cc_staff
32
edits
Automation in the context of multifactor authentication: Difference between revisions
Jump to navigation
Jump to search
Automation in the context of multifactor authentication (view source)
Revision as of 16:37, 6 May 2024
, 6 months ago→IPv4 vs IPv6 issue
| Line 85: | Line 85: | ||
= IPv4 vs IPv6 issue = | = IPv4 vs IPv6 issue = | ||
When connecting to the robot node the SSH client on your computer may choose to use the IPv6 addressing over the older IPv4. | When connecting to the robot node the SSH client on your computer may choose to use the '''IPv6 addressing''' over the older '''IPv4'''. | ||
This seems to be more probably in Windows environment. | This seems to be more probably in Windows environment. | ||
If this is the case you have to make sure that the IP address mask you put in the <code>restrict,from=</code> field of the key | If this is the case you have to make sure that the IP address mask you put in the <code>restrict,from=</code> field of the key | ||
matches the type your computer will be using when connecting to the node. | matches the type your computer will be using when connecting to the node. | ||
You can check your addresses using this web site: https://test-ipv6.com/ . | |||
* An IPv4 address would look like '''192.168.64.124'''. | |||
* An IPv6 address could be similar to '''2345:0425:2CA1:0:0:0567:5673:23b5'''. | |||
The possible problem is that if you put the IPv4 address mask, '''192.168.64.*''' into the CCDB SSH key, and | |||
your SSH client will be connecting the the robot node using IPv6 address, the source address will not match the mask in the key | |||
and the key will not be accepted by the robot node. | |||
=== How to identify the problem === | |||
If you are having difficulties to make the SSH connection to a robot node working. | |||
Try this test command: | |||
ssh -i ~/.ssh/automation_key -vvv username@robot.graham.alliancecan.ca "ls -l" | |||
This command tries to connect to the robot node on Graham cluster and execute the <code>ls -l</code> command | |||
using the <code>~/.ssh/automation_key</code> SSH key. | |||
Then it prints the list of files in your home directory on Graham to screen. | |||
This command will produce a lot of debug output due to the <code>-vvv</code> option (be Very Very Verbose). | |||
Look for the '''Connecting to...''' message there. | |||
If it says something like this: | |||
debug1: Connecting to robot.graham.alliancecan.ca [199.241.166.5] port 22. | |||
it means the IPv4 is being used. | |||
If the message is similar to | |||
debug1: Connecting to robot.graham.alliancecan.ca [2620:123:7002:4::5] port 22. | |||
then IPv6 is being used to make the connection. | |||
=== Possible solutions === | |||
* You can make the SSH client to '''explicitly use either IPv4 or IPv6''' using the <code>-4</code> and <code>-6</code> options, respectively, to match the format you used for the key in CCDB. | |||
* You can try using an '''IP address instead of the name''' to point to the robot node. Using Graham example, try using the | |||
: <code>ssh -i ~/.ssh/automation_key -vvv username@199.241.166.5 "ls -l"</code> | |||
: instead, to force SSH to use the IPv4 addresses. | |||
* You can try to '''disable the IPv6 addressing''' for your system, to make sure that only IPv4 is used. | |||
: Currently, there should not be any negative impact on your system. | |||
: How to disable IPv6 will depend on your system and the operating system. | |||
* If | |||
= Automation using Python and Paramiko = | = Automation using Python and Paramiko = | ||