algo icon indicating copy to clipboard operation
algo copied to clipboard

Published 20 hours ago verified publisher icon trailofbits

Unable to ssh into Algo created Linode

Open ralphel opened this issue 3 years ago • 3 comments

My linode created by algo doesn't respond to SSH. ssh [email protected] times out, ssh -F configs/xx.xx.xx.xxx/ssh_config vpn reponds with no such file or directory, and any other combination or variation on SSH either fails or starts a debugging instance and fails when it attempts to bind to a port.

Anyone have any wisdom?

ralphel avatar Mar 30 '22 13:03 ralphel

Make sure you're in the directory where you ran ./algo when you run

ssh -F configs/<server_ip>/ssh_config <hostname>

davidemyers avatar Mar 30 '22 15:03 davidemyers

Ive figured it out and its actually a bug that I am going to proceed to report. The node that algo creates causes an issue from the upstream GRUB2 configuration that causes Linux to read disks asynchronously. I was able to fix it by switching to the latest kernel instead of the faulty GRUB2 one.

ralphel avatar Mar 30 '22 17:03 ralphel

I just deployed to Linode and was able to SSH in to the instance with no problem using the command Algo printed as part of the final "Congratulations!" message.

TASK [debug] ***********************************************************************************************************
ok: [45.33.93.73] => {
    "msg": [
        [
            "\"#                          Congratulations!                            #\"",
            "\"#                     Your Algo server is running.                     #\"",
            "\"#    Config files and certificates are in the ./configs/ directory.    #\"",
            "\"#              Go to https://whoer.net/ after connecting               #\"",
            "\"#        and ensure that all your traffic passes through the VPN.      #\"",
            "\"#                     Local DNS resolver 172.29.194.158, fd00::d:c29e                   #\"",
            ""
        ],
        "    \"#        The p12 and SSH keys password for new users is quyOGJdZT       #\"\n",
        "    \"#        The CA key password is 2ha_fz_8wz1Dwa_F       #\"\n",
        "    \"#      Shell access: ssh -F configs/45.33.93.73/ssh_config vpn5        #\"\n"
    ]
}

PLAY RECAP *************************************************************************************************************
45.33.93.73                : ok=106  changed=67   unreachable=0    failed=0    skipped=37   rescued=0    ignored=0
localhost                  : ok=32   changed=10   unreachable=0    failed=0    skipped=16   rescued=0    ignored=0

dem@kif:~/github/clones/algo(master)$ ssh -F configs/45.33.93.73/ssh_config vpn5
The authenticity of host '[45.33.93.73]:4160 ([45.33.93.73]:4160)' can't be established.
ECDSA key fingerprint is SHA256:oygFUUjno484PNo5Jq+7b+p9SBmOA57ajsvNbxnnJTU.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added '[45.33.93.73]:4160' (ECDSA) to the list of known hosts.
Last login: Wed Mar 30 17:45:53 2022 from 172.58.156.80
algo@localhost:~$ uname -a
Linux localhost 5.4.0-107-generic #121-Ubuntu SMP Thu Mar 24 16:04:27 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux

davidemyers avatar Mar 30 '22 17:03 davidemyers