I tried to connect on remote server with docker context
when tried docker ps from client(local mac) , I got this error message.
error during connect: Get "http://docker.example.com/v1.24/containers/json": command [ssh -l wwww -- tane-dev-0.ccn docker system dial-stdio] has exited with exit status 255, please make sure the URL is valid, and Docker 18.09 or later is installed on the remote host: stderr=wwww#xxx-dev-0.xxx: Permission denied (publickey,gssapi-keyex,gssapi-with-mic)
After googled about this problem, there's few things to checkup
docker version later 18.09 ✅
client: 20.10.14
remote: 20.10.17
register ssh key with ssh-agent ✅
ssh-add ~/.ssh/id_rsa
Identity added: /Users/ma_kyeongwook/.ssh/id_rsa (ma_kyeongwook#xxx.xxx)
ssh-add -l
4096 SHA256:~~~ ma_kyeongwook#xxx.xxx (RSA)
ssh connect test ✅
also checked cat ~/.ssh/authorized_keys contains client's pub key
Did i missed something?
Related
I am attempting to docker-machine create to a Ubuntu 16.04 host like this:
ssh-keygen -R ${remote_host}
ssh-copy-id -i ~/.ssh/id_host_rsa.pub root#${remote_host}
docker-machine create \
--driver generic \
--generic-ip-address=${remote_host} \
--generic-ssh-key ~/.ssh/id_host_rsa \
--generic-ssh-user=root ${machine_name}
Version information:
docker --version
Docker version 19.03.6, build 369ce74a3c
docker-machine --version
docker-machine version 0.16.2, build bd45ab13
I am repeatedly asked for a password .. Why is this?
Here is the output:
...
Are you sure you want to continue connecting (yes/no)? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: ERROR: Received disconnect from 77.68.21.66 port 22:2: Too many authentication failures
ERROR: Disconnected from 77.68.21.66 port 22
Running pre-create checks...
Creating machine...
(production) Importing SSH key...
Waiting for machine to be running, this may take a few minutes...
Detecting operating system of created instance...
Waiting for SSH to be available...
Password:
Detecting the provisioner...
Password:
Provisioning with ubuntu(systemd)...
Password:
.. etc
The reason for this problem was the ordering of ~/.ssh/config.
I had a Host * entry in config first, before that of my corresponding specific server Host XX.XX.XX.XX entry.
I moved the wildcard entry at the end of ~/.ssh/config and now the password is no longer constantly asked for and the problem is now fixed.
I how this helps someone.
My question is is there any notable difference between running Docker-Machine as a snap vs built from a source ? I'm having networking issue and I suspect it may be related to the type of installation.
this is what I get when I try point active host to the Docker:
executing: docker-machine env instance
output:
Error checking TLS connection: Error checking and/or regenerating the certs: There was an error validating certificates for host
after executing: docker-machine -D regenerate-certs instance
output:
SSH cmd err, output: fork/exec /usr/bin/ssh: permission denied:
Error getting ssh command 'exit 0' : ssh command error:
command : exit 0
err : fork/exec /usr/bin/ssh: permission denied
Changing permissions for the mentioned directory didn't help.
I am able to connect to the other nodes with SSH without a password. I have followed the IBM KC instructions. Here is the command and results:
ubuntu#ipc1:/opt/ibm-cloud-private-ce-3.1.0/cluster$ sudo docker run --net=host -t -e LICENSE=accept -v "$(pwd)":/installer/cluster ibmcom/icp-inception:3.1.0 install
PLAY [Checking Python interpreter] *********************************************
TASK [Checking Python interpreter] *********************************************
fatal: [172.31.39.234]: UNREACHABLE! => changed=false
Failed to connect to the host via ssh: Permission denied (publickey,password).
unreachable: true
fatal: [172.31.39.53]: UNREACHABLE! => changed=false
msg: Failed to connect to the host via ssh: Permission denied (publickey,password)
unreachable: true
fatal: [172.31.44.240]: UNREACHABLE! => changed=false
msg: ed to connect to the host via ssh: Permission denied (publickey,password).
unreachable: true
NO MORE HOSTS LEFT *************************************************************
NO MORE HOSTS LEFT *************************************************************
PLAY RECAP *********************************************************************
172.31.39.234 : ok=0 changed=0 unreachable=1 failed=0
172.31.39.53 : ok=0 changed=0 unreachable=1 failed=0
172.31.44.240 : ok=0 changed=0 unreachable=1 failed=0
Playbook run took 0 days, 0 hours, 0 minutes, 0 seconds
Can you ssh between hosts without specifiy any password?
