SSH Permission Denied errors

[Nick Foster]

I am unable to SSH into a newly created instance. I created the instance, then used the gcutil tool to try to SSH to the instance. I authenticated via oauth for the gcutil tool successfully. When trying to SSH I was prompted to create SSH keys and I see that they have been added to the sshKeys metadata member of our compute instance. Is there something else I am not doing for successful SSH'ing?

I have tried ssh user of my system as well as changing the ssh user to match the google account that I have authenticated with. Still no luck.

Thanks in advance for any help.

- Nick

[alphacc]

Hi,

I got a similar issue, I can't get ssh access:

debug1: Server host key: RSA 75:83:e7:12:fb:29:7d:94:6a:c2:76:4f:79:2b:0e:8e

Warning: Permanently added '173.255.116.19' (RSA) to the list of known hosts.

debug1: ssh_rsa_verify: signature correct

debug1: SSH2_MSG_NEWKEYS sent

debug1: expecting SSH2_MSG_NEWKEYS

debug1: SSH2_MSG_NEWKEYS received

debug1: Roaming not allowed by server

debug1: SSH2_MSG_SERVICE_REQUEST sent

debug1: SSH2_MSG_SERVICE_ACCEPT received

debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic

debug1: Next authentication method: gssapi-keyex

debug1: No valid Key exchange context

debug1: Next authentication method: gssapi-with-mic

debug1: Unspecified GSS failure.  Minor code may provide more information

Credentials cache file '/tmp/krb5cc_500' not found

debug1: Unspecified GSS failure.  Minor code may provide more information

Credentials cache file '/tmp/krb5cc_500' not found

debug1: Unspecified GSS failure.  Minor code may provide more information

debug1: Unspecified GSS failure.  Minor code may provide more information

Credentials cache file '/tmp/krb5cc_500' not found

debug1: Next authentication method: publickey

debug1: Offering RSA public key: /home/me/.ssh/google_compute_engine

debug1: Server accepts key: pkalg ssh-rsa blen 279

And nothing happens here. Any pointers ?

[Anthony Feddersen]

Thank you for reporting this.  We're looking into the issue now and we'll provide an update soon.

Anthony

--
You received this message because you are subscribed to the Google Groups "gce-discussion" group.

To view this discussion on the web visit https://groups.google.com/d/msg/gce-discussion/-/PE5zypwbDU0J.

To post to this group, send email to gce-dis...@googlegroups.com.
To unsubscribe from this group, send email to gce-discussio...@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/gce-discussion?hl=en.

[Gerardo Mongelli]

Hi, 

got a similar problem trying to ssh from putty on a windows machine. After setting up the sshKeys metadata for my instance I keep getting the "Server refused our key" error message. 

Have tried with multiple users, including root, my local user and a list of google user ids that have been granted owner access to the API project where GCE is activated for.

Anything steps missing?

Thanks in advance

--
Gerardo Mongelli
gerardo....@gmail.com

[Aryan Naraghi]

Hi,

Thank you for reporting the ssh problems. We are currently investigating.

Please do not delete the instances you cannot ssh into--keeping them around will aid our investigation.

To help us diagnose the problem, please run the ssh command on your bad instances using the verbose flag and send us the output (you can email me directly):
   ssh <your instance’s external IP> -i ~/.ssh/google_compute_engine -vv

In the meantime, you can try:

• Running “gcutil --project_id=<your project id> auth --confirm_email” and verifying that the email address printed is the one you used to create your project.
• Adding another instance and seeing if you can ssh into it. If you don’t have any quota to do so, let us know and we’ll be happy to add quota to your project to offset the inaccessible instances.

We will have an update by Monday. We apologize for the inconvenience.

Thank you,

Aryan Naraghi
The Google Compute Engine Team

[Omar Jarjur]

Hi Gerardo,

    When you mention "setting up the sshKeys metadata for my instance", do you mean that you passed either the --use_compute_key or --authorized_ssh_keys flags to the "gcutil addinstance" command? If so, then that instance will be locked down to only accept the key that was specified when the instance was added.

