Accessing Linux build worker via Secure Shell not working with macos build.

servoz's Avatar

servoz

29 Sep, 2021 10:42 AM

Hello,
it works very well with a linux build.

$ ssh [email blocked] -p 22147
The authenticity of host '[67.225.164.41]:22147 ([67.225.164.41]:22147)' can't be established.
ECDSA key fingerprint is SHA256:F1NuGMyA1XmIPXuky6isPYrIHlCt5wFNpaCDly2imUU.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added '[67.225.164.41]:22147' (ECDSA) to the list of known hosts.
Appveyor Worker
OS Ubuntu 20.04 LTS (GNU/Linux 5.8.0-1040-azure x86_64)

For a macos build:

$ ssh [email blocked] -p 22112
ssh: connect to host 199.38.81.89 port 22112: Connection timed out

I do exactly the same configuration in the appveyor.yml file for linux and macos ...
I can't understand what is wrong!
Any idea to fix it would be really welcome.

  1. 1 Posted by servoz on 29 Sep, 2021 11:11 AM

    servoz's Avatar

    Ok I think I found the problem!

    As often, with macos things are a bit more complicated...

    With linux the SSH key generation can be just done with only ssh-keygen -t rsa.

    With macos we have to apply scrupulously the command given in the appveyor documentation!!!!

    So for macos I did ssh-keygen -t rsa -b 2048 -N "" -C appveyor -f /my_home/.ssh/ssh-key.key and it works now!

    I close this question.

  2. servoz closed this discussion on 29 Sep, 2021 11:12 AM.

  3. servoz re-opened this discussion on 29 Sep, 2021 01:04 PM

  4. 2 Posted by servoz on 29 Sep, 2021 01:09 PM

    servoz's Avatar

    Well, no, my previous answer is not the right one. I have the same problem again after lunch.

    So with a linux build, it seems to work every time.
    With a macos build it only worked once. I don't know why or how !!!!

    Maybe we shouldn't stop for lunch :-)?

  5. 3 Posted by servoz on 29 Sep, 2021 01:58 PM

    servoz's Avatar

    in macos build:

    ssh -vvv [email blocked] -p 22100
    OpenSSH_8.3p1, OpenSSL 1.1.1k  FIPS 25 Mar 2021
    debug1: Reading configuration data /etc/ssh/ssh_config
    debug3: /etc/ssh/ssh_config line 54: Including file /etc/ssh/ssh_config.d/50-redhat.conf depth 0
    debug1: Reading configuration data /etc/ssh/ssh_config.d/50-redhat.conf
    debug2: checking match for 'final all' host 162.221.92.98 originally 162.221.92.98
    debug3: /etc/ssh/ssh_config.d/50-redhat.conf line 3: not matched 'final'
    debug2: match not found
    debug3: /etc/ssh/ssh_config.d/50-redhat.conf line 5: Including file /etc/crypto-policies/back-ends/openssh.config depth 1 (parse only)
    debug1: Reading configuration data /etc/crypto-policies/back-ends/openssh.config
    debug3: gss kex names ok: [gss-curve25519-sha256-,gss-nistp256-sha256-,gss-group14-sha256-,gss-group16-sha512-,gss-gex-sha1-,gss-group14-sha1-,gss-group1-sha1-]
    debug3: kex names ok: [curve25519-sha256,[email blocked],ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1]
    debug1: configuration requests final Match pass
    debug2: resolve_canonicalize: hostname 162.221.92.98 is address
    debug1: re-parsing configuration
    debug1: Reading configuration data /etc/ssh/ssh_config
    debug3: /etc/ssh/ssh_config line 54: Including file /etc/ssh/ssh_config.d/50-redhat.conf depth 0
    debug1: Reading configuration data /etc/ssh/ssh_config.d/50-redhat.conf
    debug2: checking match for 'final all' host 162.221.92.98 originally 162.221.92.98
    debug3: /etc/ssh/ssh_config.d/50-redhat.conf line 3: matched 'final'
    debug2: match found
    debug3: /etc/ssh/ssh_config.d/50-redhat.conf line 5: Including file /etc/crypto-policies/back-ends/openssh.config depth 1
    debug1: Reading configuration data /etc/crypto-policies/back-ends/openssh.config
    debug3: gss kex names ok: [gss-curve25519-sha256-,gss-nistp256-sha256-,gss-group14-sha256-,gss-group16-sha512-,gss-gex-sha1-,gss-group14-sha1-,gss-group1-sha1-]
    debug3: kex names ok: [curve25519-sha256,[email blocked],ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1]
    debug2: ssh_connect_direct
    debug1: Connecting to 162.221.92.98 [162.221.92.98] port 22100.
    debug1: connect to address 162.221.92.98 port 22100: Connection timed out
    ssh: connect to host 162.221.92.98 port 22100: Connection timed out
    
  6. Support Staff 4 Posted by Feodor Fitsner on 29 Sep, 2021 02:19 PM

    Feodor Fitsner's Avatar

    Thanks for reporting, we are looking into that.

