Handle missing SSH key error

[andersy005]

No description provided.

[mnlevy1981]

Is there an issue ticket for the "missing ssh key error"? Is it an easy error to reproduce?

[andersy005]

Is there an issue ticket for the "missing ssh key error"? Is it an easy error to reproduce?

I didn't open a ticket :( but this is in part one of the issues we noticed when helping Cecile. You may recall that she didn't have the SSH key pair set up. The existing try... except block was catching two exceptions only and the exception thrown when the SSH key pair is missing is different.

If you want to reproduce the error on your VM, try running the latest version of jupyter-forward on it without the SSH key pair, and let me know what you get.

[mnlevy1981]

If you want to reproduce the error on your VM, try running the latest version of jupyter-forward on it without the SSH key pair, and let me know what you get.

This is the part that confused me when we were talking to Cecile as well - if I use jupyter-forward without the SSH key pair, it prompts me for a password :)

[mnlevy1981]

Okay, the good news is that if I remove my authorized_keys file on a CGD machine, then I get the same error message Cecile was seeing from jupyter-forward:

$ jupyter-forward andre.cgd.ucar.edu
********************************************** Authentication **********************************************
[14:47:01] Authenticating user (******) from client (******) to remote host                   core.py:66
           (andre.cgd.ucar.edu)
           ❌ Failed to Authenticate your connection                                              core.py:87
           ❌ Failed to Authenticate your connection                                              core.py:87

The bad news is that this branch doesn't fix it:

$ jupyter-forward andre.cgd.ucar.edu
********************************************** Authentication **********************************************
[14:45:58] Authenticating user (******) from client (******) to remote host                   core.py:65
           (andre.cgd.ucar.edu)
[14:45:59] ❌ Failed to Authenticate your connection                                              core.py:83
           ❌ Failed to Authenticate your connection                                              core.py:83
           ❌ Failed to Authenticate your connection                                              core.py:83

[andersy005]

@mnlevy1981, can you try again with this branch? I removed the pass and just raises the exception as a debugging process. What do you get?

[mnlevy1981]

With 101edf5:

  File "/Users/mlevy/miniconda3/envs/jupyter-forward-dev/bin/jupyter-forward", line 33, in <module>
    sys.exit(load_entry_point('jupyter-forward', 'console_scripts', 'jupyter-forward')())
  File "/Users/mlevy/NO_BACKUP/codes/jupyter-forward/jupyter_forward/cli.py", line 97, in main
    typer.run(app())
  File "/Users/mlevy/miniconda3/envs/jupyter-forward-dev/lib/python3.9/site-packages/typer/main.py", line 214, in __call__
    return get_command(self)(*args, **kwargs)
  File "/Users/mlevy/miniconda3/envs/jupyter-forward-dev/lib/python3.9/site-packages/click/core.py", line 829, in __call__
    return self.main(*args, **kwargs)
  File "/Users/mlevy/miniconda3/envs/jupyter-forward-dev/lib/python3.9/site-packages/click/core.py", line 782, in main
    rv = self.invoke(ctx)
  File "/Users/mlevy/miniconda3/envs/jupyter-forward-dev/lib/python3.9/site-packages/click/core.py", line 1066, in invoke
    return ctx.invoke(self.callback, **ctx.params)
  File "/Users/mlevy/miniconda3/envs/jupyter-forward-dev/lib/python3.9/site-packages/click/core.py", line 610, in invoke
    return callback(*args, **kwargs)
  File "/Users/mlevy/miniconda3/envs/jupyter-forward-dev/lib/python3.9/site-packages/typer/main.py", line 497, in wrapper
    return callback(**use_params)  # type: ignore
  File "/Users/mlevy/NO_BACKUP/codes/jupyter-forward/jupyter_forward/cli.py", line 83, in start
    runner = RemoteRunner(
  File "<string>", line 11, in __init__
  File "/Users/mlevy/NO_BACKUP/codes/jupyter-forward/jupyter_forward/core.py", line 72, in __post_init__
    raise exc
  File "/Users/mlevy/NO_BACKUP/codes/jupyter-forward/jupyter_forward/core.py", line 70, in __post_init__
    self.session.open()
  File "/Users/mlevy/miniconda3/envs/jupyter-forward-dev/lib/python3.9/site-packages/fabric/connection.py", line 636, in open
    self.client.connect(**kwargs)
  File "/Users/mlevy/miniconda3/envs/jupyter-forward-dev/lib/python3.9/site-packages/paramiko/client.py", line 435, in connect
    self._auth(
  File "/Users/mlevy/miniconda3/envs/jupyter-forward-dev/lib/python3.9/site-packages/paramiko/client.py", line 764, in _auth
    raise saved_exception
  File "/Users/mlevy/miniconda3/envs/jupyter-forward-dev/lib/python3.9/site-packages/paramiko/client.py", line 740, in _auth
    self._transport.auth_publickey(username, key)
  File "/Users/mlevy/miniconda3/envs/jupyter-forward-dev/lib/python3.9/site-packages/paramiko/transport.py", line 1580, in auth_publickey
    return self.auth_handler.wait_for_response(my_event)
  File "/Users/mlevy/miniconda3/envs/jupyter-forward-dev/lib/python3.9/site-packages/paramiko/auth_handler.py", line 250, in wait_for_response
    raise e
paramiko.ssh_exception.AuthenticationException: Authentication failed.

