1. Dom
  2. Pytanie i odpowiedź
  3. Nie można połączyć się z instancją AWS EC2

Nie można połączyć się z instancją AWS EC2

2016-04-29 20 views
7

Próbuję użyć Ansible, aby połączyć się z instancją AWS EC2 z kompilacji kodu. Zostało to doskonale pracuje w innym regionie AWS (eu-west-1), ale teraz chcę konfiguracji serwerów w nas-wschód-1 i dostaję następujący błąd:Nie można połączyć się z instancją AWS EC2

<ec2-52-11-9-45.compute-1.amazonaws.com> ESTABLISH SSH CONNECTION FOR USER: ec2-user 
<ec2-52-11-9-45.compute-1.amazonaws.com> SSH: EXEC ssh -C -vvv -o ControlMaster=auto -o ControlPersist=60s -o StrictHostKeyChecking=no -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o User=ec2-user -o ConnectTimeout=10 -o ControlPath=/home/rof/.ansible/cp/ansible-ssh-%h-%p-%r -tt ec2-52-11-9-45.compute-1.amazonaws.com '(umask 22 && mkdir -p "$(echo $HOME/.ansible/tmp/ansible-tmp-1461915330.37-230126286487108)" && echo "$(echo $HOME/.ansible/tmp/ansible-tmp-1461915330.37-230126286487108)")' 
fatal: [ec2-52-11-9-45.compute-1.amazonaws.com]: UNREACHABLE! => {"changed": false, "msg": "ERROR! SSH encountered an unknown error. The output was:\nOpenSSH_6.6.1, OpenSSL 1.0.1f 6 Jan 2014 

