I have setup the Gerrit using docker-compose.
ref doc: https://github.com/GerritCodeReview/docker-gerrit
I am trying to login on the Gerrit server using SSH protocol.
http is working fine. but i need ssh as well for jenkins
ssh -vv -p 29418 localhost
logs:
[gerrit#957ec687d4a3 ~]$ ssh -vv -p 29418 localhost
OpenSSH_8.0p1, OpenSSL 1.1.1c FIPS 28 May 2019
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Reading configuration data /etc/ssh/ssh_config.d/05-redhat.conf
debug2: checking match for 'final all' host localhost originally localhost
debug2: match not found
debug1: Reading configuration data /etc/crypto-policies/back-ends/openssh.config
debug1: configuration requests final Match pass
debug1: re-parsing configuration
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Reading configuration data /etc/ssh/ssh_config.d/05-redhat.conf
debug2: checking match for 'final all' host localhost originally localhost
debug2: match found
debug1: Reading configuration data /etc/crypto-policies/back-ends/openssh.config
debug2: resolving "localhost" port 29418
debug2: ssh_connect_direct
debug1: Connecting to localhost [127.0.0.1] port 29418.
debug1: Connection established.
debug1: identity file /var/gerrit/.ssh/id_rsa type 0
debug1: identity file /var/gerrit/.ssh/id_rsa-cert type -1
debug1: identity file /var/gerrit/.ssh/id_dsa type -1
debug1: identity file /var/gerrit/.ssh/id_dsa-cert type -1
debug1: identity file /var/gerrit/.ssh/id_ecdsa type -1
debug1: identity file /var/gerrit/.ssh/id_ecdsa-cert type -1
debug1: identity file /var/gerrit/.ssh/id_ed25519 type -1
debug1: identity file /var/gerrit/.ssh/id_ed25519-cert type -1
debug1: identity file /var/gerrit/.ssh/id_xmss type -1
debug1: identity file /var/gerrit/.ssh/id_xmss-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_8.0
debug1: Remote protocol version 2.0, remote software version GerritCodeReview_3.3.3 (APACHE-SSHD-2.4.0)
debug1: no match: GerritCodeReview_3.3.3 (APACHE-SSHD-2.4.0)
debug2: fd 3 setting O_NONBLOCK
debug1: Authenticating to localhost:29418 as 'gerrit'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: local client KEXINIT proposal
debug2: KEX algorithms: curve25519-sha256,curve25519-sha256#libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c
debug2: host key algorithms: ecdsa-sha2-nistp256-cert-v01#openssh.com,ecdsa-sha2-nistp384-cert-v01#openssh.com,ecdsa-sha2-nistp521-cert-v01#openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519-cert-v01#openssh.com,rsa-sha2-512-cert-v01#openssh.com,rsa-sha2-256-cert-v01#openssh.com,ssh-rsa-cert-v01#openssh.com,ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa
debug2: ciphers ctos: aes256-gcm#openssh.com,chacha20-poly1305#openssh.com,aes256-ctr,aes256-cbc,aes128-gcm#openssh.com,aes128-ctr,aes128-cbc,3des-cbc
debug2: ciphers stoc: aes256-gcm#openssh.com,chacha20-poly1305#openssh.com,aes256-ctr,aes256-cbc,aes128-gcm#openssh.com,aes128-ctr,aes128-cbc,3des-cbc
debug2: MACs ctos: umac-128-etm#openssh.com,hmac-sha1-etm#openssh.com,hmac-sha2-256-etm#openssh.com,hmac-sha2-512-etm#openssh.com,umac-128#openssh.com,hmac-sha1,hmac-sha2-256,hmac-sha2-512
debug2: MACs stoc: umac-128-etm#openssh.com,hmac-sha1-etm#openssh.com,hmac-sha2-256-etm#openssh.com,hmac-sha2-512-etm#openssh.com,umac-128#openssh.com,hmac-sha1,hmac-sha2-256,hmac-sha2-512
debug2: compression ctos: none,zlib#openssh.com,zlib
debug2: compression stoc: none,zlib#openssh.com,zlib
debug2: languages ctos:
debug2: languages stoc:
debug2: first_kex_follows 0
debug2: reserved 0
debug2: peer server KEXINIT proposal
debug2: KEX algorithms: ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group18-sha512,diffie-hellman-group17-sha512,diffie-hellman-group16-sha512,diffie-hellman-group15-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: host key algorithms: ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa
