Support #59204
openSepia Lab Access Request
0%
Description
1) Do you just need VPN access or will you also be running teuthology jobs?
I will also be running teuthology jobs.
2) Desired Username:
chunmei
3) Alternate e-mail address(es) we can reach you at:
chunmei.liu@intel.com
4) If you don't already have an established history of code contributions to Ceph, is there an existing community or core developer you've worked with who has reviewed your work and can vouch for your access request?
I already have an established history of code contributions to Ceph.
If you answered "No" to # 4, please answer the following (paste directly below the question to keep indentation):
4a) Paste a link to a Blueprint or planning doc of yours that was reviewed at a Ceph Developer Monthly.
4b) Paste a link to an accepted pull request for a major patch or feature.
4c) If applicable, include a link to the current project (planning doc, dev branch, or pull request) that you are looking to test.
5) Paste your SSH public key(s) between the pre
tags
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCpz2Tz4j9nSmCpF6LrRnwDAeMGUtqrPokUXXRQqb1whAJtfgQbAqAGw8+GdBIhHKzWTgBNWB5bSglf5iMOftyslsMYM+0jhv3vFVHt6luASG8uISfYZmqDRVBi3u4XJkNvuKIgpQf1OkyHbyswYf5CcVdsQ0bK5EteGpRLX2qxZFbtWVV1dhMIDet4DueGAYcOmlfKRYD132Z0XsWjxZTOWIlxXir1G2ZKpK3Pv69Q/wcLGXU+qhs8GOGsxE2NjjMkQFIOH5MKnJP/AG7IthupEYvsEV25KQVrGMV0Ixl+xfNFxs2L/r+0Ycu8SCImYMQEi0Zqcubc330JG8pTuBvA0VL5cJxs/33KtmGfeEGDXZsxolMFuOVeHwQkZq1SjW9v0YjyWKF8bbcMhejBeNO9ax1YgqbVwi7RDlAQA4J9EKmlQsD43mHUzxmDDgXAdKCNoNVYl0Ug7+6KnW20Z7AkL8tqMBoaMgbAdHVmZrQ5jXOWWFHYDzq96aFua0WUeSk= chunmei@chunmei-VirtualBox
6) Paste your hashed VPN credentials between the pre
tags (Format: user@hostname 22CharacterSalt 65CharacterHashedPassword
)
chunmei@chunmei-VirtualBox jV2+sW00zKCCYlXkx8RUfQ 87e4e1dfab090d4c05a34efc5b2c402d3fa2cbfb1833fd5d607dbaf2878cedf2
Updated by adam kraitman about 1 year ago
- Category set to User access
- Status changed from New to In Progress
- Assignee set to adam kraitman
Hey chunmei liu there an existing community or core developer you've worked with who has reviewed your work and can vouch for your access request?
Updated by chunmei liu about 1 year ago
adam kraitman wrote:
Hey chunmei liu there an existing community or core developer you've worked with who has reviewed your work and can vouch for your access request?
Sam Just <sjust@redhat.com> and Cheng, Yingxin <yingxin.cheng@intel.com>
Updated by adam kraitman about 1 year ago
Hey Sam Just can you vote for chunmei liu access request?
Updated by Samuel Just 11 months ago
Yes please! Sorry, I didn't see when this was posted!
Updated by adam kraitman 11 months ago
Hey chunmei liu,
You should have access to the Sepia lab now. Please verify you're able to connect to the vpn and ssh chunmei@teuthology.front.sepia.ceph.com using the private key matching the pubkey you provided.
Be sure to check out the following links for final workstation setup steps:
https://wiki.sepia.ceph.com/doku.php?id=vpnaccess#vpn_client_access
https://wiki.sepia.ceph.com/doku.php?id=testnodeaccess#ssh_config
Most developers choose to schedule runs from the shared teuthology VM. For information on that, see http://docs.ceph.com/teuthology/docs/intro_testers.html
If you plan on scheduling tests, one of the options you'll need to set with teuthology-suite is -p, --priority. Please refrain from using a priority lower than 101 (lower number = higher priority). When a high priority is used, it locks up too many testnodes at once and prevents other developers from testing changes.
Thanks.
