Help:SSH troubleshooting

From Wikitech
Jump to navigation Jump to search
  1. If you're on a network that restricts SSH out (i.e. you are getting connection errors instead of authentication ones), find out if there's an internal server you can hop to first and then SSH out. You'll likely want to either set it as a jump host or forward agent (**NEVER** do this unless you fully trust the admins of your hop server not to impersonate you) to the hop server. You should avoid putting your SSH private key anywhere other than your local machine.
  2. Check what your remote username should be. It might be different to the username that you use to log into wikitech! If you can log into wikitech then you can find your shell username by going to preferences and looking at 'Instance shell account name'. Check what username you are actually trying to log in as - if it's not specified on your SSH command (or PuTTY session) and it's not coming from your SSH config (if you have one), it's likely defaulting to the username on your local machine, which may not be the correct username.
  3. Check what SSH keys are on your account. If you're not specifying your key using -i on the command line (or directly in PuTTY), is it in your agent? Check ssh-add -L (or Pageant, for PuTTY users).
    1. For Cloud VPS and Toolforge, you can see the SSH keys on your account at Special:Preferences#mw-prefsection-openstack (other users can find them by running ldapsearch -xLLL uid=<your username> sshPublicKey from inside labs).
    2. For Wikimedia production servers, you can see them at puppet.git modules/admin/data/data.yaml
  4. Check that your SSH keys are in the right format. Wikimedia should have the OpenSSH-formatted public key, it should not begin 'BEGIN SSH2 PUBLIC KEY' etc. If you're using the OpenSSH command line (ssh on linux hosts) your local private key file should be in OpenSSH format, not SSH2/SSH.com.