Giters

cloudyr / googleComputeEngineR

An R interface to the Google Cloud Compute API, for launching virtual machines

Home Page:https://cloudyr.github.io/googleComputeEngineR/

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Gcloud connection fails with permission denied error

swamat opened this issue · comments

commented

Describe the bug
I was able to connect to my instance through ssh .But again for past 2 days its not working. Its taking long time and fails. When i tried use gcloud command its failing with permission denied(public key ) error

To Reproduce
gcloud beta compute --project projectname ssh --zone "us-west2-b" instancename

Expected behavior
I should be able to connect to ssh but it is not happening'

Screenshots
getting below error:
Unable to retrieve host keys from instance metadata. Continuing.
Permission denied (publickey).

**Session Info
Please run sessionInfo() and put results here:

Additional context
Add any other context about the problem here.
You can also try running your bug code with options(googleAuthR.verbose = 2) at the top to give more debugging output.

commented

Does gce_ssh_browser() work? You may need to use gce_ssh() to help setup the SSH keys you need - when using gcloud it will default to the ones that the R ssh should use as well, but if you put verbose=1 on you will get more info on what is going wrong. It sounds like you have not uploaded the SSH public key to the VM metadata.

commented

I am having a similar problem. Here is the code I tried to execute (this time with googleAuthR.verobe = 1):

my_project <- "merging-patent-and-dime-data"
my_zone <- "us-east4-a"
my_account_key <- "gcs-key.json"

Sys.setenv(GCE_AUTH_FILE = my_account_key,
           GCE_DEFAULT_PROJECT_ID = my_project,
           GCE_DEFAULT_ZONE = my_zone)

library(googleComputeEngineR) 
library(future)
library(fastLink)

my_docker <- gce_tag_container("rocker/r-parallel")
n_clusters <- 2

options(googleAuthR.verbose = 1)
vms <- gce_vm_cluster(template = "r-vm",
                      dynamic_image = my_docker,
                      cluster_size = n_clusters,
                      predefined_type = "n1-standard-4") # Machine type

Here is the output of sessionInfo():

R version 3.6.1 (2019-07-05)
Platform: x86_64-apple-darwin15.6.0 (64-bit)
Running under: macOS Mojave 10.14.6

Matrix products: default
BLAS:   /System/Library/Frameworks/Accelerate.framework/Versions/A/Frameworks/vecLib.framework/Versions/A/libBLAS.dylib
LAPACK: /Library/Frameworks/R.framework/Versions/3.6/Resources/lib/libRlapack.dylib

locale:
[1] en_US.UTF-8/en_US.UTF-8/en_US.UTF-8/C/en_US.UTF-8/en_US.UTF-8

attached base packages:
[1] stats     graphics  grDevices utils     datasets  methods   base     

other attached packages:
[1] fastLink_0.5.0             future_1.14.0              googleComputeEngineR_0.3.0

loaded via a namespace (and not attached):
 [1] Rcpp_1.0.2           compiler_3.6.1       pillar_1.4.2         googleAuthR_1.1.1    iterators_1.0.12    
 [6] FactoClass_1.2.7     tools_3.6.1          digest_0.6.21        jsonlite_1.6         memoise_1.1.0       
[11] gargle_0.3.1         tibble_2.1.3         gtable_0.3.0         lattice_0.20-38      pkgconfig_2.0.3     
[16] rlang_0.4.0          foreach_1.4.7        Matrix_1.2-17        rstudioapi_0.10      ggrepel_0.8.1       
[21] curl_4.1             parallel_3.6.1       stringr_1.4.0        dplyr_0.8.3          httr_1.4.1          
[26] gtools_3.8.1         fs_1.3.1             askpass_1.1          globals_0.12.4       scatterplot3d_0.3-41
[31] tidyselect_0.2.5     ade4_1.7-13          grid_3.6.1           glue_1.3.1           data.table_1.12.2   
[36] listenv_0.7.0        R6_2.4.0             plotrix_3.7-6        adagio_0.7.1         purrr_0.3.2         
[41] magrittr_1.5         ggplot2_3.2.1        scales_1.0.0         codetools_0.2-16     MASS_7.3-51.4       
[46] stringdist_0.9.5.2   assertthat_0.2.1     xtable_1.8-4         colorspace_1.4-1     KernSmooth_2.23-15  
[51] stringi_1.4.3        doParallel_1.0.15    openssl_1.4.1        lazyeval_0.2.2       munsell_0.5.0       
[56] crayon_1.3.4

