diff options
| author | OpenShift Merge Robot <openshift-merge-robot@users.noreply.github.com> | 2021-06-06 20:59:41 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2021-06-06 20:59:41 +0200 |
| commit | 31e2b3501afc2596248b3204e5579804c4781a5d (patch) | |
| tree | 3596ed8b395b3c43052544e64c7dd437daa39b0b /troubleshooting.md | |
| parent | 1e006a58ccf62d9def0778af550c35f5acf504ae (diff) | |
| parent | b928278e63999bac8fd4d64d3810305d44b818de (diff) | |
| download | podman-31e2b3501afc2596248b3204e5579804c4781a5d.tar.gz podman-31e2b3501afc2596248b3204e5579804c4781a5d.tar.bz2 podman-31e2b3501afc2596248b3204e5579804c4781a5d.zip | |
Merge pull request #10500 from gigatexal/expand-podman-remote-docs-add-key-help
[CI:DOCS] extend docs to include help for when pub/priv key is signing issue
Diffstat (limited to 'troubleshooting.md')
| -rw-r--r-- | troubleshooting.md | 29 |
1 files changed, 29 insertions, 0 deletions
diff --git a/troubleshooting.md b/troubleshooting.md index e320f20e7..ab9fffeb3 100644 --- a/troubleshooting.md +++ b/troubleshooting.md @@ -697,3 +697,32 @@ limits. This can happen when running a container from an image for another architecture than the one you are running on. For example, if a remote repository only has, and thus send you, a `linux/arm64` _OS/ARCH_ but you run on `linux/amd64` (as happened in https://github.com/openMF/community-app/issues/3323 due to https://github.com/timbru31/docker-ruby-node/issues/564). + +### 27) `Error: failed to create sshClient: Connection to bastion host (ssh://user@host:22/run/user/.../podman/podman.sock) failed.: ssh: handshake failed: ssh: unable to authenticate, attempted methods [none publickey], no supported methods remain` + +In some situations where the client is not on the same machine as where the podman daemon is running the client key could be using a cipher not supported by the host. This indicates an issue with one's SSH config. Until remedied using podman over ssh +with a pre-shared key will be impossible. + +#### Symptom + +The accepted ciphers per `/etc/crypto-policies/back-ends/openssh.config` are not one that was used to create the public/private key pair that was transferred over to the host for ssh authentication. + +You can confirm this is the case by attempting to connect to the host via `podman-remote info` from the client and simultaneously on the host running `journalctl -f` and watching for the error `userauth_pubkey: key type ssh-rsa not in PubkeyAcceptedAlgorithms [preauth]`. + +#### Solution + +Create a new key using a supported algorithm e.g. ecdsa: + +`ssh-keygen -t ecdsa -f ~/.ssh/podman` + +Then copy the new id over: + +`ssh-copy-id -i ~/.ssh/podman.pub user@host` + +And then re-add the connection (removing the old one if necessary): + +`podman-remote system connection add myuser --identity ~/.ssh/podman ssh://user@host/run/user/1000/podman/podman.sock` + +And now this should work: + +`podman-remote info` |