Compose: docker-compose ssh exception: No authentication methods available
Description of the issue
While I am trying to utilize ssh socket for deploying docker services with docker-compose, I find out the error in the console.
When I deploy the docker services with docker-compose up the console hung-up, also when I execute docker-compose up -d docker-compose produces the exception and print it to the console.
In the meantime, it works like a charm with the docker stack deploy -c stack.yml STACK_NAME.
Context information (for bug reports)
Output of docker-compose version
docker-compose version 1.24.0, build 0aa59064
docker-py version: 3.7.2
CPython version: 3.6.8
OpenSSL version: OpenSSL 1.1.0j 20 Nov 2018
Output of docker version
Client:
Version: 18.09.5
API version: 1.39
Go version: go1.10.8
Git commit: e8ff056
Built: Thu Apr 11 04:43:34 2019
OS/Arch: linux/amd64
Experimental: false
Server: Docker Engine - Community
Engine:
Version: 18.09.5
API version: 1.39 (minimum version 1.12)
Go version: go1.10.8
Git commit: e8ff056
Built: Thu Apr 11 04:13:40 2019
OS/Arch: linux/amd64
Experimental: false
Output of docker-compose config
(Make sure to add the relevant -f and other flags)
services:
api:
depends_on:
- redis
image: m-api
ports:
- 8080:8080/tcp
restart: on-failure
redis:
command:
- redis-server
- --appendonly
- "yes"
hostname: redis
image: redis:5.0.4
ports:
- 6379:6379/tcp
restart: on-failure
volumes:
- redis-data:/data:rw
version: '3.0'
volumes:
redis-data: {}
Steps to reproduce the issue
- Define ssh config to describe the remote host connection parameters
- Set enviroment variable
export DOCKER_HOST=ssh://IP_ADDRESS - Run
docker compose up -dordocker compose up
Observed result
docker-compose fails to deploy the docker services
Expected result
docker-compose sets up the docker services via ssh socket
Stacktrace / full error message
/tmp/_MEIut0CDJ/paramiko/ecdsakey.py:164: CryptographyDeprecationWarning: Support for unsafe construction of public numbers from encoded data will be removed in a future version. Please use EllipticCurvePublicKey.from_encoded_point
Connected (version 2.0, client OpenSSH_7.4)
/tmp/_MEIut0CDJ/paramiko/kex_ecdh_nist.py:39: CryptographyDeprecationWarning: encode_point has been deprecated on EllipticCurvePublicNumbers and will be removed in a future version. Please use EllipticCurvePublicKey.public_bytes to obtain both compressed and uncompressed point encoding.
/tmp/_MEIut0CDJ/paramiko/kex_ecdh_nist.py:96: CryptographyDeprecationWarning: Support for unsafe construction of public numbers from encoded data will be removed in a future version. Please use EllipticCurvePublicKey.from_encoded_point
/tmp/_MEIut0CDJ/paramiko/kex_ecdh_nist.py:111: CryptographyDeprecationWarning: encode_point has been deprecated on EllipticCurvePublicNumbers and will be removed in a future version. Please use EllipticCurvePublicKey.public_bytes to obtain both compressed and uncompressed point encoding.
Traceback (most recent call last):
File "bin/docker-compose", line 6, in <module>
File "compose/cli/main.py", line 71, in main
File "compose/cli/main.py", line 124, in perform_command
File "compose/cli/command.py", line 42, in project_from_options
File "compose/cli/command.py", line 123, in get_project
File "compose/cli/command.py", line 94, in get_client
File "compose/cli/docker_client.py", line 127, in docker_client
File "site-packages/docker/api/client.py", line 166, in __init__
File "site-packages/docker/transport/sshconn.py", line 84, in __init__
File "site-packages/docker/transport/sshconn.py", line 94, in _connect
File "site-packages/paramiko/client.py", line 437, in connect
File "site-packages/paramiko/client.py", line 750, in _auth
paramiko.ssh_exception.SSHException: No authentication methods available
[23501] Failed to execute script docker-compose
Additional information
Example of the ~/.ssh/config
Host IP_ADDRESS
Hostname IP_ADDRESS
Port 22
IdentityFile ~/.ssh/IP_ADDRESS/priv.key
johnbizokk
All 12 comments
This looks like related to https://github.com/docker/docker-py/issues/2289.
