Help talk:Access
- Please add a detailed description of how to access labs using windows oren 16:18, 31 December 2011 (UTC)
Minor tweak for login instructions
This is listed in step 1: "Go to the login page and enter your username..." but it is probably only needed to enter your username in step 2, after you click the Forgot... link. --svemir (talk) 13:01, 6 June 2012 (UTC)
- Done, diff jeremyb (talk) 17:58, 6 June 2012 (UTC)
Forwarding not working
While trying to do ssh nischayn22@bastion.wmflabs.org -L 8080:greensmw1:80 I am able to log into the instance, but when opening localhost:8080 It shows "No Data Recieved" and the console shows "channel 4: open failed: connect failed: Connection timed out"--nischayn22 (talk) 20:21, 16 August 2012 (UTC)
- Before you can get forwarding working you need to be able to connect to that port at all. (even from the inside) Make sure something's listening there, double check your security groups (which cannot be changed for an instance after creation) / iptables / etc. Try #wikimedia-labs on freenode if you still can't figure it out.
$ ssh bastion1.pmtpa.wmflabs nc -v greensmw1 80 nc: connect to greensmw1 port 80 (tcp) failed: Connection timed out
What should be in labs ~/.ssh
What files should and shouldn't be in your /home/$USER/.ssh directory on labs machines? If you try to update a labs instance over ssh from gerrit then I think you need your private key on the labs machine. Is that OK? -- [A concerned user] :)
- You should absolutely not have a private ssh key there. If you want to access gerrit, forward your agent. Otherwise, that directory is generally ignored.--Ryan Lane (talk) 18:50, 21 August 2013 (UTC)
ControlMaster
ssh is usually rather slow for most users on Labs, I think. Should we add ControlMaster to the configuration suggested to the users? It can make a big difference especially for those used to local editing of remote files (optionally with the help of KIOslaves). --Nemo 10:53, 4 January 2015 (UTC)
Permission denied
now, I cann't access via ssh with an error message Permission denied (publickey,hostbased). what that's mean ? --Wahrani (talk) 20:46, 22 March 2015 (UTC)
- This happened to me too, Wahrani. Are you trying to ssh into tools-login? If so I suspect that you need to generate a new pair of keys, since this change suggests that the SSH fingerprint for that server has changed. Yuvi, could you confirm or deny this? jmorgan (talk) 16:59, 23 March 2015 (UTC)
- Update. Ah, just checked the mailing list, and it looks like we probably don't need new keys; just remove the tools-login.wmflabs.org line from your /path/to/ssh/known_hosts file and accept the new fingerprint when prompted, next time you try to SSH in. Hope that helps, jmorgan (talk) 17:10, 23 March 2015 (UTC)
- thank you very much jmorgan. the denied access was temporary. --Wahrani (talk) 21:01, 23 March 2015 (UTC)
- Update. Ah, just checked the mailing list, and it looks like we probably don't need new keys; just remove the tools-login.wmflabs.org line from your /path/to/ssh/known_hosts file and accept the new fingerprint when prompted, next time you try to SSH in. Hope that helps, jmorgan (talk) 17:10, 23 March 2015 (UTC)
Bad SSH2 cipher spec
ssh bastion1.eqiad.wmflabs ~/.ssh/config line 20: Bad SSH2 cipher spec 'chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr'. ssh -V OpenSSH_6.2p2, OpenSSL 1.0.1k 8 Jan 2015
Any suggestion about that? (usually I wouldn't try to login to bastion directly but I just wanted to try the update config) -- Rillke (talk) 10:08, 13 June 2015 (UTC)
- That sounds like you have a cipher spec in your ssh config that is unsupported. Google suggests it's caused by the 'aes128-gcm@openssh.com' one: . I'd just remove the entire cipher spec, and let the client and server work it out among themselves. valhallasw (Merlijn van Deen) (talk) 11:29, 13 June 2015 (UTC)