--Omar

On Sun, Jul 15, 2012 at 10:38 AM, Gerardo Mongelli <gerardo....@gmail.com> wrote:

[Gerardo Mongelli]

I'm trying yo ssh my instance from putty. Not using gcutil at all, following the instructions in this tutorial:

https://developers.google.com/compute/docs/compute_console 

When I set up the instance using the Google Compute Engine console, I passed in the sshKeys metadata under the overview tab.

[Omar Jarjur]

Sorry I misunderstood. The keys can take a few minutes to propagate, are you still unable to connect?

--Omar

[Gerardo Mongelli]

Still unable, 

I set up the following metadata in the GCE console:

Key=sshKeys

Value=<my user Id>@gmail.com: ssh-rsa AAAAB...

but putty throws the following message: 

>>Using username "<my user Id>@gmail.com

>>Server refused out key

>>Disconnected: No supported authentication methods available (server sent: publickey)

<my user Id>@gmail.com is an owner of my current API project.

Regards

[Dave Parsons]

The username you put into the sshKeys field should be the username you want to use on the VM instance. Try removing the "@gmail.com" part of the Value. Wait a few minutes and try accessing via ssh again.

Dave

[Nick Foster]

I have tried a few different user names, nfoster, ni...@firespotter.com, nick and they all continue to fail. Do the users need to be setup on the instances before sshing to them?

- Nick

[Gerardo Mongelli]

Hi, I have also tried with root and gmongelli with no @xxx  in my case. Same problem, "server refuses our key".

Tried with 2048 and 1024 bit ssh public keys with puttygen, copied the ssh-rsa xxxxxx part of it as it is generated and also in a single line and removing comments and trailing spaces. No luck. 

[John Martinez]

Aryan,

Launching the second instance worked. For some reason, Still not able to SSH into the first instance, though.

thanks

-john

[Aryan Naraghi]

Hi all,

If you were experiencing problems, can you try creating instances with
our newest images and tell us if the problems persist?

Our newest images are:

projects/google/images/centos-6-2-v20120621
projects/google/images/ubuntu-10-04-v20120621
projects/google/images/ubuntu-12-04-v20120621

You can create a new instance with one of the images above by running:

gcutil addinstance my-instance \
--image=projects/google/images/ubuntu-12-04-v20120621

Thanks,

Aryan Naraghi
The Google Compute Engine Team

Aryan Naraghi | Software Engineer | ary...@google.com | 1 (425) 590-7298

[Nick Foster]

Worked for me, Thanks!

For more options, visit https://groups.google.com/groups/opt_out.

[John Martinez]

Confirmed, also works for me.
thanks

> For more options, visit https://groups.google.com/groups/opt_out.
>
>

[Gerardo Mongelli]

Did not work for me. I believe I'm doing something wrong with my private/public keys.

Tried with the 3 new images on 3 different instances. Same error as before, using putty.  

--
Gerardo Mongelli
gerardo....@gmail.com

[Dave Parsons]

Are you still trying to use ssh without gcutil? Make sure that you still have a firewall for the instance's network that allows tcp port 22 (in Networks tab). It should be the default, but maybe it was accidentally deleted? You should use a username other than root. The metadata key sshKeys should contains something like: "dave: ssh-rsa AAAAB3N..." with "dave" replaced with the username you want to use on the VM.

Dave Parsons

GCE Team

[Jeffrey Silverman]

Gerardo,

We really need to find out if the problem is a misconfiguration on the client side or on the server side.  I'd like you to test with the gcutil ssh command and see if that works.  if that fails, then first of all, you are going to have to create a new instance, and second of all, I have to work out a diagnostic procedure for you so we can see what went wrong.  I can do that.  However, if gcutil ssh succeeds, then the problem is in PuTTY and we are going to focus our efforts there.

I am in the process of installing PuTTY now on my Windows laptop, and I will attempt to reproduce your issue.

Please keep in touch.

Thank you,

Jeff Silverman

- Nick

--Omar

Thanks in advance

Anthony

To post to this group, send email to gce-discussion@googlegroups.com.
To unsubscribe from this group, send email to gce-discussion+unsubscribe@googlegroups.com.

For more options, visit this group at http://groups.google.com/group/gce-discussion?hl=en.

--
You received this message because you are subscribed to the Google Groups "gce-discussion" group.