Updated by chunmei liu 11 months ago
Hey adam,
I think I can access vpn, but when I do ssh chunmei@teuthology.front.sepia.ceph.com
it asks me to input password as follows:
chunmei@chunmei-VirtualBox:/var/log$ ssh chunmei@teuthology.front.sepia.ceph.com
chunmei@teuthology.front.sepia.ceph.com's password:
what the password here to input?
Thanks!
Updated by chunmei liu 11 months ago
when run openvpn --config /etc/openvpn/sepia.conf --cd /etc/openvpn --verb 5, got the following warnings:
023-06-09 03:02:22 us=306948 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1542', remote='link-mtu 1550'
2023-06-09 03:02:22 us=306991 WARNING: 'auth' is used inconsistently, local='auth SHA1', remote='auth [null-digest]'
2023-06-09 03:02:22 us=307008 WARNING: 'keysize' is used inconsistently, local='keysize 128', remote='keysize 256'
Updated by adam kraitman 11 months ago
Can you check your OpenVPN service status ?
Updated by chunmei liu 11 months ago
● openvpn.service - OpenVPN service
Loaded: loaded (/lib/systemd/system/openvpn.service; enabled; vendor preset: enabled)
Active: active (exited) since Fri 2023-06-09 01:48:00 PDT; 2 days ago
Main PID: 667 (code=exited, status=0/SUCCESS)
CPU: 2ms
Jun 09 01:48:00 chunmei-VirtualBox systemd1: Starting OpenVPN service...
Jun 09 01:48:00 chunmei-VirtualBox systemd1: Finished OpenVPN service.
Updated by adam kraitman 11 months ago
Please paste the output of
openvpn --config /etc/openvpn/sepia.conf --cd /etc/openvpn --verb 5
OR
openvpn --config /etc/openvpn/client/sepia.conf --cd /etc/openvpn/client --verb 5
Updated by chunmei liu 11 months ago
2023-06-12 16:53:38 WARNING: Compression for receiving enabled. Compression has been used in the past to break encryption. Sent packets are not compressed unless "allow-compression yes" is also set.
2023-06-12 16:53:38 us=686194 --cipher is not set. Previous OpenVPN version defaulted to BF-CBC as fallback when cipher negotiation failed in this case. If you need this fallback please add '--data-ciphers-fallback BF-CBC' to your configuration and/or add BF-CBC to --data-ciphers.
2023-06-12 16:53:38 us=689520 Current Parameter Settings:
2023-06-12 16:53:38 us=689541 config = '/etc/openvpn/sepia.conf'
2023-06-12 16:53:38 us=689545 mode = 0
2023-06-12 16:53:38 us=689548 persist_config = DISABLED
2023-06-12 16:53:38 us=689551 persist_mode = 1
2023-06-12 16:53:38 us=689554 show_ciphers = DISABLED
2023-06-12 16:53:38 us=689556 show_digests = DISABLED
2023-06-12 16:53:38 us=689559 show_engines = DISABLED
2023-06-12 16:53:38 us=689561 genkey = DISABLED
2023-06-12 16:53:38 us=689564 genkey_filename = '[UNDEF]'
2023-06-12 16:53:38 us=689567 NOTE: --mute triggered...