Any by using sudo that mean you are trying to ssh passwordless via root.
So I think you haven't copy the root ssh key between your hosts.
Good Luck
You are facing this issue because you have not generated the password less authentication within the same server(self ssh).
Follow these steps and you will be able to get rid of the issue specified above.
[root#localhost ~]# ssh-keygen
Sample Output:
Then run the following commands:
[root#localhost ~]# touch ~/.ssh/authorized_keys
[root#localhost ~]# chmod 600 ~/.ssh/authorized_keys
[root#localhost ~]# cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys
[root#localhost ~]# cd /opt/ibm-cloud-private-ce-3.1.0/cluster/
[root#localhost ~]# cp -rp ~/.ssh/id_rsa ./ssh_key
Also make sure that hostname is mapped to the host's IP address in the local /etc/hosts.
Before you install an IBM Cloud Private cluster, you must configure authentication between configuration nodes. You can generate an SSH key pair on your boot node and share that key with the other cluster nodes. To share the key with the cluster nodes, you must have the access to an account with root access for each node in your cluster.
Follow the ICP 3.1.0 Knowledge Center (KC) steps here:
https://www.ibm.com/support/knowledgecenter/SSBS6K_3.1.0/installing/ssh_keys.html
I use an ansible script to load & start the https://hub.docker.com/r/rastasheep/ubuntu-sshd/ container.
so it starts well of course :
bash-4.4$ docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
8bedbd3b7d88 rastasheep/ubuntu-sshd "/usr/sbin/sshd -D" 37 minutes ago Up 36 minutes 0.0.0.0:49154->22/tcp test
bash-4.4$
so after ansible failure on ssh access to it I tested manually from shell
this is also ok.
bash-4.4$ ssh root#172.17.0.2
The authenticity of host '172.17.0.2 (172.17.0.2)' can't be established.
ECDSA key fingerprint is SHA256:YtTfuoRRR5qStSVA5UuznGamA/dvf+djbIT6Y48IYD0.
ECDSA key fingerprint is MD5:43:3f:41:e9:89:45:06:6f:f6:42:c4:6a:70:37:f8:1d.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '172.17.0.2' (ECDSA) to the list of known hosts.
root#172.17.0.2's password:
root#8bedbd3b7d88:~# logout
Connection to 172.17.0.2 closed.
bash-4.4$
so the step that failed is trying to get on it from ansible script & make access to ssh-copy-id
ansible error message is :
Fatal: [172.17.0.2]: UNREACHABLE! => {"changed": false, "msg": "Failed to connect to the host via ssh: Warning: Permanently added '172.17.0.2' (ECDSA) to the list of known hosts.\r\nPermission denied (publickey,password).\r\n", "unreachable": true}
---
- hosts: 127.0.0.1
tasks:
- name: start docker service
service:
name: docker
state: started
- name: load and start the container we wanna use
docker_container:
name: test
image: rastasheep/ubuntu-sshd
state: started
ports:
- "49154:22"
- name: Wait maximum of 300 seconds for ports to be available
wait_for:
host: 0.0.0.0
port: 49154
state: started
- hosts: 172.17.0.2
vars:
passwordadmin: $6$pbE6yznA$AeFIdI.....K0
passwordroot: $6$TMrxQUxT$I8.JIzR.....TV1
ansible_ssh_extra_args: "-o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null"
tasks:
- name: Build test container root user rsa ssh-key
shell: docker exec test ssh-keygen -b 2048 -t rsa -f /root/.ssh/id_rsa -q -N ""
so I cannot even run the needed step to build ssh
how to do then ??
