[StarCluster] creating a new AMI for starcluster -- can't log in

Marc Resnick mresnick at MIT.EDU
Sat Oct 30 08:31:13 EDT 2010 

In my experience (mostly with a 10.04 alestic cluster), once you
remove the command prefix from the authorized keys file, you should be
able to SSH as root. However, if the instance restarts and
(set_disable_root == True), the commands prefix will be put back in.

So, unless 10.10 is completely and totally different, try SSHing as
root after you fix the authorized_keys file. If that doesn't work,
something is wrong (or 10.10 is completely and totally different).

I'll see if I can replicate the behavior you're seeing.

Marc

On Fri, Oct 29, 2010 at 8:07 PM, Dan Tenenbaum <dtenenba at fhcrc.org> wrote:
> OK, I spoke too soon.
> This didn't work either.
> After I made this change, I was able to ssh to the machine as root, but
> after I made an AMI out of that instance, I could not ssh either as root or
> as ubuntu.
> Could this have something to do with the preparation that starcluster does
> prior to creating an image?
> Next I'll try just creating a starcluster image without altering anything
> and see if I can ssh in as ubuntu.
> If that doesn't work, I'll try creating an image without using starcluster
> at all (instead running ec2-bundle-vol and ec2-upload-bundle on the
> instance).
> Thanks
> Dan
>
>
> On Fri, Oct 29, 2010 at 4:55 PM, Dan Tenenbaum <dtenenba at fhcrc.org> wrote:
>>
>> I found the answer, hidden here:
>> http://alestic.com/2009/04/ubuntu-ec2-sudo-ssh-rsync
>> ROOT SSH
>> Finally, if you wish to circumvent the Ubuntu security standard and revert
>> to the old practice of allowing ssh and rsync as root, this command will
>> open it up for a new instance of the official Ubuntu images:
>> ssh -i KEYPAIR.pem ubuntu at HOSTNAME   'sudo cp
>> /home/ubuntu/.ssh/authorized_keys /root/.ssh/'
>> This is not recommended, but it may be a way to get existing EC2
>> automation code to continue working until you can upgrade to the sudo
>> practices described above.
>> I didn't have to do any of the steps described on the cookbook page.
>> I'll find out later I guess if they are still necessary.
>> Thanks
>> Dan
>>
>> On Fri, Oct 29, 2010 at 4:45 PM, Dan Tenenbaum <dtenenba at fhcrc.org> wrote:
>>>
>>> Hi all,
>>> I am following the instructions here:
>>>
>>> http://starcluster.scripts.mit.edu/~starcluster/wiki/index.php?title=StarCluster_AMI_Cookbook_Ubuntu_10.04
>>> ...to create a new AMI for use with StarCluster.
>>> The problem is, I end up with an AMI that I cannot ssh into.
>>> I am using Ubuntu 10.10 instead of 10.04.
>>> I need some clarification on these steps:
>>>
>>> Configure Root Login
>>> The alestic AMI's have been configured to disable root logins. Follow the
>>> commands below to undo this behavior:
>>>
>>> edit /etc/cloud/cloud.cfg and set disable_root: 0
>>> edit /root/.ssh/authorized_keys and remove prefix commands from pubkey
>>> entry
>>> edit /usr/bin/cloud-init, go to line 67 and change 'once-per-instance' to
>>> 'always', save and exit
>>>
>>> Step 1 is easy. Step 3 I'm not sure about since that file looks different
>>> in Ubuntu 10.10 and the string "once-per-instance" occurs three times in the
>>> file. Should I change all occurrences of it?
>>> Step 2 is the one that I think is messing me up.
>>> Before modification, /root/.ssh/authorized_keys looked like this:
>>> command="echo 'Please login as the ubuntu user rather than root
>>> user.';echo;sleep 10" ssh-rsa AAAAB3..... my-keypair
>>> (actual public key omitted)
>>> I edited it to look like this:
>>> ssh-rsa AAAAB3..... my-keypair
>>> This is how a typical authorized_keys line looks, in my (limited)
>>> experience. I've never seen one with a command in it before.
>>> But I'm wondering if it is still being interpreted as a command. Could it
>>> be because of something I did in step 2 or 3?
>>> Hope someone can help. It's no fun having instances I can't log into. ;(
>>> Dan
>>>
>>>
>>>
>>> _______________________________________________
>>> StarCluster mailing list
>>> StarCluster at mit.edu
>>> http://mailman.mit.edu/mailman/listinfo/starcluster
>>>
>>
>>
>> _______________________________________________
>> StarCluster mailing list
>> StarCluster at mit.edu
>> http://mailman.mit.edu/mailman/listinfo/starcluster
>>
>
>
> _______________________________________________
> StarCluster mailing list
> StarCluster at mit.edu
> http://mailman.mit.edu/mailman/listinfo/starcluster
>
>

More information about the StarCluster mailing list