CoreOS / Docker “$ fleetctl satus my.service” - ssh: handshake failed

January 5, 2015 2.7k views

Digging in to CoreOS clusters with Docker and have come upon a SSH issue while trying to learn how to work with fleet. Deploying, running services etc goes well. SSH auth problem occure when executing status on fleetctl.

$ fleetctl status hello.service
The authenticity of host 'x.x.x.x.200' can't be established.
RSA key fingerprint is xx:xx:xx:0d:b3:6b:d6:74:a5:59:03:4f:xx:xx:xx:xx.
Are you sure you want to continue connecting (yes/no)? yes

Warning: Permanently added 'x.x.x.200' (RSA) to the list of known hosts.
Error running remote command: ssh: handshake failed: ssh: unable to authenticate, 
attempted methods [publickey none], no supported methods remain

Understand that this is not a specific problem for fleet, but that am missing a correct ssh key change for my cluster.

Is there any smooth way to set this up or any article that describes the process to get ssh key change to work within my server cluster?

Did look for information but nothing felt really solid and i guess this is something that i want to get 100% correct in my CoreOS cluster setup.

1 comment
  • Finally solved this with the correct cloud-config sshauthorizedkeys settings and login with the correct authentication forwarding.

    1: in cloud-config placed my public key (~/.ssh/id_rsa.pub) :

    ...
    hostname: blablabla
    ssh_authorized_keys:
        - "ssh-rsa AAAAB3NzaC1yc2E... aldwinin@myos"
      - name: "core"
        passwd: "$1$Q3...4w/"
        groups:
          - "sudo"
          - "docker"
        ssh_authorized_keys:
          - "ssh-rsa AAAAB3NzaC1yc2E... aldwinin@myos"
    ...
    

    2: add sshkey

    $ ssh-add ~/.ssh/id_rsa
    $ ssh-add -l     # check if key is available now
    $ ssh -A  core@10.0.0.1   #coreos ip
    
1 Answer

For me this solution worked:

That usually means that you didn't correctly forward your user agent info when connecting to your CoreOS host.

On your home computer, start your agent by typing:

eval $(ssh-agent)

Then, add your private key to the agent by typing:

ssh-add

When you connect to your CoreOS host, pass the -A flag to forward your user agent info so that you can connect to the other cluster members from the one you are logged into:

ssh -A core@host

The commands should function correctly afterwards.

The fleet daemon and the fleetctl utility program are essential for managing your CoreOS cluster. A cluster-wide interface to individual systemd instances, this system allows you to manage services throughout your clustered environment. In this guide, we'll get familiar with these components.
  • Thanks it helped me.

    Though i think the problem for me was not with

    eval $(ssh-agent)
    

    Seems like -A flag was not forwarded correctly when connecting using osx remote connection UI, connecting directly from terminal window made it work.

Have another answer? Share your knowledge.