The actual code looks at the keys with load_system_host_keys in docker-py so if you are using a user defined config it will break.
What if you retry with your files with default names and placements?
ulyssessouza
on 23 Apr 2019
I'm seeing the same issue here. I mostly use k8s (on public cloud), but needed a lower footprint environment for tutorials.
Having used docker-compose in past I thought I'd give it a go.
➜ tutorials git:(tutorialdocker1) ✗ cat kafka-compose.yaml git:(tutorialdocker1|…
version: '2'
services:
zookeeper:
image: 'bitnami/zookeeper:latest'
kafka:
image: 'bitnami/kafka:latest'
➜ tutorials git:(tutorialdocker1) ✗ docker-compose -f ./kafka-compose.yaml up git:(tutorialdocker1|…
/var/folders/fb/mzlmglkd11g00z2wgc4m15nw0000gn/T/_MEIFqKBC0/paramiko/ecdsakey.py:164: CryptographyDeprecationWarning: Support for unsafe construction of public numbers from encoded data will be removed in a future version. Please use EllipticCurvePublicKey.from_encoded_point
Traceback (most recent call last):
File "docker-compose", line 6, in <module>
File "compose/cli/main.py", line 71, in main
File "compose/cli/main.py", line 124, in perform_command
File "compose/cli/command.py", line 42, in project_from_options
File "compose/cli/command.py", line 123, in get_project
File "compose/cli/command.py", line 94, in get_client
File "compose/cli/docker_client.py", line 127, in docker_client
File "site-packages/docker/api/client.py", line 166, in __init__
File "site-packages/docker/transport/sshconn.py", line 84, in __init__
File "site-packages/docker/transport/sshconn.py", line 94, in _connect
File "site-packages/paramiko/client.py", line 334, in connect
File "site-packages/paramiko/client.py", line 204, in _families_and_addresses
File "socket.py", line 745, in getaddrinfo
socket.gaierror: [Errno 8] nodename nor servname provided, or not known
[25190] Failed to execute script docker-compose
➜ tutorials git:(tutorialdocker1) ✗
Note this is on MacOS Catalina beta (19A501i). My ssh config has many entries which I use extensively with ssh/iterm
(Ignore the validity/wiseness of the .yaml)
planetf1
on 10 Jul 2019
I am having the same issue as @johnbizokk. Is there a solution for this?
spirit986
on 2 Oct 2019
I am also getting the paramiko.ssh_exception.SSHException: No authentication methods available. I am able to solve it by doing the following.
- Enable the public key authentication in the server and configure the keys correctly for the user.
- Replace the key into the
~/.ssh/id_rsa.paramikoignores the~/.ssh/configand looks for key file with name~/.ssh/id_rsa - Try to connect through
sshcommand line. That will add entry to~/.ssh/known_hosts. Which is required for theparamiko. - Run
docker-compose.exe -H "ssh://[email protected]" ps. That's all.
Planning to stick to this workaround until docker-compose uses the native ssh client.
C:\>docker-compose.exe -H "ssh://[email protected]" ps
Connected (version 2.0, client OpenSSH_7.4)
paramiko\kex_ecdh_nist.py:39: CryptographyDeprecationWarning: encode_point has been deprecated on EllipticCurvePublicNumbers and will be removed in a future version. Please use EllipticCurvePublicKey.public_bytes to obtain both compressed and uncompressed point encoding.
paramiko\kex_ecdh_nist.py:96: CryptographyDeprecationWarning: Support for unsafe construction of public numbers from encoded data will be removed in a future version. Please use EllipticCurvePublicKey.from_encoded_point
paramiko\kex_ecdh_nist.py:111: CryptographyDeprecationWarning: encode_point has been deprecated on EllipticCurvePublicNumbers and will be removed in a future version. Please use EllipticCurvePublicKey.public_bytes to obtain both compressed and uncompressed point encoding.
