Help talk:Access

From Wikitech
Jump to: navigation, search
  • Please add a detailed description of how to access labs using windows oren 16:18, 31 December 2011 (UTC)

Minor tweak for login instructions

This is listed in step 1: "Go to the login page and enter your username..." but it is probably only needed to enter your username in step 2, after you click the Forgot... link. --svemir (talk) 13:01, 6 June 2012 (UTC)

Yes check.svg Done, diff jeremyb (talk) 17:58, 6 June 2012 (UTC)

Forwarding not working

While trying to do ssh nischayn22@bastion.wmflabs.org -L 8080:greensmw1:80 I am able to log into the instance, but when opening localhost:8080 It shows "No Data Recieved" and the console shows "channel 4: open failed: connect failed: Connection timed out"--nischayn22 (talk) 20:21, 16 August 2012 (UTC)

Before you can get forwarding working you need to be able to connect to that port at all. (even from the inside) Make sure something's listening there, double check your security groups (which cannot be changed for an instance after creation) / iptables / etc. Try #wikimedia-labs on freenode if you still can't figure it out.
$ ssh bastion1.pmtpa.wmflabs nc -v greensmw1 80
nc: connect to greensmw1 port 80 (tcp) failed: Connection timed out

--jeremyb (talk) 20:35, 16 August 2012 (UTC)

What should be in labs ~/.ssh

What files should and shouldn't be in your /home/$USER/.ssh directory on labs machines? If you try to update a labs instance over ssh from gerrit then I think you need your private key on the labs machine. Is that OK? -- [A concerned user] :)

You should absolutely not have a private ssh key there. If you want to access gerrit, forward your agent. Otherwise, that directory is generally ignored.--Ryan Lane (talk) 18:50, 21 August 2013 (UTC)

ControlMaster

ssh is usually rather slow for most users on Labs, I think. Should we add ControlMaster [1] [2] to the configuration suggested to the users? It can make a big difference especially for those used to local editing of remote files (optionally with the help of KIOslaves). --Nemo 10:53, 4 January 2015 (UTC)

Permission denied

now, I cann't access via ssh with an error message Permission denied (publickey,hostbased). what that's mean ? --Wahrani (talk) 20:46, 22 March 2015 (UTC)

This happened to me too, Wahrani. Are you trying to ssh into tools-login? If so I suspect that you need to generate a new pair of keys, since this change suggests that the SSH fingerprint for that server has changed. Yuvi, could you confirm or deny this? jmorgan (talk) 16:59, 23 March 2015 (UTC)
Update. Ah, just checked the mailing list, and it looks like we probably don't need new keys; just remove the tools-login.wmflabs.org line from your /path/to/ssh/known_hosts file and accept the new fingerprint when prompted, next time you try to SSH in. Hope that helps, jmorgan (talk) 17:10, 23 March 2015 (UTC)
thank you very much jmorgan. the denied access was temporary. --Wahrani (talk) 21:01, 23 March 2015 (UTC)

Bad SSH2 cipher spec

ssh bastion1.eqiad.wmflabs
~/.ssh/config line 20: Bad SSH2 cipher spec 'chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr'.

ssh -V
OpenSSH_6.2p2, OpenSSL 1.0.1k 8 Jan 2015

Any suggestion about that? (usually I wouldn't try to login to bastion directly but I just wanted to try the update config) -- Rillke (talk) 10:08, 13 June 2015 (UTC)

That sounds like you have a cipher spec in your ssh config that is unsupported. Google suggests it's caused by the 'aes128-gcm@openssh.com' one: [3]. I'd just remove the entire cipher spec, and let the client and server work it out among themselves. valhallasw (Merlijn van Deen) (talk) 11:29, 13 June 2015 (UTC)

sshfs on Mac

I have been attempting (over several months) to set up a local directory to access my faebot scripts using sshfs. The guidance in this help page of " sshfs -o defer_permissions your-instance.eqiad.wmflabs someLocalFolder " seems to miss something, many variations such as changing the server name have failed. For example sshfs -o defer_permissions faebot@faebot.eqiad.wmflabs labs eventually gives me 'remote host has disconnected'. Any examples and suggestions would be appreciated as these network configurations are an enigma to me. By the way, connection via ssh works fine. -- (talk) 17:18, 18 February 2016 (UTC)

The host faebot.eqiad.wmflabs does not exist. Are you trying to connect to your toollabs account? In that case, try faebot@tools.wmflabs.org instead. valhallasw (Merlijn van Deen) (talk) 17:38, 18 February 2016 (UTC)
Thanks (yes, I missed out '.org', but the help page does too). I have tried sshfs -o defer_permissions faebot@tools.wmflabs.org:/ labs and several variations, but I get socket is not connected and remote host has disconnected errors. "labs" is the local folder I'm attempting to connect to. -- (talk) 18:28, 18 February 2016 (UTC)
[4] suggests it can mean a whole range of issues. Maybe dmesg (or the os x equivalent of that) has some information? Alternatively, use an scp client such as 'cyberduck' or filezilla? valhallasw (Merlijn van Deen) (talk) 20:50, 18 February 2016 (UTC)
tools.wmflabs.org does not work for me, but I can get a connection for faebot to bastion.wmflabs.org both using sshfs and cyberduck using SFTP. I've tried a few variations, but I have no idea how to configure the login or the URI in a way that gets me to the faebot tools directory. -- (talk) 00:01, 19 February 2016 (UTC)
tools.wmflabs.org is the web frontend. It is not accessible by ssh for normal users. You need to log into (for example) tools-login.wmflabs.org. --Tim Landscheidt (talk) 13:47, 19 February 2016 (UTC)
That did the job! Thanks.

For anyone wanting to get SFTP working remotely for labs on a Mac, so you can drag and drop files, my settings for faebot on cyberduck are:

  1. Select SFTP protocol
  2. Server: tools-login.wmflabs.org
  3. Port: 22, should be set already as a default
  4. Username: <username, e.g. faebot>
  5. Select use public key encryption and link to the file set up for ssh to work (e.g. ~/.ssh/id_rsa), there should be no need to change other settings
  6. Once connected navigate back up to /data/projects/<tool name> to access tool files

I can use sshfs with similar settings (e.g. sshfs -o defer_permissions faebot@tools-login.wmflabs.org:/ /Volumes/labs) but I have yet to work out how to navigate up the tree to get to /data/projects/faebot once the remote home folder is connected as a virtual disk with OSXFuse. -- (talk) 14:57, 19 February 2016 (UTC)