Permission Denied (Publickey)

46 views
Skip to first unread message

Colin Foley

unread,
Sep 22, 2020, 3:08:01 PM9/22/20
to GENI Users
I am using exogeni for a networking class. 
I am able to successfully ticket a node and it becomes active. However, if I try to ssh into any node created (regardless of which rack is chosen) I get permission denied (publickey)

I have encryption on the key and have verified it is the same key as from the geni website as well as verified that my .flukes.properties is correct.

Thanks for any help you can provide.
Colin

Baldin, Ilya

unread,
Sep 22, 2020, 3:42:00 PM9/22/20
to geni-...@googlegroups.com
Flukes doesn’t get your key from the portal - it gets it straight from your filesystem. Is it possible you are using the wrong private key when trying to log in (i.e. you are using the private key for the key pair held by GENI Portal, but on your filesystem you have another key pair and Flukes picks it up? Your flukes.properties should be pointing to a key pair that you have on your filesystem. 

-ilya

Ilya Baldin, PhD
Director, Networking Research and Infrastructure
RENCI/UNC Chapel Hill



--
GENI Users is a community supported mailing list, so please help by responding to questions you know the answer to.
 
If this is your first time posting a question to this list, please review http://groups.geni.net/geni/wiki/GENIExperimenter/CommunityMailingList
---
You received this message because you are subscribed to the Google Groups "GENI Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to geni-users+...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/geni-users/98c201d1-23e7-4f5b-b377-d027139611d1n%40googlegroups.com.

Colin Foley

unread,
Sep 22, 2020, 11:07:29 PM9/22/20
to geni-...@googlegroups.com
Thank you for the quick response. I have confirmed that it is pointing to the correct key. There is only 1 pair of keys in the ~/.ssh folder which is where .flukes.properties is pointing and this is the one I had downloaded from Geni and moved into that location.

-Colin

You received this message because you are subscribed to a topic in the Google Groups "GENI Users" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/geni-users/kUwS22LtBPk/unsubscribe.
To unsubscribe from this group and all its topics, send an email to geni-users+...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/geni-users/6BBC96F6-5EF5-49A4-8B21-0847791FF222%40renci.org.

Baldin, Ilya

unread,
Sep 22, 2020, 11:23:42 PM9/22/20
to geni-...@googlegroups.com
Please provide information about your slice name and controller used to start the slice. 

Colin Foley

unread,
Sep 23, 2020, 12:25:25 AM9/23/20
to geni-...@googlegroups.com
My slice name was cmfoley2-D and my controller was ExoSM

-Colin

Mert Cevik

unread,
Sep 23, 2020, 10:54:37 AM9/23/20
to geni-...@googlegroups.com
Hello Colin,

I confirmed that slices can be created successfully on both RENCI and NCSU racks and user keys can be passed to the slivers.

To understand what is going on with your slices, can you create a new slice that we can work on? Previous reservations are already closed.

Best regards,

Mert


Colin Foley

unread,
Sep 23, 2020, 11:13:55 AM9/23/20
to geni-...@googlegroups.com
Mert,

I have provisioned a new slice cmfoley2-E.

-Colin


Mert Cevik

unread,
Sep 23, 2020, 11:44:59 AM9/23/20
to geni-...@googlegroups.com
Thank you very much. I will get back in about an hour. 

Mert Cevik

unread,
Sep 23, 2020, 12:41:53 PM9/23/20
to geni-...@googlegroups.com
SSH key below is the one that is passed to the VM

ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCs6xYVg6EQe73H31jKrW5TEoPhBTvdawTQd4kymXEHQ/RxussJdLcMkQM5WGZ4+nHT66+9W1yY87GPjvjco2akfFsOm2d9mGEBUi+HCl//Sos03k4q16sJiSp5DBRQaVTRfACoi1PNZ72CXp81QwFqlWAHvQkR3i973cW7PDLiJSQx/t6OiCyRw0UCI6fbcdBhZic7rxhAqeUBGJzyI8S8kQ7yAOJMzVXzqf/eZ8iRioe+YlLSKR0FsF1Fd8eFl+V2652BYYE1pIy1ojX2Hv+kRyAEAgOmqusVnLY2ornvn6ZewPIS8ATRgfrWs3bw+b29FnRrjNA4K+JZB4rwtjjD cmfoley2


Can you try something very quick? 
Can you insert a guest SSH key via Flukes with Slice Operations ---> Insert guest SSH Key ? 
With a guest username (can be anything) and your SSH public key .

