Can't connect to postgres with flyctl (SSH allowed-apps certificate)

bobogei81123 · December 24, 2023, 1:40am

When I ran flyctl pg connect -a <my pg cluster>, it showed

flyctl pg connect -a <my pg cluster>
Connecting to fdaa:0:<rest IP address>... complete
Error: error connecting to SSH server: ssh: handshake failed: ssh: unable to authenticate, attempted methods [none publickey], no supported methods remain
Stacktrace:
goroutine 1 [running]:
runtime/debug.Stack()
        /opt/hostedtoolcache/go/1.21.0/x64/src/runtime/debug/stack.go:24 +0x5e
github.com/superfly/flyctl/internal/cli.printError(0xc000520640, 0xc0005edb46, 0x1d063a0?, {0x2569da0, 0xc000f1d4d0})
        /home/runner/work/flyctl/flyctl/internal/cli/cli.go:162 +0x4db
github.com/superfly/flyctl/internal/cli.Run({0x2585308?, 0xc000657900?}, 0xc000520640, {0xc000050240?, 0x6, 0x6})
        /home/runner/work/flyctl/flyctl/internal/cli/cli.go:110 +0x948
main.run()
        /home/runner/work/flyctl/flyctl/main.go:47 +0x156
main.main()
        /home/runner/work/flyctl/flyctl/main.go:26 +0x18

The same error showed up when connecting using flyctl ssh console -a <my pg cluster>, but for my other projects it worked. Is there anything changed in flyctl pg connect?

mayailurus · December 24, 2023, 10:26pm

Does fly logs -a <your pg cluster> show any errors?

(In past forum threads, it has turned up DNS glitches, an atypical base image, etc.)

bobogei81123 · December 25, 2023, 2:16am

Thank you for your reply. I’m seeing a bunch of

2023-12-24T01:39:18Z app[148edd6b7d0589] sjc [info]2023/12/24 01:39:18 unexpected error: [ssh: no auth passed yet, ssh: unsupported critical option "allowed-apps@fly.io" in certificate]

in the logs. Probably flyctl is passing a bad certificate for authenticating?

mayailurus · December 26, 2023, 12:45pm

Or perhaps newer than what that particular server is expecting…

I belatedly checked the flyctl source-code history, and it turns out that there was actually a change this month:

issue app-specific SSH certs where possible

How long has it been since that machine was last restarted? It may just have an old version of hallpass, the SSH daemon, .

system · January 2, 2024, 12:46pm

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
ssh: handshake failed: ssh: unable to authenticate, attempted methods [none publickey], no supported methods remain logs , postgres	3	666	April 25, 2024
Can't connect to postgres app using [Fly pg connect -a app-name] command Build debugging postgres	5	267	March 8, 2024
fly postgres connect fails -- "error connecting to SSH server" Questions / Help postgres , rails	1	280	January 7, 2024
ssh into an app fails: ssh: unable to authenticate, attempted methods [none publickey]	9	4406	January 27, 2023
Unable to connect to postgres thru vpn or flyctl Questions / Help postgres	2	541	March 22, 2023

Can't connect to postgres with flyctl (SSH allowed-apps certificate)

Related topics