SSH Tunnel issues - Unable to install RKE in prep to deploy Rancher

#1

I’ve setup 3 servers where I plan to deploy the Rancher Management services, and we’re at the step where we are supposed to install RKE, which it does over SSH tunnels.

We setup Docker as a non-root user, and we can run docker commands, on all nodes where we are trying to install RKE.

to the best of my understanding SSH is configured with TCP forwarding.

I’ve attempted to test by creating a manual tunnel and directing docker to that:

First I created the tunnel:
ssh -oStrictHostKeyChecking=no -oUserKnownHostsFile=/dev/null -i ~/.ssh/id_rsa -NL localhost:2377:/var/run/docker.sock remotehost

Then I opened another shell to the system and ran this: export DOCKER_HOST=“localhost:2377”

Then, when I attempted to run “docker ps” I am getting this error in the tunnel output: channel 2: open failed: administratively prohibited: open failed

Here is the error we are seeing in the secure log: refused streamlocal port forward: originator port 0, target /var/run/docker.sock

If anyone has any suggestions, they would be greatly appreciated. Thank you.

#2

Most of the SSH issues are described at https://rancher.com/docs/rke/latest/en/troubleshooting/ssh-connectivity-errors/, what exact error do you get when you run rke up?

If you want to do socket forwarding over SSH, you can follow this https://medium.com/@dperny/forwarding-the-docker-socket-over-ssh-e6567cfab160.

#3

Thanks for the response. It looks like the issue is likely due to 2factor configurations on our servers. We removed that config from one of our servers, and we were able to deploy to it.

The SSH tunnel didn’t seem to be that difficult to setup, in itself, so I figured some other “factor” must be playing a role. And, indeed, that appears to be the case.

Thanks again!