diff options
| author | alex narayan <alexandar.narayan@deliveryhero.com> | 2021-05-29 22:27:19 +0200 |
|---|---|---|
| committer | alex narayan <alexandar.narayan@deliveryhero.com> | 2021-06-03 18:40:31 +0200 |
| commit | b928278e63999bac8fd4d64d3810305d44b818de (patch) | |
| tree | 7175046721e3574bf7600fb221d51c7251c2ebc3 /troubleshooting.md | |
| parent | 083746112f80b4a6164c1fdcdef54da155cfb855 (diff) | |
| download | podman-b928278e63999bac8fd4d64d3810305d44b818de.tar.gz podman-b928278e63999bac8fd4d64d3810305d44b818de.tar.bz2 podman-b928278e63999bac8fd4d64d3810305d44b818de.zip | |
extend docs to include help for when pub/priv key is signed with an unsupported algo
Signed-off-by: alex narayan <alexandar.narayan@deliveryhero.com>
Diffstat (limited to 'troubleshooting.md')
| -rw-r--r-- | troubleshooting.md | 29 |
1 files changed, 29 insertions, 0 deletions
diff --git a/troubleshooting.md b/troubleshooting.md index e320f20e7..ab9fffeb3 100644 --- a/troubleshooting.md +++ b/troubleshooting.md @@ -697,3 +697,32 @@ limits. This can happen when running a container from an image for another architecture than the one you are running on. For example, if a remote repository only has, and thus send you, a `linux/arm64` _OS/ARCH_ but you run on `linux/amd64` (as happened in https://github.com/openMF/community-app/issues/3323 due to https://github.com/timbru31/docker-ruby-node/issues/564). + +### 27) `Error: failed to create sshClient: Connection to bastion host (ssh://user@host:22/run/user/.../podman/podman.sock) failed.: ssh: handshake failed: ssh: unable to authenticate, attempted methods [none publickey], no supported methods remain` + +In some situations where the client is not on the same machine as where the podman daemon is running the client key could be using a cipher not supported by the host. This indicates an issue with one's SSH config. Until remedied using podman over ssh +with a pre-shared key will be impossible. + +#### Symptom + +The accepted ciphers per `/etc/crypto-policies/back-ends/openssh.config` are not one that was used to create the public/private key pair that was transferred over to the host for ssh authentication. + +You can confirm this is the case by attempting to connect to the host via `podman-remote info` from the client and simultaneously on the host running `journalctl -f` and watching for the error `userauth_pubkey: key type ssh-rsa not in PubkeyAcceptedAlgorithms [preauth]`. + +#### Solution + +Create a new key using a supported algorithm e.g. ecdsa: + +`ssh-keygen -t ecdsa -f ~/.ssh/podman` + +Then copy the new id over: + +`ssh-copy-id -i ~/.ssh/podman.pub user@host` + +And then re-add the connection (removing the old one if necessary): + +`podman-remote system connection add myuser --identity ~/.ssh/podman ssh://user@host/run/user/1000/podman/podman.sock` + +And now this should work: + +`podman-remote info` |