StarCluster - Mailing List Archive

Re: creating a new AMI for starcluster -- can't log in

From: Dan Tenenbaum <no email>
Date: Fri, 29 Oct 2010 17:07:49 -0700

OK, I spoke too soon.
This didn't work either.
After I made this change, I was able to ssh to the machine as root, but
after I made an AMI out of that instance, I could not ssh either as root or
as ubuntu.

Could this have something to do with the preparation that starcluster does
prior to creating an image?

Next I'll try just creating a starcluster image without altering anything
and see if I can ssh in as ubuntu.
If that doesn't work, I'll try creating an image without using starcluster
at all (instead running ec2-bundle-vol and ec2-upload-bundle on the
instance).

Thanks
Dan



On Fri, Oct 29, 2010 at 4:55 PM, Dan Tenenbaum <dtenenba_at_fhcrc.org> wrote:

> I found the answer, hidden here:
> http://alestic.com/2009/04/ubuntu-ec2-sudo-ssh-rsync
>
> ROOT SSH
>
> Finally, if you wish to circumvent the Ubuntu security standard and revert
> to the old practice of allowing ssh and rsync as root, this command will
> open it up for a new instance of the official Ubuntu images:
>
> ssh -i KEYPAIR.pem ubuntu_at_HOSTNAME 'sudo cp
> /home/ubuntu/.ssh/authorized_keys /root/.ssh/'
>
> This is not recommended, but it may be a way to get existing EC2 automation
> code to continue working until you can upgrade to the sudo practices
> described above.
>
> I didn't have to do any of the steps described on the cookbook page.
> I'll find out later I guess if they are still necessary.
>
> Thanks
> Dan
>
>
> On Fri, Oct 29, 2010 at 4:45 PM, Dan Tenenbaum <dtenenba_at_fhcrc.org> wrote:
>
>> Hi all,
>>
>> I am following the instructions here:
>>
>>
>> http://starcluster.scripts.mit.edu/~starcluster/wiki/index.php?title=StarCluster_AMI_Cookbook_Ubuntu_10.04
>>
>> ...to create a new AMI for use with StarCluster.
>>
>> The problem is, I end up with an AMI that I cannot ssh into.
>>
>> I am using Ubuntu 10.10 instead of 10.04.
>>
>> I need some clarification on these steps:
>>
>> Configure Root Login
>>
>> The alestic AMI's have been configured to disable root logins. Follow the
>> commands below to undo this behavior:
>>
>>
>> 1. edit /etc/cloud/cloud.cfg and set disable_root: 0
>> 2. edit /root/.ssh/authorized_keys and remove prefix commands from
>> pubkey entry
>> 3. edit /usr/bin/cloud-init, go to line 67 and change
>> 'once-per-instance' to 'always', save and exit
>>
>> Step 1 is easy. Step 3 I'm not sure about since that file looks different
>> in Ubuntu 10.10 and the string "once-per-instance" occurs three times in the
>> file. Should I change all occurrences of it?
>>
>> Step 2 is the one that I think is messing me up.
>>
>> Before modification, /root/.ssh/authorized_keys looked like this:
>>
>> command="echo 'Please login as the ubuntu user rather than root
>> user.';echo;sleep 10" ssh-rsa AAAAB3..... my-keypair
>>
>> (actual public key omitted)
>>
>> I edited it to look like this:
>> ssh-rsa AAAAB3..... my-keypair
>>
>> This is how a typical authorized_keys line looks, in my (limited)
>> experience. I've never seen one with a command in it before.
>> But I'm wondering if it is still being interpreted as a command. Could it
>> be because of something I did in step 2 or 3?
>>
>> Hope someone can help. It's no fun having instances I can't log into. ;(
>> Dan
>>
>>
>>
>>
>> _______________________________________________
>> StarCluster mailing list
>> StarCluster_at_mit.edu
>> http://mailman.mit.edu/mailman/listinfo/starcluster
>>
>>
>
> _______________________________________________
> StarCluster mailing list
> StarCluster_at_mit.edu
> http://mailman.mit.edu/mailman/listinfo/starcluster
>
>
Received on Fri Oct 29 2010 - 20:07:53 EDT
This archive was generated by hypermail 2.3.0.

Search:

Sort all by:

Date

Month

Thread

Author

Subject