debug1: Reading configuration data /home/rof/.ssh/config 
debug1: Reading configuration data /etc/ssh/ssh_config 
debug1: /etc/ssh/ssh_config line 19: Applying options for * 
debug1: auto-mux: Trying existing master 
debug1: Control socket \"/home/rof/.ansible/cp/ansible-ssh-ec2-52-11-9-45.compute-1.amazonaws.com-22-ec2-user\" does not exist 
debug2: ssh_connect: needpriv 0 
debug1: Connecting to ec2-52-11-9-45.compute-1.amazonaws.com [52.1.39.45] port 22. 
debug2: fd 3 setting O_NONBLOCK 
debug1: fd 3 clearing O_NONBLOCK 
debug1: Connection established. 
debug3: timeout: 10000 ms remain after connect 
debug3: Incorrect RSA1 identifier 
debug3: Could not load \"/home/rof/.ssh/id_rsa\" as a RSA1 public key 
debug1: identity file /home/rof/.ssh/id_rsa type -1 
debug1: identity file /home/rof/.ssh/id_rsa-cert type -1 
debug1: identity file /home/rof/.ssh/id_dsa type -1 
debug1: identity file /home/rof/.ssh/id_dsa-cert type -1 
debug1: identity file /home/rof/.ssh/id_ecdsa type -1 
debug1: identity file /home/rof/.ssh/id_ecdsa-cert type -1 
debug1: identity file /home/rof/.ssh/id_ed25519 type -1 
debug1: identity file /home/rof/.ssh/id_ed25519-cert type -1 
debug1: Enabling compatibility mode for protocol 2.0 
debug1: Local version string SSH-2.0-OpenSSH_6.6.1p1 Ubuntu-2ubuntu2.6 
debug1: Remote protocol version 2.0, remote software version OpenSSH_6.6.1 
debug1: match: OpenSSH_6.6.1 pat OpenSSH_6.6.1* compat 0x04000000 
debug2: fd 3 setting O_NONBLOCK 
debug3: load_hostkeys: loading entries for host \"ec2-52-11-9-45.compute-1.amazonaws.com\" from file \"/dev/null\" 
debug3: load_hostkeys: loaded 0 keys 
debug1: SSH2_MSG_KEXINIT sent 
debug1: SSH2_MSG_KEXINIT received 
debug2: kex_parse_kexinit: [email protected],ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1 
debug2: kex_parse_kexinit: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519,ssh-rsa,ssh-dss 
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,[email protected],[email protected],[email protected],aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,[email protected] 
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,[email protected],[email protected],[email protected],aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,[email protected] 
debug2: kex_parse_kexinit: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-md5,hmac-sha1,[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,[email protected],hmac-sha1-96,hmac-md5-96 
debug2: kex_parse_kexinit: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-md5,hmac-sha1,[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,[email protected],hmac-sha1-96,hmac-md5-96 
debug2: kex_parse_kexinit: [email protected],zlib,none 
debug2: kex_parse_kexinit: [email protected],zlib,none 
debug2: kex_parse_kexinit: 
debug2: kex_parse_kexinit: 
debug2: kex_parse_kexinit: first_kex_follows 0 
debug2: kex_parse_kexinit: reserved 0 
debug2: kex_parse_kexinit: [email protected],ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1 
debug2: kex_parse_kexinit: ssh-rsa,ecdsa-sha2-nistp256,ssh-ed25519 
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,[email protected],[email protected],[email protected],aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,[email protected] 
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,[email protected],[email protected],[email protected],aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,[email protected] 
debug2: kex_parse_kexinit: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-md5,hmac-sha1,[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,[email protected],hmac-sha1-96,hmac-md5-96 
debug2: kex_parse_kexinit: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-md5,hmac-sha1,[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,[email protected],hmac-sha1-96,hmac-md5-96 
debug2: kex_parse_kexinit: none,[email protected] 
debug2: kex_parse_kexinit: none,[email protected] 
debug2: kex_parse_kexinit: 
debug2: kex_parse_kexinit: 
debug2: kex_parse_kexinit: first_kex_follows 0 
debug2: kex_parse_kexinit: reserved 0 
debug2: mac_setup: setup [email protected] 
debug1: kex: server->client aes128-ctr [email protected] [email protected] 
debug2: mac_setup: setup [email protected] 
debug1: kex: client->server aes128-ctr [email protected] [email protected] 
debug1: sending SSH2_MSG_KEX_ECDH_INIT 
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY 
debug1: Server host key: ECDSA f6:db:c0:15:19:17:45:cc:db:6f:16:f4:6f:02:bf:79 
debug3: load_hostkeys: loading entries for host \"ec2-52-11-9-45.compute-1.amazonaws.com\" from file \"/dev/null\" 
debug3: load_hostkeys: loaded 0 keys 
debug3: load_hostkeys: loading entries for host \"52.1.39.45\" from file \"/dev/null\" 
debug3: load_hostkeys: loaded 0 keys 
Warning: Permanently added 'ec2-52-11-9-45.compute-1.amazonaws.com,52.1.39.45' (ECDSA) to the list of known hosts. 
debug1: ssh_ecdsa_verify: signature correct 
debug2: kex_derive_keys 
debug2: set_newkeys: mode 1 
debug1: SSH2_MSG_NEWKEYS sent 
debug1: expecting SSH2_MSG_NEWKEYS 
debug2: set_newkeys: mode 0 
debug1: SSH2_MSG_NEWKEYS received 
debug1: SSH2_MSG_SERVICE_REQUEST sent 
debug2: service_accept: ssh-userauth 
debug1: SSH2_MSG_SERVICE_ACCEPT received 
debug2: key: /home/rof/.ssh/id_rsa (0x7fbfa369ea30), 
debug2: key: /home/rof/.ssh/id_rsa ((nil)), 
debug2: key: /home/rof/.ssh/id_dsa ((nil)), 
debug2: key: /home/rof/.ssh/id_ecdsa ((nil)), 
debug2: key: /home/rof/.ssh/id_ed25519 ((nil)), 
debug1: Authentications that can continue: publickey 
debug3: start over, passed a different list publickey 
debug3: preferred gssapi-with-mic,gssapi-keyex,hostbased,publickey 
debug3: authmethod_lookup publickey 
debug3: remaining preferred: ,gssapi-keyex,hostbased,publickey 
debug3: authmethod_is_enabled publickey 
debug1: Next authentication method: publickey 
debug1: Offering RSA public key: /home/rof/.ssh/id_rsa 
debug3: send_pubkey_test 
debug2: we sent a publickey packet, wait for reply 
debug1: Server accepts key: pkalg ssh-rsa blen 279 
debug2: input_userauth_pk_ok: fp 6a:73:a4:d1:c5:79:9d:6b:6f:3f:7d:cd:8e:60:97:84 
debug3: sign_and_send_pubkey: RSA 6a:73:a4:d1:c5:79:9d:6b:6f:3f:7d:cd:8e:60:97:84 
debug1: Enabling compression at level 6. 
debug1: Authentication succeeded (publickey). 
Authenticated to ec2-52-11-9-45.compute-1.amazonaws.com ([52.1.39.45]:22). 
debug1: setting up multiplex master socket 
debug3: muxserver_listen: temporary control path /home/rof/.ansible/cp/ansible-ssh-ec2-52-11-9-45.compute-1.amazonaws.com-22-ec2-user.WpJOoaH4MuX8djA0 
debug2: fd 4 setting O_NONBLOCK 
debug3: fd 4 is O_NONBLOCK 
debug3: fd 4 is O_NONBLOCK 
debug1: channel 0: new [/home/rof/.ansible/cp/ansible-ssh-ec2-52-11-9-45.compute-1.amazonaws.com-22-ec2-user] 
debug3: muxserver_listen: mux listener channel 0 fd 4 
debug2: fd 3 setting TCP_NODELAY 
debug3: packet_set_tos: set IP_TOS 0x08 
debug1: control_persist_detach: backgrounding master process 
debug2: control_persist_detach: background process is 8248 
Control socket connect(/home/rof/.ansible/cp/ansible-ssh-ec2-52-11-9-45.compute-1.amazonaws.com-22-ec2-user): Connection refused 
Failed to connect to new control master 
", "unreachable": true}