Authentication (publickey) successful!
The system cannot find the path specified.
Name Command State Ports
----------------------------------------------------------------------------------------------------------------------------------------------------------------
consul docker-entrypoint.sh agent ... Up 8300/tcp, 8301/tcp, 8301/udp, 8302/tcp, 8302/udp, 0.0.0.0:8500->8500/tcp, 8600/tcp, 8600/udp
redis docker-entrypoint.sh redis ... Up 0.0.0.0:6379->6379/tcp
prakashguru
on 13 Oct 2019
Thanks @prakashguru for sharing your finding, hope this will be helpfull to others with a comparable issue.
So we depend on https://github.com/paramiko/paramiko/issues/1383 / https://github.com/docker/docker-py/pull/2290 being fixed so docker-compose can correctly handle ~/ssh/config for those not using the default paths.
ndeloof
on 14 Oct 2019
Hi, as some work has been done to fix this issue, when can we hope a new release supporting ssh config?
What can we do, if we have to, to speed up the process?
rdavaillaud
on 21 Oct 2019
I had this issue even with the default and correctly configured key paths on version of docker-compose 1.24. Upgrading to 1.25 fixed it for me. Maybe it helps someone.
germansokolov13
on 29 Nov 2019
I've recently encountered to seems like the same issue and the problem was SSH keys. When I generated a SSH keys I had to convert id_rsa file from OPENSSH to RSA type key with ssh-keygen.
When the id_rsa key was generated it started with
BEGIN OPENSSH PRIVATE KEY.
After converting it
BEGIN RSA PRIVATE KEY
Run ssh-keygen -p -m PEM -f ~/.ssh/id_rsa to convert it to RSA type. Path to your id_rsa file may be different. Be careful with overriding it especially if you use your key somewhere else.
Than just upload it to your remote server, do some tweaks and run docker-compose up.
Perhaps some guide to help you with uploading and setting ssh keys.
dominikkrulak
on 5 Dec 2019
The docker-py now has the fix merged. Any plans to bump the version of docker-py used in docker-compose?
prakashguru
on 10 Feb 2020
docker-compose 1.26.0-rc2 uses docker-py 4.2.0 which contains the fix.
docker-compose 1.25.4 uses docker-py 4.1.0.
mleonhard
on 3 Mar 2020
After docker/docker-py#2534 is merged docker-py will also consider the IdentityFile option of your ~/.ssh/config file.
HaaLeo
on 20 Mar 2020
Another thing to not is that this doesn't work with ssh keys with custom names. Paramiko searches for variable identity keys in you .ssh directory but they must be named a very specific way. Copied the code below where you can see paramikos limitations.
if not two_factor:
keyfiles = []
for keytype, name in [
(RSAKey, "rsa"),
(DSSKey, "dsa"),
(ECDSAKey, "ecdsa"),
(Ed25519Key, "ed25519"),
]:
# ~/ssh/ is for windows
for directory in [".ssh", "ssh"]:
full_path = os.path.expanduser(
"~/{}/id_{}".format(directory, name)
)
if os.path.isfile(full_path):
# TODO: only do this append if below did not run
keyfiles.append((keytype, full_path))
if os.path.isfile(full_path + "-cert.pub"):
keyfiles.append((keytype, full_path + "-cert.pub"))
amovfx
on 5 Apr 2020
Related issues
CrimsonGlory
·
3Comments
foxx
·
3Comments
guycalledseven
·
3Comments
darkrasid
·
3Comments
DhairyashilBhosale
·
3Comments
Most helpful comment
I am also getting the
paramiko.ssh_exception.SSHException: No authentication methods available. I am able to solve it by doing the following.~/.ssh/id_rsa.paramikoignores the~/.ssh/configand looks for key file with name~/.ssh/id_rsasshcommand line. That will add entry to~/.ssh/known_hosts. Which is required for theparamiko.docker-compose.exe -H "ssh://[email protected]" ps. That's all.Planning to stick to this workaround until docker-compose uses the native ssh client.