1st step (ansible task) : load docker container
2cd step (ansible task on only 172.17.0.2) : connect to it & setup it
there will be 3rd step to run application on it after that.
the problem occurs only when starting the 2cd step
Ok after many trys on a second container
conclusion is my procedure was bad
what I have done to solve that :
build a diroctory tree separating ./ ./inventory ./includes
build 1 yaml file by host (local, docker, labo)
build 1 main yaml file on ./
build 1 new host file in ./inventory
connect forced by sshpass to docker on default password
changed it
add the host key on authorized key to a login dedicated usage
installed pyhton (needed to answer ansible host else it makes
randomly module errors or refused connections depending on current
action)
setup a ssh login user in sudoers
then I can un the docker.yaml actions
then only at last I can run the labo.yaml actions.
Thanks for help
now I'm able to build the missing tools.
Im trying to get a docker-machine up and running on a Ubuntu 14.04TSL server in our network. I have installed docker+docker-machine on the server and im able to create the docker-machine on the server with this command from my computer:
docker-machine create --driver generic --generic-ip-address 10.10.3.76 --generic-ssh-key "/Users/username/Documents/keys/mysshkey.pem" --generic-ssh-user ubuntuuser dockermachinename
The command above creates the docker-machine and im able to list it with
docker-machine ls
Im able to SSH to it by running
docker-machine ssh dockermachinename
but when i try to connect the server with (-D for debug information)
docker-machine -D env dockermachinename
I get the following message
Docker Machine Version: 0.5.2 ( 0456b9f )
Found binary path at /usr/local/bin/docker-machine-driver-generic
Launching plugin server for driver generic
Plugin server listening at address 127.0.0.1:54213
() Calling .GetVersion
Using API Version 1
() Calling .SetConfigRaw
() Calling .GetMachineName
(dockermachinename) Calling .GetState
(dockermachinename) Calling .GetURL
Reading CA certificate from /Users/username/.docker/machine/certs/ca.pem
Reading server certificate from /Users/username/.docker/machine/machines/dockermachinename/server.pem
Reading server key from /Users/username/.docker/machine/machines/dockermachinename/server-key.pem
Error checking TLS connection: Error checking and/or regenerating the certs: There was an error validating certificates for host "10.10.3.76:2376": dial tcp 10.10.3.76:2376: i/o timeout
You can attempt to regenerate them using 'docker-machine regenerate-certs [name]'.
Be advised that this will trigger a Docker daemon restart which will stop running containers.
I really need to solve this so all help is appreciated!
On Ubuntu you will need to do following steps:
1. Create user which don't require password
sudo visudo
at the end of file add following line (make sure to specify your username):
username ALL=(ALL:ALL) NOPASSWD: ALL
and then save and exit. And after that add your username to docker group like this (change username with your actual username):
usermod -aG docker username
2. Edit docker config to open 2375 and 2376 ports
sudo systemctl edit docker.service
add following snippet to that file:
[Service]
ExecStart=
ExecStart=/usr/bin/dockerd -H fd:// -H tcp://0.0.0.0:2376 -H tcp://0.0.0.0:2375
then save and exit. After that reload config and restart docker deamon with:
sudo systemctl daemon-reload
sudo systemctl restart docker.service
3. Create docker-machine
Remove existing machine which is failing with:
docker-machine rm machine1
and try to create it one more time like this:
docker-machine create -d generic --generic-ip-address ip --generic-ssh-key ~/.ssh/key --generic-ssh-user username --generic-ssh-port 22 machine1
please change ip, key, username and machine1 with you actual values.
If this produce error like this:
Error checking TLS connection: Error checking and/or regenerating the certs: There was an error validating certificates for host "192.168.0.26:2376": tls: oversized record received with length 20527
You can attempt to regenerate them using 'docker-machine regenerate-certs [name]'.
Be advised that this will trigger a Docker daemon restart which might stop running containers.
then SSH to your machine and cd into following directory:
cd /etc/systemd/system/docker.service.d/
list all files in it with:
ls -l
you will probably have something like this:
-rw-r--r-- 1 root root 274 Jul 2 17:47 10-machine.conf
-rw-r--r-- 1 root root 101 Jul 2 17:46 override.conf
you will need to delete all files except 10-machine.conf with sudo rm.
After that remove machine you created and create it again. It should now work. I hope this helps. Maybe you already steps 1 and 2 if so then skip them and just try to remove override.conf file or any file in that dir which is not 10-machine.conf.