Cloud Hosting error during connect

Technical Help
#1

Hello-

I have setup cloud hosting for qrkt and receive the following error when I attempt to run docker in the cloud context.

āžœ quantrocket docker --context cloud compose up -d
error during connect: Get "http://docker.example.com/v1.42/images/quantrocket/houston:2.9.0/json": command [ssh -- 108.61.191.127 docker system dial-stdio] has exited with exit status 255, please make sure the URL is valid, and Docker 18.09 or later is installed on the remote host: stderr=kex_exchange_identification: Connection closed by remote host
Connection closed by 108.61.191.127 port 22

por 443 and 80 are open. ssh login using keys is setup and working.

I can run docker --context cloud run hello-world without trouble.

Any assistance is appreciated.

#2

It's probably this issue in Docker Compose. Please ssh to the server and run this command:

echo 'MaxStartups 500' | tee -a /etc/ssh/sshd_config && service sshd restart

You should also put the following in ~/.ssh/config:

ControlMaster     auto
ControlPath       ~/.ssh/control-%C
ControlPersist    yes
#3

Cheers, that has resolved it.

#4

Hi - I'm also attempting to setup cloud hosting, but getting the following error (slightly different thank k11):

error during connect: Get "http://docker.example.com/v1.43/images/quantrocket/houston:2.9.0/json": command [ssh -o ConnectTimeout=30 -l {username} -- {droplet IP address} docker system dial-stdio] has exited with exit status 255, please make sure the URL is valid, and Docker 18.09 or later is installed on the remote host: stderr=banner exchange: Connection to UNKNOWN port -1: Connection timed out

Port 443 and 80 are open. ssh is working. I can run hello-world from my local computer (PC).

What am I missing?

#5

To isolate the problem, try the following steps:

  1. SSH to the remote instance and run docker run hello-world . This is to confirm that SSH is working and that docker is running on the remote host.
  2. From your local computer, run docker --context cloud run hello-world . This is to confirm that you can connect to docker remotely over SSH.
  3. From your local computer, run docker --context cloud compose up -d. If the previous step works but this one fails, the issue is specific to Docker Compose, not Docker.
#6

Thanks, Brian.
I did SSH to the remote instance and was able to run docker hello-world.
Also was able to run hello-world from local computer using --context cloud.
You're correct, issue was Docker Compose.

After some contemplation, went back and checked ufw status. Port 22 was limited (default Docker droplet install). Updated ufw to allow ssh and now Docker Compose was able to connect successfully.

Thanks for the help.

#7

DigitalOcean Guide followed:
stderr=mux_client_request_session: session request failed: Session open refused by peer [email protected]: Permission denied (publickey).

@Brian I followed these ^ steps, #3 failed for me too.

  1. Confirmed I had config file params set.
  2. I then followed @richard.amaya's insight.
  3. Port 22 was limited for me as well, I opened. Also 80 and 443 weren't explicitly listed so I opened (directions say we don't have to with droplet but sudo ufw status didn't show them). Reloaded via sudo ufw reload, killed local terminals, re-opened, same issue.
  4. Confirmed remote ~/.ssh/authorized_keys matched local (although I shouldn't even be allowed inside the remote server if they didn't match).
  5. Ran ls -ld ~/.ssh/ to confirm read, write, execute permissions; fine.
  6. Ran ls -l ~/.ssh/authorized_keys for read, write permissions; fine.
  7. Ran nano /etc/ssh/sshd_config and saw #PubkeyAuthentication yes so I uncommented, restarted ssh service sudo systemctl restart sshd, killed terminals, then tried #3, same Permission denied (publickey).

The only other minor item is I'm doing to keep local separate from cloud deployment.

  • mkdir ~/quantrocket_cloud
  • docker --context cloud compose -p quantrocket_cloud up -d

I do have a passphrase on the SSH Key. I tried:

  1. eval $(ssh-agent)
  2. ssh-add ~/.ssh/my_private_key; same error.

I have a Reserved IP in DigitalOcean, again don't think that matters, just writing for completeness. I changed the create cloud to the original IP I was given, but got the same result.

#8

Richard's "Connection timed out" was consistent with a firewall issue. Your "permission denied" is a private key issue. Since you have a passphrase on the private key, I would try using a private key without a passphrase to see if the passphrase is the issue. If it works without a passphrase, you can then troubleshoot the passphrase part. Maybe this article is relevant?

Meanwhile I will look at updating the docs in regard to opening the ports.

#9

Yep, it's the passphrase.
For anyone else who ends up here you can remove with:
ssh-keygen -p -f ~/.ssh/your_private_key