Support #46486
closedSepia Lab Access Request (Update)
0%
Description
When upgrading my local machine lost my sepia vpn secret. My original sepia access request, https://tracker.ceph.com/issues/42728
Resubmitting credentials,
1) Do you just need VPN access or will you also be running teuthology jobs? both
2) Desired Username: ideepika
3) Alternate e-mail address(es) we can reach you at: deepikaupadhyay@gmail.com
4) Paste your SSH public key(s) between the pre
tags
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDj6DxTZNodVnwJZrnSZ/jv9Cw4uYLb8MGpccmOvtwl93sVBvqq597AYnBqYiV4VBbKU3GVFbT41zkplia1iCfXoddttCOyWmEKviBXRnAsd5f80dxL0pfzrBJvCaH4NAfYgVw9JFWsvT981b+nB6vum4Vz8Dw0PM5GPnVUjsZNFkpmDPUBL4yHPmMCGP2WtUurJVD3Gm9t72XlG6Dl/vB9Qw/i4IY1SoCCbuhhNgE7IN8JXeGmVJbRwDeUlP+Q8Ti7iedV7YB/W1opt6eT5EPzX8NcxTc0c7rrDgsUWjFQYRSup0GLK9ofdHs0E2RbPPO5OSc5Z2+B1IEV7fZeyJwAyHwUgwx7sSGy7aROdvinaj/hOBglcgISyQ2CY7LTV8NGWJquo7yRCJXhZVIHfgqfBcrgWdNbr+vNBXnWe5PCtLhV8ryHPSJ/7Ru+7voQxgvwux5SdZwxXTbWDKni1f6/8bNrhRx6bmLK9xuYAgt2FhlIivI7L5kQF4etcBiaf68= deepika@x1cabon
5) Paste your hashed VPN credentials between the pre
tags (Format: user@hostname 22CharacterSalt 65CharacterHashedPassword
)
deepika@x1carbon G1Vsbg1Lqhy7aJuaVnslxQ f1cc618f10eb2ee45d318ce71c1aa2dc1dc355bb020893eaabc86b6fded7a4e2
Updated by Deepika Upadhyay almost 4 years ago
- Copied from Support #46430: Sepia Lab Access Request (Update) added
Updated by David Galloway almost 4 years ago
Deepika, are these new/additional or replacement credentials?
Updated by Deepika Upadhyay almost 4 years ago
Hey David,
the ssh keys are same, but I forgot to backup sepia secret; so that's the only thing that needs update.
Updated by adam kraitman almost 4 years ago
Hi Deepika Upadhyay,
You should have access to the Sepia lab now. Please verify you're able to connect to the vpn and ssh ideepika@teuthology.front.sepia.ceph.com using the private key matching the pubkey you provided.
Be sure to check out the following links for final workstation setup steps:
https://wiki.sepia.ceph.com/doku.php?id=vpnaccess#vpn_client_access
https://wiki.sepia.ceph.com/doku.php?id=testnodeaccess#ssh_config
Most developers choose to schedule runs from the shared teuthology VM. For information on that, see http://docs.ceph.com/teuthology/docs/intro_testers.html
Thanks.
Updated by Deepika Upadhyay almost 4 years ago
adam kraitman wrote:
Hi Deepika Upadhyay,
You should have access to the Sepia lab now. Please verify you're able to connect to the vpn and ssh ideepika@teuthology.front.sepia.ceph.com using the private key matching the pubkey you provided.
Be sure to check out the following links for final workstation setup steps:
https://wiki.sepia.ceph.com/doku.php?id=vpnaccess#vpn_client_access
https://wiki.sepia.ceph.com/doku.php?id=testnodeaccess#ssh_configMost developers choose to schedule runs from the shared teuthology VM. For information on that, see http://docs.ceph.com/teuthology/docs/intro_testers.html
Thanks.
Hey Adam,
I cannot access, seeing AUTH failure, should I generate a new sepia secret+ salt. I recently ported new-client script to python3 ( https://tracker.ceph.com/issues/46484)
and the format for eg. sepia/secret of generated file is https://gist.github.com/ideepika/2f1ed46a6a7b5516d4fa175853aaa4bd
please verify if otherwise.
Updated by adam kraitman almost 4 years ago
Hey Deepika, The hashed VPN credentials you pasted above is different then in https://gist.github.com/ideepika/2f1ed46a6a7b5516d4fa175853aaa4bd
The one in github is the hash you currently have in sepia/secret ?
