Ask Your Question

unable to SSH into new instances [closed]

asked 2014-06-04 08:28:52 -0500

Daniel P gravatar image

Hi! I've launched instances from several images which should work directly on openstack, but in all cases I am unable to login to the instances via SSH. Looking at SSH debug, it starts the connection, but then hangs...

Two of the images I've tried are ubuntu precise here, and fedora 20 here.

Steps I've taken:

  • Generated an SSH key pair named cloud_rsa and I've imported the public key into openstack. Selected this key pair when creating the instances.
  • setup security group rules for security group 'demo' that the instances are associated with.

    Egress IPv4 Any - (CIDR)
    Ingress IPv4 TCP 22 (SSH) (CIDR)

  • associated floating IPs to the instances, and can successfully ping the floating IPs from a host on the external network.
  • Can ping an external website from the cirros instance I have running on the same network as the other instances, with the same security group
  • I have console access to the nodes, and can view their boot logs via horizon.

here is the log output for the precise instance (excluding kernel messages):

Loading, please wait...
Begin: Loading essential drivers ... done.
[    0.732066] udevd[83]: starting version 175
Begin: Running /scripts/init-premount ... done.
Begin: Mounting root file system ... Begin: Running /scripts/local-top ... done.
Begin: Running /scripts/local-premount ... [    0.860687] FDC 0 is a S82078B
[    0.864043] usb 1-1: new full-speed USB device number 2 using uhci_hcd
[    0.905029] EXT4-fs (vda1): mounted filesystem with ordered data mode. Opts: (null)
Begin: Running /scripts/local-bottom ... [    0.962927]  vda: vda1
GROWROOT: CHANGED: partition=1 start=2048 old: size=4192256 end=4194304 new: size=41940992,end=41943040
[    1.020370] EXT4-fs (vda1): mounted filesystem with ordered data mode. Opts: (null)
Begin: Running /scripts/init-bottom ... done.
[    1.220119] Refined TSC clocksource calibration: 2194.775 MHz.
[    1.392947] EXT4-fs (vda1): re-mounted. Opts: (null)
cloud-init start-local running: Wed, 04 Jun 2014 11:34:27 +0000. up 2.37 seconds
no instance data found in start-local
ci-info: lo    : 1       .
ci-info: eth0  : 1   fa:16:3e:4e:1c:6d
ci-info: route-0:         eth0   UG
ci-info: route-1:   eth0   U
cloud-init start running: Wed, 04 Jun 2014 11:34:29 +0000. up 4.15 seconds
found data source: DataSourceEc2
2014-06-04 11:34:34,073 -[WARNING]: Unhandled non-multipart userdata ''
Generating public/private rsa key pair.
Your identification has been saved in /etc/ssh/ssh_host_rsa_key.
Your public key has been saved in /etc/ssh/
The key fingerprint is:
a5:c9:17:64:47:3f:23:09:a5:fd:a0:26:f3:e1:6f:76 root@precise1
The key's randomart image is:
+--[ RSA 2048]----+
|          +o+    |
|         o = o   |
|          + = +  |
|       . + o + o |
|        S =   .  |
|         B .     |
|          o      |
|           .o E  |
|           o..   |
Generating public/private dsa key pair.
Your ...
edit retag flag offensive reopen merge delete

Closed for the following reason the question is answered, right answer was accepted by koolhead17
close date 2014-06-17 07:32:01.345207


Create CirrOS instance with same ssh keypair, finally you would be able to login as cirros (cubswin:)).
Make sure, that ifconfig won't report any private IP on your CirrOS VM.
I see "Net device info" is not configured on fedora VM, I've also never seen messages like[WARNING]: Unhandled non-multipart userdata
launching Ubuntu 14.04 VMs

dbaxps gravatar imagedbaxps ( 2014-06-04 08:53:56 -0500 )edit

ah, good catch with the fedora instance not picking up an IP on eth0, I wonder why that's happening...but horizon is showing that this instance has an assigned IP, and I can ping the node.

Daniel P gravatar imageDaniel P ( 2014-06-05 05:18:31 -0500 )edit

Simple experiment :-
1. Create new keypair . Just simple oskey01.pem
2. Download oskey01.pem
3. Launch CirrOS VM or Fedora VM with oskey01.pem
See what happens ?

dbaxps gravatar imagedbaxps ( 2014-06-05 05:29:19 -0500 )edit

2 answers

Sort by ยป oldest newest most voted

answered 2014-06-05 05:49:03 -0500

Daniel P gravatar image

updated 2014-06-13 06:26:23 -0500

edit: I've gotten to the root of this problem: even after logging in, I was still experiencing seemingly random disconnect problems; certain commands would freeze up, etc. Turns out it was an MTU problem! From one of the guests I ping'd out with various packet sizes until I settled on an upper limit of 1438. See the QA here for how to permanently change the MTU in the guests.

I've isolated the problem to the client/server SSH interaction. I found that on the client side (ubuntu 14.04) when I add the following parameter to ssh_config:

MACs hmac-md5,hmac-sha1,,hmac-ripemd160

I can successfully login to both the cirros and the ubuntu precise instances! Strangely, even with this configuration parameter, SSH still hangs on the fedora instance after

debug1: SSH2_MSG_KEXINIT sent

I really don't know why specifying this MACs list in ssh_config is working, since on several of any successful ssh connections I've looked at, they always seem to be using hmac-md5, which is first in the list both in the config option I set above, and higher in precedence than the others as specified in the man page for ssh_config. Perhaps someone who knows more about SSH can help on this? Better understading this might help with solving the hangup with the fedora instance!

edit flag offensive delete link more

answered 2014-06-13 00:41:51 -0500

Vinoth gravatar image

Adding / uncommenting the following parameters in /etc/sh/ssh_conf file of client side OS solved the issue.

MACs hmac-md5,hmac-sha1,

Add the above parameter in client OS( from where you gonna take ssh of openstack VMs) and also add it to VMs, if you wanna take ssh of other machines from your VM.

edit flag offensive delete link more

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower


Asked: 2014-06-04 08:28:52 -0500

Seen: 3,361 times

Last updated: Jun 13 '14