Opened 6 weeks ago

Last modified 4 weeks ago

#3451 new help

problems with ssh and MOSRS

Reported by: NoelClancy Owned by: um_support
Component: SSH Keywords: ssh, JASMIN, MOSRS
Cc: Platform:
UM Version:

Description

Hi, not sure what is wrong.

[FAIL] file:bin/make_time_coord.py=source=fcm:jules.x_br/pkg/karinawilliams/r6715_python_packages/share/make_time_coord.py@15046

(base) [nmc@cylc1 roses]$ cd u-br916
(base) [nmc@cylc1 u-br916]$ rose suite-run
[INFO] export CYLC_VERSION=7.8.1
[INFO] export ROSE_ORIG_HOST=cylc1.jasmin.ac.uk
[INFO] export ROSE_SITE=
[INFO] export ROSE_VERSION=2019.01.0
[INFO] create: log.20210121T163934Z
[INFO] delete: log
[INFO] symlink: log.20210121T163934Z ⇐ log
[INFO] log.20210121T162140Z.tar.gz ⇐ log.20210121T162140Z
[INFO] delete: log.20210121T162140Z/
[INFO] create: log/suite
[INFO] create: log/rose-conf
[INFO] symlink: rose-conf/20210121T163934-run.conf ⇐ log/rose-suite-run.conf
[INFO] symlink: rose-conf/20210121T163934-run.version ⇐ log/rose-suite-run.version
[FAIL] file:bin/make_time_coord.py=source=fcm:jules.x_br/pkg/karinawilliams/r6715_python_packages/share/make_time_coord.py@15046: bad or missing value
(base) [nmc@cylc1 u-br916]$ fcm list
Authentication realm: <https://code.metoffice.gov.uk:443> Met Office Code
Password for 'NoelClancy?':

ancil/
app/
bin/
meta/
rose-suite.conf
rose-suite.info
site/
suite.rc
(base) [nmc@cylc1 u-br916]$ fcm list
Authentication realm: <https://code.metoffice.gov.uk:443> Met Office Code
Password for 'NoelClancy?':

ancil/
app/
bin/
meta/
rose-suite.conf
rose-suite.info
site/
suite.rc
(base) [nmc@cylc1 u-br916]$ rose suite-run
[INFO] export CYLC_VERSION=7.8.1
[INFO] export ROSE_ORIG_HOST=cylc1.jasmin.ac.uk
[INFO] export ROSE_SITE=
[INFO] export ROSE_VERSION=2019.01.0
[INFO] create: log.20210121T164235Z
[INFO] delete: log
[INFO] symlink: log.20210121T164235Z ⇐ log
[INFO] log.20210121T163934Z.tar.gz ⇐ log.20210121T163934Z
[INFO] delete: log.20210121T163934Z/
[INFO] create: log/suite
[INFO] create: log/rose-conf
[INFO] symlink: rose-conf/20210121T164235-run.conf ⇐ log/rose-suite-run.conf
[INFO] symlink: rose-conf/20210121T164235-run.version ⇐ log/rose-suite-run.version
[FAIL] file:bin/make_time_coord.py=source=fcm:jules.x_br/pkg/karinawilliams/r6715_python_packages/share/make_time_coord.py@15046: bad or missing value
(base) [nmc@cylc1 u-br916]$

Change History (24)

comment:1 Changed 6 weeks ago by NoelClancy

  • Component changed from UM Model to JULES
  • Owner changed from um_support to jules_support

comment:2 Changed 5 weeks ago by ros

Hi Noel,

For a suite to run you need to make sure you have cached your MOSRS password first. I believe you had setup gpg-agent caching previously? Are you prompted for your MOSRS password when you log in to the cylc VM? If not can you check that you have updated your ~/.bashrc file with the name changes for the JASMIN VMs. It's now cylc1.jasmin.ac.uk not jasmin-cylc.ceda.ac.uk.

Regards,
Ros.

comment:3 Changed 5 weeks ago by NoelClancy

HI,

I believe you had setup gpg-agent caching previously? I don't believe I did, if it was setup, it must have been done by someone else

Are you prompted for your MOSRS password when you log in to the cylc VM? No, the only time I'm asked for my MOSRS password is directly after I type the command "rosie go"

If not can you check that you have updated your ~/.bashrc file with the name changes for the JASMIN VMs.

