Connection timed out or bad permissions messages with Socks Proxy connection to Altus clusters

by Community Manager ‎06-26-2017 11:43 AM - edited ‎06-26-2017 11:53 AM

Upon setting up a Socks Proxy Connection to access Cloudera Manager on an Altus cluster per:


You may see:


ssh: connect to host X.X.X.X port 22: Connection timed out

2017-06-26 09:16:05,759 - MainThread - altuscli.extensions.dataeng.socksproxy - ERROR - IP address of Cloudera Manager (X.X.X.X) is unreachable. Please check security permissions on instances of the cluster.


The same steps should be followed, listed here:


However, you should slightly modify these steps to allow access Cloudera Manager (port 7180

  1. In the AWS Console, go to VPC > Security Groups and find the security group you created for the Altus environment.
  2. Verify that you are in the correct region.
  3. On the Inbound Rules tab, edit the security group and add another rule of type Custom TCP Rule (7180).
  4. Set the Source property to the IP address or range of IP addresses from which you want to connect by selecting My IP in the Source pulldown menu.
  5. Press Save


In addition, if you see:


Load key "/path/yourprivatekey.pem": bad permissions

Permission denied (publickey,gssapi-keyex,gssapi-with-mic).

2017-06-26 12:04:15,705 - MainThread - altuscli.extensions.dataeng.socksproxy - ERROR - Unable to setup socks tunnel.


This is an indication that the pem file  "/path/yourprivatekey.pem" used in the altus command line is not 600 permissions to ensure security.   Please use the chmod command to restrict read by other, and retry the command.