debug2: ciphers ctos: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,aes192-cbc,aes256-cbc
debug2: ciphers stoc: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,aes192-cbc,aes256-cbc
debug2: MACs ctos: hmac-sha2-256-etm#openssh.com,hmac-sha2-512-etm#openssh.com,hmac-sha1-etm#openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha1-96,hmac-md5-96
debug2: MACs stoc: hmac-sha2-256-etm#openssh.com,hmac-sha2-512-etm#openssh.com,hmac-sha1-etm#openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha1-96,hmac-md5-96
debug2: compression ctos: none
debug2: compression stoc: none
debug2: languages ctos:
debug2: languages stoc:
debug2: first_kex_follows 0
debug2: reserved 0
debug1: kex: algorithm: ecdh-sha2-nistp256
debug1: kex: host key algorithm: ecdsa-sha2-nistp256
debug1: kex: server->client cipher: aes256-ctr MAC: hmac-sha1-etm#openssh.com compression: none
debug1: kex: client->server cipher: aes256-ctr MAC: hmac-sha1-etm#openssh.com compression: none
debug1: kex: ecdh-sha2-nistp256 need=32 dh_need=32
debug1: kex: ecdh-sha2-nistp256 need=32 dh_need=32
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:QJIkQCiy/Pi43QI2H6A9OBVOY4f+7tpIK+W+Nwi2C6g
debug1: Host '[localhost]:29418' is known and matches the ECDSA host key.
debug1: Found key in /var/gerrit/.ssh/known_hosts:1
debug2: set_newkeys: mode 1
debug1: rekey out after 4294967296 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug2: set_newkeys: mode 0
debug1: rekey in after 4294967296 blocks
debug1: Will attempt key: /var/gerrit/.ssh/id_rsa RSA SHA256:dBSjzg5IkLz0ShVN2T2ig8S+VuEB2/Qf4/l4t6YPv+Y
debug1: Will attempt key: /var/gerrit/.ssh/id_dsa
debug1: Will attempt key: /var/gerrit/.ssh/id_ecdsa
debug1: Will attempt key: /var/gerrit/.ssh/id_ed25519
debug1: Will attempt key: /var/gerrit/.ssh/id_xmss
debug2: pubkey_prepare: done
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Offering public key: /var/gerrit/.ssh/id_rsa RSA SHA256:dBSjzg5IkLz0ShVN2T2ig8S+VuEB2/Qf4/l4t6YPv+Y
debug2: we sent a publickey packet, wait for reply
debug1: Authentications that can continue: publickey
debug1: Trying private key: /var/gerrit/.ssh/id_dsa
debug1: Trying private key: /var/gerrit/.ssh/id_ecdsa
debug1: Trying private key: /var/gerrit/.ssh/id_ed25519
debug1: Trying private key: /var/gerrit/.ssh/id_xmss
debug2: we did not send a packet, disable method
debug1: No more authentication methods to try.
gerrit#localhost: Permission denied (publickey).
I am trying these scenario inside the Gerrit container
please someone help on this isssue,
you can see in the below image add ssh key button is disable. I am not able
add the key.
It would get enabled when you input a public ssh key in the box above where it says "New SSH Key"
There are a few things you are doing wrong
You should not login from within the gerrit container as it will use the gerrit user and ssh key. There is no gerrit user in gerrit in such a way
You should create a new user, are you using LDAP?
Next, log in to gerrit using that users credentials and add the public ssh key from the user in the user profile. Depending on your server url: https://myserver.net/settings/#SSHKeys
Now you should be able to connect
I logged in to a HPC using:
ssh -p 2222 user#hpc.edu
and then started Jupyter notebook using:
jupyter notebook --no-browser --port=9999
I got a url:
http://localhost:9999/?token=0518475c55eaafb82abce7d2d5344b48174012
Then I tried to access the Jupyter notebook remotely using my computer:
ssh -p 2222 user#hpc.edu -L 9999:localhost:9999 -N
The connection is refused after taking a long time:
channel 2: open failed: connect failed: Connection refused
I remember earlier being able to access the notebook by not putting
-p 2222
in the ssh command anywhere. But now I have to do it to ssh remotely. Is there any other change of command needed to access the jupyter notebook remotely?
