUTH_FAILED
May 15 22:13:53 rajula ovpn-sepia²³⁰⁸⁹: SIGTERM[soft,auth-failure] received, process exiting

Can you try manually running from the command line? You might need to modify the path to have an extra directory.

openvpn --config /etc/openvpn/sepia.conf --cd /etc/openvpn --verb 5

I have re-generated the VPN credentials.

admin1@rajula 31GbDo9d1YnW5BQ8u3utvw a2da13cb840f848846023c85442ba7bcce97dc186056a0ecc036a220d7eb7fc3

Can you please update these credentials.

Okay, try now.

Thanks! It worked. But, It is asking for a password.

Double check you're ssh'ing as rpavani1998. Your public key is in place.

root@teuthology:~# cat /home/rpavani1998/.ssh/authorized_keys 
ssh-rsa AAAB3NzaC1yc2EAAAADAQABAAABAQDUznqo3VDmcKRL64P7sbjuxXCW/0ljFTc5zZoZ9UvtZvU2jrRQ2X9GyxcrcQnAWlF5YZHqeTDU5o8ixn5fq1MSmaPRBNDKKVQOfR/vFQV73LiKx4BFsC1/EdaPie/XqltaLDTtfqhxADJlz1H3a3ZlkeVHMROTqo/TidL1YUYlRH4qHxWWBuFuVS+EYfTegSZdjwp+DuJA0iN6X99+DfH2DhiHENjEmlbKN13+H+EPzm0K3ya2w8D6ANodB3AxMn2tGs8mLtG/P4kCjoDnoUVFzKTyUpTtgOjis47uSY4dL8mTbIK9kZAiFxnT5sMClu6KRStDjRIrxbTBQJ8wvlat admin1@rajula

Yes, Its is rpavani1998 only.

debug1: Next authentication method: password
rpavani1998@teuthology.front.sepia.ceph.com's password:

admin1@rajula:~$ cat  /home/admin1/.ssh/id_rsa.pub 
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDUznqo3VDmcKRL64P7sbjuxXCW/0ljFTc5zZoZ9UvtZvU2jrRQ2X9GyxcrcQnAWlF5YZHqeTDU5o8ixn5fq1MSmaPRBNDKKVQOfR/vFQV73LiKx4BFsC1/EdaPie/XqltaLDTtfqhxADJlz1H3a3ZlkeVHMROTqo/TidL1YUYlRH4qHxWWBuFuVS+EYfTegSZdjwp+DuJA0iN6X99+DfH2DhiHENjEmlbKN13+H+EPzm0K3ya2w8D6ANodB3AxMn2tGs8mLtG/P4kCjoDnoUVFzKTyUpTtgOjis47uSY4dL8mTbIK9kZAiFxnT5sMClu6KRStDjRIrxbTBQJ8wvlat admin1@rajula

Can you run for key in $(ls ~/.ssh/id_rsa*); do echo -e "$key: $(ssh-keygen -E md5 -lf $key)"; done please

Also double check this: https://wiki.sepia.ceph.com/doku.php?id=testnodeaccess#ssh_config

/home/admin1/.ssh/id_rsa: 2048 MD5:81:2b:92:b2:04:f0:30:ae:a6:fc:64:dd:75:34:01:c7 admin1@rajula (RSA)
/home/admin1/.ssh/id_rsa.pub: 2048 MD5:81:2b:92:b2:04:f0:30:ae:a6:fc:64:dd:75:34:01:c7 admin1@rajula (RSA)

Everything looks alright. Don't know where is it going wrong!

Rajula Pavani wrote:

Yes, Its is rpavani1998 only.

debug1: Next authentication method: password
rpavani1998@teuthology.front.sepia.ceph.com's password:

[...]

Hi David,

Sorry for getting back this issue this late. My problem is not yet resolved It still asking me for the password.
And I have observed that the public you put differs from what I have. The key starts with 4A's not 3. Is this the reason why It is asking for password?

Rajula Pavani wrote:

Rajula Pavani wrote:

Yes, Its is rpavani1998 only.

debug1: Next authentication method: password
rpavani1998@teuthology.front.sepia.ceph.com's password:

[...]

Hi David,

Sorry for getting back this issue this late. My problem is not yet resolved It still asking me for the password.
And I have observed that the public you put differs from what I have. The key starts with 4A's not 3. Is this the reason why It is asking for password?

Ah, yeah, that would do it. I just copied the public key from the initial request.

I've pasted the key with 4 As into your authorized_keys on teuthology. Please try to SSH now.

It's working now!
Thanks David