  7. 5 Posted by servoz on 29 Sep, 2021 02:22 PM

    servoz's Avatar

    oh it's seems to work again since few minutes ....
    I investigate also in my side ...

  8. 6 Posted by servoz on 29 Sep, 2021 02:46 PM

    servoz's Avatar

    I don't know if you have done anything on your end, but on my end it seems to be working perfectly now (I pushed a few commits and I was able to connect via ssh on the build).

    It doesn't seem to be coming from my side.

    Again, thanks for your support!

    Can I close the ticket?

  9. 7 Posted by servoz on 30 Sep, 2021 03:05 PM

    servoz's Avatar

    Today, I can't access by SSH either the linux build or the macos build...
    This problem is really erratic and I can't figure out where the issue comes from.
    It's very annoying.

  10. Support Staff 8 Posted by Feodor Fitsner on 30 Sep, 2021 03:09 PM

    Feodor Fitsner's Avatar

    That's weird as yesterday we fixed NATs on macOS machines, so it shouldn't be a problem on at least macOS. Can you drop a link to a linux build where you were unable to SSH?

  11. 9 Posted by servoz on 30 Sep, 2021 03:13 PM

    servoz's Avatar

    This is for macos build, I'll send for linux build

    Build started
    git clone -q --branch=AllUTinAppVeyor https://github.com/populse/populse_db.git /Users/appveyor/projects/populse-db-6gndf
    git checkout -qf 14b183df840c53bc360aa163d6e852745bda763f
    Running "install" scripts
    if [[ $(uname -s) == Linux ]]; then echo "     ** linux build **"; fi
    if [[ $(uname -s) == Darwin ]]; then echo "     ** macos build **"; fi
         ** macos build **
    curl -sflL 'https://raw.githubusercontent.com/appveyor/ci/master/scripts/enable-ssh.sh' | bash -e -
    Connect to 199.38.85.75 port 22017 with appveyor user:
        ssh [email blocked] -p 22017
    RSA key fingerprint:
        SHA256:U0UcVfWd+fZVBgCbIQuGurO6i3NK6WmajiOa1yH626M
        MD5:b8:c9:69:e9:ea:18:62:35:4f:99:55:51:df:7c:86:90
    Server host key fingerprint:
        SHA256:b7Q9hN2pEJGEvu/BlO2GUD/EV+H/xlmDqx7oCUosGbg
    Build paused. To resume it, open a SSH session to run 'rm "/Users/appveyor/build.lock"' command.
    
    % ssh -vvv [email blocked] -p 22017
    OpenSSH_8.3p1, OpenSSL 1.1.1k  FIPS 25 Mar 2021
    debug1: Reading configuration data /etc/ssh/ssh_config
    debug3: /etc/ssh/ssh_config line 54: Including file /etc/ssh/ssh_config.d/50-redhat.conf depth 0
    debug1: Reading configuration data /etc/ssh/ssh_config.d/50-redhat.conf
    debug2: checking match for 'final all' host 199.38.85.75 originally 199.38.85.75
    debug3: /etc/ssh/ssh_config.d/50-redhat.conf line 3: not matched 'final'
    debug2: match not found
    debug3: /etc/ssh/ssh_config.d/50-redhat.conf line 5: Including file /etc/crypto-policies/back-ends/openssh.config depth 1 (parse only)
    debug1: Reading configuration data /etc/crypto-policies/back-ends/openssh.config
    debug3: gss kex names ok: [gss-curve25519-sha256-,gss-nistp256-sha256-,gss-group14-sha256-,gss-group16-sha512-,gss-gex-sha1-,gss-group14-sha1-,gss-group1-sha1-]
    debug3: kex names ok: [curve25519-sha256,[email blocked],ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1]
    debug1: configuration requests final Match pass
    debug2: resolve_canonicalize: hostname 199.38.85.75 is address
    debug1: re-parsing configuration
    debug1: Reading configuration data /etc/ssh/ssh_config
    debug3: /etc/ssh/ssh_config line 54: Including file /etc/ssh/ssh_config.d/50-redhat.conf depth 0
    debug1: Reading configuration data /etc/ssh/ssh_config.d/50-redhat.conf
    debug2: checking match for 'final all' host 199.38.85.75 originally 199.38.85.75
    debug3: /etc/ssh/ssh_config.d/50-redhat.conf line 3: matched 'final'
    debug2: match found
    debug3: /etc/ssh/ssh_config.d/50-redhat.conf line 5: Including file /etc/crypto-policies/back-ends/openssh.config depth 1
    debug1: Reading configuration data /etc/crypto-policies/back-ends/openssh.config
    debug3: gss kex names ok: [gss-curve25519-sha256-,gss-nistp256-sha256-,gss-group14-sha256-,gss-group16-sha512-,gss-gex-sha1-,gss-group14-sha1-,gss-group1-sha1-]
    debug3: kex names ok: [curve25519-sha256,[email blocked],ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1]
    debug2: ssh_connect_direct
    debug1: Connecting to 199.38.85.75 [199.38.85.75] port 22017.
    
