Cannot SSH to WS via Putty

[itaimalek]

I'm able to connect via the IDE terminal to my docker machine but cannot do so via Putty, I get -
Server unexpectedly closed network connection
I'm using the port suggested by the IDE when clicking on the SSH button.
also, using user/secret no SSH key right now.

[ghost]

What base image do you use? Custom environment? SSHD should be running in all Che verified stacks.

[itaimalek]

Below is my Dockerfile it is based on base image from:
https://github.com/codenvy/dockerfiles/blob/master/centos_jdk8/Dockerfile

FROM centos
EXPOSE 4403 8080 8000 22 8081 8005 
RUN yum update -y && \
    yum -y install sudo openssh-server procps wget unzip mc git curl subversion nmap && \
    mkdir /var/run/sshd && \
    sed 's@session\s*required\s*pam_loginuid.so@session optional pam_loginuid.so@g' -i /etc/pam.d/sshd && \
    echo "%wheel ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers && \
    useradd -u 1000 -G users,wheel -d /home/user --shell /bin/bash -m user -p secret && \
    sed -i 's/requiretty/!requiretty/g' /etc/sudoers

USER user

LABEL che:server:8080:ref=tomcat8 che:server:8080:protocol=http che:server:8000:ref=tomcat8-debug che:server:8000:protocol=http

ENV MAVEN_VERSION=3.2.2 \
    JAVA_VERSION=8u45 \
    JAVA_VERSION_PREFIX=1.8.0_45 \
    TOMCAT_HOME=/home/user/tomcat8

ENV JAVA_HOME=/opt/jdk$JAVA_VERSION_PREFIX \
    M2_HOME=/opt/apache-maven-$MAVEN_VERSION

ENV PATH=$JAVA_HOME/bin:$M2_HOME/bin:$PATH

RUN mkdir /home/user/tomcat8 && sudo mkdir /opt/apache-maven-$MAVEN_VERSION && \
  wget \
  --no-cookies \
  --no-check-certificate \
  --header "Cookie: oraclelicense=accept-securebackup-cookie" \
  -qO- \
  "http://download.oracle.com/otn-pub/java/jdk/$JAVA_VERSION-b14/jdk-$JAVA_VERSION-linux-x64.tar.gz" | sudo tar -zx -C /opt/ && \
  sudo wget -qO- "https://archive.apache.org/dist/maven/binaries/apache-maven-$MAVEN_VERSION-bin.tar.gz" | sudo tar -zx --strip-components=1 -C /opt/apache-maven-$MAVEN_VERSION/

ENV TERM xterm

RUN wget -qO- "http://archive.apache.org/dist/tomcat/tomcat-8/v8.0.24/bin/apache-tomcat-8.0.24.tar.gz" | tar -zx --strip-components=1 -C /home/user/tomcat8 && \
    rm -rf /home/user/tomcat8/webapps/*
USER root
RUN  echo -e "JAVA_HOME=/opt/jdk$JAVA_VERSION_PREFIX\nM2_HOME=/home/user/apache-maven-$MAVEN_VERSION\nTOMCAT_HOME=/home/user/tomcat8\nPATH=$JAVA_HOME/bin:$M2_HOME/bin:$PATH" >> /etc/environment
USER user
ENV LANG C.UTF-8

WORKDIR /tmp

RUN wget \
    --no-check-certificate \
    --no-cookies \
    --header "Cookie: oraclelicense=accept-securebackup-cookie" \
    -qO- \
    "http://download.oracle.com/otn-pub/java/jdk/7u75-b13/jdk-7u75-linux-x64.tar.gz" | sudo tar -zx -C /opt/ 

ADD https://console.cloud.google.com/m/cloudstorage/b/gciassets/o/liferay-portal-tomcat-6.1.1-ce-ga2.zip  /tmp

RUN sudo wget -qO- "http://www.us.apache.org/dist/ant/binaries/apache-ant-1.9.7-bin.tar.gz" |sudo tar -zx -C /opt/

ENV ANT_HOME = /opt/apache-ant-1.9.6\
    PATH=$ANT_HOME/bin:$PATH

USER root
RUN  ln -s /opt/apache-ant-1.9.6/bin/ant /usr/bin/ant

USER user
WORKDIR /tmp

RUN sudo wget -qO- "http://nodejs.org/dist/v0.12.0/node-v0.12.0-linux-x64.tar.gz" | sudo tar -zx -C /opt/
ENV NODE_HOME=/opt/node-v0.12.0-linux-x64 \
    PATH=$NODE_HOME/bin:$PATH  
USER root   
RUN  ln -s /opt/node-v0.12.0-linux-x64/bin/node /usr/bin/node &&\
     ln -s /opt/node-v0.12.0-linux-x64/lib/node /usr/lib/node &&\
     ln -s /opt/node-v0.12.0-linux-x64/bin/npm /usr/bin/npm &&\
     ln -s /opt/node-v0.12.0-linux-x64/bin/node-waf /usr/bin/node-waf

USER user
CMD sudo /usr/sbin/sshd -D && \
    tail -f /dev/null

[itaimalek]

Also, when trying to get sshd status from IDE terminal I get:

[root@82b343648704 tmp]# systemctl status sshd                                                                                                                                                 
Failed to get D-Bus connection: Operation not permitted

[itaimalek]

update, I used :

CMD ["/usr/sbin/sshd", "-D"]
CMD    ["tail", "-f", "/dev/null"]

I now get :
ssh: connect to host xx.xx.xx.xx port 32869: Connection refused

[ghost]

What about a workspace started from a ready to go stack? Say a Java one?

[itaimalek]

reproduced on:

but could not reproduce it on :

[itaimalek]

where can I find the Ready-To-Go-Stacks Dockerfiles?

[ghost]

Yes, looks like this particular stack has troubles with sshd. I'll take a look.

[itaimalek]

Also, it seems the selenium stack doesnt configure JAVA_HOME

[ghost]

This one does not have java at all. I'll update the image to add Java and Maven.

[itaimalek]

any other CentOS Dockerfile you know works?
or maybe which lines to add to my own?

[ghost]

Investigating now...

[itaimalek]

any hint? I'm building a POC for my team....

[ghost]

Password approach isn't the best one in terms of security. It is a temporary solution and we will replace all hardcoded passwords with smth like PASS=$(openssl rand -base64 32) && echo -e "${PASS}\n${PASS}" | passwd user.

If you are ok with having password in your Dockerfile, here's what fixes it:

1. Drop -p when creating a user
2. Just after creating a user add echo -e "codenvy2016\ncodenvy2016" | passwd user - centos requires password that is 8 characters minimum and is not based on a dictionary word.
3. Your CMD should look like this:

CMD sudo /usr/bin/ssh-keygen -A && \
         sudo /usr/sbin/sshd -D && \
         tail -f /dev/null

[itaimalek]

So, if I'm using SSH keys I should be able to connect with the the Dockerfile provided, no changes?

[ghost]

Yes, but you need to upload your public key at Help > Preferences > Machine

[itaimalek]

OK, I'll test both methods and update

[itaimalek]

ok, ssh keys method connects.
I think I'll pass the user/pass method