2023-06-12 16:53:38 us=690886 278 variation(s) on previous 10 message(s) suppressed by --mute
2023-06-12 16:53:38 us=690899 OpenVPN 2.5.5 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Jul 14 2022
2023-06-12 16:53:38 us=691844 library versions: OpenSSL 3.0.2 15 Mar 2022, LZO 2.10
2023-06-12 16:53:38 us=716356 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
2023-06-12 16:53:38 us=716480 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
2023-06-12 16:53:38 us=716526 LZO compression initializing
2023-06-12 16:53:38 us=716663 Control Channel MTU parms [ L:1622 D:1184 EF:66 EB:0 ET:0 EL:3 ]
2023-06-12 16:53:39 us=88440 Data Channel MTU parms [ L:1622 D:1450 EF:122 EB:406 ET:0 EL:3 AF:14/122 ]
2023-06-12 16:53:39 us=88549 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 1,auth SHA1,keysize 128,tls-auth,key-method 2,tls-client'
2023-06-12 16:53:39 us=88564 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 0,auth SHA1,keysize 128,tls-auth,key-method 2,tls-server'
2023-06-12 16:53:39 us=88793 TCP/UDP: Preserving recently used remote address: [AF_INET]8.43.84.129:1194
2023-06-12 16:53:39 us=88822 Socket Buffers: R=[212992->212992] S=[212992->212992]
2023-06-12 16:53:39 us=88833 UDP link local: (not bound)
2023-06-12 16:53:39 us=88843 UDP link remote: [AF_INET]8.43.84.129:1194
2023-06-12 16:53:39 us=88851 NOTE: UID/GID downgrade will be delayed because of --client, --pull, or --up-delay
WR2023-06-12 16:53:39 us=186693 TLS: Initial packet from [AF_INET]8.43.84.129:1194, sid=b02027c7 c0912016
WWRWR2023-06-12 16:53:39 us=282177 VERIFY OK: depth=1, O=Redhat, CN=openvpnca-sepia
2023-06-12 16:53:39 us=283954 VERIFY KU OK
2023-06-12 16:53:39 us=284070 Validating certificate extended key usage
2023-06-12 16:53:39 us=284109 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
2023-06-12 16:53:39 us=284156 VERIFY EKU OK
2023-06-12 16:53:39 us=284205 VERIFY OK: depth=0, O=Redhat, CN=openvpn-sepia
WRWR2023-06-12 16:53:40 us=409959 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1542', remote='link-mtu 1550'
2023-06-12 16:53:40 us=409983 WARNING: 'auth' is used inconsistently, local='auth SHA1', remote='auth [null-digest]'
2023-06-12 16:53:40 us=410018 WARNING: 'keysize' is used inconsistently, local='keysize 128', remote='keysize 256'
W2023-06-12 16:53:40 us=410375 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, peer certificate: 2432 bit RSA, signature: RSA-SHA256
2023-06-12 16:53:40 us=410396 [openvpn-sepia] Peer Connection Initiated with [AF_INET]8.43.84.129:1194
2023-06-12 16:53:41 us=644950 SENT CONTROL [openvpn-sepia]: 'PUSH_REQUEST' (status=1)
WRR2023-06-12 16:53:41 us=722475 PUSH: Received control message: 'PUSH_REPLY,dhcp-option DOMAIN front.sepia.ceph.com,route 172.21.0.0 255.255.240.0 vpn_gateway,route 172.21.32.0 255.255.240.0 vpn_gateway,route 172.21.64.0 255.255.255.0 vpn_gateway,route 172.21.65.0 255.255.255.0 vpn_gateway,route 172.21.66.0 255.255.255.0 vpn_gateway,route 172.21.67.0 255.255.255.0 vpn_gateway,route 172.21.48.1,topology net30,ping 10,ping-restart 60,ifconfig 172.21.49.190 172.21.49.189,peer-id 5,cipher AES-256-GCM'
2023-06-12 16:53:41 us=722745 OPTIONS IMPORT: timers and/or timeouts modified
2023-06-12 16:53:41 us=722767 OPTIONS IMPORT: --ifconfig/up options modified
2023-06-12 16:53:41 us=722771 OPTIONS IMPORT: route options modified
2023-06-12 16:53:41 us=722774 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
2023-06-12 16:53:41 us=722779 OPTIONS IMPORT: peer-id set
2023-06-12 16:53:41 us=722783 OPTIONS IMPORT: adjusting link_mtu to 1625
2023-06-12 16:53:41 us=722788 OPTIONS IMPORT: data channel crypto options modified
