Canonical Juju

Units with multiple IPs and SSH on a non-standard port fails reachability check

Bug #1970289 reported by James Simpson on 2022-04-26

This bug affects 2 people

Affects		Status	Importance	Assigned to	Milestone
	Canonical Juju	Triaged	Medium	Jack Shaw

Bug Description

I've come across an issue with the "Juju SSH" experience for units with multiple IP addresses, when SSH is run on a non-standard port.

I have a host who's unit name is ppa/1, and machine number is 17. It has sshd listening on its IPv4 address (10.131.66.124), port 922.

With the following example, this is the contents of ~/.ssh/config:
>Host 10.131.66.124
> User ubuntu
> Port 922

I can access the unit with "juju ssh <ipv4>":

>myuser@myhost:~$ juju ssh 10.131.66.124
>Welcome to Ubuntu 16.04.7 LTS (GNU/Linux 4.4.0-223-generic x86_64)

However, if I try to "juju ssh" to the unit name or machine number:

>myuser@myhost:~$ juju ssh ppa/1
>ERROR cannot connect to any address: [10.131.66.124:22 252.124.0.1:22 [2620:2d:4000:1001::111]:22 10.131.66.124:22]

>myuser@myhost:~$ juju ssh 17
>ERROR cannot connect to any address: [10.131.66.124:22 252.124.0.1:22 [2620:2d:4000:1001::111]:22 10.131.66.124:22]

>myuser@myhost:~$ juju ssh 17 -v
>ERROR cannot connect to any address: [10.131.66.124:22 252.124.0.1:22 [2620:2d:4000:1001::111]:22 10.131.66.124:22]

When running with "juju --debug", this is what I get: https://pastebin.ubuntu.com/p/yRPZbYGv2J/
This looks to originate from https://github.com/juju/juju/blob/2.9/network/ssh/reachable.go#L159

We have a workaround for this (juju ssh <ipv4 address>), but being able to "juju ssh <unit-name>" would make for a much better user experience. Is there any way we can customise hostPorts for ReachableChecker?

Tags:

Revision history for this message

Juan M. Tirado (tiradojm) wrote on 2022-04-26:

Would the --port argument enough in your case?

Revision history for this message

John A Meinel (jameinel) wrote on 2022-04-26: Re: [Bug 1970289] Re: Units with multiple IPs and SSH on a non-standard port fails reachability check

I believe the goal was to be able to set something that would stick in a
given model, since all the machines are already deployed that way, and
James didn't want other people coming to that system to have to remember
--port and/or what port.

I'm also not sure that '-p' actually works for what Juju is doing. Because
we do pass '--port' to openssh, but I don't think we use --port for juju
itself to target the reachability check. (eg, if you have 3 addresses,
which one should be used for ssh, depends on where your client is, what
routes you have. so we would need a way to update *our* logic to also be
able to target an alternative port)

On Tue, Apr 26, 2022 at 5:10 AM Juan M. Tirado <email address hidden>
wrote:

> Would the --port argument enough in your case?
>
> --
> You received this bug notification because you are subscribed to juju.
> Matching subscriptions: juju bugs
> https://bugs.launchpad.net/bugs/1970289
>
> Title:
> Units with multiple IPs and SSH on a non-standard port fails
> reachability check
>
> To manage notifications about this bug go to:
> https://bugs.launchpad.net/juju/+bug/1970289/+subscriptions
>
>

Vitaly Antonenko (anvial) on 2023-03-09

tags:

added: ssh

Vitaly Antonenko (anvial) on 2023-03-09

Changed in juju:
status:	New → Triaged
importance:	Undecided → Medium
assignee:	nobody → Jack Shaw (jack-shaw)

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.