Thanks
Updated by Deepika Upadhyay almost 4 years ago
adam kraitman wrote:
Hey Deepika, The hashed VPN credentials you pasted above is different then in https://gist.github.com/ideepika/2f1ed46a6a7b5516d4fa175853aaa4bd
The one in github is the hash you currently have in sepia/secret ?Thanks
nope, that was the dummy hash, just to verify whether the script I updated works fine.I checked with a colleague, the format seems to be fine, should I generate another hash or is the cause for failure something else:
here is the verbose log:
Thu Jul 16 13:48:05 2020 WARNING: file 'sepia/tlsauth' is group or others accessible Thu Jul 16 13:48:05 2020 OpenVPN 2.4.9 x86_64-redhat-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Apr 19 2020 Thu Jul 16 13:48:05 2020 library versions: OpenSSL 1.1.1g FIPS 21 Apr 2020, LZO 2.10 Thu Jul 16 13:48:05 2020 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication Thu Jul 16 13:48:05 2020 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication Thu Jul 16 13:48:05 2020 TCP/UDP: Preserving recently used remote address: [AF_INET]8.43.84.129:1194 Thu Jul 16 13:48:05 2020 UDP link local: (not bound) Thu Jul 16 13:48:05 2020 UDP link remote: [AF_INET]8.43.84.129:1194 Thu Jul 16 13:48:05 2020 NOTE: UID/GID downgrade will be delayed because of --client, --pull, or --up-delay Thu Jul 16 13:48:06 2020 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this Thu Jul 16 13:48:06 2020 VERIFY OK: depth=1, O=Redhat, CN=openvpnca-sepia Thu Jul 16 13:48:06 2020 VERIFY KU OK Thu Jul 16 13:48:06 2020 Validating certificate extended key usage Thu Jul 16 13:48:06 2020 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication Thu Jul 16 13:48:06 2020 VERIFY EKU OK Thu Jul 16 13:48:06 2020 VERIFY OK: depth=0, O=Redhat, CN=openvpn-sepia Thu Jul 16 13:48:08 2020 Control Channel: TLSv1.2, cipher TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 2432 bit RSA Thu Jul 16 13:48:08 2020 [openvpn-sepia] Peer Connection Initiated with [AF_INET]8.43.84.129:1194 Thu Jul 16 13:48:09 2020 AUTH: Received control message: AUTH_FAILED Thu Jul 16 13:48:09 2020 SIGTERM[soft,auth-failure] received, process exiting
Updated by adam kraitman almost 4 years ago
Hey Deepika, Since i see AUTH_FAILED in the log
Please regenerate the hash using this wiki - https://wiki.sepia.ceph.com/doku.php?id=vpnaccess and paste the hashed VPN credentials
Thanks
Updated by Deepika Upadhyay almost 4 years ago
adam kraitman wrote:
Hey Deepika, Since i see AUTH_FAILED in the log
Please regenerate the hash using this wiki - https://wiki.sepia.ceph.com/doku.php?id=vpnaccess and paste the hashed VPN credentialsThanks
updated vpn credential:
deepika@x1carbon iDR2L3LMuqFG10t1dKdXtA 61f19801e4ab7abb7597df1606036f11b0cf6a27df853dca2df8f0bb071318e1
Thanks!
Updated by adam kraitman almost 4 years ago
Done, Please try now
You should have access to the Sepia lab now. Please verify you're able to connect to the vpn and ssh ideepika@teuthology.front.sepia.ceph.com using the private key matching the pubkey you provided.
Be sure to check out the following links for final workstation setup steps:
https://wiki.sepia.ceph.com/doku.php?id=vpnaccess#vpn_client_access
https://wiki.sepia.ceph.com/doku.php?id=testnodeaccess#ssh_config
Most developers choose to schedule runs from the shared teuthology VM. For information on that, see http://docs.ceph.com/teuthology/docs/intro_testers.html
Thanks.
Updated by Deepika Upadhyay almost 4 years ago
adam kraitman wrote:
Done, Please try now
You should have access to the Sepia lab now. Please verify you're able to connect to the vpn and ssh ideepika@teuthology.front.sepia.ceph.com using the private key matching the pubkey you provided.
Be sure to check out the following links for final workstation setup steps:
https://wiki.sepia.ceph.com/doku.php?id=vpnaccess#vpn_client_access
https://wiki.sepia.ceph.com/doku.php?id=testnodeaccess#ssh_configMost developers choose to schedule runs from the shared teuthology VM. For information on that, see http://docs.ceph.com/teuthology/docs/intro_testers.html
Thanks.
nope :( did not run, I did a clean tar+wget and regenerated the credentials clean, can you help update to check one last time, whether it's something with my system or the script, alas, I have to install python2.
deepika@x1carbon hyRj1/9UjWhVzhav5+LNKA e3f7d2882c2b1a410dbb5458c08f280814d652e34c87e96f8a2e8bef1928926f
thanks!