(base) [nmc@cylc1 ~]$ cd ~/.bashrc
-bash: cd: /home/users/nmc/.bashrc: Not a directory
(base) [nmc@cylc1 ~]$ cd / .bashrc
(base) [nmc@cylc1 /]$ ls
apps bin boot dev etc gws lib lost+found mnt ngdc panfs root sbin sparc sys usr var
badc bodc datacentre edc group_workspaces home lib64 media neodc opt proc run share srv tmp utils work
(base) [nmc@cylc1 /]$

I don't believe my environment is correctly setup. I think there may be other issues too. I don't know how to diagnose these issues if any.

comment:4 Changed 5 weeks ago by ros

Hi Noel,

I've looked in your ~/.bashrc (Note this is a file not a directory so you can't cd to it) and I can see that you have previously set up access to MOSRS. You would have done this when you first starting running Rose/Cylc suites on JASMIN.

Please edit the file ~/.bashrc and change the lines:

[[ $(hostname) = "jasmin-sci1.ceda.ac.uk" || $(hostname) = "jasmin-cylc.ceda.ac.uk"  || $(hostname) = "jasmin-sci3.ceda.ac.uk" || \
    $(hostname) = "jasmin-sci2.ceda.ac.uk" ]] && . mosrs-setup-gpg-agent

to be

[[ $(hostname) = "sci1.jasmin.ac.uk" || $(hostname) = "cylc1.jasmin.ac.uk"  || $(hostname) = "sci3.jasmin.ac.uk" || \
    $(hostname) = "sci2.jasmin.ac.uk" ]] && . mosrs-setup-gpg-agent`

Logout of the cylc VM and back in again you should be prompted to enter your MOSRS password.

Cheers,
Ros.

comment:5 Changed 5 weeks ago by pmcguire

Hi Noel:
You probably followed this tutorial https://code.metoffice.gov.uk/trac/jules/wiki/RoseJULESonJASMIN
to set up your JASMIN account to do the MOSRS and gpg-agent caching.

That tutorial was updated when JASMIN was upgraded last fall, with similar instructions as what Ros provided to you, and an email was sent to the jules-users listserv group about the update. You can also use that tutorial as a reference in the future.

If you see anything in the tutorial that needs further updating, please do let me know.
Patrick McGuire

comment:6 Changed 5 weeks ago by NoelClancy

In step 1 of the tutorial, why does Hostname, change to HostName?? Is this an error in the tutorial?

Host *
     ServerAliveInterval 30

Host jlogin1
    Hostname login1.jasmin.ac.uk
    User <jasmin_userid>
    ForwardAgent yes

Host xfer?
    Hostname %h.jasmin.ac.uk
    User <jasmin_userid>
    ForwardAgent yes

Host sci? cylc1
    HostName %h.jasmin.ac.uk

Host sci* cylc*
    User <jasmin_userid>
    ForwardAgent yes
    ProxyCommand ssh -Y jlogin1 -W %h:%p
Last edited 5 weeks ago by ros (previous) (diff)

comment:7 Changed 5 weeks ago by ros

Hi Noel,

The keywords (e.g. HostName) are case insensitive so it doesn't actually matter if it's HostName or Hostname). The usual convention is to CamelCase like HostName and ForwardAgent.

Cheers,
Ros.

comment:8 Changed 5 weeks ago by NoelClancy

ok, thanks for confirming that. There is an error in the tutorial.

(base) [nmc@cylc1 ~]$ exec ssh-agent bash
Met Office Science Repository Service password:
Subversion password cached
https://code.metoffice.gov.uk/rosie/u/hello: Hello noelclancy
Rosie password cached
(base) [nmc@cylc1 ~]$ ssh-add ~/.ssh/id_rsa_jasmin
Enter passphrase for /home/users/nmc/.ssh/id_rsa_jasmin:
Bad passphrase, try again for /home/users/nmc/.ssh/id_rsa_jasmin:

I need to re-set the phassphrase for/home/users/nmc/.ssh/id_rsa_jasmin as I cannot remember it. Do you know how to do this?

comment:9 Changed 5 weeks ago by ros

Hi Noel,

This looks to be your JASMIN login key did you not have to type that passphrase when you logged into JASMIN first thing today?

Not exactly sure what you are trying to do?
It looks like you're following the https://code.metoffice.gov.uk/trac/jules/wiki/RoseJULESonJASMIN#Configuringyourownlaptopordesktopmachine section which is for connecting to JASMIN from your local desktop/laptop but you are already on JASMIN.

Cheers,
Ros.

comment:10 Changed 5 weeks ago by NoelClancy

I can't get past step 6 in the tutorial.
I can log on to cylc1.jasmin but there is no connection between cylc1.jasmin and login1.jasmin and vice versa.
I cannot log on to login1.jasmin or sci1, sci2, etc since making the changes from steps 1-6
Not sure what's wrong.

comment:11 Changed 5 weeks ago by pmcguire

Hi Noel:
If you can't do ssh -AX login1.jasmin.ac.uk or ssh -AX jlogin1 from your home computer then your setup is wrong or your ssh key isn't working.

