StarCluster - Mailing List Archive

Re: creating a new AMI for starcluster -- can't log in

From: Dan Tenenbaum <no email>
Date: Fri, 29 Oct 2010 16:55:21 -0700

I found the answer, hidden here:
http://alestic.com/2009/04/ubuntu-ec2-sudo-ssh-rsync

ROOT SSH

Finally, if you wish to circumvent the Ubuntu security standard and revert
to the old practice of allowing ssh and rsync as root, this command will
open it up for a new instance of the official Ubuntu images:

ssh -i KEYPAIR.pem ubuntu_at_HOSTNAME 'sudo cp
/home/ubuntu/.ssh/authorized_keys /root/.ssh/'

This is not recommended, but it may be a way to get existing EC2 automation
code to continue working until you can upgrade to the sudo practices
described above.

I didn't have to do any of the steps described on the cookbook page.
I'll find out later I guess if they are still necessary.

Thanks
Dan


On Fri, Oct 29, 2010 at 4:45 PM, Dan Tenenbaum <dtenenba_at_fhcrc.org> wrote:

> Hi all,
>
> I am following the instructions here:
>
>
> http://starcluster.scripts.mit.edu/~starcluster/wiki/index.php?title=StarCluster_AMI_Cookbook_Ubuntu_10.04
>
> ...to create a new AMI for use with StarCluster.
>
> The problem is, I end up with an AMI that I cannot ssh into.
>
> I am using Ubuntu 10.10 instead of 10.04.
>
> I need some clarification on these steps:
>
> Configure Root Login
>
> The alestic AMI's have been configured to disable root logins. Follow the
> commands below to undo this behavior:
>
>
> 1. edit /etc/cloud/cloud.cfg and set disable_root: 0
> 2. edit /root/.ssh/authorized_keys and remove prefix commands from
> pubkey entry
> 3. edit /usr/bin/cloud-init, go to line 67 and change
> 'once-per-instance' to 'always', save and exit
>
> Step 1 is easy. Step 3 I'm not sure about since that file looks different
> in Ubuntu 10.10 and the string "once-per-instance" occurs three times in the
> file. Should I change all occurrences of it?
>
> Step 2 is the one that I think is messing me up.
>
> Before modification, /root/.ssh/authorized_keys looked like this:
>
> command="echo 'Please login as the ubuntu user rather than root
> user.';echo;sleep 10" ssh-rsa AAAAB3..... my-keypair
>
> (actual public key omitted)
>
> I edited it to look like this:
> ssh-rsa AAAAB3..... my-keypair
>
> This is how a typical authorized_keys line looks, in my (limited)
> experience. I've never seen one with a command in it before.
> But I'm wondering if it is still being interpreted as a command. Could it
> be because of something I did in step 2 or 3?
>
> Hope someone can help. It's no fun having instances I can't log into. ;(
> Dan
>
>
>
>
> _______________________________________________
> StarCluster mailing list
> StarCluster_at_mit.edu
> http://mailman.mit.edu/mailman/listinfo/starcluster
>
>
Received on Fri Oct 29 2010 - 19:55:24 EDT
This archive was generated by hypermail 2.3.0.

Search:

Sort all by:

Date

Month

Thread

Author

Subject