Machine: Generic driver times out attempting to SSH into instance

dont forget in here Sir @nathanleclaire

What's the output of trying such a command with docker-machine --debug flag set?

Hi Nathan,

Please find attach output from the command.

It is my understanding that if a VM was created in Azure for instance with just a password and not a SSH private/public key authentication, there is no need to have the generic-ssh-key flag in the Docker command. BTW, I tried the command in many different variations, all of them failed on me.

3239_OutputLog.txt

Why was this issue closed, still having the same problems....Any ideas from the attached outputlog file attached?

The issue isn't closed.

@Delpedro Did you disabled the need for password for the sudoer @ /etc/sudoers?

Phewwwww Nathan, just checking :)

I did not tpires tbh...but is this necessary on all VMs that were not created via Docker Machine?

@Delpedro yes, external ssh client connects to ssh daemon and avoids password with --generic-ssh-key, but if you don't step NOPASSWD on /etc/sudoers it will ask for password on some steps (ie. sudo yum -y update or sudo apt-get -y upgrade , depends on the SO).

@tpires ok cool, ill try that so, thank you! Ill let you guys know if this works for me, stay tuned :P

So I spun up a VM in Digital Ocean, within the console, I edited the "sudoers" using the following command: sudo visudo as per instruction (instructions on the main website are terrible, it is expected that a user is a Linux ninja!) https://docs.docker.com/machine/drivers/generic/

and added the line as per the attached picture above

I'm still having the same issue as I did with node in MS Azure, I cant add that node into docker-machine ls using the generic drive method.....

@Delpedro what version of docker-machine are you using?
what OS/version have you chosen on Digital Ocean?
Can you provide the output of the debug log from docker-machine -D create -d generic (...) ?

I've tested with Digital Ocean using default VM with Ubuntu 14.04.4 and docker-machine v 0.7.0-rc1@0fb68ca:

• Added sudo user and edited /etc/sudoers to add NOPASSWD
• Disabled root access through ssh
• Added ssh-key to $USER_HOME/.ssh/authorized_keys (.ssh/ permissions need to be set to 700 and authorized_keys to 600

Test

$ docker-machine create -d generic --generic-ip-address 1XX.XXX.XXX.XXX --generic-ssh-user "test-user" --generic-engine-port 23760 ubuntu-docker-test
Running pre-create checks...
Creating machine...
(ubuntu-docker-test) No SSH key specified. Connecting to this machine now and in the future will require the ssh agent to contain the appropriate key.
Waiting for machine to be running, this may take a few minutes...
Detecting operating system of created instance...
Waiting for SSH to be available...
Detecting the provisioner...
Provisioning with ubuntu(upstart)...
Installing Docker...
Copying certs to the local machine directory...
Copying certs to the remote machine...
Setting Docker configuration on the remote daemon...
Checking connection to Docker...
Docker is up and running!
To see how to connect your Docker Client to the Docker Engine running on this virtual machine, run: docker-machine env ubuntu-docker-test
$ eval $(docker-machine env ubuntu-docker-test)
$ docker run -it --rm hello-world
Unable to find image 'hello-world:latest' locally
latest: Pulling from library/hello-world
03f4658f8b78: Pull complete 
a3ed95caeb02: Pull complete 
Digest: sha256:8be990ef2aeb16dbcb9271ddfe2610fa6658d13f6dfb8bc72074cc1ca36966a7
Status: Downloaded newer image for hello-world:latest

Hello from Docker.
This message shows that your installation appears to be working correctly.

To generate this message, Docker took the following steps:
 1. The Docker client contacted the Docker daemon.
(...)

I will check all this and get back to you.

All the following instructions are new to me.....I'm learning!!

Added sudo user and edited /etc/sudoers to add NOPASSWD
Disabled root access through ssh
Added ssh-key to $USER_HOME/.ssh/authorized_keys (.ssh/ permissions need to be set to 700 and authorized_keys to 600

Added sudo user and edited /etc/sudoers to add NOPASSWD
adduser user
vim sudo /etc/hosts user ALL=NOPWASSWD: ALL

Disabled root access through ssh
Authentication:
LoginGraceTime 120
PermitRootLogin NO (change this to no....)
StrictModes yes

Added ssh-key to $USER_HOME/.ssh/authorized_keys (.ssh/ permissions need to be set to 700 and authorized_keys to 600
chmod 700 ~/.ssh
chmod 600 ~/.ssh/authorized_keys

@tpires this appear to be right?