And here is the last chunk of the verbose output before the error (the entire output is quite long but I can attach if needed):

2019-09-27 10:54:11> Public SSH key uploaded to instance
2019-09-27 10:54:11> # Testing cluster:
2019-09-27 10:54:11> SSH keys already set
2019-09-27 10:54:11> No trailing slash in URL, adding it.
2019-09-27 10:54:11> Token exists.
2019-09-27 10:54:11> Valid local token
2019-09-27 10:54:11> Request: https://www.googleapis.com/compute/v1/projects/merging-patent-and-dime-data/zones/us-east4-a/instances/r-cluster-1/
-> GET /compute/v1/projects/merging-patent-and-dime-data/zones/us-east4-a/instances/r-cluster-1/ HTTP/1.1
-> Host: www.googleapis.com
-> User-Agent: googleAuthR/1.1.1 (gzip)
-> Accept: application/json, text/xml, application/xml, */*
-> Accept-Encoding: gzip
-> Authorization: Bearer ya29.c.Kl-QB0KrOaSsWqSAoy6e_4Dw4jRyKtWl2y4MqXh2DYqKOqVBWMAD2-TeGOcveHlFdNhMKuY1EfuU-A0o_APei9IHF1_r6js5IZ9pbAsNaaYSayR9GkUAnYUDG0ZiR66MzA
-> 
<- HTTP/1.1 200 OK
<- Expires: Fri, 27 Sep 2019 14:54:11 GMT
<- Date: Fri, 27 Sep 2019 14:54:11 GMT
<- Cache-Control: private, max-age=0, must-revalidate, no-transform
<- ETag: "1zV3UuzbguskOnBCBlVfEcu7xFg=/S8nMsYezfPyHOwwvwKgnGtUfQnw="
<- Vary: Origin
<- Vary: X-Origin
<- Content-Type: application/json; charset=UTF-8
<- Content-Encoding: gzip
<- X-Content-Type-Options: nosniff
<- X-Frame-Options: SAMEORIGIN
<- X-XSS-Protection: 1; mode=block
<- Server: GSE
<- Alt-Svc: quic=":443"; ma=2592000; v="46,43",h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
<- Transfer-Encoding: chunked
<- 
2019-09-27 10:54:11> Current local settings: , 
            private key: ,
            public key: 
2019-09-27 10:54:11> Returning SSH keys on instance
2019-09-27 10:54:11> Username SSH key already exists
2019-09-27 10:54:11> ssh -o BatchMode=yes -o StrictHostKeyChecking=no -o UserKnownHostsFile='/var/folders/qf/1s9577xs5734l0q19y0__1sw0000gn/T//Rtmp3zSzZk/hosts'  -i  '/Users/nickshort/.ssh/google_compute_engine' nickshort@35.186.168.226 'echo r-cluster-1 ssh working'
Warning: Permanently added '35.186.168.226' (ED25519) to the list of known hosts.
nickshort@35.186.168.226: Permission denied (publickey).
2019-09-27 10:54:12> status: 255 wait: TRUE
2019-09-27 10:54:12> SSH keys already set
2019-09-27 10:54:12> No trailing slash in URL, adding it.
2019-09-27 10:54:12> Token exists.
2019-09-27 10:54:12> Valid local token
2019-09-27 10:54:12> Request: https://www.googleapis.com/compute/v1/projects/merging-patent-and-dime-data/zones/us-east4-a/instances/r-cluster-2/
-> GET /compute/v1/projects/merging-patent-and-dime-data/zones/us-east4-a/instances/r-cluster-2/ HTTP/1.1
-> Host: www.googleapis.com
-> User-Agent: googleAuthR/1.1.1 (gzip)
-> Accept: application/json, text/xml, application/xml, */*
-> Accept-Encoding: gzip
-> Authorization: Bearer ya29.c.Kl-QB0KrOaSsWqSAoy6e_4Dw4jRyKtWl2y4MqXh2DYqKOqVBWMAD2-TeGOcveHlFdNhMKuY1EfuU-A0o_APei9IHF1_r6js5IZ9pbAsNaaYSayR9GkUAnYUDG0ZiR66MzA
-> 
<- HTTP/1.1 200 OK
<- Expires: Fri, 27 Sep 2019 14:54:12 GMT
<- Date: Fri, 27 Sep 2019 14:54:12 GMT
<- Cache-Control: private, max-age=0, must-revalidate, no-transform
<- ETag: "ygrWt8Jehnar-Y2tTgcHVTlWlEc=/psJF4GqouRF867UDgikt5ltMEMk="
<- Vary: Origin
<- Vary: X-Origin
<- Content-Type: application/json; charset=UTF-8
<- Content-Encoding: gzip
<- X-Content-Type-Options: nosniff
<- X-Frame-Options: SAMEORIGIN
<- X-XSS-Protection: 1; mode=block
<- Server: GSE
<- Alt-Svc: quic=":443"; ma=2592000; v="46,43",h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
<- Transfer-Encoding: chunked
<- 
2019-09-27 10:54:12> Current local settings: , 
            private key: ,
            public key: 
2019-09-27 10:54:12> Returning SSH keys on instance
2019-09-27 10:54:12> Username SSH key already exists
2019-09-27 10:54:12> ssh -o BatchMode=yes -o StrictHostKeyChecking=no -o UserKnownHostsFile='/var/folders/qf/1s9577xs5734l0q19y0__1sw0000gn/T//Rtmp3zSzZk/hosts'  -i  '/Users/nickshort/.ssh/google_compute_engine' nickshort@35.245.216.105 'echo r-cluster-2 ssh working'
Warning: Permanently added '35.245.216.105' (ED25519) to the list of known hosts.
nickshort@35.245.216.105: Permission denied (publickey).
2019-09-27 10:54:12> status: 255 wait: TRUE
commented

