aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorOpenShift Merge Robot <openshift-merge-robot@users.noreply.github.com>2021-06-06 20:59:41 +0200
committerGitHub <noreply@github.com>2021-06-06 20:59:41 +0200
commit31e2b3501afc2596248b3204e5579804c4781a5d (patch)
tree3596ed8b395b3c43052544e64c7dd437daa39b0b
parent1e006a58ccf62d9def0778af550c35f5acf504ae (diff)
parentb928278e63999bac8fd4d64d3810305d44b818de (diff)
downloadpodman-31e2b3501afc2596248b3204e5579804c4781a5d.tar.gz
podman-31e2b3501afc2596248b3204e5579804c4781a5d.tar.bz2
podman-31e2b3501afc2596248b3204e5579804c4781a5d.zip
Merge pull request #10500 from gigatexal/expand-podman-remote-docs-add-key-help
[CI:DOCS] extend docs to include help for when pub/priv key is signing issue
-rw-r--r--docs/tutorials/remote_client.md4
-rw-r--r--troubleshooting.md29
2 files changed, 33 insertions, 0 deletions
diff --git a/docs/tutorials/remote_client.md b/docs/tutorials/remote_client.md
index e39d804a6..889947397 100644
--- a/docs/tutorials/remote_client.md
+++ b/docs/tutorials/remote_client.md
@@ -108,5 +108,9 @@ podman-remote system connection --help
You can use the Podman remote clients to manage your containers running on a Linux server. The communication between client and server relies heavily on SSH connections and the use of SSH keys are encouraged. Once you have Podman installed on your remote client, you should set up a connection using `podman-remote system connection add` which will then be used by subsequent Podman commands.
+# Troubleshooting
+
+See the [Troubleshooting](../../troubleshooting.md) document if you run into issues.
+
## History
Adapted from the [Mac and Windows tutorial](https://github.com/containers/podman/blob/master/docs/tutorials/mac_win_client.md)
diff --git a/troubleshooting.md b/troubleshooting.md
index e320f20e7..ab9fffeb3 100644
--- a/troubleshooting.md
+++ b/troubleshooting.md
@@ -697,3 +697,32 @@ limits.
This can happen when running a container from an image for another architecture than the one you are running on.
For example, if a remote repository only has, and thus send you, a `linux/arm64` _OS/ARCH_ but you run on `linux/amd64` (as happened in https://github.com/openMF/community-app/issues/3323 due to https://github.com/timbru31/docker-ruby-node/issues/564).
+
+### 27) `Error: failed to create sshClient: Connection to bastion host (ssh://user@host:22/run/user/.../podman/podman.sock) failed.: ssh: handshake failed: ssh: unable to authenticate, attempted methods [none publickey], no supported methods remain`
+
+In some situations where the client is not on the same machine as where the podman daemon is running the client key could be using a cipher not supported by the host. This indicates an issue with one's SSH config. Until remedied using podman over ssh
+with a pre-shared key will be impossible.
+
+#### Symptom
+
+The accepted ciphers per `/etc/crypto-policies/back-ends/openssh.config` are not one that was used to create the public/private key pair that was transferred over to the host for ssh authentication.
+
+You can confirm this is the case by attempting to connect to the host via `podman-remote info` from the client and simultaneously on the host running `journalctl -f` and watching for the error `userauth_pubkey: key type ssh-rsa not in PubkeyAcceptedAlgorithms [preauth]`.
+
+#### Solution
+
+Create a new key using a supported algorithm e.g. ecdsa:
+
+`ssh-keygen -t ecdsa -f ~/.ssh/podman`
+
+Then copy the new id over:
+
+`ssh-copy-id -i ~/.ssh/podman.pub user@host`
+
+And then re-add the connection (removing the old one if necessary):
+
+`podman-remote system connection add myuser --identity ~/.ssh/podman ssh://user@host/run/user/1000/podman/podman.sock`
+
+And now this should work:
+
+`podman-remote info`