Reputation: 789
Unable to SSH to Devstack Instance from an external computer
I have a strange problem ever since I installed devstack with OpenStack version "Liberty". I can create instances on the machine and SSH into them without any problem. The devstack is created as a single node with the controller and the compute being on the same machine. The networking used is Nova with an floating IP range of 172.24.4.0. The problem occurs when I try to ssh to an instance from another computer. I have created a route in the router to direct all traffic from 172.24.4.0 to the IP of the machine where OpenStack is installed. I can telnet into the SSH port from this external machine:
$ telnet 172.24.4.9 22
Trying 172.24.4.9...
Connected to 172.24.4.9.
Escape character is '^]'.
However, whenever I try to SSH to an instance from the external machine, I am getting a timeout.
$ ssh -v -i ~/.ssh/xxx.key [email protected]
OpenSSH_6.9p1, LibreSSL 2.1.7
debug1: Reading configuration data /Users/username/.ssh/config
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 20: Applying options for *
debug1: Connecting to 172.24.4.9 [172.24.4.9] port 22.
debug1: Connection established.
debug1: identity file /Users/username/.ssh/xxx.key type 1
debug1: key_load_public: No such file or directory
debug1: identity file /Users/username/.ssh/xxx.key-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.9
ssh_exchange_identification: read: Operation timed out
This used to work in prior versions like Juno though I may have faced a similar issue in Kilo. Either way, this problem goes away whenever I ssh from within the machine where OpenStack is installed. This leads me to believe that there is no problem with the SSH server inside the instance.
Things I have already ensured:
- The permission of the private key file is kept at 600.
- The same key file was copied over using SCP from the local machine where it works fine.
Upvotes: 1
Views: 1082
Answers (1)
Reputation: 25390
When a client connects to an SSH server, the very first data exchange that takes place is for the client and server to send their identification strings to each other in plain text. You can normally see this with telnet:
$ telnet localhost 22
Trying ::1...
Connected to localhost.
Escape character is '^]'.
SSH-2.0-OpenSSH_6.9 <--From the server
In your case, you tried through telnet and through ssh, and in both cases the server never sent its ID string to the client:
$ telnet 172.24.4.9 22
Trying 172.24.4.9...
Connected to 172.24.4.9.
Escape character is '^]'.
debug1: Local version string SSH-2.0-OpenSSH_6.9
ssh_exchange_identification: read: Operation timed out
In other words, the server is never sending its ID string for some reason, although it's not closing the TCP connection either.
You'd have to troubleshoot this on the server to figure out why it's behaving this way. Offhand, my first guess would be that the SSH server is hanging in a DNS query while trying to resolve the client's IP address into a hostname.
Upvotes: 1
Related Questions
- Raspberry Pi SSH permission denied
- git push ssh_exchange_identification: Connection closed by remote host
- how to ssh into an openstack instance from an outside network?
- Why can I not clone repository from Github using Cygwin SSH on Windows 7?
- Openstack/Nova : No route to host when I'm trying to ssh instance
- ssh from Linux to Windows cygwin