Screen Shot 2020-09-23 at 12.39.29.png





Colin Foley

unread,
Sep 23, 2020, 3:09:40 PM9/23/20
to geni-...@googlegroups.com
I have inserted a guest key and tried to ssh in, to no result
I also tried copying that key you said was passed to the VM into a new .pub file and using the command `ssh  -i ~/.ssh/fake_rsa.pub -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no ro...@129.7.98.86 -p 22` but that also did not allow me to connect

-Colin

Baldin, Ilya

unread,
Sep 23, 2020, 3:40:03 PM9/23/20
to geni-...@googlegroups.com
That right there is the problem or part of it:

`ssh  -i ~/.ssh/fake_rsa.pub …. 

You should be using your *private* key to login. Your public key should be already in the VM.

-ilya

Ilya Baldin, PhD
Director, Networking Research and Infrastructure
RENCI/UNC Chapel Hill


On Sep 23, 2020, at 3:09 PM, Colin Foley <foleyc...@gmail.com> wrote:

I have inserted a guest key and tried to ssh in, to no result
I also tried copying that key you said was passed to the VM into a new .pub file and using the command `ssh  -i ~/.ssh/fake_rsa.pub -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no ro...@129.7.98.86 -p 22` but that also did not allow me to connect

-Colin

On Wed, Sep 23, 2020, 12:41 PM Mert Cevik <mert...@gmail.com> wrote:
SSH key below is the one that is passed to the VM

ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCs6xYVg6EQe73H31jKrW5TEoPhBTvdawTQd4kymXEHQ/RxussJdLcMkQM5WGZ4+nHT66+9W1yY87GPjvjco2akfFsOm2d9mGEBUi+HCl//Sos03k4q16sJiSp5DBRQaVTRfACoi1PNZ72CXp81QwFqlWAHvQkR3i973cW7PDLiJSQx/t6OiCyRw0UCI6fbcdBhZic7rxhAqeUBGJzyI8S8kQ7yAOJMzVXzqf/eZ8iRioe+YlLSKR0FsF1Fd8eFl+V2652BYYE1pIy1ojX2Hv+kRyAEAgOmqusVnLY2ornvn6ZewPIS8ATRgfrWs3bw+b29FnRrjNA4K+JZB4rwtjjD cmfoley2

Can you try something very quick? 
Can you insert a guest SSH key via Flukes with Slice Operations ---> Insert guest SSH Key ? 
With a guest username (can be anything) and your SSH public key .

Baldin, Ilya

unread,
Sep 23, 2020, 3:48:53 PM9/23/20
to geni-...@googlegroups.com
I suggest you regenerate a new ssh key pair and try again. Something like this:

$ ssh-keygen -t rsa -f mynewrsakey 

This will generate two files mynewrsakey (private key) and mynewrsakey.pub (public key). Please make sure flukes properties is set so

ssh.key=/path/to/mynewrsakey

and

ssh.pubkey=/path/to/mynewrsakey.pub

(remember to restart Flukes after changing properties)

When logging in if you right click on the node in Flukes and look for properties, it will actually provide the full command line to execute to SSH into the instance including the path to the key, similar to what you showed before (maybe you already found this option):

ssh  -i /path/to/mynewrsakey -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no root@<whatever ip address> -p 22

-ilya

Ilya Baldin, PhD
Director, Networking Research and Infrastructure
RENCI/UNC Chapel Hill


Colin Foley

unread,
Sep 23, 2020, 6:07:52 PM9/23/20
to geni-...@googlegroups.com
This worked. Thank you!!! <3

Idk why generating a key was not working before when I tried it but it is now.

Reply all
Reply to author
Forward
0 new messages