Terraform AWS:“ssh:无法验证,尝试的方法 [无公钥]”
[英]Terraform AWS: "ssh: unable to authenticate, attempted methods [none publickey]"
问题描述
I'm experimenting with IaC automation.
我正在试验 IaC 自动化。 I'm standing up this instance (with associated simple VPC infrastructure, not shown):我正在建立这个实例(具有关联的简单 VPC 基础设施,未显示):
resource "aws_instance" "ansible" {
ami = data.aws_ami.ubuntu.id
instance_type = "t2.micro"
associate_public_ip_address = true
subnet_id = aws_subnet.public.id
key_name = aws_key_pair.instance.key_name
vpc_security_group_ids = [aws_security_group.allow-ssh.id]
user_data = "${file("ansible.conf")}"
ebs_block_device {
device_name = "/dev/sda1"
delete_on_termination = true
volume_size = 8
volume_type = "gp3"
}
metadata_options {
http_endpoint = "enabled"
http_tokens = "required"
}
tags = {
Name = "ansible01"
}
}
resource "aws_security_group" "allow-ssh" {
name = "allow-ssh"
description = "A security group that allows inbound web traffic (TCP ports 80 and 443)."
vpc_id = aws_vpc.vpc.id
ingress {
from_port = 22
to_port = 22
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
description = "Allow SSH traffic"
}
egress {
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
}
}
I have this resource block with provisioners in Terraform:我在 Terraform 中有这个资源块和供应商:
resource "null_resource" remoteExecProvisionerWFolder {
depends_on = [
local_file.hosts_cfg
]
provisioner "file" {
source = "hosts.cfg"
destination = "/home/ubuntu/hosts"
}
provisioner "remote-exec" {
inline = [
"sudo mkdir /etc/ansible",
"sudo mv /home/ubuntu/hosts /etc/ansible/"
]
}
connection {
host = aws_instance.ansible.public_ip
type = "ssh"
user = "ubuntu"
private_key = aws_secretsmanager_secret_version.secret_version.secret_string
}
}
private_key is referencing a key pair which I designed to go straight into Secrets Manager (so no need to store locally): private_key 引用了我设计的密钥对 go 直接进入 Secrets Manager(因此无需在本地存储):
# KEY PAIR
resource "tls_private_key" "instance" {
algorithm = "RSA"
}
resource "aws_key_pair" "instance" {
key_name = "wp-ansible-ssh21205"
public_key = tls_private_key.instance.public_key_openssh
tags = {
Name = "wp-ansible-ssh21205"
}
}
# SECRETS
resource "aws_secretsmanager_secret" "secret" {
name = "wp-ansible-ssh21205"
}
resource "aws_secretsmanager_secret_version" "secret_version" {
secret_id = aws_secretsmanager_secret.secret.id
secret_string = tls_private_key.instance.private_key_pem
}
...but when I run apply, I get this error: ...但是当我运行 apply 时,出现此错误:
Error: timeout - last error: SSH authentication failed (ubuntu@X.X.X.X:22): ssh: handshake failed: ssh: unable to authenticate, attempted methods [none publickey], no supported methods remain
The kicker: I swear I had this working.踢球者:我发誓我有这个工作。 I was able to run Terraform Apply, stand up the EC2 with generated key pair which was then placed into Secrets Manager, and the provisioner was running by successfully referencing the secret_string.我能够运行 Terraform Apply,使用生成的密钥对启动 EC2,然后将其放入 Secrets Manager,并且配置程序通过成功引用 secret_string 来运行。 Build completed with no errors and I could SSH into the instance and see my proivisioned files and changes.构建完成且没有错误,我可以 SSH 进入实例并查看我配置的文件和更改。
But then I expanded my experimentation and changed some things, now it's broken.但后来我扩大了我的实验并改变了一些东西,现在它坏了。 I've put things back to the working configuration as best as I can recall, but I still get this error so I must be missing something here.我已经尽我所能将事情恢复到工作配置,但我仍然遇到此错误,所以我一定是在这里遗漏了一些东西。 Any ideas?有任何想法吗?
1 个解决方案
解决方案1
0 2022-02-13 18:34:12
I solved the issue.我解决了这个问题。 It ended being a typo in my instance code - I don't recall exactly what, but it was kind of random and not intuitively connected to SSH keys in any way.它最终成为我的实例代码中的错字——我不记得到底是什么,但它是随机的,没有以任何方式直观地连接到 SSH 键。 So all I can say is this: if you encounted a bizarre issue that you can't figure out, try going back to the start of the your TF template and double-check that everything is formatted/spelled correctly.所以我只能说:如果您遇到无法解决的奇怪问题,请尝试返回到您的 TF 模板的开头并仔细检查所有内容的格式/拼写是否正确。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.