K
Q

Changing the Key to the kops cluster doesn't let me ssh to master nodes from bastion host

3/7/2019

I am trying to rotate keys for my Kubernetes cluster that I created through kops. Here are the steps that I followed -

1. Deleted the ssh public key from kops

     kops delete secret --name mycluster sshpublickey admin 

2. Created a new keypair and named it id_new 

     ssh-keygen -t rsa -b 4096

3. Created a new secret with the new public key in kops 

     kops create secret --name mycluster sshpublickey admin -i ~/.ssh/id_new.pub

4. Updated the cluster by doing a rolling update. 

     kops update cluster --yes 

     kops rolling-update cluster --name mycluster  --yes

Now I can ssh into the bastion host using the new private key that I created.

ssh -i id_new admin@bastionHostDNS

But when I tried to loging to a master or a worker node from the bastion host I get a Permission denied (Public Key) error.

> admin@ip-172-20-0-32:~$ ssh admin@ip-172-20-59-125.us-east-2.compute.internal
> Enter passphrase for key '/home/admin/.ssh/id_rsa':  
>Permission denied (publickey)

I didn't create a passphrase but it still asks me for one and When I don't enter anything I get Permission denied. Did I miss any step here? I have checked all the security groups and the bastion host can talk to the nodes.

-- Anshul Tripathi
amazon-web-services
kops
kubernetes
ssh

Similar Questions

Why can I not remove my permissions on kubeadm?
Cloudformation for a kube2iam role
How do I set multiple commands in config.yaml in kubernetes?
Unable to setup kuberenetes with VM binded with Public IP
Kubernetes Service Resource needs Deployment Resource Manifest to be applied first in order to forward traffic

1 Answer

3/11/2019

The issue seems to be solved by @Anshul Tripathi with adding a private key on Bastion host and propagating appropriate public key to the target Node machine for SSH connection.Evaluated to answer for any further community research.

-- mk_sta
Source: StackOverflow