I almost gave up with adding a Volume with SSHFS, but something clicked...

scooke

Hello.
I tried different things, tried searching the forums. Nothing was working. I couldn't add my remote machine using SSHFS as a Volume on my Cloudron until.... TLDR: I needed to add the Public Key contents to the authorized_keys file on the remote machine. Here is my story.

I was trying to add a Volume , which is another VPS of mine running Ubuntu 18, which I call "remote machine" in this tale.

I tried two different ways of generating keys.

1. I ran ssh-keygen on my laptop, saved the public key, named id_rsa.pub, to the remote machine, in the user's .ssh directory, and the Private key in the dialogue box of adding Volumes in the Cloudron dashboard. I then tried to connect with port 22, then port 23. Both failed.

2. I ran ssh-keygen on the remote machine and cat /home/user/.ssh/id_rsa and copied the Private key into the dialogue box of adding Volumes in the Cloudron dashboard. I then tried connect with port 22, and port 23. Fail.

When I used port 22, I usually got the failure message: Failed to mount (inactive): read: Connection reset by peer

When I used port 23, I got Failed to mount (inactive): Could not determine failure reason.

I couldn't figure out how to track the connection attemps to see what was wrong. tail -f /var/log/auth.log on Cloudron didn't show anything.

Here was my thought process: Everytime I've set up SSH keys, I run ssh-keygen on the main machine, like my laptop. This gives me a private and a public key, both in my .ssh directory. I then copy the Public key to the remote VPS by pasting the result of cat /home/user/.ssh/id_rsa.pub in the authorized_keys in the appropriate .ssh directory, restart sshd, and voila, I can connect with keys.

But something about this process on Cloudron was messing me up. I am NOT running ssh-keygen on my Cloudron. So, there is NO Private nor Public key ON my Cloudron, in a .ssh directory. So, my first question was, how does the Cloudron machine connect to the remote, or allow the remoteto connect to it??

The answer to this was: On the remote machine I do run ssh-keygen, and a Public and a Private key are generated in the user's .ssh directory. I then cat /home/user/.ssh/id_rsa, copy the result and paste it into the Cloudron "Add Volume" dialogue where it asks for the Private SSH Key. So, I this is how Cloudron gets a Private key that would have been generated on it if I had run ssh-keygen on the Cloudron machine. I had been leaving the Public key, already on the remote machine, as a key in the .ssh directory (id_rsa.pub), and figured that should have been enough.

THEN, I realized, I had always pasted the contents of the id_rsa.pub key into the remote machine's authorized_keys file when I was working from my laptop... but I hadn't done that in this case (again, thinking that the presence of id_rsa.pub in the .ssh directory was all that was needed). So, finally, after hours of trying this and that, I finally pasted the result of cat /home/user/.ssh/id_rsa.pub in the authorized_keys file in the remote machine's .ssh directory, even though the exact same key, id_rsa.pub, was already on the remote machine. Then I went back to the Cloudron dashboard's Add Volume, entered all the same info, and.... voila! I have added a Volume!!

For all you devs, this may have seemed like an obvious step. For me, until the moment of clarity, it wasn't, because all the help I was reading (as far as I can recall) never explicitly said to copy the contents of cat /home/user/.ssh/id_rsa.pub into the authorized_keys file on the exact same machine. I assumed the presence of the pub key would do the trick. Conceptually, it might seem obvious, but now that I understand, I can see that it isn't necessarily an obvious step. To be honest, for all I know, the presence of the pub key file should have been enough, but it didn't work, not for me, until I pasted pub key's contents into the authorized_keys file.

All this to say, I'm going to go through the https://linuxupskillchallenge.com/. I have learned alot over my years of self-hosting, but conceptually there is still so much that I need to grasp.