@Delpedro I guess you've mixed there some things in the first step. You've referenced /etc/hosts and the line should be:
user ALL=(ALL) NOPASSWD:ALL

The rest seems OK.

I presume 23760 is incorrect regarding the port and it should be 2376?

I'm on my second run now, didn't work with Ubuntu 15.10 trying the same VM that it worked for you....

Hi guys,

So I tried your suggestions and I'm still getting the same error.

*_Docker Machine Version *_
docker-machine.exe version 0.7.0-rc1, build 0fb68ca

_*_Pre-requisites *__

Added sudo user and edited /etc/sudoers to add NOPASSWD

Added ssh-key to $USER_HOME/.ssh/authorized_keys (.ssh/ permissions need to be set to 700 and authorized_keys to 600

Disabled root access through ssh

Command

Error

@Delpedro You've to add --generic-ssh-user pedro to the docker-machine create -d generic command-line. If you don't specify it, it will use 'root'.

Sorry, i forgot to say, i tried that complete with a number of different commands for example
--generic-ssh-key
--generic-ssh-user
--generic-ssh-port

ill try this again @tpires with the new release.....

Thanks @tpires @Delpedro -- Please file a new issue if you continue to experience issues

any progress on this? I am having the same issue.

Hello, I have found a solution. I hope it helps.

NOTE The commands below are writted like a script but it is only to help you to find/replace the vars with your values.

The following vars must be changed:

• user: the user that you want to create on remote host for docker commands
• group: the group for the user
• hostName: the remote host.

# Create docker user joining admin group with home directory (-m)
useradd -m -g $group $user

# Add password to the user.
passwd $user

# Append the user with NOPASSWD: tag to /etc/sudoers file
sudo sh -c 'echo "$user\tALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers'

# Create a ssh key/pair for the user without passphrase.
ssh-keygen -t rsa -b 4096 -C "$user@$hostName" -f $user-$hostName-id_rsa -N ""

# Add the key to authorized_hosts file on remote server (it will ask docker password)
ssh-copy-id -i .ssh/$user-$hostName-id_rsa.pub $user@$hostName

The point is that you need to add to the remote server the ssh key to authorized_hosts, and the proper way to do it is by using ssh-copy-id command.

So, with the commands above, you will be creating a user with a ssh-key that you will use to create the docker-machine.

@mtablado Thanks! Your solution is the only one which works me too.

The general idea outlined by @mtablado worked for me, but I had some trouble with those particular steps. Particularly, I find that the following command will execute in a subshell where $user is not set, which caused some problems.

sudo sh -c 'echo "$user\tALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers'

I had to document my steps anyhow, so here's what I came up with:

On the docker daemon host machine:

# create a group for the remote user
sudo groupadd remote

# add the user
sudo useradd -m -g remote dockermachine

# specify that the new user should not be prompted for a password upon invoking 'sudo'
sudo visudo

# Add the following line to the end of the file
# visudo will tell you if you try to save any syntax errors
dockermachine   ALL=(ALL) NOPASSWD: ALL

sudo passwd dockermachine
# Give the new user a password

On the machine you're running docker-machine from:

# make an SSH key
ssh-keygen -t rsa -b 4096 -C "dockermachine@CLIENTHOST" -f dockermachine_id_rsa -N ""

# create a `.ssh` directory for the new user on the remote host
ssh dockermachine@DAEMONHOST 'mkdir .ssh'

# push the key to the docker daemon host (you will be prompted for the new password)
# do so for both ssh version 1 and ssh version 2
scp dockermachine_id_rsa.pub dockermachine@DAEMONHOST:~/.ssh/authorized_keys
scp dockermachine_id_rsa.pub dockermachine@DAEMONHOST:~/.ssh/authorized_keys2

# login as the dockermachine user and specify the key (you should NOT be prompted for a password)
ssh -i dockermachine_id_rsa dockermachine@DAEMONHOST

# do something with sudo (you should NOT be prompted for a password) 
DAEMONHOST$ sudo echo
DAEMONHOST$ exit

docker-machine create -d "generic" \
--generic-ip-address=DAEMONHOST \
--generic-ssh-key=C:/<path_stuff>/dockermachine_id_rsa \
--generic-ssh-user dockermachine \
RemoteDockerHost