AWS Portal installation / SSH Access denied

Hello everyone,
I successfully configured deadline and remote connection server
Everything is working fine with three computers on different network

I’m trying to add AWS Portal to my network, so much steps to install it that’s a bit overwhelming :smiley:

I installed and configured everything, IAM admin, aws portal / asset server, rcs connection info with same certificate as I used for my other working remote clients.
Started an infrastructure, but I’m stuck when trying to deploy a spot fleet.
I keep getting this error
[ERROR] [SSHTunnelManager] Access denied connecting to remote host .... Please see our troubleshooting docs, or contact support, for assistance.

I’ve tried the solution here : Permission denied

I re created 3 different infrastructure, rebooted my whole deadline server.
But I keep getting the same error,
Any way to debug this more ? I’m a bit out of idea where the problem can come from.

Thanks for any help

Just for some more information, latest version is used for everything on windows.
I double checked IP for port 22 in security group on EC2 management console and it’s correct.
Port 22 is not outbound blocked either on the machine running AWS Portal.

I also added manually read access to the DashKey file in AWSPortalLink folder

Can’t find what is still causing this issue :frowning:

I think it is something along the lines of AWS Portal Link not being able to establish a tunnel to the gateway.
You should check the Link log - /var/log/Thinkbox/AWSPortalLink/AWSPortalLink-Deadline10-*.log, it will say whether it failed the tunnel.
There might also be something useful in the Montor Console tab.

Hello and thank you for your answer, the only error I can find in the awsportal logs is
Access denied for SSHTunnelManager

Here are the full logs (I just anonymized IP)

1656679582.425432 2022-07-01 14:46:22,425 [root] [1908] [MainThread] [INFO] .log.level:20
1656679582.426428 2022-07-01 14:46:22,426 [root] [1908] [MainThread] [INFO] .log.style:deadline
1656679582.426428 2022-07-01 14:46:22,426 [root] [1908] [MainThread] [INFO] .miscellaneous.status_reporting.enable:True
1656679582.426428 2022-07-01 14:46:22,426 [root] [1908] [MainThread] [INFO] .miscellaneous.status_reporting.port:4005
1656679582.426428 2022-07-01 14:46:22,426 [root] [1908] [MainThread] [INFO] .ssh.client:C:\Program Files (x86)\Thinkbox\AWSPortalLink\openssh
1656679582.435632 2022-07-01 14:46:22,435 [root] [1908] [MainThread] [INFO] .ssh.hostkeys_path:C:\Users\Deadline\AppData\Local\Thinkbox\AWSPortalLink
1656679582.435632 2022-07-01 14:46:22,435 [root] [1908] [MainThread] [INFO] using INSTALL_LOCATION - 'C:\\Program Files (x86)\\Thinkbox\\AWSPortalLink'
1656679582.436461 2022-07-01 14:46:22,436 [root] [1908] [MainThread] [INFO] Using ssh private key: C:\Program Files (x86)\Thinkbox\AWSPortalLink\DashKey
1656679582.436461 2022-07-01 14:46:22,436 [root] [1908] [MainThread] [INFO] [AWSPortalLinkService] Starting AWS Portal Link service ...
1656679582.439457 2022-07-01 14:46:22,439 [root] [1908] [Dummy-1] [INFO] [AWSPortalLinkService] has initialized
1656679582.440449 2022-07-01 14:46:22,440 [root] [1908] [Dummy-1] [INFO] [AWSPortalLinkService] try to start...
1656679582.444446 2022-07-01 14:46:22,444 [root] [1908] [Dummy-1] [INFO] [StatusListener] Listening on 0.0.0.0:4005
1656679582.447442 2022-07-01 14:46:22,447 [root] [1908] [Dummy-1] [INFO] [StatusListener] Listening on [::]:4005
1656679582.447442 2022-07-01 14:46:22,447 [root] [1908] [Dummy-1] [INFO] [SSHTunnelManager] Has been told to start.
1656680067.409368 2022-07-01 14:54:27,409 [root] [1908] [Dummy-1] [ERROR] [SSHTunnelManager] Access denied connecting to remote host xx.xx.xx.xx. Please see our troubleshooting docs, or contact support, for assistance.

Then logs is the same error over and over again
[ERROR] [SSHTunnelManager] Access denied connecting to remote host

I tried to start a new infrasctructure again, no error in console.
Tunnel is correctly setup I checked .out file indicated in GetTunnelParams.log

If I change security rule in EC2 for another IP I get a “time out” error so my aws portal server and EC2 infrastructure are communicating then access is denied for a weird reason.
Maybe wrong ssh key file / permissions but I can’t know for sure, would be nice to have more logs to check maybe on EC2 instance side.

This is more like the Dash key being wrong, or not having permissions to the key.
In the log it is apparent that the correct DashKey is loaded from Program Files (x86).

Maybe you could try manually running the ssh tunnel commands to see if it works?

You will likely not find anything in the ec2 logs, but feel free. You could check the sshd logs on the gateway.

Okay apparently the permissions on Dashkey file were “too open”
I deleted every permission on dashkey and added only system and my admin user (account used for aws portal) seems to be working now !
Thanks :smiley:

Hah good you sorted it.