From 9dd1af4ab5e5623c7497140f08ca6be64e16039a Mon Sep 17 00:00:00 2001 From: Mohsen Sadeghzade <53330046+techieforfun@users.noreply.github.com> Date: Mon, 17 Jul 2023 18:23:19 +0330 Subject: [PATCH] docs: add description to username to prevent public key permission denied error Update docs/bastion.md Co-authored-by: John Gardiner Myers Update docs/bastion.md Co-authored-by: John Gardiner Myers --- docs/bastion.md | 31 ++++--------------------------- 1 file changed, 4 insertions(+), 27 deletions(-) diff --git a/docs/bastion.md b/docs/bastion.md index d0318f65ac..11ffadbe4e 100644 --- a/docs/bastion.md +++ b/docs/bastion.md @@ -113,30 +113,6 @@ On AWS, an easy way to find this DNS name is with kops toolbox: kops toolbox dump -ojson | grep 'bastion.*elb.amazonaws.com' ``` -### Using SSH agent to access your bastion - -Verify your local agent is configured correctly - -``` -$ ssh-add -L -ssh-rsa /Users/kris/.ssh/id_rsa -``` - -If that command returns no results, add the key to `ssh-agent` - -``` -ssh-add ~/.ssh/id_rsa -``` - -Check if the key is now added using `ssh-add -L` - -SSH into the bastion, then into a master - -``` -ssh -A admin@ -ssh admin@ -``` - ### Changing your ELB idle timeout The bastion is accessed via an AWS ELB. The ELB is required to gain secure access into the private network and connect the user to the ASG that the bastion lives in. kOps will by default set the bastion ELB idle timeout to 5 minutes. This is important for SSH connections to the bastion that you plan to keep open. @@ -162,10 +138,11 @@ ssh-add -l # If you need to add the key to your agent: ssh-add path/to/private/key -# Now you can SSH into the bastion -ssh -A admin@ +# Now you can SSH into the bastion. Substitute the administrative username of the instance's OS for (`ubuntu` for Ubuntu, `admin` for Debian, etc.) and the bastion domain for . If the bastion doesn't have a public CNAME alias, use the domain of the assigned load balancer as the bastion domain. +ssh -A @ -# Where is usually bastion.$clustername (bastion.example.kubernetes.cluster) unless otherwise specified +# then you can use the fowarded authentication to SSH into control-plane or worker nodes in the cluster. +ssh @ ```