Problems with SSH / IAM authentication on new AWS hubs cloud instance.

[MegaMotion]

Does anyone have any hints for what I may be doing wrong, re: logging in with SSH? I am setting up a new hubs cloud on my personal AWS account. I have added a keypair and the pem file is recognized, but I am having trouble with the IAM authentication. I created an IAM user, and then I also added IAM authentication to my root user, but when I try to ssh in to my instance, neither of these codes is accepted.

[antpb]

Hey @MegaMotion ! I'm not sure IAM is what's holding up your access to the instance. When you create your keypair for the steps outlined in https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-key-pairs.html#having-ec2-create-your-key-pair
you need to then use that keypair to log into the server. Should be something like ssh-add -K ~/.ssh/yourkeyfile after running that, you should be able to log in as it will reference the file you pointed to. I've had issues in the past with other identities getting in the way so if you suspect that, run ssh-add -D to remove all of your identities, then the above ssh-add command.

You likely have another auth layer to set up also. In /admin go to the server access sidebar menu item and use the QR code to get your 2fa set up. It should have instructions there

[MegaMotion]

Thank you! Going out for smoky dog walk but I'll check that when I return. Definitely did not do the ssh-add step.

[MegaMotion]

Okay, back, still confused however. What is ssh-add supposed to do exactly? What I have done is A) create the keypair on my EC2 Dashboard, Network & Security, Keypairs; B) download the .pem file to my local hard drive; C) set up my 2fa on my phone using the QR code, both as a IAM user and for my root user; and then D) try to log in to my app server with ssh, using the pem file. It recognizes the pem file, and starts asking for verification codes (which it won't do if I don't have the proper pem file) but none of my codes do the trick.

When I try to run ssh-add it just says "Could not open a connection to your authentication agent". I'm not sure what the context for this command should be.

[johnshaughnessy]

@MegaMotion The 2FA codes you need when sshing into your hubs cloud instance should come from the QR code in the admin panel, not the one linked to your amazon account. See <your_hubs_cloud_domain>/admin#/server-access . This page also provides some instructions for connecting to your instance.

(Make sure you log into your hubs cloud instance as an admin. The admin page will load if you are logged in but will only function correctly if you are an admin. )

[robinkwilson]

Also, here's the SSH Access Page in the Hubs Docs: https://hubs.mozilla.com/docs/hubs-cloud-accessing-servers.html

[yalegria]

I am facing a similar issue. My hubs is broken. In my attempt to bring it up I made an update to the stack, increasing to 2 app servers. I can't ssh to the new app server, I get an access denied error and/or connection refused. I don't get to the point of Verification Code because my hubs is broken, I can't access the Admin section.