Help talk:Access

• Please add a detailed description of how to access labs using windows oren 16:18, 31 December 2011 (UTC)Reply

This is listed in step 1: "Go to the login page and enter your username..." but it is probably only needed to enter your username in step 2, after you click the Forgot... link. --svemir (talk) 13:01, 6 June 2012 (UTC)Reply

Done, diff jeremyb (talk) 17:58, 6 June 2012 (UTC)Reply

While trying to do ssh nischayn22@bastion.wmflabs.org -L 8080:greensmw1:80 I am able to log into the instance, but when opening localhost:8080 It shows "No Data Recieved" and the console shows "channel 4: open failed: connect failed: Connection timed out"--nischayn22 (talk) 20:21, 16 August 2012 (UTC)Reply

Before you can get forwarding working you need to be able to connect to that port at all. (even from the inside) Make sure something's listening there, double check your security groups (which cannot be changed for an instance after creation) / iptables / etc. Try #wikimedia-labs on freenode if you still can't figure it out.

$ ssh bastion1.pmtpa.wmflabs nc -v greensmw1 80
nc: connect to greensmw1 port 80 (tcp) failed: Connection timed out

What files should and shouldn't be in your /home/$USER/.ssh directory on labs machines? If you try to update a labs instance over ssh from gerrit then I think you need your private key on the labs machine. Is that OK? -- [A concerned user] :)

You should absolutely not have a private ssh key there. If you want to access gerrit, forward your agent. Otherwise, that directory is generally ignored.--Ryan Lane (talk) 18:50, 21 August 2013 (UTC)Reply

ssh is usually rather slow for most users on Labs, I think. Should we add ControlMaster to the configuration suggested to the users? It can make a big difference especially for those used to local editing of remote files (optionally with the help of KIOslaves). --Nemo 10:53, 4 January 2015 (UTC)Reply

now, I cann't access via ssh with an error message Permission denied (publickey,hostbased). what that's mean ? --Wahrani (talk) 20:46, 22 March 2015 (UTC)Reply

This happened to me too, Wahrani. Are you trying to ssh into tools-login? If so I suspect that you need to generate a new pair of keys, since this change suggests that the SSH fingerprint for that server has changed. Yuvi, could you confirm or deny this? jmorgan (talk) 16:59, 23 March 2015 (UTC)Reply

Update. Ah, just checked the mailing list, and it looks like we probably don't need new keys; just remove the tools-login.wmflabs.org line from your /path/to/ssh/known_hosts file and accept the new fingerprint when prompted, next time you try to SSH in. Hope that helps, jmorgan (talk) 17:10, 23 March 2015 (UTC)Reply

thank you very much jmorgan. the denied access was temporary. --Wahrani (talk) 21:01, 23 March 2015 (UTC)Reply

ssh bastion1.eqiad.wmflabs
~/.ssh/config line 20: Bad SSH2 cipher spec 'chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr'.

ssh -V
OpenSSH_6.2p2, OpenSSL 1.0.1k 8 Jan 2015

Any suggestion about that? (usually I wouldn't try to login to bastion directly but I just wanted to try the update config) -- Rillke (talk) 10:08, 13 June 2015 (UTC)Reply

That sounds like you have a cipher spec in your ssh config that is unsupported. Google suggests it's caused by the 'aes128-gcm@openssh.com' one: . I'd just remove the entire cipher spec, and let the client and server work it out among themselves. valhallasw (Merlijn van Deen) (talk) 11:29, 13 June 2015 (UTC)Reply