Welcome to the Linux Foundation Forum!

Lab 14.1: Can't ssh into container

I'm getting the following error when trying to ssh into the app:

 cf ssh web-ui
FAILED
Error opening SSH connection: ssh: handshake failed: EOF

I'm using the Suse Cloud Application Platform Developer Sandbox (cf version 6.53.0+8e2b70a4a.2020-10-01).

ssh is allowed in the app and in the space. Trace logs are attached to this post.

I had a quick look at the docs and I'm thinking that this issue might be related to TLS.

Some guidance is appreciated. Thanks!

Comments

  • gerardocl
    gerardocl Posts: 11
    edited January 27

    I tried to ssh without the CLI following the steps in the doc and got a failure again.

    ssh -p 2222 cf:7cb22e46-2600-4194-a38a-c0218dc4213c/[email protected] -v
    OpenSSH_8.2p1 Ubuntu-4ubuntu0.1, OpenSSL 1.1.1f  31 Mar 2020
    debug1: Reading configuration data /etc/ssh/ssh_config
    debug1: /etc/ssh/ssh_config line 19: include /etc/ssh/ssh_config.d/*.conf matched no files
    debug1: /etc/ssh/ssh_config line 21: Applying options for *
    debug1: Connecting to ssh.cap.explore.suse.dev [44.236.106.176] port 2222.
    debug1: Connection established.
    debug1: identity file /home/master/.ssh/id_rsa type -1
    debug1: identity file /home/master/.ssh/id_rsa-cert type -1
    debug1: identity file /home/master/.ssh/id_dsa type -1
    debug1: identity file /home/master/.ssh/id_dsa-cert type -1
    debug1: identity file /home/master/.ssh/id_ecdsa type -1
    debug1: identity file /home/master/.ssh/id_ecdsa-cert type -1
    debug1: identity file /home/master/.ssh/id_ecdsa_sk type -1
    debug1: identity file /home/master/.ssh/id_ecdsa_sk-cert type -1
    debug1: identity file /home/master/.ssh/id_ed25519 type -1
    debug1: identity file /home/master/.ssh/id_ed25519-cert type -1
    debug1: identity file /home/master/.ssh/id_ed25519_sk type -1
    debug1: identity file /home/master/.ssh/id_ed25519_sk-cert type -1
    debug1: identity file /home/master/.ssh/id_xmss type -1
    debug1: identity file /home/master/.ssh/id_xmss-cert type -1
    debug1: Local version string SSH-2.0-OpenSSH_8.2p1 Ubuntu-4ubuntu0.1
    kex_exchange_identification: Connection closed by remote host
    

    So it might as well be an issue with the Cloud Foundry provider. I'll try to reach their support.

  • It could be TLS, it could also be related to settings in that provider. Can you verify ssh is enabled for:

    • the app: cf ssh-enabled
    • the space: cf space-ssh-allowed
  • spgreenberg
    spgreenberg Posts: 81
    edited January 27

    Can you also verify that you have a default ssh key on the machine you are running the CLI? You should have it in /home/your-username/.ssh/id_rsa

  • gerardocl
    gerardocl Posts: 11
    edited January 28

    Hi,

    cf ssh-enabled web-ui
    ssh support is enabled for 'web-ui'
    ...
    cf space-ssh-allowed dev
    ssh support is enabled in space 'dev'
    ...
    cf target
    api endpoint:   "https://api.cap.explore.suse.dev"
    api version:    2.153.0
    space:          dev
    ...
    cf ssh web-ui
    FAILED
    Error opening SSH connection: ssh: handshake failed: EOF
    

    I didn't have a default ssh key. So I followed this guide and used ssh-keygen to create one. However, I'm not sure how to install the public key in the CF container.

    The results were the same as before, nonetheless.

  • spgreenberg
    spgreenberg Posts: 81
    edited January 28

    You shouldn't need to add the public key to CF. Having a private key in ~/.ssh/id_rsa is often a requirement of most client-side ssh tools to function properly.

    I notice you are using Suse CAP. If you would like I can take a look if you add me as a Space Developer. I am at the end of my day but can look first thing in the morning.

    If you want me to look, you can:

    cf set-space-role [email protected] YOUR_ORG dev SpaceDeveloper
    

    Once I am done, you can remove me with:

    cf unset-space-role [email protected] YOUR_ORG dev SpaceDeveloper
    

    If you prefer not, that is ok too. The Suse support team should be able to help.

  • gerardocl
    gerardocl Posts: 11

    Hi,

    Sure, I have added you to my space.

    I have also submitted an issue with Suse Support and we hopefully arrive somewhere.

    Thanks a lot for the help!

  • I just took a look and I believe the issue is with Suse CAP. Everything looks like it is set up correctly, but I was unable to ssh with the error:

    ssh: handshake failed: read tcp 192.168.86.101:52301->52.13.25.137:2222: read: connection reset by peer
    

    I believe this points to a load balancer issue in their configuration. Sorry I could not help more. You can remove me from your space with

    cf unset-space-role [email protected] YOUR_ORG dev SpaceDeveloper
    
  • Incidentally, I also tried to connect to the app using the stratos UI (https://stratos.cap.explore.suse.dev/). This also failed with an error. In this case, the error is:

    Websocket connection failed
    
  • gerardocl
    gerardocl Posts: 11

    Hi @spgreenberg,

    Thanks a lot for your help. I'll try to reproduce the issue and give more information to the Suse CAP Support.

    I might try this exercise with another CF provider though.

    Again, thanks!

  • neburiam2
    neburiam2 Posts: 1

    @gerardocl said:
    Hi @spgreenberg,

    Thanks a lot for your help. I'll try to reproduce the issue and give more information to the Suse CAP Support.

    I might try this exercise with another CF provider though.

    Again, thanks!

    Hi there,

    it seems that I'm just hitting the same issue as the one described above ("ssh: handshake failed: EOF") when trying to connect via ssh in a Suse CAP environment. Did you manage to work it out in the end? If not, do you know of any other (free) CF provider you may suggest to complete this exercise in particular? I first tried PCF on my laptop but I wasn't able to set it up (BOSH director deployment always times out while uploading the certificates related to uaa).

    Thank you in advance,
    Best regards.

  • spgreenberg
    spgreenberg Posts: 81

    I don't know the status of ssh in Suse CAP. However, you should be able to sign up for a free trial on SAP cloud platform: https://developers.sap.com/tutorials/hcp-create-trial-account.html

Categories

Upcoming Training