To post to this group, send email to gce-discussion@googlegroups.com.
To unsubscribe from this group, send email to gce-discussion+unsubscribe@googlegroups.com.

For more options, visit this group at http://groups.google.com/group/gce-discussion?hl=en.

--
Gerardo Mongelli
gerardo....@gmail.com

--
You received this message because you are subscribed to the Google Groups "gce-discussion" group.

To post to this group, send email to gce-discussion@googlegroups.com.
To unsubscribe from this group, send email to gce-discussion+unsubscribe@googlegroups.com.

For more options, visit this group at http://groups.google.com/group/gce-discussion?hl=en.

--
You received this message because you are subscribed to the Google Groups "gce-discussion" group.

To post to this group, send email to gce-discussion@googlegroups.com.
To unsubscribe from this group, send email to gce-discussion+unsubscribe@googlegroups.com.

For more options, visit this group at http://groups.google.com/group/gce-discussion?hl=en.

--
Gerardo Mongelli
gerardo....@gmail.com

--
You received this message because you are subscribed to the Google Groups "gce-discussion" group.

To post to this group, send email to gce-discussion@googlegroups.com.
To unsubscribe from this group, send email to gce-discussion+unsubscribe@googlegroups.com.

For more options, visit this group at http://groups.google.com/group/gce-discussion?hl=en.

--
You received this message because you are subscribed to the Google Groups "gce-discussion" group.

To post to this group, send email to gce-discussion@googlegroups.com.
To unsubscribe from this group, send email to gce-discussion+unsubscribe@googlegroups.com.

For more options, visit this group at http://groups.google.com/group/gce-discussion?hl=en.

--
Gerardo Mongelli
gerardo....@gmail.com

--
You received this message because you are subscribed to the Google Groups "gce-discussion" group.

To post to this group, send email to gce-discussion@googlegroups.com.
To unsubscribe from this group, send email to gce-discussion+unsubscribe@googlegroups.com.

For more options, visit this group at http://groups.google.com/group/gce-discussion?hl=en.

--
You received this message because you are subscribed to the Google Groups "gce-discussion" group.

To post to this group, send email to gce-discussion@googlegroups.com.
To unsubscribe from this group, send email to gce-discussion+unsubscribe@googlegroups.com.

For more options, visit this group at http://groups.google.com/group/gce-discussion?hl=en.

--
You received this message because you are subscribed to the Google Groups "gce-discussion" group.

To post to this group, send email to gce-discussion@googlegroups.com.
To unsubscribe from this group, send email to gce-discussion+unsubscribe@googlegroups.com.

For more options, visit this group at http://groups.google.com/group/gce-discussion?hl=en.

--
Gerardo Mongelli
gerardo....@gmail.com

[Jeffrey Silverman]

Gerardo,

I tried creating a private/public key pair using puttygen, and they don't look like standard keys.  Here is what a public key from puttygen looks like:

jeffsilverman@JEFFSILVERMA0-W /cygdrive/c/Program Files (x86)/PuTTY

$ cat id_rsa_2.pub

---- BEGIN SSH2 PUBLIC KEY ----

Comment: "rsa-key-20120718"

AAAAB3NzaC1yc2EAAAABJQAAAIBxGmcUPxmvqkGcrg9oZfU7XPhOjOHGo6Wr1MTv

RovFZAyWPXbuCmE40bfJ3wImWojb/6eJkEVFTVvCNhSnqwfEvHlp11+u+nQrOlhY

L1o7wXoNZHrq4nxeEgLaTIfZNJlitleip/9s7NFMy2TkCknHV5DzoeXm37GImUlr

r359VQ==

---- END SSH2 PUBLIC KEY ----

jeffsilverman@JEFFSILVERMA0-W /cygdrive/c/Program Files (x86)/PuTTY

$ wc -l id_rsa_2.pub

7 id_rsa_2.pub

jeffsilverman@JEFFSILVERMA0-W /cygdrive/c/Program Files (x86)/PuTTY

$

This is what a public key looks like when created by ssh-keygen:

ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDFzix21Re+RG0FPEb/7UTHdRyoI8L24sJWMsnksIlT6QUQsz0yrdb7HxFVkNy6n++jnojqdairSMsYUHF7oeeMtday6IROHlIrsxoGfng+zzQJeLImj+DxBNnUvLNtIlVAmQTbAjJZ9Fr5J/7F4XGbTetHiYFRWVYEStQZDycRhglY6+vtLRkWVFgXBJq03OPL6z1Yi7xrhKqmqDiCkkxQcQyhpZvzEJHiDaid2YRGmOThaIWtTzGIo3/WWKkvXF0Addk60K3D2P2gmxpHAOzAcmDeuAw0fBgWOBEWXK00MWER+PsP645SUdwISl4IP

A3nQEG3X3BU4fjMfFPZ4TGR jeffsi...@jeffsdesktop.sea.corp.google.com

jeffsilverman@jeffsdesktop:~$ wc -l !$

wc -l .ssh/id_rsa.pub

1 .ssh/id_rsa.pub

jeffsilverman@jeffsdesktop:~$ 

So there is a basic difference: the key created by ssh-keygen is one line long, while the key created by PuTTYgen is 7 lines long.

The private keys look different, too.  The .ppk file created by PuTTYgen looks like:

PuTTY-User-Key-File-2: ssh-rsa

Encryption: none

Comment: rsa-key-20120718

Public-Lines: 4

AAAAB3NzaC1yc2EAJAABJQAAAIBxGmcUPxmvqkGcrg9oZfU7XPhOjOHGo6Wr1MTv

RovFZAyWPXbuCmE40bfJ3wImWojb/7eJkEVFTVvCNhSnqwfEvHlp11+u+nQrOlhY

L1o7wXoNZHrq4nxeEgLaTIfZNJlitleip/9s7NFMy2TkCknHV5EzoeXm37WImUlr

r359VQ==

Private-Lines: 8

AAAAgExryRuElNCjeHDIoqB8PenXCKPG+WqKP4HwoL1ZLgHpp6PIqk3PqXlrG1EM

TY+JR7c+CWrJQ4+wH0vfWhBspGuttE5LDiP0POmMjZ+A6fFzShIj+IBqpwY3xNcq

hC7cZmUDE+RZaZusYmwuLvvML7Rn5s/GMZuX+IkYUXCY8JeJAAAAQQDDSGLpMeWM

0tbDW+cLhytmIlpFz46P2wP1pmuLXfR8o2b3iLqQ+zAepXl8I+X6qITd8SyZ3/Bd

6Msjl3iP1S+rAAAAQQCUROT5+iOThJ6m96PLbpaHwR1kUA7n/BN35zBPBho+kaOw

A2Lu2JPZATVsLqge38bVnBilQanUETo9OWszEgb/AAAAQH93KfwhA29Ce730zJ1y

gq6fUrpVa1UhARG1UI1x2dGorssXKWwqHI82E2F9L2DzSpOcJEJmMI3zHEMY9HPR

zI8=

Private-MAC: f5c9edce287517db8d51e888af35021dccf06177

Whereas a private key created by ssh-keygen looks like:

