Opened 6 weeks ago

Closed 3 weeks ago

#3284 closed help (fixed)

ssh-add not working (could not open connection to ssh agent)

Reported by: ecmaters Owned by: ros
Component: SSH Keywords: ssh-add
Cc: Platform: PUMA
UM Version:

Description

Hello,
I am a new user and am trying to work through the NCAS Unified Model Introduction: Practical sessions (Rose/cylc) training document from 2019. Under the section 1.7 Set up an ssh connection from PUMA to ARCHER iii. Start up ssh-agent, I keep ending up with the error message 'Could not open a connection to your authentication agent.' I have tried to follow the instructions in section 11.2 Restarting your ssh agent, but the suggestion of deleting the environment.puma file is not applicable since there is no such file in my .ssh. I have tried logging out and back in to puma but the problem persists.
Kind regards,
Elena

Change History (7)

comment:1 Changed 6 weeks ago by ros

  • Owner changed from um_support to ros
  • Status changed from new to accepted

Hi Elena,

It doesn't look like you have run the install-ssh-keys script properly in step 1.7(i). It has not copied the ssh-setup script into your ~/.ssh directory.

It also looks like you have a stray ssh-agent process running. Please kill this before re-running the install-ssh-keys script.

kill -9 14254

Regards,
Ros.

comment:2 Changed 6 weeks ago by ecmaters

Hi Ros,

Thank you for the advice, I have tried to start over and follow again steps 1.3 to 1.8, but I am still encountering errors. At step 1.3(ii), no new window pops up for Rosie and instead it says 'Error: Unable to access subversion with given password. Run "mosrs-cache-password" to try caching your password again.' - which I do but then the same error message repeats. If I ignore this for now and move on, I cannot do steps 1.4-1.6 because I am unable to login to archer, it says 'Permission denied (public key)'. Then again at step 1.7(i), I get 'Permission denied (publickey). ERROR: ssh-copy-id failed'. I'm sorry, this is all so confusing to me, and I'm not sure what's going wrong even when I'm trying to follow the instructions line by line.

Best,

Elena

comment:3 Changed 6 weeks ago by ros

Hi Elena,

Up until a few minutes ago MOSRS password caching wouldn't work due to an issue with certificate setup at the Met Office end. This has literally just been fixed. Please try running the mosrs-cache-password again it should work now.

Hold off on the install-ssh-keys script for a bit. I've just realised your are the first person to run that since ARCHER changed it's security policy and it won't work now.

I'll get back to you with manual instructions in a bit.

Cheers,
Ros.

comment:4 Changed 6 weeks ago by ecmaters

Hi Ros,

Thanks very much, I've tried again with the MOSRS password caching and yes that works now.

I'll hold off on the install-ssh-keys step for now.

Best,

Elena

comment:5 Changed 6 weeks ago by ros

Hi Elena,

Sorry. We're in the midst of adjusting UM workflow to work with the new ARCHER security so some of the training setup information is now out of date and it didn't register with me earlier. :-(

At the moment we have a temporary workaround solution until the permanent one is in place.

In your PUMA .ssh/config file, delete references to login.archer.ac.uk. If you don't have one create it and then add:

Host login.archer.ac.uk
User <your ARCHER username>
IdentityFile ~/.ssh/<your private key to ARCHER>
ControlMaster auto
ControlPath /tmp/ssh-socket-%r@%h-%p
ControlPersist yes

Your <your private key to ARCHER> is the partner key to what you've uploaded to the ARCHER website.
Probably called something like id_rsa_archer. If you generated your ARCHER key on your local system you will need to copy it over to PUMA.

Login to ARCHER from PUMA (with passphrase and password): ssh login.archer.ac.uk

Any UM suites you run - you will need to make sure they are submitting direct to login.archer.ac.uk node. I think that is indeed already true of all the UM training suites from memory, which I assume you will be running initially?

The connection will be terminated at some point usually overnight. Logging in to ARCHER again will re-establish the connection and any running Rose/Cylc suites will pick up automatically.

Hopefully that will all work.
Regards,
Ros.

comment:6 Changed 6 weeks ago by ecmaters

Hi Ros,

After several attempts and confusion about the SSH keys, a colleague has helped me to finally log in to ARCHER from PUMA. Thanks very much for all your assistance!

Elena

comment:7 Changed 3 weeks ago by ros

  • Component changed from PUMA to SSH
  • Resolution set to fixed
  • Status changed from accepted to closed
Note: See TracTickets for help on using tickets.