Opened 6 weeks ago

Closed 6 weeks ago

#3270 closed help (fixed)

Trouble logging into JASMIN after resetting keys

Reported by: charlie Owned by: ros
Component: JASMIN Keywords:
Cc: Platform: JASMIN
UM Version:

Description

Hi all,

Sorry to bother you, but ever since we had to reset our JASMIN keys last week, I have been unable to login as easily as I could before. I have carefully, and I think correctly, followed the instructions (at https://help.jasmin.ac.uk/article/4834-updating-your-ssh-key ) i.e. I firstly created my new key pair on our local system (in /home/users/sws06cjw/.ssh on NX node 2), then I pasted the public part of the key into my JASMIN account and waited the required time, and lastly I loaded the new key into the authentication agent on NX. When I then try to login to JASMIN, it works fine. However, if I log out or open a new terminal or turn off my computer, I cannot log back into JASMIN automatically. I just get a "Permission denied". The only way it works is if I repeat step 3 in the above instructions each time i.e.

eval $(ssh-agent -s)
ssh-add ~/.ssh/id_rsa_jasmin

then enter my password, then login to JASMIN.

I never had to do this before, not each and every time. It really is very frustrating i.e. the necessity to do this each and every time I open a new terminal (particularly as the connection has been breaking a lot recently, meaning I am constantly having to login from multiple terminals).

I have already emailed the JASMIN support desk, but they say they can't help because this shouldn't be happening - they say that the problem must be our end, perhaps with my shell login script or config file. But I haven't changed anything here, nor have I changed the actual names of the keys. So if there was anything in either of these scripts that point to the public and private keys, this should be the same.

Has anybody else experienced this, and if so how have you resolved it?

Many thanks,

Charlie

Change History (10)

comment:1 Changed 6 weeks ago by ros

  • Owner changed from um_support to ros
  • Status changed from new to accepted

Hi Charlie,

eval $(ssh-agent -s) only runs the ssh-agent in your current login session so when you log out of the local session it dies and it can't be seen from other login sessions.

What we usually do (e.g. on PUMA) is call an ssh-setup script from your ~/.bashrc. Do you have a script called something like setup or ssh-setup in your ~/.ssh directory and called from your ~/.bashrc or equivalent -is this how you were doing it before?

Cheers,
Ros.

comment:2 Changed 6 weeks ago by charlie

Yes, I have a ssh-setup in my .ssh directory and, as this specifies, I call this within my .profile i.e.

. $HOME/.ssh/ssh-setup

but none of these have changed since resetting my keys, and none of them mention the keys directly.

comment:3 Changed 6 weeks ago by ros

Hi Charlie,

You need to kill the existing agent and logout and back in again so it initialises a new one and then load the new key in with ssh-add.

Regards,
Ros.

comment:4 Changed 6 weeks ago by charlie

Okay, thanks. How do I kill an existing agent on NX?

Charlie

comment:5 Changed 6 weeks ago by ros

Hi Charlie,

I assume you have a terminal window so just the usual:

ps -flu <username> | grep ssh-agent

Note the PID of the process and then

kill <pid>

Might need the -9 option to force the kill.

Cheers,
Ros.

comment:6 Changed 6 weeks ago by charlie

Okay, I have just done that, have logged out and logged back in again. It said Initialising new SSH agent... but then, when I try to login to Jasmin, exactly the same problem happens:

sws06cjw@nxnode2:~$ ssh -Y -A cwilliams2011@jasmin-login1.ceda.ac.uk

            Access to this system is monitored and restricted to
            authorised users.   If you do not have authorisation
            to use  this system,  you should not  proceed beyond
            this point and should disconnect immediately.

            Unauthorised use could lead to prosecution.

    (See also - http://www.stfc.ac.uk/aup)

Permission denied (publickey,gssapi-keyex,gssapi-with-mic).

I have tried this with both login1 and login2, but same problem both times.

Charlie

comment:7 Changed 6 weeks ago by ros

Hi Charlie,

Did you run ssh-add to load the key into your agent?

Also, just to check, your key was called id_rsa_jasmin the last time too? If not make sure the jasmin entries in your ~/.ssh/config file have the right ssh-key name.

Cheers,
Ros.

comment:8 Changed 6 weeks ago by ros

More specifically that should say ssh-add ~/.ssh/id_rsa_jasmin

comment:9 Changed 6 weeks ago by charlie

Okay, great, I think it now works. Once I had added the key into the agent, I was able to login fine. Moreover, unlike yesterday, if I now open a brand-new terminal and login to Jasmin again, it no longer asks me for the key password each time. So I think it's all up and running.

And yes, I did check that the key names were unchanged, and indeed they were.

Many thanks, I'll close the ticket.

Charlie

comment:10 Changed 6 weeks ago by charlie

  • Resolution set to fixed
  • Status changed from accepted to closed
Note: See TracTickets for help on using tickets.