EDIT:
I added -v -v to the command that I executed on my computer. Here is what it says:
password: debug2: input_userauth_info_req debug2: input_userauth_info_req: num_prompts 0 debug1: Authentication succeeded (keyboard-interactive). Authenticated to bridges.psc.edu ([128.182.108.57]:2222). debug1: Local connections to LOCALHOST:9999 forwarded to remote address localhost:9999 debug1: Local forwarding listening on ::1 port 9999. debug2: fd 4 setting O_NONBLOCK debug1: channel 0: new [port listener] debug1: Local forwarding listening on
127.0.0.1 port 9999. debug2: fd 5 setting O_NONBLOCK debug1: channel 1: new [port listener] debug2: fd 3 setting TCP_NODELAY debug1: Requesting no-more-sessions#openssh.com debug1: Entering interactive session. debug1: pledge: network debug1: client_input_global_request: rtype keepalive#openssh.com want_reply 1 debug1: Connection to port 9999 forwarding to localhost port 9999 requested. debug2: fd 6 setting TCP_NODELAY debug2: fd 6 setting O_NONBLOCK debug1: channel 2: new [direct-tcpip] channel 2: open failed: connect failed: Connection refused debug2: channel 2: zombie debug2: channel 2: garbage collecting debug1: channel 2: free: direct-tcpip: listening port 9999 for localhost port 9999, connect from 127.0.0.1 port 54542 to
127.0.0.1 port 9999, nchannels 3 debug1: Connection to port 9999 forwarding to localhost port 9999 requested. debug2: fd 6 setting TCP_NODELAY debug2: fd 6 setting O_NONBLOCK debug1: channel 2: new [direct-tcpip] channel 2: open failed: connect failed: Connection refused
I had tried to follow this:
http://ipyrad.readthedocs.io/HPC_Tunnel.html
This one works for me. First, start Jupyter from your server using:
jupyter notebook --no-browser --port=7002
Then from your local machine, you can tunnel to Jupyter using the following code
ssh -N -f -L localhost:7001:localhost:7002 user#hpc.edu
Now you can access the Jupyter from your local machine by browsing localhost:7001
More details can be found here: here
Scenario...
WiFi Network home = Can connect with my Digital Ocean servers fine via SSH;
WiFi Network work = Can't connect with my Digital Ocean servers via SSH;
WiFi Network work SSH debug:
OpenSSH_6.6.1, OpenSSL 1.0.1f 6 Jan 2014
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug2: ssh_connect: needpriv 0
debug1: Connecting to xxx.xxx.xxx.xxx [xxx.xxx.xxx.xxx] port 22.
debug1: connect to address xxx.xxx.xxx.xxx port 22: Connection timed out
ssh: connect to host xxx.xxx.xxx.xxx port 22: Connection timed out
Anyone?
Try to check with nc
nc -zvw4 your_host 22
If not open - probably 22 port not allowed in your network, you can ask your network administrator about it
on your server make forward from 443 to 22 via iptables, for example:
iptables -t nat -I PREROUTING -i eth0 -p tcp -m tcp --dport 443 -j REDIRECT --to-ports 22
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 5 years ago.
Improve this question
I've got issues with OpenVPN and SSH (and other services):
I can connect to the VPN without any error messages.
If I then want to connect to a computer inside the VPN via SSH i get the error: "ssh_exchange_identification: read: Connection reset by peer".
On which machine this problem occurs differs from day to day and connection to connection.
$ ssh root#storage -vvv
OpenSSH_6.9p1, OpenSSL 1.0.1k-fips 8 Jan 2015
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 56: Applying options for *
debug2: ssh_connect: needpriv 0
debug1: Connecting to storage [192.168.1.5] port 22.
debug1: Connection established.
debug1: identity file /home/ewald/.ssh/id_rsa type 1
debug1: key_load_public: No such file or directory
debug1: identity file /home/ewald/.ssh/id_rsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/ewald/.ssh/id_dsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/ewald/.ssh/id_dsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/ewald/.ssh/id_ecdsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/ewald/.ssh/id_ecdsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/ewald/.ssh/id_ed25519 type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/ewald/.ssh/id_ed25519-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.9
ssh_exchange_identification: read: Connection reset by peer
If I can connect to a different machine inside the VPN, I can SSH to my target.