Are you able to do ssh -AX cylc1 from your computer? If not, then your setup is wrong, and you can't tunnel through login1 properly. Here, tunnel means that you don't have to login to login1 explicitly in order to get to cylc1.
Patrick

comment:12 Changed 5 weeks ago by NoelClancy

I agree that the setup on my home PC is wrong and ssh isn't working

Not able to ssh -AX cylc1 from your computer

comment:13 Changed 5 weeks ago by pmcguire

Hi Noel
Then if the setup on your home PC is wrong, then we should fix it.

Can you cut and paste your .ssh/config file from your home PC here?

Are you able to ssh to non-JASMIN computers?

Are you using the VPN?

If you can't ssh -AX cylc1 directly from your home PC, then you need to take a step back and make sure that you can ssh -AX login1.jasmin.ac.uk directly from your home PC.
Have you checked that you can properly login to login1 following these instructions if you can't?:
https://help.jasmin.ac.uk/article/848-login-problems
Patrick

comment:14 Changed 5 weeks ago by NoelClancy

# .ssh/config

########### 2021 config

#Host *
# ServerAliveInterval? 30
#
#Host jlogin1
# Hostname login1.jasmin.ac.uk
# User <jasmin_userid>
# ForwardAgent? yes
#
#Host xfer?
# Hostname %h.jasmin.ac.uk
# User <jasmin_userid>
# ForwardAgent? yes
#
#Host sci? cylc1
# Hostname %h.jasmin.ac.uk
#
#Host sci* cylc*
# User <jasmin_userid>
# ForwardAgent? yes
# ProxyCommand? ssh -Y jlogin1 -W %h:%p

########### 2020 config

Host xfer1

Hostname xfer1.jasmin.ac.uk
User nmc
ForwardAgent? yes

Host sci1.jasmin.ac.uk

User nmc
ForwardAgent? yes
ProxyCommand? ssh -Y xfer1 -W %h:%p

Host sci2.jasmin.ac.uk

User nmc
ForwardAgent? yes
ProxyCommand? ssh -Y xfer1 -W %h:%p

Host sci3.jasmin.ac.uk

User nmc
ForwardAgent? yes
ProxyCommand? ssh -Y xfer1 -W %h:%p

Host sci4.jasmin.ac.uk

User nmc
ForwardAgent? yes
ProxyCommand? ssh -Y xfer1 -W %h:%p

Host sci5.jasmin.ac.uk

User nmc
ForwardAgent? yes
ProxyCommand? ssh -Y xfer1 -W %h:%p

Host sci6.jasmin.ac.uk

User nmc
ForwardAgent? yes
ProxyCommand? ssh -Y xfer1 -W %h:%p

Host jasmin-cylc.ceda.ac.uk

User nmc
ForwardAgent? yes
ProxyCommand? ssh -Y xfer1 -W %h:%p

comment:15 Changed 5 weeks ago by NoelClancy

Are you able to ssh to non-JASMIN computers? I can ssh to MOONSOON from a JASMIN session
Are you using the VPN? Yes

comment:16 Changed 5 weeks ago by NoelClancy

 28/01/2021   16:20.15   /home/mobaxterm  ssh -AX nmc@…
Warning: Permanently added 'login1.jasmin.ac.uk' (RSA) to the list of known hosts.

Access to this system is monitored and restricted to
authorised users. If you do not have authorisation
to use this system, you should not proceed beyond
this point and should disconnect immediately.

Unauthorised use could lead to prosecution.

(See also - http://www.stfc.ac.uk/aup)

Permission denied (publickey,gssapi-keyex,gssapi-with-mic).


 28/01/2021   16:20.30   /home/mobaxterm 

must check through the rest of the instructions from that link

comment:17 Changed 5 weeks ago by NoelClancy

 28/01/2021   16:20.15   /home/mobaxterm  ssh -AX nmc@…
Warning: Permanently added 'login1.jasmin.ac.uk' (RSA) to the list of known hosts.

Access to this system is monitored and restricted to
authorised users. If you do not have authorisation
to use this system, you should not proceed beyond
this point and should disconnect immediately.

Unauthorised use could lead to prosecution.

(See also - http://www.stfc.ac.uk/aup)

Permission denied (publickey,gssapi-keyex,gssapi-with-mic).