2023-06-12 16:53:41 us=722794 Data Channel: using negotiated cipher 'AES-256-GCM'
2023-06-12 16:53:41 us=722810 Data Channel MTU parms [ L:1553 D:1450 EF:53 EB:406 ET:0 EL:3 AF:14/122 ]
2023-06-12 16:53:41 us=723340 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
2023-06-12 16:53:41 us=723358 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
2023-06-12 16:53:41 us=723418 net_route_v4_best_gw query: dst 0.0.0.0
2023-06-12 16:53:41 us=723499 net_route_v4_best_gw result: via 10.0.2.2 dev enp0s3
2023-06-12 16:53:41 us=723521 ROUTE_GATEWAY 10.0.2.2/255.255.255.0 IFACE=enp0s3 HWADDR=08:00:27:92:69:6c
2023-06-12 16:53:41 us=734790 TUN/TAP device tun1 opened
2023-06-12 16:53:41 us=734875 do_ifconfig, ipv4=1, ipv6=0
2023-06-12 16:53:41 us=743289 net_iface_mtu_set: mtu 1500 for tun1
2023-06-12 16:53:41 us=744065 net_iface_up: set tun1 up
2023-06-12 16:53:41 us=748541 net_addr_ptp_v4_add: 172.21.49.190 peer 172.21.49.189 dev tun1
2023-06-12 16:53:41 us=749505 net_route_v4_add: 172.21.0.0/20 via 172.21.49.189 dev [NULL] table 0 metric -1
2023-06-12 16:53:41 us=749585 net_route_v4_add: 172.21.32.0/20 via 172.21.49.189 dev [NULL] table 0 metric -1
2023-06-12 16:53:41 us=749640 net_route_v4_add: 172.21.64.0/24 via 172.21.49.189 dev [NULL] table 0 metric -1
2023-06-12 16:53:41 us=749693 net_route_v4_add: 172.21.65.0/24 via 172.21.49.189 dev [NULL] table 0 metric -1
2023-06-12 16:53:41 us=749744 net_route_v4_add: 172.21.66.0/24 via 172.21.49.189 dev [NULL] table 0 metric -1
2023-06-12 16:53:41 us=749795 net_route_v4_add: 172.21.67.0/24 via 172.21.49.189 dev [NULL] table 0 metric -1
2023-06-12 16:53:41 us=749871 net_route_v4_add: 172.21.48.1/32 via 172.21.49.189 dev [NULL] table 0 metric -1
2023-06-12 16:53:41 us=749928 GID set to openvpn
2023-06-12 16:53:41 us=749971 UID set to openvpn
2023-06-12 16:53:41 us=750008 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
2023-06-12 16:53:41 us=750045 Initialization Sequence Completed
WrWrWRrWRWrWRWRWRWrWWWWWW2023-06-12 16:55:34 us=169833 [openvpn-sepia] Inactivity timeout (--ping-restart), restarting
2023-06-12 16:55:34 us=169961 TCP/UDP: Closing socket
2023-06-12 16:55:34 us=169995 SIGUSR1[soft,ping-restart] received, process restarting
2023-06-12 16:55:34 us=170008 Restart pause, 5 second(s)
2023-06-12 16:55:39 us=170195 Re-using SSL/TLS context
2023-06-12 16:55:39 us=170280 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
2023-06-12 16:55:39 us=170286 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
2023-06-12 16:55:39 us=170292 LZO compression initializing
2023-06-12 16:55:39 us=170348 Control Channel MTU parms [ L:1622 D:1184 EF:66 EB:0 ET:0 EL:3 ]
2023-06-12 16:55:39 us=170358 Data Channel MTU parms [ L:1622 D:1450 EF:122 EB:406 ET:0 EL:3 AF:14/122 ]
2023-06-12 16:55:39 us=170369 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 1,auth SHA1,keysize 128,tls-auth,key-method 2,tls-client'
2023-06-12 16:55:39 us=170373 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 0,auth SHA1,keysize 128,tls-auth,key-method 2,tls-server'
2023-06-12 16:55:39 us=170379 TCP/UDP: Preserving recently used remote address: [AF_INET]8.43.84.129:1194
2023-06-12 16:55:39 us=170402 Socket Buffers: R=[212992->212992] S=[212992->212992]
2023-06-12 16:55:39 us=170406 UDP link local: (not bound)
2023-06-12 16:55:39 us=170409 UDP link remote: [AF_INET]8.43.84.129:1194
WR2023-06-12 16:55:39 us=265536 TLS: Initial packet from [AF_INET]8.43.84.129:1194, sid=2dd9ae55 d568d42c
WWRWR2023-06-12 16:55:39 us=358930 VERIFY OK: depth=1, O=Redhat, CN=openvpnca-sepia
2023-06-12 16:55:39 us=359063 VERIFY KU OK
2023-06-12 16:55:39 us=359070 Validating certificate extended key usage
