Lab 14.1: Can't ssh into container

gerardocl

I'm getting the following error when trying to ssh into the app:

 cf ssh web-ui
FAILED
Error opening SSH connection: ssh: handshake failed: EOF

I'm using the Suse Cloud Application Platform Developer Sandbox (cf version 6.53.0+8e2b70a4a.2020-10-01).

ssh is allowed in the app and in the space. Trace logs are attached to this post.

I had a quick look at the docs and I'm thinking that this issue might be related to TLS.

Some guidance is appreciated. Thanks!

gerardocl

I tried to ssh without the CLI following the steps in the doc and got a failure again.

ssh -p 2222 cf:7cb22e46-2600-4194-a38a-c0218dc4213c/0@ssh.cap.explore.suse.dev -v
OpenSSH_8.2p1 Ubuntu-4ubuntu0.1, OpenSSL 1.1.1f  31 Mar 2020
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: include /etc/ssh/ssh_config.d/*.conf matched no files
debug1: /etc/ssh/ssh_config line 21: Applying options for *
debug1: Connecting to ssh.cap.explore.suse.dev [44.236.106.176] port 2222.
debug1: Connection established.
debug1: identity file /home/master/.ssh/id_rsa type -1
debug1: identity file /home/master/.ssh/id_rsa-cert type -1
debug1: identity file /home/master/.ssh/id_dsa type -1
debug1: identity file /home/master/.ssh/id_dsa-cert type -1
debug1: identity file /home/master/.ssh/id_ecdsa type -1
debug1: identity file /home/master/.ssh/id_ecdsa-cert type -1
debug1: identity file /home/master/.ssh/id_ecdsa_sk type -1
debug1: identity file /home/master/.ssh/id_ecdsa_sk-cert type -1
debug1: identity file /home/master/.ssh/id_ed25519 type -1
debug1: identity file /home/master/.ssh/id_ed25519-cert type -1
debug1: identity file /home/master/.ssh/id_ed25519_sk type -1
debug1: identity file /home/master/.ssh/id_ed25519_sk-cert type -1
debug1: identity file /home/master/.ssh/id_xmss type -1
debug1: identity file /home/master/.ssh/id_xmss-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_8.2p1 Ubuntu-4ubuntu0.1
kex_exchange_identification: Connection closed by remote host

So it might as well be an issue with the Cloud Foundry provider. I'll try to reach their support.

spgreenberg

It could be TLS, it could also be related to settings in that provider. Can you verify ssh is enabled for:

• the app: cf ssh-enabled
• the space: cf space-ssh-allowed

spgreenberg

Can you also verify that you have a default ssh key on the machine you are running the CLI? You should have it in /home/your-username/.ssh/id_rsa

gerardocl

Hi,

cf ssh-enabled web-ui
ssh support is enabled for 'web-ui'
...
cf space-ssh-allowed dev
ssh support is enabled in space 'dev'
...
cf target
api endpoint:   "https://api.cap.explore.suse.dev"
api version:    2.153.0
space:          dev
...
cf ssh web-ui
FAILED
Error opening SSH connection: ssh: handshake failed: EOF

I didn't have a default ssh key. So I followed this guide and used ssh-keygen to create one. However, I'm not sure how to install the public key in the CF container.

The results were the same as before, nonetheless.

spgreenberg

You shouldn't need to add the public key to CF. Having a private key in ~/.ssh/id_rsa is often a requirement of most client-side ssh tools to function properly.

I notice you are using Suse CAP. If you would like I can take a look if you add me as a Space Developer. I am at the end of my day but can look first thing in the morning.

If you want me to look, you can:

cf set-space-role sgreenberg@rscale.io YOUR_ORG dev SpaceDeveloper

Once I am done, you can remove me with:

cf unset-space-role sgreenberg@rscale.io YOUR_ORG dev SpaceDeveloper

If you prefer not, that is ok too. The Suse support team should be able to help.

gerardocl

Hi,

Sure, I have added you to my space.

I have also submitted an issue with Suse Support and we hopefully arrive somewhere.

Thanks a lot for the help!

spgreenberg

I just took a look and I believe the issue is with Suse CAP. Everything looks like it is set up correctly, but I was unable to ssh with the error:

ssh: handshake failed: read tcp 192.168.86.101:52301->52.13.25.137:2222: read: connection reset by peer

I believe this points to a load balancer issue in their configuration. Sorry I could not help more. You can remove me from your space with

cf unset-space-role sgreenberg@rscale.io YOUR_ORG dev SpaceDeveloper

spgreenberg

Incidentally, I also tried to connect to the app using the stratos UI (https://stratos.cap.explore.suse.dev/). This also failed with an error. In this case, the error is:

Websocket connection failed

gerardocl

Hi @spgreenberg,

Thanks a lot for your help. I'll try to reproduce the issue and give more information to the Suse CAP Support.

I might try this exercise with another CF provider though.

Again, thanks!

neburiam2

@gerardocl said:
Hi @spgreenberg,

Thanks a lot for your help. I'll try to reproduce the issue and give more information to the Suse CAP Support.

I might try this exercise with another CF provider though.

Again, thanks!

Hi there,

it seems that I'm just hitting the same issue as the one described above ("ssh: handshake failed: EOF") when trying to connect via ssh in a Suse CAP environment. Did you manage to work it out in the end? If not, do you know of any other (free) CF provider you may suggest to complete this exercise in particular? I first tried PCF on my laptop but I wasn't able to set it up (BOSH director deployment always times out while uploading the certificates related to uaa).

Thank you in advance,
Best regards.

spgreenberg

I don't know the status of ssh in Suse CAP. However, you should be able to sign up for a free trial on SAP cloud platform: https://developers.sap.com/tutorials/hcp-create-trial-account.html