no ssh to instance from neutron-gateway/0 - error “Permission denied (publickey)”

asked 2019-04-01 17:19:54 -0600

d@kj gravatar image

updated 2019-04-05 05:15:28 -0600

My network scheme is like the one shown here:

https://ask.openstack.org/en/question/119783/no-ping-destination-host-unreachable-to-instance-from-neutron-gateway0/ (network plan)

I can't use SSH connection to the instance, I made this procedure

$: juju ssh neutron-gateway/0

ubuntu@os-compute03:~$ sudo ip netns
qrouter-fc288112-3fce-405d-9c3f-5451253de4f0 (id: 4)
qdhcp-fcfc4529-79db-40e5-9d23-0af9c3411a3f (id: 3)

to create a SSH keypair I've used this command:

ubuntu@os-compute03: ssh-keygen -t rsa -f .ssh/cloud.key

ping the instance

ubuntu@os-compute02:~$ sudo ip netns exec  qrouter-fc288112-3fce-405d-9c3f-5451253de4f ping 10.1.0.9
PING 10.1.0.9 (10.1.0.9) 56(84) bytes of data.
64 bytes from 10.1.0.9: icmp_seq=1 ttl=64 time=0.441 ms
64 bytes from 10.1.0.9: icmp_seq=2 ttl=64 time=0.385 ms

then I've imported the public key on Openstack, created a new instance and then I tried to run the connection from neutron-gateway.

ubuntu@os-compute03:~$ sudo ip netns exec qrouter-fc288112-3fce-405d-9c3f-5451253de4f0 ssh -i .ssh/cloud.key.pub -p 22 ubuntu@10.0.0.9 -v
OpenSSH_7.6p1 Ubuntu-4ubuntu0.3, OpenSSL 1.0.2n  7 Dec 2017
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug1: Connecting to 10.0.0.9 [10.0.0.9] port 22.
debug1: Connection established.
debug1: permanently_set_uid: 0/0
debug1: identity file .ssh/cloud.key.pub type 0
debug1: key_load_public: No such file or directory
debug1: identity file .ssh/cloud.key.pub-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_7.6p1 Ubuntu-4ubuntu0.3
debug1: Remote protocol version 2.0, remote software version OpenSSH_7.6p1 Ubuntu-4
debug1: match: OpenSSH_7.6p1 Ubuntu-4 pat OpenSSH* compat 0x04000000
debug1: Authenticating to 10.0.0.9:22 as 'ubuntu'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: curve25519-sha256
debug1: kex: host key algorithm: ecdsa-sha2-nistp256
debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:uhk/YW8LX1R8ZDaMtpg0093Qqtvuh1zBiM/JZ9cCAHQ
debug1: Host '10.1.0.13' is known and matches the ECDSA host key.
debug1: Found key in /root/.ssh/known_hosts:2
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<ssh-ed25519,ssh-rsa,rsa-sha2-256,rsa-sha2-512,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521>
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Offering public key: RSA SHA256:MkeQaw9euGwwKRu9Ck54BeoLlH1zctL0Fh7SUTelRDc .ssh/id_rsa.pub
debug1: Server accepts key: pkalg rsa-sha2-512 blen 279
Load key ".ssh/cloud.key.pub": invalid format
debug1: No more authentication methods to try.
ubuntu@10.0.0.9: Permission denied (publickey).

in the input there is this error:

Load key ".ssh/cloud.key.pub": invalid format

why?

edit retag flag offensive close merge delete

Comments

In ssh client you need the private key , the pub must be in the server's authorized_keys and can be instert there manually or with cloud-init and metadata service in cloud environments.

tze gravatar imagetze ( 2019-04-04 09:51:15 -0600 )edit

1 answer

Sort by » oldest newest most voted
0

answered 2019-04-03 16:27:05 -0600

d@kj gravatar image

I've resolved that. Instead of making the import of the key, I've created a new Key pairs directly of Openstack, saved that on my desktop and copy with the same name on neutron-gateway/0 in .ssh/ directory.

$: juju ssh neutron-gateway/0
ubuntu@os-compute03: nano .ssh/u1804Key.pem

copy the key and change the permission

ubuntu@os-compute03: chmod 600 .ssh/u1804Key.pem

https://pasteboard.co/I8tINDO.png (image 1) https://pasteboard.co/I8tJ4TB.png (image 2)

ubuntu@os-compute02:~$ sudo ip netns exec qrouter-e933429f-6816-47b3-9e50-581d78243935 ssh -p 22 -i ~/.ssh/u1804Key.pem ubuntu@10.1.0.13
Welcome to Ubuntu 18.04.1 LTS (GNU/Linux 4.15.0-33-generic x86_64)

 * Documentation:  https://help.ubuntu.com
 * Management:     https://landscape.canonical.com
 * Support:        https://ubuntu.com/advantage

  System information as of Wed Apr  3 21:19:12 UTC 2019

  System load:  0.0               Processes:           90
  Usage of /:   1.2% of 77.36GB   Users logged in:     0
  Memory usage: 12%               IP address for ens2: 10.1.0.13
  Swap usage:   0%


  Get cloud support with Ubuntu Advantage Cloud Guest:
    http://www.ubuntu.com/business/services/cloud

0 packages can be updated.
0 updates are security updates.

Failed to connect to https://changelogs.ubuntu.com/meta-release-lts. Check your Internet connection or proxy settings


Last login: Wed Apr  3 20:51:52 2019 from 10.1.0.1
To run a command as administrator (user "root"), use "sudo <command>".
See "man sudo_root" for details.

ubuntu@u1804ins:~$
edit flag offensive delete link more

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower

Stats

Asked: 2019-04-01 17:19:54 -0600

Seen: 328 times

Last updated: Apr 05 '19