2023-06-12 16:55:39 us=359074 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
2023-06-12 16:55:39 us=359077 VERIFY EKU OK
2023-06-12 16:55:39 us=359080 VERIFY OK: depth=0, O=Redhat, CN=openvpn-sepia
WrRWR2023-06-12 16:55:40 us=487260 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1542', remote='link-mtu 1550'
2023-06-12 16:55:40 us=487557 WARNING: 'auth' is used inconsistently, local='auth SHA1', remote='auth [null-digest]'
2023-06-12 16:55:40 us=487786 WARNING: 'keysize' is used inconsistently, local='keysize 128', remote='keysize 256'
W2023-06-12 16:55:40 us=490543 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, peer certificate: 2432 bit RSA, signature: RSA-SHA256
2023-06-12 16:55:40 us=491002 [openvpn-sepia] Peer Connection Initiated with [AF_INET]8.43.84.129:1194
2023-06-12 16:55:41 us=661668 SENT CONTROL [openvpn-sepia]: 'PUSH_REQUEST' (status=1)
WRR2023-06-12 16:55:41 us=738909 PUSH: Received control message: 'PUSH_REPLY,dhcp-option DOMAIN front.sepia.ceph.com,route 172.21.0.0 255.255.240.0 vpn_gateway,route 172.21.32.0 255.255.240.0 vpn_gateway,route 172.21.64.0 255.255.255.0 vpn_gateway,route 172.21.65.0 255.255.255.0 vpn_gateway,route 172.21.66.0 255.255.255.0 vpn_gateway,route 172.21.67.0 255.255.255.0 vpn_gateway,route 172.21.48.1,topology net30,ping 10,ping-restart 60,ifconfig 172.21.49.190 172.21.49.189,peer-id 5,cipher AES-256-GCM'
2023-06-12 16:55:41 us=739037 OPTIONS IMPORT: timers and/or timeouts modified
2023-06-12 16:55:41 us=739048 OPTIONS IMPORT: --ifconfig/up options modified
2023-06-12 16:55:41 us=739053 OPTIONS IMPORT: route options modified
2023-06-12 16:55:41 us=739057 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
2023-06-12 16:55:41 us=739062 OPTIONS IMPORT: peer-id set
2023-06-12 16:55:41 us=739067 OPTIONS IMPORT: adjusting link_mtu to 1625
2023-06-12 16:55:41 us=739072 OPTIONS IMPORT: data channel crypto options modified
2023-06-12 16:55:41 us=739078 Data Channel: using negotiated cipher 'AES-256-GCM'
2023-06-12 16:55:41 us=739094 Data Channel MTU parms [ L:1553 D:1450 EF:53 EB:406 ET:0 EL:3 AF:14/122 ]
2023-06-12 16:55:41 us=739182 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
2023-06-12 16:55:41 us=739194 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
2023-06-12 16:55:41 us=739203 Preserving previous TUN/TAP instance: tun1
2023-06-12 16:55:41 us=739221 Initialization Sequence Completed
WRWWR
then repeat the above output.
Updated by adam kraitman 11 months ago
Thanks, Can you please paste your client.conf file
Updated by chunmei liu 11 months ago
client.conf:
script-security 1
client
remote vpn.sepia.ceph.com 1194
dev tun
remote-random
resolv-retry infinite
nobind
user openvpn
group openvpn
persist-tun
persist-key
comp-lzo
verb 2
mute 10
remote-cert-tls server
tls-auth sepia/tlsauth 1
ca sepia/ca.crt
auth-user-pass sepia/secret
Updated by adam kraitman 11 months ago
Please try to change those values and restart the OpenVPN service
user nobody
group nobody
Updated by chunmei liu 11 months ago
changed it to nobody, then execute the commands as followings, failed to find GID for group nobody and ssh no return.
chunmei@chunmei-VirtualBox:/etc/openvpn/sepia$ sudo systemctl restart openvpn
chunmei@chunmei-VirtualBox:/etc/openvpn/sepia$ sudo systemctl status openvpn
● openvpn.service - OpenVPN service
Loaded: loaded (/lib/systemd/system/openvpn.service; enabled; vendor preset: enabled)
Active: active (exited) since Wed 2023-06-14 16:05:50 PDT; 7s ago
Process: 63500 ExecStart=/bin/true (code=exited, status=0/SUCCESS)
Main PID: 63500 (code=exited, status=0/SUCCESS)
CPU: 3ms
Jun 14 16:05:50 chunmei-VirtualBox systemd1: Starting OpenVPN service...
