Skip to content

I cannot ssh to localhost

Note - these commands are here based on some reading, I need a tester. If you are reading this and need help to SSH onto localhost at one of the NP04 servers, get in touch with me either by email at pawel.plesniak15@imperial.ac.uk or on Slack at Pawel Plesniak. Once these are validated I will be able to remove this comment.

Setup your keys for authentication

To use drunc, you need to be able to ssh to localhost. Currently, drunc operates based on connecting to the relevant hosts through ssh and starting the processes. For the test sessions, the connections are all to localhost. To validate that you can connect to the relevant host, see the drunc-ssh-doctor, or try running your session with -l debug as this will give you the most verbose output as to why the ssh connection is failing. To get the ssh connections working for first time users, please try:

bash
ssh-keygen -t ed25519 -f ~/.ssh/id_ed25519 -C "localhost-access"
cat ~/.ssh/id_ed25519.pub >> ~/.ssh/authorized_keys
chmod 700 ~/.ssh
chmod 600 ~/.ssh/authorized_keys
ssh -i ~/.ssh/id_ed25519 youruser@yourserver

Here's a quick explanation of what is happening:

  • ssh-keygen - generates a key for accessing localhost through a ke

  • cat - adds the key to your list of authorized_keys

  • chmod - changes the permission levels for this file, sets the correct permission levels

  • ssh - tests an ssh key to localhost using the key that you have generated

I cannot ssh from NP04 servers to github

Include this in your .ssh/config on your standard np04 server (I suggest np04-srv-019) 

bash
Host github.com
    ProxyCommand ssh -q lxplus nc %h %p

My ssh connection is slow / Connectivity service does not start on boot

This is likely to do with your ssh configuration. Try using drunc-ssh-doctor to see if you can connect to all the hosts required by the given configuration. If this works slowly, try doing the following

bash
ssh -o StrictHostKeyChecking=no -vv cern_username@host_name echo "HELLLOOOOOOO"
Slow connections will see 
bash
debug1: Next authentication method: gssapi-with-mic
debug1: Unspecified GSS failure.  Minor code may provide more information
Configuration file does not specify default realm


debug2: we sent a gssapi-with-mic packet, wait for reply
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,keyboard-interactive
Adding this to your ~/.ssh/config will resolve the issue 
bash
Host *
  IdentitiesOnly yes
  PreferredAuthentications publickey
  ServerAliveInterval 5
  ServerAliveCountMax 6
  ForwardX11 no
  Protocol 2
To break this down:

  • IdentitiesOnly - only tries identities explicitly specified in your config file, instead of all identities loaded by the SSH agent or all available identity files.

  • PreferredAuthentications - restrics the authentication method to use publickey only instead of password, keyboard-interactive, or GSSAPI.

  • ServerAliveInterval - SSH client sends a keep-alive message every 5 seconds if no data is received from the server

  • ServerAliveCountMax - after the SSH client sends 6 unanswered keep-alives, it assumes the server is dead and disconnects

  • ForwardX11 - disables X11 forwarding

  • Protocol - for legacy support, forces use of SSH protocol version 2 which is more secure than protocol 1