I’m getting a strange issue when trying to run:
erik@frozen:~$ juju ssh haproxy/1
ERROR permission denied (unauthorized access)
It works when I’m using normal ssh:
ssh ubuntu@192.168.1.12
Welcome to Ubuntu 20.04.4 LTS (GNU/Linux 5.4.0-109-generic x86_64)
What can I do to resolve this?
Can you share some more detail about the setup:
Client version
2.9.32-ubuntu-amd64
Controller version
agent-version: 2.9.32
controller-model-version: 2.9.32
mongo-version: 4.0.9
Model version
agent-version: 2.9.32
description: the version of Juju used by the model
version: 2.9.32
Command with --debug
erik@frozen:~$ juju ssh 0 --debug
ERROR permission denied (unauthorized access)
erik@frozen:~$
This is a private controller, lxd-only (not JAAS)
controller log (/var/log/juju/audit.log)
{"conversation":{"who":"admin","what":"/snap/juju/19681/bin/juju ssh haproxy/1","when":"2022-07-17T14:53:56Z","model-name":"haproxy-rpc","model-uuid":"6de86d45-3670-4b11-8444-c0ca9839d2ea","conversation-id":"03175c8fcc1dd70c","connection-id":"E204"}}
{"request":{"conversation-id":"03175c8fcc1dd70c","connection-id":"E204","request-id":2,"when":"2022-07-17T14:53:56Z","facade":"SSHClient","method":"Proxy","version":3}}
{"errors":{"conversation-id":"03175c8fcc1dd70c","connection-id":"E204","request-id":2,"when":"2022-07-17T14:53:56Z","errors":[{"message":"permission denied","code":"unauthorized access"}]}}The logged in Juju user does need “admin” permission on the model to be able to use juju ssh. Is that the case here? That’s the only obvious reason I can see for the error.
The logged in user is admin on the controller but that maybe matters still?
So, controller admins should be considered model admins on all models on that controller. But looking at the permission check for the SSH functions, the extra controller permission check is missing. It will be a simple fix.
Do I need to do something here?
No, bug filed