 28/01/2021   16:20.30   /home/mobaxterm 

must check through the rest of the instructions from that link

comment:18 Changed 5 weeks ago by pmcguire

Hi Noel:
You made several mistakes in that file. Here is the new file that works.
But you need to get your connection to login1 working first, if you are getting a permission denied response.
Patrick

# .ssh/config

########### 2021 config

Host *
      ServerAliveInterval 30

Host jlogin1
    Hostname login1.jasmin.ac.uk
    User nmc
    ForwardAgent yes

Host xfer?
    Hostname %h.jasmin.ac.uk
    User nmc
    ForwardAgent yes

Host sci? cylc1
    Hostname %h.jasmin.ac.uk

Host sci* cylc*
    User nmc
    ForwardAgent yes
    ProxyCommand ssh -Y jlogin1 -W %h:%p



############ 2020 config

#Host xfer1
#     Hostname xfer1.jasmin.ac.uk
#     User nmc
#     ForwardAgent yes
#
#
# Host sci1.jasmin.ac.uk
#     User nmc
#     ForwardAgent yes
#     ProxyCommand ssh -Y xfer1 -W %h:%p
#
# Host sci2.jasmin.ac.uk
#     User nmc
#     ForwardAgent yes
#     ProxyCommand ssh -Y xfer1 -W %h:%p
#
# Host sci3.jasmin.ac.uk
#     User nmc
#     ForwardAgent yes
#     ProxyCommand ssh -Y xfer1 -W %h:%p
#
# Host sci4.jasmin.ac.uk
#     User nmc
#     ForwardAgent yes
#     ProxyCommand ssh -Y xfer1 -W %h:%p
#
# Host sci5.jasmin.ac.uk
#     User nmc
#     ForwardAgent yes
#     ProxyCommand ssh -Y xfer1 -W %h:%p
#
# Host sci6.jasmin.ac.uk
#     User nmc
#     ForwardAgent yes
#     ProxyCommand ssh -Y xfer1 -W %h:%p
#
# Host cylc1.jasmin.ac.uk
#     User nmc
#     ForwardAgent yes
#     ProxyCommand ssh -Y xfer1 -W %h:%p

comment:19 Changed 4 weeks ago by NoelClancy

 29/01/2021   14:21.26   /home/mobaxterm  exec ssh-agent $SHELL


 /home/mobaxterm 
 29/01/2021   14:23.07  ssh-add ~/.ssh/id_rsa_jasmin

/home/mobaxterm/.ssh/id_rsa_jasmin: No such file or directory

 29/01/2021   14:31.21   /home/mobaxterm  cd .. ✔
 29/01/2021   14:31.26   /home  cd .. ✔
 29/01/2021   14:31.28   /  cd drives/c/Users/nmc/Documents/MobaXterm/home/.ssh  ✔
 29/01/2021   14:31.51   /drives/c/Users/nmc/Documents/MobaXterm/home/.ssh  ls

config id_rsa id_rsa.pub id_rsa_jasmin2 id_rsa_jasmin2.pub known_hosts ✔

The two keys on my laptop are named id_rsa and id_rsa_jasmin2 but they are both the same as far as I can see.

However, the key on JASMIN has a different name, it is id_rsa_jasmin
I have used vim to look at the key and it is different from both id_rsa and id_rsa_jasmin2 (which are identical) on my laptop.

(base) [nmc@cylc1 .ssh]$ ls
authorized_keys config id_rsa_jasmin id_rsa_jasmin.pub id_rsa_puma id_rsa_puma.pub known_hosts

I have copied id_rsa_jasmin to the UoR

 29/01/2021   14:37.31   /home/mobaxterm  sftp ue023700@…

Warning: Permanently added 'mft.act.reading.ac.uk' (RSA) to the list of known hosts.
Connected to mft.act.reading.ac.uk.
sftp> ls
mft-scratch storage-sftp ue023700
sftp> cd ue023700
sftp> ls *jasmin*
id_rsa_jasmin.pub id_rsa_jasmin

However, I am unable to copy id_rsa_jasmin to /drives/c/Users/nmc/Documents/MobaXterm/home/.ssh

comment:20 Changed 4 weeks ago by NoelClancy

 29/01/2021   14:21.26   /home/mobaxterm  exec ssh-agent $SHELL


 /home/mobaxterm 
 29/01/2021   14:23.07  ssh-add ~/.ssh/id_rsa_jasmin

/home/mobaxterm/.ssh/id_rsa_jasmin: No such file or directory

 29/01/2021   14:31.21   /home/mobaxterm  cd .. ✔
 29/01/2021   14:31.26   /home  cd .. ✔
 29/01/2021   14:31.28   /  cd drives/c/Users/nmc/Documents/MobaXterm/home/.ssh  ✔
 29/01/2021   14:31.51   /drives/c/Users/nmc/Documents/MobaXterm/home/.ssh  ls

config id_rsa id_rsa.pub id_rsa_jasmin2 id_rsa_jasmin2.pub known_hosts ✔

The two keys on my laptop are named id_rsa and id_rsa_jasmin2 but they are both the same as far as I can see.

