I had created few instance and putted in security group where all tcp are allow (icmp and ssh ). I can ping the instance from floating ip but when i tried ssh it , it says permission denied or asked password.
I tried this with multiple images i can't login with using with assign keys pairs . what are the reason behind these ? where i'll get logs related to images and keypair
[hlakare.HLAKARE2L] ➤ ssh -vvv centos@202.136.68.31
OpenSSH_6.7p1, OpenSSL 1.0.1g 7 Apr 2014
debug1: Reading configuration data /etc/ssh_config
debug3: macs ok: [hmac-md5,hmac-sha1,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-sha1-96,hmac-md5-96,umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-ripemd160-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,hmac-ripemd160@openssh.com]
debug2: ssh_connect: needpriv 0
debug1: Connecting to 202.136.68.31 [202.136.68.31] port 22.
debug1: Connection established.
debug1: identity file /home/mobaxterm/.ssh/id_rsa type 1
debug1: key_load_public: No such file or directory
debug1: identity file /home/mobaxterm/.ssh/id_rsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/mobaxterm/.ssh/id_dsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/mobaxterm/.ssh/id_dsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/mobaxterm/.ssh/id_ecdsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/mobaxterm/.ssh/id_ecdsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/mobaxterm/.ssh/id_ed25519 type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/mobaxterm/.ssh/id_ed25519-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.7
debug1: Remote protocol version 2.0, remote software version OpenSSH_6.6.1
debug1: match: OpenSSH_6.6.1 pat OpenSSH_6.6.1* compat 0x04000000
debug2: fd 3 setting O_NONBLOCK
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit: curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa-cert-v01@openssh.com,ssh-rsa-cert-v00@openssh.com,ssh-rsa,ecdsa-sha2-nistp256-cert-v01@openssh.com,ssh-dss-cert-v01@openssh.com,ssh-dss-cert-v00@openssh.com,ssh-dss,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-ed25519-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes256-gcm@openssh.com,aes128-cbc,3des-cbc,arcfour,aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes256-gcm@openssh.com,aes128-cbc,3des-cbc,arcfour,aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-sha1-96,hmac-md5-96,umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-ripemd160-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,hmac-ripemd160@openssh.com
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-sha1-96,hmac-md5-96,umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-ripemd160-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,hmac-ripemd160@openssh.com
debug2: kex_parse_kexinit: zlib@openssh.com,zlib,none
debug2: kex_parse_kexinit: zlib@openssh.com,zlib,none
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: kex_parse_kexinit: curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ecdsa-sha2-nistp256,ssh-ed25519
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-gcm@openssh ...@harshal 1. Can you please check the mtu size of the launched vm. 2. Trying do ssh with verbise mode enabled ssh -vvv username@ipaddress kindly paste the log here .
Login into instance and run ifconfig command from terminal.
Harshal, it looks like you have mispaired ssh keys. Are you sure, you're using private key, which public part got loaded into VM?
From the ssh log, it seems none of your keys matched the public key on the server. Why don't you create a new key-pair and try logging in with that, or upload a public key manually to your OpenStack key store and use that. You can either use CLI:
bash
openstack keypair create KEY_NAME > MY_KEY.pem
as described here [1] .
Or, you can add a new keypair through horizon [2] .
As the instance is able to access the meta-data server, I don't see why you shouldn't be able to access your instances with the right key.
[1] - https://docs.openstack.org/user-guide/cli-nova-configure-access-security-for-instances.html (https://docs.openstack.org/user-guide...)
[2] - https://docs.openstack.org/user-guide/cli-nova-configure-access-security-for-instances.html (https://docs.openstack.org/user-guide...)
This is a typical workflow:
openstack keypair create mykey > mykey.pem
chmod 600 mykey.pem
openstack server create ... --key-name mykey ...
openstack server add floating ip ....
ssh -vvv -i mykey.pem centos@ipaddress
Try it and, if it fails, add the output to your question.
It will not work until you attach the key to your instance, that should have been detected earlier and must be or you will result with errors. this kind of detection can also be spotted by a lot of program. I know one called Checkmarx that might help you with that. not sure of their cost but you can look for it. Good luck anyway. Ben.
Asked: 2017-02-27 23:43:33 -0500
Seen: 5,683 times
Last updated: Mar 05 '17
If you use key pairs, which is the usual way to access instances, perhaps your instances are unable to access metadata. Run
openstack console log show <instance name or ID>to find out whether instances have their keys. The console log of my Centos instance, for example, ends like this:console log:
I can see console logs from given command. even my o/p is same as yours . Where i can cehck about metadata stuff ?
If you see those keys in the console log, your instance is able to get metadata. You should also be able to ssh to the instance if you use the private key corresponding to the public key on the instance. Perhaps you didn't set the right permissions on the private key file? What is the precise error?
Sorry for confusion, my
openstack keypair listo/p fingerprint section should have match with console o/p right ?