mogę się połączyć za pomocą prostej komendy ssh, takiej jak ta ssh [email protected], więc jestem pewien, że klucze ssh są poprawnie skonfigurowane. Jedyną różnicą jest region i AMI, ale AMI to Amazon Linux w obu przypadkach.

Czy ktoś może mi powiedzieć o problemie lub skierować mnie we właściwym kierunku, proszę.

Źródło

2016-04-29 Mikhail Janowski

+0

Uwierzytelnienie wydaje się być poprawne (otrzymasz komunikat "Uwierzytelniono na ec2-52-11-9-45.compute-1.amazonaws.com"). Czy możesz uruchomić polecenie lokalnie na samej instancji EC2, aby debugować? Czy była szansa, że ​​zrobiłeś krok prekonfiguracyjny na eu-west-1, o którym zapomniałeś - na wschodzie-1? – Tom

+0

Tak Mogę wykonać to polecenie w instancji EC2 '(umask 22 && mkdir -p" $ (echo $ HOME/.ansible/tmp/ansible-tmp-1461915330.37-230126286487108) "&& echo" $ (echo $ HOME /. ansible/tmp/ansible-tmp-1461915330.37-230126286487108) ")" I jestem pewien, że wcześniej nie robiłem żadnych innych kroków. –

+0

Po uruchomieniu całego polecenia ssh 'ssh -C -vvv -o ControlMaster = auto -o ControlPersist = 60s -o StrictHostKeyChecking = no -o KbdInteractiveAuthentication = no -o PreferredAuthentications = gssapi-with-mic, gssapi-keyex, hostbased, publickey -o PasswordAuthentication = no -o User = ec2-user -o ConnectTimeout = 10 -o ControlPath =/home/rof/.ansible/cp/ansible-ssh-% h-% p-% r -tt ec2-52- 1-39-45.compute-1.amazonaws.com '(umask 22 && mkdir -p "$ (echo $ HOME/.ansible/tmp/ansible-tmp-1461915330.37-230126286487108)" && echo "$ (echo $ HOME /.ansible/tmp/ansible-tmp-1461915330.37-230126286487108) ")" Dostaję kolejny błąd –

Odpowiedz

1

Failed to connect to new control master

oznacza, że ​​masz problem z wykorzystaniem połączeń sterujących (podłączenie do pliku gniazda sterowania). Sprawdź uprawnienia lub usuń plik gniazda i spróbuj ponownie.

Normalnie te ustawienia w swojej ~/.ssh/config, więc albo ją wyłączyć (ControlMaster no) lub zmienić ścieżkę (np ControlPath /tmp lub sprawdzić post).

Ponieważ używasz ansibl można wyłączyć połączenia kontrolnych w swojej ansible.cfg (np /etc/ansible/ansible.cfg):

ssh_args = -o ControlMaster=no

jak na tym post. Albo spróbuj wyłączyć accelerate jeśli jest włączony (zgodnie z tym post):

accelerate: false

i spróbuj ponownie.

Źródło

2016-12-02 16:45:19 kenorb

Powiązane problemy

 Powiązane problemy