However, the key on JASMIN has a different name, it is id_rsa_jasmin
I have used vim to look at the key and it is different from both id_rsa and id_rsa_jasmin2 (which are identical) on my laptop.

(base) [nmc@cylc1 .ssh]$ ls
authorized_keys config id_rsa_jasmin id_rsa_jasmin.pub id_rsa_puma id_rsa_puma.pub known_hosts

I have copied id_rsa_jasmin to the UoR

 29/01/2021   14:37.31   /home/mobaxterm  sftp ue023700@…

Warning: Permanently added 'mft.act.reading.ac.uk' (RSA) to the list of known hosts.
Connected to mft.act.reading.ac.uk.
sftp> ls
mft-scratch storage-sftp ue023700
sftp> cd ue023700
sftp> ls *jasmin*
id_rsa_jasmin.pub id_rsa_jasmin

However, I am unable to copy id_rsa_jasmin to /drives/c/Users/nmc/Documents/MobaXterm/home/.ssh

comment:21 Changed 4 weeks ago by NoelClancy

I've managed to copy id_rsa_jasmin to my local machine

 29/01/2021   16:31.45   /home/mobaxterm  ls

Desktop LauncherFolder? MyDocuments? README.txt id_rsa_jasmin id_rsa_jasmin.pub

However, I cannot copy them to /drives/c/Users/nmc/Documents/MobaXterm/home/.ssh

 29/01/2021   16:35.18   /home/mobaxterm  scp id_rsa_jasmin /drives/c/Users/nmc/Documents/MobaXterm/home/.ssh

cp: can't create '/drives/c/Users/nmc/Documents/MobaXterm/home/.ssh/id_rsa_jasmin': Permission denied

The permissions won't let me copy anything to that folder


comment:22 Changed 4 weeks ago by pmcguire

  • Component changed from JULES to SSH
  • Keywords ssh, JASMIN, MOSRS added
  • Owner changed from jules_support to um_support
  • Summary changed from [FAIL] file:bin/make_time_coord.py to problems with ssh and MOSRS

Hi Noel:
I am changing the subject line of this ticket from a Python problem to an ssh problem.
I am also changing the component from JULES to ssh.

If the permissions won't let you copy anything to that folder, you should change the permissions
of the folder, if you can.

In order to do that, you can do an
ls -ltrd /drives/c/Users/nmc/Documents/MobaXterm/home/.ssh
to see what the permissions are, and then use chmod to change the permissions of the directory
to your liking, i.e.:
chmod 744 /drives/c/Users/nmc/Documents/MobaXterm/home/.ssh
and then use ls -ltrd /drives/c/Users/nmc/Documents/MobaXterm/home/.ssh to check your permissions
again.
If your permissions have not changed, then maybe there is something else wrong.

Patrick

comment:23 Changed 4 weeks ago by NoelClancy

 01/02/2021   11:47.43   /home/mobaxterm  ls -ltrd /drives/c/Users/nmc/Documents/MobaXterm/home/.ssh

drwxr-xr-x 1 Administ UsersGrp? 0 Jun 12 2020 /drives/c/Users/nmc/Documents/MobaXterm/home/.ssh


 01/02/2021   11:48.01   /home/mobaxterm 

chmod 744 /drives/c/Users/nmc/Documents/MobaXterm/home/.ssh
chmod: /drives/c/Users/nmc/Documents/MobaXterm/home/.ssh: Permission denied

I cannot change any permissions with chmod 744 on my DELL (windows) laptop. But what would be wrong? I'm not sure how to fix it.

comment:24 Changed 4 weeks ago by pmcguire

Hi Noel:
Just a suspicion: There might be a lock on the file or folder if you have tried to enter the ssh key from the GUI of MobaXterm instead of from the MobaXterm command-line
Maybe you can change the permissions for the file or folder by right clicking on the folder or something in the Microsoft Windows
Explorer window that shows all the files.

I don't have MobaXterm on my machine at home and I don't have Windows on my machine at home, and remote desktop is not working to my Windows machine at work, so it's not the easiest to help you.
Patrick

Note: See TracTickets for help on using tickets.