If I go back to pass for the first try / except block, then the exception I get is

Traceback (most recent call last):
  File "/Users/mlevy/miniconda3/envs/jupyter-forward-dev/bin/jupyter-forward", line 33, in <module>
    sys.exit(load_entry_point('jupyter-forward', 'console_scripts', 'jupyter-forward')())
  File "/Users/mlevy/NO_BACKUP/codes/jupyter-forward/jupyter_forward/cli.py", line 97, in main
    typer.run(app())
  File "/Users/mlevy/miniconda3/envs/jupyter-forward-dev/lib/python3.9/site-packages/typer/main.py", line 214, in __call__
    return get_command(self)(*args, **kwargs)
  File "/Users/mlevy/miniconda3/envs/jupyter-forward-dev/lib/python3.9/site-packages/click/core.py", line 829, in __call__
    return self.main(*args, **kwargs)
  File "/Users/mlevy/miniconda3/envs/jupyter-forward-dev/lib/python3.9/site-packages/click/core.py", line 782, in main
    rv = self.invoke(ctx)
  File "/Users/mlevy/miniconda3/envs/jupyter-forward-dev/lib/python3.9/site-packages/click/core.py", line 1066, in invoke
    return ctx.invoke(self.callback, **ctx.params)
  File "/Users/mlevy/miniconda3/envs/jupyter-forward-dev/lib/python3.9/site-packages/click/core.py", line 610, in invoke
    return callback(*args, **kwargs)
  File "/Users/mlevy/miniconda3/envs/jupyter-forward-dev/lib/python3.9/site-packages/typer/main.py", line 497, in wrapper
    return callback(**use_params)  # type: ignore
  File "/Users/mlevy/NO_BACKUP/codes/jupyter-forward/jupyter_forward/cli.py", line 83, in start
    runner = RemoteRunner(
  File "<string>", line 11, in __init__
  File "/Users/mlevy/NO_BACKUP/codes/jupyter-forward/jupyter_forward/core.py", line 83, in __post_init__
    raise exc
  File "/Users/mlevy/NO_BACKUP/codes/jupyter-forward/jupyter_forward/core.py", line 79, in __post_init__
    loc_transport.auth_interactive_dumb(self.session.user, _authentication_handler)
  File "/Users/mlevy/miniconda3/envs/jupyter-forward-dev/lib/python3.9/site-packages/paramiko/transport.py", line 1656, in auth_interactive_dumb
    return self.auth_interactive(username, handler, submethods)
  File "/Users/mlevy/miniconda3/envs/jupyter-forward-dev/lib/python3.9/site-packages/paramiko/transport.py", line 1633, in auth_interactive
    return self.auth_handler.wait_for_response(my_event)
  File "/Users/mlevy/miniconda3/envs/jupyter-forward-dev/lib/python3.9/site-packages/paramiko/auth_handler.py", line 250, in wait_for_response
    raise e
paramiko.ssh_exception.BadAuthenticationType: Bad authentication type; allowed types: ['publickey', 'gssapi-keyex', 'gssapi-with-mic', 'password']

So I think the problem is in the loc_transport.auth_interactive_dumb(self.session.user, _authentication_handler) line. Maybe the CGD machines need auth_interactive instead of auth_interactive_dumb() for some reason?

[mnlevy1981]

14b3391 is sufficient for me to use jupyter-forward to connect to andre even without sshkeys set up, and it still works on CISL machines, my local VMs, etc. I reverted most of the changes that were already on this branch to keep the overall difference with main as small as possible.

I'll admit that I don't really understand why it works, so I'm not confident that it is the best way to fix the problem. (I also don't really understand why the error occurs in the first place.) I've opened a ticket with the CGD help desk, hoping to figure out if the ssh server is configured differently on andre than, say, casper... knowing what is causing the problem would probably help us figure out if this is the proper fix. But, lacking that information, at least we have something that works :)

@andersy005 I'll leave this in its current state for you to look at on Monday unless the feedback I get from CGD helps identify a better solution.

[andersy005]

Thank you for your help with this, @mnlevy1981! I am going to keep this open until you receive a response from CGD folks.

[mnlevy1981]

Thank you for your help with this, @mnlevy1981! I am going to keep this open until you receive a response from CGD folks.

I did hear back from CGD (I think the emails were from @jrya7 though I'm pretty bad at connecting email addresses and github ids). I cut out a paragraph and a parenthetical aside from his reply, but the key bits are:

I think the paramiko's auth_interactive_dumb() function fails for the CGD
machines where DUO is not required as I think this function is more for 2FA authentication:
https://www.kite.com/python/docs/paramiko.Transport.auth_interactive_dumb

I'd say for now that the best path would be to accept the PR and keep an eye
out for people who report authentication issues, making sure to gather the
machine they are trying to use and what login methods that machine uses.

So I think we're good to merge this in.

[andersy005]

Thank you!