Skip to content

troubleshooting-ssh.rst

Latest commit

 

History

History
109 lines (70 loc) · 2.68 KB

troubleshooting-ssh.rst

File metadata and controls

109 lines (70 loc) · 2.68 KB
orphan:

Troubleshooting SSH

File permissions

The first thing to check is whether your system has the correct permissions on the following files (you can check the octal representation of the file permission with: stat -c %a <filename>):

# client-side
chmod go-w $HOME
chmod 700 $HOME/.ssh
chmod 600 $HOME/.ssh/config       # (documentation varies 644, 600, 400)
chmod 600 $HOME/.ssh/id_rsa       # (private keys, rsa and other types)
chmod 644 $HOME/.ssh/id_rsa.pub   # (public keys, rsa and other types)
chmod 600 $HOME/.ssh/known_hosts  # (not documented)

# server side:
chmod 600 <other system's home dir>/.ssh/authorized_keys

Ownership

All files and directories under ~/.ssh, as well as ~/.ssh itself, should be owned by the user with id $(id -u).

chown -R $(id -u):$(id -g) ~/.ssh

ssh from the command line

Check if you can access the remote system using OpenSSH instead of Xenon. On Ubuntu-like systems, you can install OpenSSH with:

sudo apt install openssh-client

Increase ssh's verbosity using the -vvvv option (more v's means higher verbosity), e.g.

ssh -vvv user@host

Another useful option is to ask ssh for a list of its configuration options and their values with the -G option, e.g.

ssh -G anyhost
ssh -G user@some.system.com

Sometimes, a connection cannot be set up because of a configuration problem on the server side. If you have access to the server through another way, running

sshd -T

might help track the problem down. Note that the results may be user-dependent, for example the result may be different for root or for a user.

Configuration settings

  1. client-side, user configuration: /etc/ssh/ssh_config
  2. client-side, system configuration $HOME/.ssh/config
  3. server-side, system configuration /etc/ssh/sshd_config

known_hosts

  1. file permission
  2. host name hashed or not hashKnownHosts
  3. removing a given host's key goes like this ssh-keygen -R [localhost]:10022

Xenon with properties

See http://xenon-middleware.github.io/xenon/versions/3.0.1/javadoc/

  1. xenon.adaptors.schedulers.ssh.strictHostKeyChecking
  2. xenon.adaptors.schedulers.ssh.loadKnownHosts
  3. xenon.adaptors.schedulers.ssh.loadSshConfig

Encrypted /home

Might negatively affect things https://help.ubuntu.com/community/SSH/OpenSSH/Keys




:doc:`back to the tutorial</tutorial>`