Updated by Deepika Upadhyay almost 4 years ago
Deepika Upadhyay wrote:
adam kraitman wrote:
Done, Please try now
You should have access to the Sepia lab now. Please verify you're able to connect to the vpn and ssh ideepika@teuthology.front.sepia.ceph.com using the private key matching the pubkey you provided.
Be sure to check out the following links for final workstation setup steps:
https://wiki.sepia.ceph.com/doku.php?id=vpnaccess#vpn_client_access
https://wiki.sepia.ceph.com/doku.php?id=testnodeaccess#ssh_configMost developers choose to schedule runs from the shared teuthology VM. For information on that, see http://docs.ceph.com/teuthology/docs/intro_testers.html
Thanks.
nope :( did not run, I did a clean tar+wget and regenerated the credentials clean, can you help update to check one last time, whether it's something with my system or the script, alas, I have to install python2.
[...]
thanks!
Hey Adam! Ping!
Updated by adam kraitman almost 4 years ago
Hey, I updated your vpn credentials please try now
Updated by Deepika Upadhyay almost 4 years ago
i don't understand what I am doing wrong:
I am using the ssh key from : https://tracker.ceph.com/issues/44116
which is:
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDj6DxTZNodVnwJZrnSZ/jv9Cw4uYLb8MGpccmOvtwl93sVBvqq597AYnBqYiV4VBbKU3GVFbT41zkplia1iCfXoddttCOyWmEKviBXRnAsd5f80dxL0pfzrBJvCaH4NAfYgVw9JFWsvT981b+nB6vum4Vz8Dw0PM5GPnVUjsZNFkpmDPUBL4yHPmMCGP2WtUurJVD3Gm9t72XlG6Dl/vB9Qw/i4IY1SoCCbuhhNgE7IN8JXeGmVJbRwDeUlP+Q8Ti7iedV7YB/W1opt6eT5EPzX8NcxTc0c7rrDgsUWjFQYRSup0GLK9ofdHs0E2RbPPO5OSc5Z2+B1IEV7fZeyJwAyHwUgwx7sSGy7aROdvinaj/hOBglcgISyQ2CY7LTV8NGWJquo7yRCJXhZVIHfgqfBcrgWdNbr+vNBXnWe5PCtLhV8ryHPSJ/7Ru+7voQxgvwux5SdZwxXTbWDKni1f6/8bNrhRx6bmLK9xuYAgt2FhlIivI7L5kQF4etcBiaf68= deepika@x1cabon
2. I used the old python2.7 script to generate salt+secret just to be sure it is not the script which is a problem
3. updated dev tunnel as mentioned in wiki.
Can you verify ssh key, or update it with this one; if it's not added.
Logs are still showing AUTH_FAILED; does server side give any indication/is my request reaching server at all I wonder! :)
Updated by Deepika Upadhyay almost 4 years ago
Tue Jul 21 18:10:07 2020 WARNING: file 'sepia/tlsauth' is group or others accessible Tue Jul 21 18:10:07 2020 OpenVPN 2.4.9 x86_64-redhat-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Apr 19 2020 Tue Jul 21 18:10:07 2020 library versions: OpenSSL 1.1.1g FIPS 21 Apr 2020, LZO 2.10 Tue Jul 21 18:10:07 2020 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication Tue Jul 21 18:10:07 2020 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication Tue Jul 21 18:10:07 2020 TCP/UDP: Preserving recently used remote address: [AF_INET]8.43.84.129:1194 Tue Jul 21 18:10:07 2020 UDP link local: (not bound) Tue Jul 21 18:10:07 2020 UDP link remote: [AF_INET]8.43.84.129:1194 Tue Jul 21 18:10:07 2020 NOTE: UID/GID downgrade will be delayed because of --client, --pull, or --up-delay Tue Jul 21 18:10:08 2020 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this Tue Jul 21 18:10:08 2020 VERIFY OK: depth=1, O=Redhat, CN=openvpnca-sepia Tue Jul 21 18:10:08 2020 VERIFY KU OK Tue Jul 21 18:10:08 2020 Validating certificate extended key usage Tue Jul 21 18:10:08 2020 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication Tue Jul 21 18:10:08 2020 VERIFY EKU OK Tue Jul 21 18:10:08 2020 VERIFY OK: depth=0, O=Redhat, CN=openvpn-sepia Tue Jul 21 18:10:10 2020 Control Channel: TLSv1.2, cipher TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 2432 bit RSA Tue Jul 21 18:10:10 2020 [openvpn-sepia] Peer Connection Initiated with [AF_INET]8.43.84.129:1194 Tue Jul 21 18:10:11 2020 AUTH: Received control message: AUTH_FAILED Tue Jul 21 18:10:11 2020 SIGTERM[soft,auth-failure] received, process exiting
Updated by adam kraitman over 3 years ago
- Status changed from In Progress to Resolved