jeffsilverman@jeffsdesktop:~$ cat .ssh/id_rsa

-----BEGIN RSA PRIVATE KEY-----

MIIEowIBAAKCAQEAxc4sdtUXvkRtBTxG/+1Ex3UcqCPC9uLCVjLJ5LCJU+kFELM9

Mq3W+x8RVZDcup/vo56I6nWoq0jLGFBxe6HnjLXWsuiETh5SK7MaBn54Ps80CXiy

Jo/g8QTZ1LyzbSJVQJkE2wIyWfRa+Sf+xeFxm03rR4mBUVlWBErUGQ8nEYYJWOvr

7ZEZFlRYHgSatNzjy+s9WIu8a4Sqpqg4gpJMUHEMoaWb8xCR4g2ondmERpjk4WiF

rU8xiKN/1lipL1xdAHXZOtCtw9j9oJsaRwDswHJg3rgMNHwYFjgRFlytNDFhEfj7

D+uOUlHcCEpeCDwN50BBt19wVOH4zHxT2eExkQIDAQABAoIBABH4cy2wmmGc0dLB

8SlbIv6D80CLTzEi1MkEADeYmkFXUDB+ODcceAWEgwylBoil8x2IT6QNYG9/Q4RH

+qdixCiSdJj4aty2AH0b3mdsofwC0xVxM64xMBx1dlzPb/WgQuKFhF1pS63Ed2df

bNQJcUrMv21WXrtHRHtLWQ2VxNTgkY1KTKUZKc2M3zCQDGysfF0h1qjievtDWY+U

taOTgxYMWFjGlPyLhdjMmtxfo8ZFcW1+kwwOfDB5nBdEJfgyI2RY/trnBkLSJeE0

M64YAM2kQdkohTzUlAIPcvahfalyDkxzigUtmDsN1J2QMQx9LrmoTJA2IMfKg8Rp

7WJUk0kCgYEA72/MZUXUpO+dSK3C36NZfMcfFBeYD+R2Gp/0+LzfDDMp94TE5UWK

Ty3nVBbjcEoExeRs9RxO3mzaDCp4Qcvni83p7XyfOgUwPPduzG8Wva7/avn0uayo

114oPlBuCSsH0bzXHTNUNa0I8/hoPwEtz6UuFWhl5cJC2w414HotDz8CgYEA030f

cVrd87vMGMABMZ8Ems1+3Nx2pXy5OPYtkGvJ1ojK+mgq2XTVW16nVW5YiIKsulYo

K+2Mp20O/tsThC5k7R/IlHb/GK9rwPJZaYU0GVPKLdBd64oRpbucYJJRLPtUZSyj

AdybldgwlbUKVuS8EWt5st1vTvu8HVv/r/zQWy8CgYBWg47XCORMtEegeyhuphcv

fsM7/0pyc5o5BJL/TT9KqTIAvXhnXzkaYvuy5pJHgHc5CdBUwGW++JXQz4ekPojr

evuLU/w0eqtzW/Qs6fbNku23OZmzfS+EogDogyc/KM0qe5E+e81xl5Qkkx0XptVm

sch088PdwNNnUzskYQDnAQKBgBm9GJ6LGIgZSvWYKI0JdV4BtHbcvfPWAhTUoSb6

d04Mx+dB1jUw6uZ71pGnJE842By1b54pAE09YJ3Tu8RSgSX6wEaRVOqELvEEja0x

8O1ELU72FPgdjZhGBPob1JVM4TCPBier2aOa9A7EQcXhgKH+GomSOYG7UWGhWLTq

Z9ExAoGBAOgUk5U50pkOXjRy6bdEiyKRXjBwVv8JGzU0VdUX3vmSKlKfhY9J5J6c

ZsPIeX7q/RhXzbkuC5UK9XWIzeUjaw4C61Z4jT6RQ0KfqzFIEc3mpzUA/LVsT1UF

Aq7s/gxj6uHYlo/h5XjL3igD/iGjYnePwPpiLPlqCtHH/sOkqHhY

-----END RSA PRIVATE KEY-----

jeffsilverman@jeffsdesktop:~$ 

(I've carefully modified these keys to make them useless).

I found a link on how to convert a key in ppk format to something linux can use.  http://www.tuxify.de/?p=519  I can't vouch for the web page, but I went through the process in the web page, and it worked for me to my linux desktop.  I entered the public key into the metadata page from the GCE console.  Unfortunately, the authorized_keys file on the instance hasn't updated yet, so I can't test it to the instance.  I will check on it again tomorrow and let you know.

Jeff Silverman

On Monday, July 16, 2012 9:17:28 AM UTC-7, Gerardo wrote:

- Nick

--Omar

Thanks in advance

Anthony

To post to this group, send email to gce-discussion@googlegroups.com.
To unsubscribe from this group, send email to gce-discussion+unsubscribe@googlegroups.com.

For more options, visit this group at http://groups.google.com/group/gce-discussion?hl=en.

--
You received this message because you are subscribed to the Google Groups "gce-discussion" group.

To post to this group, send email to gce-discussion@googlegroups.com.
To unsubscribe from this group, send email to gce-discussion+unsubscribe@googlegroups.com.

For more options, visit this group at http://groups.google.com/group/gce-discussion?hl=en.

--
Gerardo Mongelli
gerardo....@gmail.com

--
You received this message because you are subscribed to the Google Groups "gce-discussion" group.

To post to this group, send email to gce-discussion@googlegroups.com.
To unsubscribe from this group, send email to gce-discussion+unsubscribe@googlegroups.com.

