4、无法为主机创建SSH隧道

Failed to set up SSH tunneling for host [xxx.xxx.xxx.xxx]: Can’t retrieve Docker Info ,Failed to dial to /var/run/docker.sock: ssh: rejected: administratively prohibited (open failed)

  • 指定连接的用户没有权限访问docker.sock。这可以通过登录主机并运行docker ps命令来检查 :
  1. $ ssh user@server
  2. user@server$ docker ps
  3. CONTAINER ID        IMAGE               COMMAND                  CREATED             STATUS              PORTS                    NAMES

  • 当使用RedHat/CentOS作为操作系统时, 不能使用root用户去登录主机,具体原因可以查看Bugzilla #1527565。需要添加一个非root用户并添加访问docker.sock的权限,配置方法请参考通过非root用户管理Docker

  • SSH server version is not version 6.7 or higher. This is needed for socket forwarding to work, which is used to connect to the Docker socket over SSH. This can be checked using sshd -V on the host you are connecting to, or using netcat:

  1. $ nc xxx.xxx.xxx.xxx 22
  2. SSH-2.0-OpenSSH_6.6.1p1 Ubuntu-2ubuntu2.10

Failed to dial ssh using address [xxx.xxx.xxx.xxx:xx]: Error configuring SSH: ssh: no key found

  • 在RKE的node配置参数中,ssh_key_path参数需要指定访问node节点的私钥文件。此问题可能是因为没有正确指定ssh_key_path文件路径或者没有权限访问该文件,或者指定的文件非正确的私钥文件。

Failed to dial ssh using address [xxx.xxx.xxx.xxx:xx]: ssh: handshake failed: ssh: unable to authenticate, attempted methods [none publickey], no supported methods remain

  • 指定的ssh_key_path文件对应的node主机不正确,或者对应的用户名不正确。

Failed to dial ssh using address [xxx.xxx.xxx.xxx:xx]: Error configuring SSH: ssh: cannot decode encrypted private keys

  • If you want to use encrypted private keys, you should use ssh-agent to load your keys with your passphrase. If the SSH_AUTH_SOCK environment variable is found in the environment where the rke command is run, it will be used automatically to connect to the node.

Cannot connect to the Docker daemon at unix:///var/run/docker.sock. Is the docker daemon running?

  • 无法通过配置的addressport访问到主机,检查主机防火墙或者配置的addressport