Also I tried to configure a Port Forwarding for port 22 on the Remote Router and conected from my client very often via this forwarding and it always worked, so I don't think the problem is the SSH server or client configuration.
So I tried many settings in the OpenVPN configuration (different link-mtus, tcp instead of udp, disabled lzo, ...), installed it on a different machine (default OpenVPN server is in an Ubuntu 12.04 VM. I tried to install it on bare metal too) and nothing changed.
Since the problem appeared the first time even the ISP was changed (from DSL to Fiber).
The problem exists with other client machines too: A macbook using viscosity (tunnelblick doesn't work either), several linux boxes: fedora, ubuntu, ...
Sometimes I also don't receive an answer from the HTTP-server (even when I can connect to it using SSH)
The HTTP-server itself is accessible from the internal network and via my SSH-tunnel (using it as SOCKS proxy), so the problem must be the OpenVPN connection.
Can anyone help me? How can i check, if there are problems with the connection itself?
TCP-dump:
$ sudo tcpdump -i tun0 dst port 22
15:56:17.689847 IP myclient.60920 > storage.ssh: Flags [S], seq 729708226, win 29200, options [mss 1460,sackOK,TS val 3108117687 ecr 0,nop,wscale 7], length 0
15:56:17.717556 IP myclient.60920 > storage.ssh: Flags [.], ack 2044707578, win 229, options [nop,nop,TS val 3108117714 ecr 1518717699], length 0
15:56:17.717949 IP myclient.60920 > storage.ssh: Flags [P.], seq 0:21, ack 1, win 229, options [nop,nop,TS val 3108117715 ecr 1518717699], length 21
15:56:17.945811 IP myclient.60920 > storage.ssh: Flags [P.], seq 0:21, ack 1, win 229, options [nop,nop,TS val 3108117943 ecr 1518717699], length 21
Maybe the POSTROUTING rule is missing, can you paste the result of this command (on the openvpn server) ?
iptables -L -t nat
If there is no rules you can try :
iptables -t nat -A POSTROUTING -j MASQUERADE
Also verify the ipv4 forwarding (on the openvpn server):
cat /proc/sys/net/ipv4/ip_forward
If the result is 0, you must add this line in '/etc/sysctl.conf':
net.ipv4.ip_forward = 1
Tell me if it helps
I'm a newbie with everything network related and i want to access a remote client through another server (tunnel),
say for example a remote client 11.11.111.111 with username user2 and password2 , and a tunnel through 11.11.10.01 with username user1 and password1
I can ping successfully the adress tunnel address.
but when i try to access the remote client using cygwin :
ssh -vv -o 'ProxyCommand ssh -vv user1#11.11.10.01 nc %h %p' user2#11.11.111.111
I get this error :
OpenSSH_6.4, OpenSSL 1.0.1f 6 Jan 2014
debug2: ssh_connect: needpriv 0
debug1: Executing proxy command: exec ssh -vv user1#11.11.10.01 nc 11.11.111.111 22
debug1: permanently_drop_suid: 146765
debug1: identity file /home/user1/.ssh/id_rsa type -1
debug1: identity file /home/user1/.ssh/id_rsa-cert type -1
debug1: identity file /home/user1/.ssh/id_dsa type -1
debug1: identity file /home/user1/.ssh/id_dsa-cert type -1
debug1: identity file /home/user1/.ssh/id_ecdsa type -1
debug1: identity file /home/user1/.ssh/id_ecdsa-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.4
OpenSSH_6.4, OpenSSL 1.0.1f 6 Jan 2014
debug2: ssh_connect: needpriv 0
debug1: Connecting to 11.11.10.01 [11.11.10.01] port 22.
debug1: connect to address 11.11.10.01 port 22: Connection timed out
ssh: connect to host 11.11.10.01 port 22: Connection timed out
ssh_exchange_identification: Connection closed by remote host
Is my command correct, any ideas on possible causes ?
are there ways i can troubleshoot (preferbly on my machine and not on server and remote client) ?
I believe it is just a partial answer but try connecting with ssh to 11.11.10.01 with:
ssh user1#11.11.10.01 -L20022:11.11.111.111:22
and then in another window connect via:
ssh user2#127.0.0.1 -p20022
In such way you will get your error in the first terminal window.