Docker password


(dhyasama) #1

I installed Sam’s docker setup but can’t ssh to the running container. I added an ssh key but am prompted for root@0.0.0.0’s password when running ./launcher ssh app. Any suggestions?


Cached avatars not showing up after migration
(dhyasama) #2

FYI, I must have added the ssh key incorrectly the first time. I took a look at the authorized_keys file in the container by running:

docker cp cid:/root/.ssh/authorized_keys

and then viewing the file, which just contained “YOUR_SSH_KEY”. That must have been copied over from a template the first time I created the container.

Editing the configs and then bootstrapping didn’t fix it. I had to delete the container and create a new one to fix it. Like so:

./launcher stop app
sudo docker rm cid
./launcher start app

I suppose this would have worked:

./launcher destroy app
./launcher start app

Hopefully this helps anyone with a similar issue.


(Régis Hanol) #3

(Sam Saffron) #4

(Sam Saffron) #5

yeah … don’t docker rm cid, ./launcher destroy app is better.

Also, be sure to grab latest (docker and discourse-docker)


(Erwin NH) #6

I’m now having this problem, but destroy and then start isn’t fixing it. I’m still getting shell asking me for root’s password. I’ve put the root’s ssh key in the app.yml within quotations and uploaded it, destroyed the app, and started it, and still i can’t SSH in. Any ideas?

I think I’m missing one of the places that this key is supposed to go. When you use keygen, that just generates a key right? It doesn’t actually place it anywhere? If that is the case, where is the key supposed to go OTHER than in app.yml?


(dhyasama) #7

What do you see when you run this:

docker cp cid:/root/.ssh/authorized_keys

(Jonathan Allard) #8

I’ll paste a command from the bootstrap, so you’ll see one nice little bug from a post (forget where):

I, [2014-02-10T23:34:54.186158 #39]  INFO -- : > echo ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC7vIH235s0eFFt47/0i/nYHiBQJlFpP+do4mBhtUqOZGKt0clpN51q4igiSp9Bz/MOvzqFGUDa0C1UeSSdwKSpublickeypublickeyrnef10RcK+AWD88am0ltXYylOUHqGR4bFIhzxsPFcXQB+vsaAKeXq/tXQlMjBRBLlwhatever/DhCCqLvHIa4fZ2pbsi3f6uh4UPaZvjavihuWZE+PhqZBB57pRFul1+coPxbRrtsuKSX4hDosmWScvyemxBSG41vAjlQFeQkxVRKpsri3ZvjFWYS2IdA2YxJL4zcDZLg+juSezErMXym5Ms0rRF8EAogD root's unprotected key >> /root/.ssh/authorized_keys
sh: 1: Syntax error: Unterminated quoted string

(Sam Saffron) #9

hmmmm not following @joallard what is that in response to?


(Kane York) #10

The format was wrong: root's unprotected key is invalid, that part should be username@host. It was invalid data entry, basically.


(Sam Saffron) #11

I just need to amend launcher to do this automatically, too many people trip here.


(Jonathan Allard) #12

Oh oops, I had followed those while troubleshooting:

https://meta.discourse.org/t/error-while-deploying-discourse-to-digital-ocean-using-docker/12126/21?source_topic_id=11829

(And no the body is not too simliar to fix the Onebox, so let me edit my post)


(Sam Saffron) #13

@supermathie do we really need all this ssh-keygen voodoo.

Why don’t we just change it so launcher

  1. Complains real loud if you try to run ./launcher not as root
  2. If running as root and a public / private key is missing, generates one and notifies that it did
  3. If running as root, if it detects a public key in ~/.ssh/id_rsa.pub it pipes it through

Would save lots of pain


(Michael Brown) #14

This will fix the problem:

https://github.com/discourse/discourse_docker/pull/11

That’s just fine actually. It’s a comment field, you can put anything in there. launcher should have been quoting it.

Rule #1 of shell scripting: you should have quoted it.

I do that all the time (I think, pretty sure) and it works as long as you’re in the docker group. Let’s keep that.

Perhaps add a ‘preflight check’ to launcher that ensures that we have access to an agent or keyfile? Perhaps a launcher sshcheck job that checks a bunch of things that can go wrong?


(jorgtron) #15

@sam:

I think I’ve followed the Docker (Digital Ocean) instructions to the letter, and I also get asked for root’s password:

root@fidiscourse:/var/docker# ./launcher ssh app root@0.0.0.0's password:

I used the same email address when signing up and in the app.yml file, but my user was not made an admin automatically. Any ideas? :slight_smile:

Should the key I added to app.yml be in quotes? (I’ve tried both)


(Kane York) #16

That definitely means that you did the ssh_key wrong. You’ll need to fix it in app.yml, then ./launcher stop app && ./launcher destroy app && ./launcher bootstrap app && ./launcher stop app.

This is what it should look like:

params:
  # ssh key so you can log in, a tip, try using the key for root in ~root/.ssh or generate one
  # using ssh-keygen. This should be a string containing the key contents. For more information
  # see Troubleshooting in README
  ssh_key: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQD95xPne20V0ppDV5vA3zbo5P5zqYfDuglZZosl1V2k/G218LXtoY8QMcVgPz9uZrgejLpL1+BDuf0mq0iGyuoT/1jdkGyCDMLeX5TlPKtPlY1p9EWxgLnoLx3BA9q8QnmZ2HD5EiaXNxVJfhDqRji3jmZEc+cIm2BWctH9d1+wPLrTWpbLN8fLCvtPZsFgcpfhalHD+RNhU8MXB0jQOcR0COfXGYom9LAWHTsk7gCKV0rHTFImk/u8ecZDKp2upAsL6DzSFpTPdXjQbtMsym2fPcwY8vEn9U0E+JkvnB8WutA8Ew2/zEBNhtEXTSPeBkqo43xpMVKxmlfEvPoIpEWp root@discuss.flynumber.com" 
  # git revision to run
  version: HEAD

(jorgtron) #17

Thanks @riking! You gave me the missing pieces of the puzzle :slight_smile: I was missing the “ssh-rsa” at the start of the key and had to run “./launcher bootstrap app” (which I don’t think has been mentioned in other threads about this problem).

Thanks again!


#18

I have the same problem and the suggested fix didn’t solve it.
I noticed that for me there is no ~/.ssh/authorized_key file
and the root file: /root/.ssh/authorized_keys is empty

Any advice?


(Sam Saffron) #19

Don’t use ssh simply use launcher enter


(Pavel Francirek) #21

Add your ssh public key to copy of authorized_keys file and copy it to container:

docker cp authorized_keys cid:/root/.ssh/authorized_keys

Then you can login via

ssh -p 2222 root@hostIp

docker ps must show port redirection 0.0.0.0:2222 → 22/tcp