Jun 14 16:05:50 chunmei-VirtualBox systemd1: Finished OpenVPN service.
chunmei@chunmei-VirtualBox:/etc/openvpn/sepia$ sudo openvpn --config /etc/openvpn/sepia.conf --cd /etc/openvpn --verb 5
2023-06-14 16:06:39 WARNING: Compression for receiving enabled. Compression has been used in the past to break encryption. Sent packets are not compressed unless "allow-compression yes" is also set.
2023-06-14 16:06:39 us=699233 --cipher is not set. Previous OpenVPN version defaulted to BF-CBC as fallback when cipher negotiation failed in this case. If you need this fallback please add '--data-ciphers-fallback BF-CBC' to your configuration and/or add BF-CBC to --data-ciphers.
2023-06-14 16:06:39 us=701046 Current Parameter Settings:
2023-06-14 16:06:39 us=712664 config = '/etc/openvpn/sepia.conf'
2023-06-14 16:06:39 us=712731 mode = 0
2023-06-14 16:06:39 us=712768 persist_config = DISABLED
2023-06-14 16:06:39 us=712805 persist_mode = 1
2023-06-14 16:06:39 us=712840 show_ciphers = DISABLED
2023-06-14 16:06:39 us=712876 show_digests = DISABLED
2023-06-14 16:06:39 us=712910 show_engines = DISABLED
2023-06-14 16:06:39 us=712945 genkey = DISABLED
2023-06-14 16:06:39 us=712980 genkey_filename = '[UNDEF]'
2023-06-14 16:06:39 us=713015 NOTE: --mute triggered...
2023-06-14 16:06:39 us=713054 278 variation(s) on previous 10 message(s) suppressed by --mute
2023-06-14 16:06:39 us=713091 OpenVPN 2.5.5 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Jul 14 2022
2023-06-14 16:06:39 us=713137 library versions: OpenSSL 3.0.2 15 Mar 2022, LZO 2.10
2023-06-14 16:06:39 us=714400 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
2023-06-14 16:06:39 us=714501 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
2023-06-14 16:06:39 us=714548 LZO compression initializing
2023-06-14 16:06:39 us=714629 Control Channel MTU parms [ L:1622 D:1184 EF:66 EB:0 ET:0 EL:3 ]
2023-06-14 16:06:39 us=726228 Data Channel MTU parms [ L:1622 D:1450 EF:122 EB:406 ET:0 EL:3 AF:14/122 ]
2023-06-14 16:06:39 us=726266 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 1,auth SHA1,keysize 128,tls-auth,key-method 2,tls-client'
2023-06-14 16:06:39 us=726270 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 0,auth SHA1,keysize 128,tls-auth,key-method 2,tls-server'
2023-06-14 16:06:39 us=727000 failed to find GID for group nobody
2023-06-14 16:06:39 us=727011 Exiting due to fatal error
chunmei@chunmei-VirtualBox:/etc/openvpn/sepia$ ssh chunmei@teuthology.front.sepia.ceph.com
Updated by adam kraitman 11 months ago
Please change it back the user & group and restart the service, the issue is in your ssh client config please ssh teuthology with -vvv and sent me the output
Updated by chunmei liu 11 months ago
seems not found the key.
