openstack team mailing list archive

Thread
Date

Re: ssh from VM to VM

To: "Chathura M. Sarathchandra Magurawalage" <77.chathura@xxxxxxxxx>
From: Blair Bethwaite <blair.bethwaite@xxxxxxxxx>
Date: Mon, 18 Mar 2013 09:12:34 +1100
Cc: "openstack@xxxxxxxxxxxxxxxxxxx" <openstack@xxxxxxxxxxxxxxxxxxx>
In-reply-to: <CAHw8T_Kvzcw9M7QqQHCMBXnjp4NsjMWSAOzHJdN4Z6fwM3RS+w@mail.gmail.com>

You probably also copied the private key when you did this, which from your
description, is the bit you were missing. I.e., you were going from a
hostA(with private key X) -> hostB (pub key X in authorized_keys, no copy
of private key X) -> hostC (pub key X in authorized_keys), hostC was
denying you access because you did not have private key X that it could
authenticate with.

Sounds like you probably want to be using ssh auth forwarding see "ssh -A"
when using ssh-agent, this way you're not proliferating copies of your
private key!

Cheers,


On 17 March 2013 06:47, Chathura M. Sarathchandra Magurawalage <
77.chathura@xxxxxxxxx> wrote:

> I solved the issue by copying the rsa public key of the first VM to the
> second VM. Thought I did not have to do this.
>
> Thanks.
>
> On 16 March 2013 12:34, Pranav <pps.pranav@xxxxxxxxx> wrote:
>
>> I think you need not exchange key pairs for Cirros image.
>> Regards,
>> Pranav
>>
>>
>> On Sat, Mar 16, 2013 at 4:32 PM, Chathura M. Sarathchandra Magurawalage <
>> 77.chathura@xxxxxxxxx> wrote:
>>
>>> Thanks for your reply.
>>>
>>> I have inserted PasswordAuthentication yes to the ssh config file. All
>>> VMs have the same metadata including the ssh public key of the controller.
>>> So I cant see why only cirros vms can do this.
>>>
>>> Still does not work.
>>>
>>>
>>>
>>> On 16 March 2013 06:24, Aaron Rosen <arosen@xxxxxxxxxx> wrote:
>>>
>>>> I suspect that that host 10.5.5.6 has ssh configured for
>>>> PasswordAuthentication set to no and you don't have your public key of the
>>>> host you are on, in the authorized_key file of 10.5.5.6.
>>>>
>>>> Aaron
>>>>
>>>>  On Fri, Mar 15, 2013 at 7:26 PM, Chathura M. Sarathchandra
>>>> Magurawalage <77.chathura@xxxxxxxxx> wrote:
>>>>
>>>>> Hello,
>>>>>
>>>>> I can't ssh from Ubuntu cloud VM to other VM. I get following
>>>>>
>>>>> ubuntu@master:~$ ssh cirros@10.5.5.6 -v
>>>>> OpenSSH_5.9p1 Debian-5ubuntu1, OpenSSL 1.0.1 14 Mar 2012
>>>>> debug1: Reading configuration data /etc/ssh/ssh_config
>>>>> debug1: /etc/ssh/ssh_config line 19: Applying options for *
>>>>> debug1: Connecting to 10.5.5.6 [10.5.5.6] port 22.
>>>>> debug1: Connection established.
>>>>> debug1: identity file /home/ubuntu/.ssh/id_rsa type -1
>>>>> debug1: identity file /home/ubuntu/.ssh/id_rsa-cert type -1
>>>>> debug1: identity file /home/ubuntu/.ssh/id_dsa type -1
>>>>> debug1: identity file /home/ubuntu/.ssh/id_dsa-cert type -1
>>>>> debug1: identity file /home/ubuntu/.ssh/id_ecdsa type -1
>>>>> debug1: identity file /home/ubuntu/.ssh/id_ecdsa-cert type -1
>>>>> debug1: Remote protocol version 2.0, remote software version
>>>>> OpenSSH_5.9p1 Debian-5ubuntu1
>>>>> debug1: match: OpenSSH_5.9p1 Debian-5ubuntu1 pat OpenSSH*
>>>>> debug1: Enabling compatibility mode for protocol 2.0
>>>>> debug1: Local version string SSH-2.0-OpenSSH_5.9p1 Debian-5ubuntu1
>>>>> debug1: SSH2_MSG_KEXINIT sent
>>>>> debug1: SSH2_MSG_KEXINIT received
>>>>> debug1: kex: server->client aes128-ctr hmac-md5 none
>>>>> debug1: kex: client->server aes128-ctr hmac-md5 none
>>>>> debug1: sending SSH2_MSG_KEX_ECDH_INIT
>>>>> debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
>>>>> debug1: Server host key: ECDSA
>>>>> 7b:8f:6a:ee:ba:e5:0a:c5:04:01:ca:bd:e5:38:69:55
>>>>> debug1: Host '10.5.5.6' is known and matches the ECDSA host key.
>>>>> debug1: Found key in /home/ubuntu/.ssh/known_hosts:4
>>>>> debug1: ssh_ecdsa_verify: signature correct
>>>>> debug1: SSH2_MSG_NEWKEYS sent
>>>>> debug1: expecting SSH2_MSG_NEWKEYS
>>>>> debug1: SSH2_MSG_NEWKEYS received
>>>>> debug1: Roaming not allowed by server
>>>>> debug1: SSH2_MSG_SERVICE_REQUEST sent
>>>>> debug1: SSH2_MSG_SERVICE_ACCEPT received
>>>>> debug1: Authentications that can continue: publickey
>>>>> debug1: Next authentication method: publickey
>>>>> debug1: Trying private key: /home/ubuntu/.ssh/id_rsa
>>>>> debug1: Trying private key: /home/ubuntu/.ssh/id_dsa
>>>>> debug1: Trying private key: /home/ubuntu/.ssh/id_ecdsa
>>>>> debug1: No more authentication methods to try.
>>>>> Permission denied (publickey).
>>>>>
>>>>> But I can ssh from to my Cirros VMs. Also I can ssh from Ubuntu VM to
>>>>> Cirros VM.
>>>>>
>>>>> Any Idea?
>>>>>
>>>>> Thanks.
>>>>>
>>>>> _______________________________________________
>>>>> Mailing list: https://launchpad.net/~openstack
>>>>> Post to     : openstack@xxxxxxxxxxxxxxxxxxx
>>>>> Unsubscribe : https://launchpad.net/~openstack
>>>>> More help   : https://help.launchpad.net/ListHelp
>>>>>
>>>>>
>>>>
>>>
>>> _______________________________________________
>>> Mailing list: https://launchpad.net/~openstack
>>> Post to     : openstack@xxxxxxxxxxxxxxxxxxx
>>> Unsubscribe : https://launchpad.net/~openstack
>>> More help   : https://help.launchpad.net/ListHelp
>>>
>>>
>>
>
> _______________________________________________
> Mailing list: https://launchpad.net/~openstack
> Post to     : openstack@xxxxxxxxxxxxxxxxxxx
> Unsubscribe : https://launchpad.net/~openstack
> More help   : https://help.launchpad.net/ListHelp
>
>


-- 
Cheers,
~Blairo

References

ssh from VM to VM
From: Chathura M. Sarathchandra Magurawalage, 2013-03-16
Re: ssh from VM to VM
From: Aaron Rosen, 2013-03-16
Re: ssh from VM to VM
From: Chathura M. Sarathchandra Magurawalage, 2013-03-16
Re: ssh from VM to VM
From: Pranav, 2013-03-16
Re: ssh from VM to VM
From: Chathura M. Sarathchandra Magurawalage, 2013-03-16