Well it all seems to work as expected, until the final connect. Perhaps try to delete the metadata for the VMs themselves, and the project level SSH keys if you have them. Also is the SSH key is not saved with a password? There is also gce_ssh_setup() that is a way to reconfigure the VM you connect to, and it you fetch the VM via gce_get_vm() you can see the SSH specific metadata in the $ssh object.

commented

Perhaps the SSH settings are not set? 2019-09-27 10:54:12> Current local settings: , private key: , public key: shows blank when it should hold values. In which case gce_ssh_setup() works on the VM object.

commented

I noticed that those local setting values were missing but am not sophisticated enough to know what it means. Does that message draw attention to blank values in R's local settings or on the GCE end, and do you know I how would go about changing those local settings? The SSH key is saved with a password.

commented

Please remake the SSH key without a password and try that.

commented

Hey Mark, that (remaking SSH key without a password) did the trick. Specifically, I deleted my existing keys on both ends, re-ran the code above knowing it would create the instances but remain unable to connect via SSH, and when it failed, I connected to one of the instances at the terminal using gcloud compute ssh r-cluster-1 to create and stores ssh keys with no passphrase. I then deleted the existing instances using the cloud console and re-ran the R code above and it worked. I wanted to note for the thread, though, that my current local settings are still as above, so that was not the problem. It was the passphrase on the ssh key. Thank you for your help.

commented

Ok great, I'll try to update documentation so its more obvious.