chunmei@chunmei-VirtualBox:/etc/openvpn/sepia$ ssh chunmei@teuthology.front.sepia.ceph.com -vvv
OpenSSH_8.9p1 Ubuntu-3ubuntu0.1, OpenSSL 3.0.2 15 Mar 2022
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: include /etc/ssh/ssh_config.d/*.conf matched no files
debug1: /etc/ssh/ssh_config line 21: Applying options for *
debug3: expanded UserKnownHostsFile '~/.ssh/known_hosts' -> '/home/chunmei/.ssh/known_hosts'
debug3: expanded UserKnownHostsFile '~/.ssh/known_hosts2' -> '/home/chunmei/.ssh/known_hosts2'
debug2: resolving "teuthology.front.sepia.ceph.com" port 22
debug3: resolve_host: lookup teuthology.front.sepia.ceph.com:22
debug3: ssh_connect_direct: entering
debug1: Connecting to teuthology.front.sepia.ceph.com [172.21.0.51] port 22.
debug3: set_sock_tos: set socket 3 IP_TOS 0x10
debug1: Connection established.
debug1: identity file /home/chunmei/.ssh/id_rsa type -1
debug1: identity file /home/chunmei/.ssh/id_rsa-cert type -1
debug1: identity file /home/chunmei/.ssh/id_ecdsa type -1
debug1: identity file /home/chunmei/.ssh/id_ecdsa-cert type -1
debug1: identity file /home/chunmei/.ssh/id_ecdsa_sk type -1
debug1: identity file /home/chunmei/.ssh/id_ecdsa_sk-cert type -1
debug1: identity file /home/chunmei/.ssh/id_ed25519 type -1
debug1: identity file /home/chunmei/.ssh/id_ed25519-cert type -1
debug1: identity file /home/chunmei/.ssh/id_ed25519_sk type -1
debug1: identity file /home/chunmei/.ssh/id_ed25519_sk-cert type -1
debug1: identity file /home/chunmei/.ssh/id_xmss type -1
debug1: identity file /home/chunmei/.ssh/id_xmss-cert type -1
debug1: identity file /home/chunmei/.ssh/id_dsa type -1
debug1: identity file /home/chunmei/.ssh/id_dsa-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_8.9p1 Ubuntu-3ubuntu0.1
debug1: Remote protocol version 2.0, remote software version OpenSSH_7.6p1 Ubuntu-4ubuntu0.5
debug1: compat_banner: match: OpenSSH_7.6p1 Ubuntu-4ubuntu0.5 pat OpenSSH_7.0*,OpenSSH_7.1*,OpenSSH_7.2*,OpenSSH_7.3*,OpenSSH_7.5*,OpenSSH_7.6*,OpenSSH_7.7* compat 0x04000002
debug2: fd 3 setting O_NONBLOCK
debug1: Authenticating to teuthology.front.sepia.ceph.com:22 as 'chunmei'
debug3: record_hostkey: found key type ED25519 in file /home/chunmei/.ssh/known_hosts:1
debug3: load_hostkeys_file: loaded 1 keys from teuthology.front.sepia.ceph.com
debug1: load_hostkeys: fopen /home/chunmei/.ssh/known_hosts2: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts2: No such file or directory
debug3: order_hostkeyalgs: have matching best-preference key type ssh-ed25519-cert-v01@openssh.com, using HostkeyAlgorithms verbatim
debug3: send packet: type 20
debug1: SSH2_MSG_KEXINIT sent
debug3: receive packet: type 20
debug1: SSH2_MSG_KEXINIT received
debug2: local client KEXINIT proposal
debug2: KEX algorithms: curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,sntrup761x25519-sha512@openssh.com,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,ext-info-c
debug2: host key algorithms: ssh-ed25519-cert-v01@openssh.com,ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,sk-ssh-ed25519-cert-v01@openssh.com,sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,rsa-sha2-512-cert-v01@openssh.com,rsa-sha2-256-cert-v01@openssh.com,ssh-ed25519,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,sk-ssh-ed25519@openssh.com,sk-ecdsa-sha2-nistp256@openssh.com,rsa-sha2-512,rsa-sha2-256
debug2: ciphers ctos: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
debug2: ciphers stoc: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
debug2: MACs ctos: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: MACs stoc: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: compression ctos: none,zlib@openssh.com,zlib
debug2: compression stoc: none,zlib@openssh.com,zlib
debug2: languages ctos:
debug2: languages stoc:
debug2: first_kex_follows 0
debug2: reserved 0
debug2: peer server KEXINIT proposal
debug2: KEX algorithms: curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1
