Ticket #779 (closed maintenance: fixed)
Annesley locked out of puffin?
Reported by: | chris | Owned by: | chris |
---|---|---|---|
Priority: | major | Milestone: | Maintenance |
Component: | Live server | Keywords: | |
Cc: | annesley | Estimated Number of Hours: | 0.0 |
Add Hours to Ticket: | 0 | Billable?: | yes |
Total Hours: | 0.75 |
Description
Looks like Annesley's IP has been blocked on wiki:PuffinServer.
Change History
comment:1 Changed 2 years ago by chris
- Add Hours to Ticket changed from 0.0 to 0.25
- Total Hours changed from 0.0 to 0.25
comment:3 Changed 2 years ago by annesley
The following:
Host puffin puffin.transitionnetwork.org Hostname puffin.transitionnetwork.org IdentityFile ~/.ssh/id_rsa_tn User annesley Host parrot parrot.transitionnetwork.org Hostname parrot.transitionnetwork.org IdentityFile ~/.ssh/id_rsa_tn User annesley
Should be changed to:
Host puffin Hostname puffin.transitionnetwork.org IdentityFile ~/.ssh/id_rsa_tn User anewholm Host parrot Hostname parrot.transitionnetwork.org IdentityFile ~/.ssh/id_rsa_tn User annesley
The you should be able to do:
sftp puffin
And:
sftp parrot
comment:4 Changed 2 years ago by chris
I don't understand why did you try connecting as "an", "ann" and "annesley" to Puffin where your username is "anewholm"?
Your username on Parrot is "annesley".
comment:5 follow-up: ↓ 6 Changed 2 years ago by annesley
i don't understand either. i never typed "an", "ann" obviously. the puffin entry in config does not get used.
but for now i need to connect to Parrot. why is that onyl periodically working?
comment:6 in reply to: ↑ 5 Changed 2 years ago by chris
- Add Hours to Ticket changed from 0.0 to 0.25
- Total Hours changed from 0.25 to 0.5
Replying to annesley:
i don't understand either. i never typed "an", "ann" obviously.
That is very strange because there were login attempts to the PuffinServer using those usernames which resulted in your IP address being blocked.
but for now i need to connect to Parrot. why is that onyl periodically working?
Because you are only periodically trying with the correct details?
You twice tried using 'anewholm' rather than 'annesley', you tried 34 time using the username "Passphrase", 41 attempts failed because of an invalid password when using keys you shouldn't even be entering a password. The last failed attempts from your IP were ones using 'Passphrase' as the username.
comment:7 Changed 2 years ago by chris
Perhaps if you use a ssh agent so you only need to type your passphrase once per session it would help?
comment:8 Changed 2 years ago by annesley
my command line sftp seems stable.
Dolphin keeps asking for authentication: the username is always 'Passphrase' and password is for decrypting the ssh key. i have no idea why it is only sending a partial username.
comment:9 Changed 2 years ago by chris
Oh crap, I edited a comment 3 above rather than posting a follow up, sorry.
Are you using the command line for sftp or a GUI?
comment:10 Changed 2 years ago by chris
what does your ~/.ssh.config have in it, can you update it to match comment 3 above and let me know if there is anything else in it.
With ssh passphrase authentication you can use a ssh agent so you only need to decrypt your ssh private key once per session (session on your local machine), are you using OSX?
comment:11 follow-up: ↓ 14 Changed 2 years ago by annesley
here is my current .ssh/config now
Host puffin puffin.transitionnetwork.org Hostname puffin.transitionnetwork.org IdentityFile ~/.ssh/id_rsa_tn User anewholm Host parrot parrot.transitionnetwork.org Hostname parrot.transitionnetwork.org IdentityFile ~/.ssh/id_rsa_tn User annesley
(User annesley changed to User anewholm now)
i think that the instability is only happening through Dolphin though. command line does seem much more stable.
comment:12 Changed 2 years ago by annesley
and I am on Ubuntu
comment:13 Changed 2 years ago by annesley
ok, so i think this is probably a problem within Dolphin at my end. potential duplicate issues here:
http://ubuntuforums.org/showthread.php?t=1406703
comment:14 in reply to: ↑ 11 ; follow-up: ↓ 16 Changed 2 years ago by chris
Replying to annesley:
here is my current .ssh/config now
Host puffin puffin.transitionnetwork.org Hostname puffin.transitionnetwork.org IdentityFile ~/.ssh/id_rsa_tn User anewholm Host parrot parrot.transitionnetwork.org Hostname parrot.transitionnetwork.org IdentityFile ~/.ssh/id_rsa_tn User annesley
The Host lines are still wrong, they should be:
Host puffin ... Host parrot
i think that the instability is only happening through Dolphin though. command line does seem much more stable.
What is Dolphin?
comment:15 Changed 2 years ago by chris
- Add Hours to Ticket changed from 0.0 to 0.25
- Total Hours changed from 0.5 to 0.75
You might be best off using fuse to mount the remote filesystems, eg:
comment:16 in reply to: ↑ 14 Changed 2 years ago by chris
Replying to chris:
The Host lines are still wrong
Actually Host can take multiple patterns, see man ssh_config, so that shouldn't be an issue.
Using fuse is probably the best though as then the remote filesystems will simply appear as local ones.
comment:17 Changed 2 years ago by annesley
ok, thanks for the help.
Dolphin is the KUbuntu (KDE Ubuntu) default file manager. it's been pretty impressive up until now. it may be an un-related issue of course. i haven't done a major release complete re-install for a while...
yep, the fuse option sounds best. i used it a while ago for another server so will try to remember how-to!
comment:18 Changed 2 years ago by ed
Thank you Chris - hope this is sorted now Annesley
comment:19 Changed 2 years ago by annesley
- Status changed from new to closed
- Resolution set to fixed
it looks like the problem is at my end, the Ubuntu Dolphin File manager with password encrypted key management. i will install a different file management client at some point and report back. thanks for help so far! :)
This is what we have in the auth.log:
Where XX.XX.XX.XX is the same IP address as Annesley has used to connect today to wiki:ParrotServer.
It looks to me that you could do with coding usernames into your ~/.ssh/config file, eg:
Then you could simple do sftp parrot and sftp puffin on the command line and you wouldn't need to remember the usernames and would have less to type.
I have unblocked the IP address following PuffinServer#Falsepositives