OK, I spoke too soon.<div>This didn't work either.</div><div>After I made this change, I was able to ssh to the machine as root, but after I made an AMI out of that instance, I could not ssh either as root or as ubuntu.</div>
<div><br></div><div>Could this have something to do with the preparation that starcluster does prior to creating an image?</div><div><br></div><div>Next I'll try just creating a starcluster image without altering anything and see if I can ssh in as ubuntu.</div>
<div>If that doesn't work, I'll try creating an image without using starcluster at all (instead running ec2-bundle-vol and ec2-upload-bundle on the instance).</div><div><br></div><div>Thanks</div><div>Dan</div><div>
<br></div><div><br><br><div class="gmail_quote">On Fri, Oct 29, 2010 at 4:55 PM, Dan Tenenbaum <span dir="ltr"><<a href="mailto:dtenenba@fhcrc.org">dtenenba@fhcrc.org</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">
<div class="im">I found the answer, hidden here:<div><a href="http://alestic.com/2009/04/ubuntu-ec2-sudo-ssh-rsync" target="_blank">http://alestic.com/2009/04/ubuntu-ec2-sudo-ssh-rsync</a></div><div><br></div></div><div><div class="im">
<div><font face="'times new roman', serif">ROOT SSH</font></div>
<div><font face="'times new roman', serif"><br></font></div><div><font face="'times new roman', serif">Finally, if you wish to circumvent the Ubuntu security standard and revert to the old practice of allowing ssh and rsync as root, this command will open it up for a new instance of the official Ubuntu images:</font></div>
<div><font face="'times new roman', serif"><br></font></div><div><font face="'times new roman', serif">ssh -i KEYPAIR.pem ubuntu@HOSTNAME 'sudo cp /home/ubuntu/.ssh/authorized_keys /root/.ssh/'</font></div>
<div><font face="'times new roman', serif"><br></font></div><div><font face="'times new roman', serif">This is not recommended, but it may be a way to get existing EC2 automation code to continue working until you can upgrade to the sudo practices described above.</font></div>
<div><br></div><div>I didn't have to do any of the steps described on the cookbook page.</div><div>I'll find out later I guess if they are still necessary.</div><div><br></div><div>Thanks</div><div>Dan</div><div>
<br>
</div><br></div><div class="gmail_quote"><div class="im">On Fri, Oct 29, 2010 at 4:45 PM, Dan Tenenbaum <span dir="ltr"><<a href="mailto:dtenenba@fhcrc.org" target="_blank">dtenenba@fhcrc.org</a>></span> wrote:<br>
</div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div><div></div><div class="h5">
<div><div></div><div>Hi all,<div><br></div><div>I am following the instructions here:</div><div><br></div><div><a href="http://starcluster.scripts.mit.edu/~starcluster/wiki/index.php?title=StarCluster_AMI_Cookbook_Ubuntu_10.04" target="_blank">http://starcluster.scripts.mit.edu/~starcluster/wiki/index.php?title=StarCluster_AMI_Cookbook_Ubuntu_10.04</a></div>
<div><br></div><div>...to create a new AMI for use with StarCluster.</div><div><br></div><div>The problem is, I end up with an AMI that I cannot ssh into.</div><div><br></div><div>I am using Ubuntu 10.10 instead of 10.04.</div>
<div><br></div><div>I need some clarification on these steps:<br><br></div><div><div><font face="'times new roman', serif">Configure Root Login</font></div><div><font face="'times new roman', serif"><br>
</font></div><div><font face="'times new roman', serif">The alestic AMI's have been configured to disable root logins. Follow the commands below to undo this behavior:</font></div><div>
<font face="'times new roman', serif"><br></font></div><div><ol><li><span style="font-family:'times new roman', serif">edit /etc/cloud/cloud.cfg and set disable_root: 0</span></li>
<li><span style="font-family:'times new roman', serif">edit /root/.ssh/authorized_keys and remove prefix commands from pubkey entry</span></li><li><span style="font-family:'times new roman', serif">edit /usr/bin/cloud-init, go to line 67 and change 'once-per-instance' to 'always', save and exit</span></li>
</ol></div></div><div>Step 1 is easy. Step 3 I'm not sure about since that file looks different in Ubuntu 10.10 and the string "once-per-instance" occurs three times in the file. Should I change all occurrences of it?</div>
<div><br></div><div>Step 2 is the one that I think is messing me up.</div><div><br></div><div>Before modification, /root/.ssh/authorized_keys looked like this:</div><div><br></div><div><div><div><font face="'courier new', monospace">command="echo 'Please login as the ubuntu user rather than root user.';echo;sleep 10" ssh-rsa AAAAB3..... my-keypair</font></div>
</div></div><div><br></div><div>(actual public key omitted)</div><div><br></div><div>I edited it to look like this:</div><div><font face="'courier new', monospace">ssh-rsa AAAAB3..... my-keypair</font></div>
<div><br></div><div>This is how a typical authorized_keys line looks, in my (limited) experience. I've never seen one with a command in it before.</div><div>But I'm wondering if it is still being interpreted as a command. Could it be because of something I did in step 2 or 3?</div>
<div><br></div><div>Hope someone can help. It's no fun having instances I can't log into. ;(</div><div>Dan</div><div><br></div><div><br></div><div><br></div>
</div></div><br></div></div><div class="im">_______________________________________________<br>
StarCluster mailing list<br>
<a href="mailto:StarCluster@mit.edu" target="_blank">StarCluster@mit.edu</a><br>
<a href="http://mailman.mit.edu/mailman/listinfo/starcluster" target="_blank">http://mailman.mit.edu/mailman/listinfo/starcluster</a><br>
<br></div></blockquote></div><br></div>
<br>_______________________________________________<br>
StarCluster mailing list<br>
<a href="mailto:StarCluster@mit.edu">StarCluster@mit.edu</a><br>
<a href="http://mailman.mit.edu/mailman/listinfo/starcluster" target="_blank">http://mailman.mit.edu/mailman/listinfo/starcluster</a><br>
<br></blockquote></div><br></div>