debug2: host key algorithms: ssh-rsa,rsa-sha2-512,rsa-sha2-256,ecdsa-sha2-nistp256,ssh-ed25519
debug2: ciphers ctos: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
debug2: ciphers stoc: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
debug2: MACs ctos: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: MACs stoc: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: compression ctos: none,zlib@openssh.com
debug2: compression stoc: none,zlib@openssh.com
debug2: languages ctos:
debug2: languages stoc:
debug2: first_kex_follows 0
debug2: reserved 0
debug1: kex: algorithm: curve25519-sha256
debug1: kex: host key algorithm: ssh-ed25519
debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug3: send packet: type 30
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug3: receive packet: type 31
debug1: SSH2_MSG_KEX_ECDH_REPLY received
debug1: Server host key: ssh-ed25519 SHA256:/9BQuqfuumk1f5t02NAAJw+ecZE7+oGGCcby+gkMHe4
debug3: record_hostkey: found key type ED25519 in file /home/chunmei/.ssh/known_hosts:1
debug3: load_hostkeys_file: loaded 1 keys from teuthology.front.sepia.ceph.com
debug1: load_hostkeys: fopen /home/chunmei/.ssh/known_hosts2: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts2: No such file or directory
debug1: Host 'teuthology.front.sepia.ceph.com' is known and matches the ED25519 host key.
debug1: Found key in /home/chunmei/.ssh/known_hosts:1
debug3: send packet: type 21
debug2: ssh_set_newkeys: mode 1
debug1: rekey out after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug3: receive packet: type 21
debug1: SSH2_MSG_NEWKEYS received
debug2: ssh_set_newkeys: mode 0
debug1: rekey in after 134217728 blocks
debug1: get_agent_identities: bound agent to hostkey
debug1: get_agent_identities: ssh_fetch_identitylist: agent contains no identities
debug1: Will attempt key: /home/chunmei/.ssh/id_rsa
debug1: Will attempt key: /home/chunmei/.ssh/id_ecdsa
debug1: Will attempt key: /home/chunmei/.ssh/id_ecdsa_sk
debug1: Will attempt key: /home/chunmei/.ssh/id_ed25519
debug1: Will attempt key: /home/chunmei/.ssh/id_ed25519_sk
debug1: Will attempt key: /home/chunmei/.ssh/id_xmss
debug1: Will attempt key: /home/chunmei/.ssh/id_dsa
debug2: pubkey_prepare: done
debug3: send packet: type 5
debug3: receive packet: type 7
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<ssh-ed25519,ssh-rsa,rsa-sha2-256,rsa-sha2-512,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521>
debug3: receive packet: type 6
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug3: send packet: type 50
debug3: receive packet: type 51
debug1: Authentications that can continue: publickey,password
debug3: start over, passed a different list publickey,password
debug3: preferred gssapi-with-mic,publickey,keyboard-interactive,password
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Trying private key: /home/chunmei/.ssh/id_rsa
debug3: no such identity: /home/chunmei/.ssh/id_rsa: No such file or directory
debug1: Trying private key: /home/chunmei/.ssh/id_ecdsa
debug3: no such identity: /home/chunmei/.ssh/id_ecdsa: No such file or directory
debug1: Trying private key: /home/chunmei/.ssh/id_ecdsa_sk
debug3: no such identity: /home/chunmei/.ssh/id_ecdsa_sk: No such file or directory
debug1: Trying private key: /home/chunmei/.ssh/id_ed25519
debug3: no such identity: /home/chunmei/.ssh/id_ed25519: No such file or directory
debug1: Trying private key: /home/chunmei/.ssh/id_ed25519_sk
debug3: no such identity: /home/chunmei/.ssh/id_ed25519_sk: No such file or directory
debug1: Trying private key: /home/chunmei/.ssh/id_xmss
debug3: no such identity: /home/chunmei/.ssh/id_xmss: No such file or directory
debug1: Trying private key: /home/chunmei/.ssh/id_dsa
debug3: no such identity: /home/chunmei/.ssh/id_dsa: No such file or directory
debug2: we did not send a packet, disable method
debug3: authmethod_lookup password
debug3: remaining preferred: ,password
debug3: authmethod_is_enabled password
debug1: Next authentication method: password