For more options, visit this group at http://groups.google.com/group/gce-discussion?hl=en.

--
You received this message because you are subscribed to the Google Groups "gce-discussion" group.

To post to this group, send email to gce-discussion@googlegroups.com.
To unsubscribe from this group, send email to gce-discussion+unsubscribe@googlegroups.com.

For more options, visit this group at http://groups.google.com/group/gce-discussion?hl=en.

--
Gerardo Mongelli
gerardo....@gmail.com

--
You received this message because you are subscribed to the Google Groups "gce-discussion" group.

To post to this group, send email to gce-discussion@googlegroups.com.
To unsubscribe from this group, send email to gce-discussion+unsubscribe@googlegroups.com.

For more options, visit this group at http://groups.google.com/group/gce-discussion?hl=en.

--
You received this message because you are subscribed to the Google Groups "gce-discussion" group.

To post to this group, send email to gce-discussion@googlegroups.com.
To unsubscribe from this group, send email to gce-discussion+unsubscribe@googlegroups.com.

For more options, visit this group at http://groups.google.com/group/gce-discussion?hl=en.

--
Gerardo Mongelli
gerardo....@gmail.com

--
You received this message because you are subscribed to the Google Groups "gce-discussion" group.

To post to this group, send email to gce-discussion@googlegroups.com.
To unsubscribe from this group, send email to gce-discussion+unsubscribe@googlegroups.com.

For more options, visit this group at http://groups.google.com/group/gce-discussion?hl=en.

--
You received this message because you are subscribed to the Google Groups "gce-discussion" group.

To post to this group, send email to gce-discussion@googlegroups.com.
To unsubscribe from this group, send email to gce-discussion+unsubscribe@googlegroups.com.

For more options, visit this group at http://groups.google.com/group/gce-discussion?hl=en.

--
You received this message because you are subscribed to the Google Groups "gce-discussion" group.

To post to this group, send email to gce-discussion@googlegroups.com.
To unsubscribe from this group, send email to gce-discussion+unsubscribe@googlegroups.com.

For more options, visit this group at http://groups.google.com/group/gce-discussion?hl=en.

--
Gerardo Mongelli
gerardo....@gmail.com

[Gerardo Mongelli]

Hi Jeff, 

I tried the following on my side with no success in any case:

Case 1:

- Opened up a pem private key file with puttygen, copied the public key and appended it in the sshKeys box in the GCE console for my "tester" user. Note here that lines 1, 2 and 7, containing starting and ending tags and comments are not included, just the  ssh-rsa AAAAB3N... part of it. 

- Saved the private key as a ppk putty private key file.

- Saved a putty connection configured with an auto-login username = tester and the ppk file I just saved.

Case 2:

- Generated a brand new private key on puttygen, copiedt he public key and appended it in the sshKeys box in the GCE console for my "tester" user. Note here that lines 1, 2 and 7, containing starting and ending tags and comments are not included, just the  ssh-rsa AAAAB3N... part of it. 

- Saved the private key as a ppk putty private key file. 

- Saved a putty connection configured with an auto-login username = tester and the ppk file I just saved.

The only difference was in using an already generated private key outside of puttygen in the first case, or having puttygen generating the private key for me.

Also, how long does it take for the .ssh/authorized_keys to reload the public keys once the sshKeys metadata is modified in the GCE console? Does it happen in seconds/minutes? It applies to all instances configured at once?

I'm using the following format for the sshKeys metadata when setting up multiple users:

username1: ssh-rsa AAABSASdwhatever... ,username2: ssh-rsa AAAADDSASDwhatever..., username3: ssh-rsa AAAAASDSDSDWQ...

is it the right format? 

The public key that puttygen shows in the "Public key for pasting into OpenSSH authorised_keys file" box may contain a comment at the end of it like "rsa-key-20120718". Does the parser treat it as part of the key value? Does it have to be removed?

Following your example, it seems like the only difference between a puttygen public key and a ssh-keygen public key are the start/end tags and the Comment: line, which are only included by puttygen when exporting the public key into a file.

Also, the size of both public keys is different. Does the private key that produces the public key need to be generated as a 2048 bit or as a 1024 bit?