  12. Support Staff 10 Posted by Feodor Fitsner on 30 Sep, 2021 03:17 PM

    Feodor Fitsner's Avatar

    And the link to a build please?

  13. 11 Posted by servoz on 30 Sep, 2021 03:18 PM

    servoz's Avatar
  14. Support Staff 12 Posted by Feodor Fitsner on 30 Sep, 2021 03:25 PM

    Feodor Fitsner's Avatar

    I see that VM is accessible through that port via SSH, so NAT is OK, but, obviously, it fails to connect because of wrong SSH key. Could be a problem with a key on your side or some SSH settings?

  15. 13 Posted by servoz on 30 Sep, 2021 03:28 PM

    servoz's Avatar

    OK I'll check it out right now!

  16. 14 Posted by servoz on 30 Sep, 2021 04:06 PM

    servoz's Avatar

    I started the key generation several times, I was careful to copy the SSH key and it still doesn't work ... I really don't understand ... I continue to investigate !

  17. 15 Posted by servoz on 30 Sep, 2021 04:57 PM

    servoz's Avatar

    I have really checked everything on my side and I don't see what could prevent ...

    The last possibility is that my university filters out ... I've written to the IT service to find out, I don't know when they'll get back to me...

    I'm going to go home and test (at least I'll be sure there are no filters).

    I stay in touch !

  18. Support Staff 16 Posted by Feodor Fitsner on 30 Sep, 2021 05:18 PM

    Feodor Fitsner's Avatar

    It's highly possible there is something "in between". With SSH access to build VM the essential part is making a tunnel to VM's port 22 through NAT. That works. The rest could be anything. You can even use your own script to deploy a key to the VM, configure firewall (e.g. allow your IP only), etc.
    Let me know how it worked from home.

  19. 17 Posted by servoz on 30 Sep, 2021 06:41 PM

    servoz's Avatar

    I'm really sorry for the inconvenience I caused!!!

    From home it works perfectly well for linux and macos builds.

    I think that the university filters ... I have opened a ticket with the IT department.

    In the meantime I'm going to work at home tomorrow!

    Thanks a lot for your very reactive support. Good evening

  20. Support Staff 18 Posted by Feodor Fitsner on 30 Sep, 2021 06:51 PM

    Feodor Fitsner's Avatar

    No worries!

  21. 19 Posted by servoz on 01 Oct, 2021 10:37 AM

    servoz's Avatar

    Hello,
    The IT department is asking me, to make an opening access, on which addresses and ports SSH access are done

    I guess it is not always 67.225.164.41 and port 22229 (example of my last connection).

    Can you give me the address(es) and port(s) to open at the university level (for a linux and macos builds, I think they are not the same addresses in both cases!).

    Again, thanks for your support!

  22. Support Staff 20 Posted by Feodor Fitsner on 01 Oct, 2021 07:35 PM

    Feodor Fitsner's Avatar

    You can see all IP addresses here (including macOS ones): https://www.appveyor.com/docs/build-environment/#ip-addresses

    The range for the ports 22002-22254.

  23. 21 Posted by servoz on 02 Oct, 2021 01:40 PM

    servoz's Avatar

    Thank you for the information which I will communicate to the IT department.
    Have a nice weekend

        Le vendredi 1 octobre 2021 à 21:35:25 UTC+2, Feodor Fitsner <[email blocked]> a écrit :
     
       
    |

  24. servoz closed this discussion on 21 Jun, 2023 02:09 PM.

Comments are currently closed for this discussion. You can start a new one.

Keyboard shortcuts

Generic

? Show this help
ESC Blurs the current field

Comment Form

r Focus the comment reply box
^ + ↩ Submit the comment

You can use Command ⌘ instead of Control ^ on Mac

 

26 Sep, 2024 03:49 PM
26 Sep, 2024 09:02 AM
25 Sep, 2024 07:07 PM
24 Sep, 2024 08:39 PM
24 Sep, 2024 06:47 AM
20 Sep, 2024 05:50 PM