Regards

To post to this group, send email to gce-dis...@googlegroups.com.
To unsubscribe from this group, send email to gce-discussio...@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msg/gce-discussion/-/m1XOZ1-HA3MJ.

For more options, visit https://groups.google.com/groups/opt_out.
 
 

--
Gerardo Mongelli
gerardo....@gmail.com

[Riccardo Carlesso]

Hi Gerardo,

in my humble opinion the first thing to see if the problem is on the client side (Putty) or on the server side (your VMs / API / Google Compute).

To do that, we can run a simple test.

Could you please try to do the same stuff on a Linux or Mac machine?

You can either use different or even the same keys.

If that works on other machines, then maybe we can start inspecting Putty side. 

I always has small pains in the past to configure keys on putty but eventually made it in the end.

Does this make sense?

Regards,

   Riccardo

Riccardo Carlesso | Developer Support Specialist | rcar...@google.com | I'm carless but I couldn't care less

[Jeffrey Silverman]

Gerardo,

All good questions.  I am researching them now and hope to get back to you in about 4 hours.

Jeff Silverman

[Jeffrey Silverman]

Gerardo,

I have a procedure that worked for me.

The problem is that PuTTYgen produces keys that are not in the standard format.  However, it will create a text block that contains the public key in standard form, which you can copy and paste into something else.  The standard format public key that PuTTYgen produces looks like:

ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAIEAyeVUezeCOgDsKX3MnDbUj+YOZ4n4K2f/T5a1M7EPB/QQl1WeDCSy+r0tg9rJcxAJf5nqsoEWOpjO56Bt3URr3ECJwvHf+SEcUZ4jrPy0QEfFbYHBgjZ2Q/V55yfHTxH49iNQ4EXIIgGt/kSFV5SkNOdjVoM8iZrgl1idvJIZun0= rsa-key-20120719

(all one line).  Note that the end of the key has the string rsa-key-DATE.  By way of contrast, a public key produced by ssh-keygen looks like:

ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDRSkm54riqxderHK++tBTYv/vo8YGZejTdzLkU9fH/KBZUv7bVp6s5iL4iAsHMq+4bbD4jSd+p/A78oAmuWpzW1bSyvhVZjIAD7BfYBE35ytHFCw0F5m3ZgOizTAVCso3N/8duagueh2PHxKzSDvqOAHJRXSfols5P8A7qUE31s64KxrwsBT7vDTQQ22C5o8tjHDdscOTNpbDZjJwLU+MJky9+xLzNZ1aL+fU2kBvIuvwNWK12weI8sXQm87EY051D9SRoAVgFnfve1seAgVM1mG9ifRM4InNVJ7gGbWn2P/gG9VeBWW9dKmsbneDRTHDiK1SwxrHGxHmlF0HwZnbt jeffsi...@jeffsdesktop.sea.corp.google.com

(all one line)

The key in standard format can be copied and pasted into the console.  Do not create a new row named sshKeys - that produces a duplicate entry in the communications between the infrastructure and the instance(s).  Append the key to the end of the existing sshKey row.  Click on the save button in the lower left corner.  Wait about 5 minutes for the infrastructure to propagate the sshKey metadata to the instance.  Then you should be able to use PuTTY to SSH into the instance.

Jeff Silverman

[Gerardo Mongelli]

Hi Jeff, 

it is working fine for me now. It is weird as I'd bet I had followed that procedure at some point...

Just for recording, I used a 1024bit private key with puttygen.

Thanks for your patience!

Regards

--
You received this message because you are subscribed to the Google Groups "gce-discussion" group.
To post to this group, send email to gce-dis...@googlegroups.com.
To unsubscribe from this group, send email to gce-discussio...@googlegroups.com.

For more options, visit https://groups.google.com/groups/opt_out.
 
 

--
Gerardo Mongelli
gerardo....@gmail.com

[Michael Artz]

Hi alphacc, how do you get that debug display?

[Kamran (Google Cloud Support)]

Hi Michael,

You can use -v flag with SSH command for verbose mode. This causes ssh to print debugging messages about its progress. This is helpful in debugging connection, authentication, and configuration problems. Multiple -v options increase the verbosity. The maximum is 3. Example:

$ ssh -v server.example.com

Sincerely,