Issue: When attempting to use an SSH URI connector to a remote Linux system, I am authenticating successfully (based on OpenSSH logs), however I am receiving the following error:
Error: failed to connect: ssh: handshake failed: ssh: unable to authenticate, attempted methods [none], no supported methods remain
│
│ with provider["registry.terraform.io/dmacvicar/libvirt"],
│ on test.tf line 9, in provider "libvirt":
│ 9: provider "libvirt" {
│
The SSH key in use will allow me to successfully authenticate outside of Terraform. I have tried both RSA and ECDSA key types in my Terraform URI statement, neither work
In SSH logs, it appears the client is isssuing a close request at preauth:
May 10 15:46:27 qub4rt sshd[209057]: debug1: /etc/ssh/gitlab-libvirt-authorized_keys:1: matching key found: RSA SHA256:5OJzx6mZZirtqdrTp/0SpUSbPAzy1I70DIOSnvCiIS0
May 10 15:46:27 qub4rt sshd[209057]: debug1: /etc/ssh/gitlab-libvirt-authorized_keys:1: key options: agent-forwarding port-forwarding pty user-rc x11-forwarding
May 10 15:46:27 qub4rt sshd[209057]: Accepted key RSA SHA256:5OJzx6mZZirtqdrTp/0SpUSbPAzy1I70DIOSnvCiIS0 found at /etc/ssh/gitlab-libvirt-authorized_keys:1
May 10 15:46:27 qub4rt sshd[209057]: debug1: restore_uid: 0/0
May 10 15:46:27 qub4rt sshd[209057]: debug1: auth_activate_options: setting new authentication options
May 10 15:46:27 qub4rt sshd[209057]: Partial publickey for gitlab-libvirt from 192.168.32.81 port 34246 ssh2: RSA SHA256:5OJzx6mZZirtqdrTp/0SpUSbPAzy1I70DIOSnvCiIS0
May 10 15:46:27 qub4rt sshd[209057]: debug1: auth_activate_options: setting new authentication options [preauth]
May 10 15:46:27 qub4rt sshd[209057]: Connection closed by authenticating user gitlab-libvirt 192.168.32.81 port 34246 [preauth]
May 10 15:46:27 qub4rt sshd[209057]: debug1: do_cleanup [preauth]
I have tested enabling the following features in OpenSSH, to no avail:
PermitTunnel yes
AllowAgentForwarding yes
AllowTcpForwarding yes
X11Forwarding yes
AllowStreamLocalForwarding yes
PermitOpen any
If I use the same URI connect string from the command line, I am able to succesfully connect and perform actions.
So this appears to something in the Terraform provider, but I'm unable to determine what.
For auth you need to use not rsa-key
Try to use - ecdsa-sha2-nistp256 key
And for test purposes put it first or even better only single key in authorized_keys
System Information
Linux distribution
Client System: Linux gitlab 5.15.0-105-generic #115-Ubuntu SMP Mon Apr 15 09:52:04 UTC 2024 x86_64 x86_64 x86_64 GNU/Linux
Server: Linux qub4rt 6.1.0-18-amd64 #1 SMP PREEMPT_DYNAMIC Debian 6.1.76-1 (2024-02-01) x86_64 GNU/Linux
Terraform version
Terraform v1.8.2 on linux_amd64
Provider and libvirt versions
+ provider registry.terraform.io/dmacvicar/libvirt v0.7.6
Issue: When attempting to use an SSH URI connector to a remote Linux system, I am authenticating successfully (based on OpenSSH logs), however I am receiving the following error:
Error: failed to connect: ssh: handshake failed: ssh: unable to authenticate, attempted methods [none], no supported methods remain │ │ with provider["registry.terraform.io/dmacvicar/libvirt"], │ on test.tf line 9, in provider "libvirt": │ 9: provider "libvirt" { │
The SSH key in use will allow me to successfully authenticate outside of Terraform. I have tried both RSA and ECDSA key types in my Terraform URI statement, neither work
In SSH logs, it appears the client is isssuing a close request at preauth:
May 10 15:46:27 qub4rt sshd[209057]: debug1: /etc/ssh/gitlab-libvirt-authorized_keys:1: matching key found: RSA SHA256:5OJzx6mZZirtqdrTp/0SpUSbPAzy1I70DIOSnvCiIS0 May 10 15:46:27 qub4rt sshd[209057]: debug1: /etc/ssh/gitlab-libvirt-authorized_keys:1: key options: agent-forwarding port-forwarding pty user-rc x11-forwarding May 10 15:46:27 qub4rt sshd[209057]: Accepted key RSA SHA256:5OJzx6mZZirtqdrTp/0SpUSbPAzy1I70DIOSnvCiIS0 found at /etc/ssh/gitlab-libvirt-authorized_keys:1 May 10 15:46:27 qub4rt sshd[209057]: debug1: restore_uid: 0/0 May 10 15:46:27 qub4rt sshd[209057]: debug1: auth_activate_options: setting new authentication options May 10 15:46:27 qub4rt sshd[209057]: Partial publickey for gitlab-libvirt from 192.168.32.81 port 34246 ssh2: RSA SHA256:5OJzx6mZZirtqdrTp/0SpUSbPAzy1I70DIOSnvCiIS0 May 10 15:46:27 qub4rt sshd[209057]: debug1: auth_activate_options: setting new authentication options [preauth] May 10 15:46:27 qub4rt sshd[209057]: Connection closed by authenticating user gitlab-libvirt 192.168.32.81 port 34246 [preauth] May 10 15:46:27 qub4rt sshd[209057]: debug1: do_cleanup [preauth]
I have tested enabling the following features in OpenSSH, to no avail: PermitTunnel yes AllowAgentForwarding yes AllowTcpForwarding yes X11Forwarding yes AllowStreamLocalForwarding yes PermitOpen any
If I use the same URI connect string from the command line, I am able to succesfully connect and perform actions.
So this appears to something in the Terraform provider, but I'm unable to determine what.
Example test case;
Enabling TF_LOG=debug, the only item that stands out is:
2024-05-10T19:56:27.997Z [INFO] provider.terraform-provider-libvirt_v0.7.6: 2024/05/10 19:56:27 [DEBUG] Configuring provider for 'qemu+ssh://gitlab-libvirt@qub4rt:26/system?sshauth=privkey&keyfile=/home/madsara/.ssh/gitlab-libvirt&no_verify=1': &{map[uri:0xc000261cc0] 0xc000176500 map[] {{} } 0xc000410160 0xc000528840 0xc00051e680 false {1 {0 0}} false false}: timestamp=2024-05-10T19:56:27.997Z
2024-05-10T19:56:28.065Z [ERROR] provider.terraform-provider-libvirt_v0.7.6: Response contains error diagnostic: diagnostic_detail="" diagnostic_severity=ERROR diagnostic_summary="failed to connect: ssh: handshake failed: ssh: unable to authenticate, attempted methods [none], no supported methods remain" tf_proto_version=5.3 @caller=github.com/hashicorp/terraform-plugin-go@v0.14.2/tfprotov5/internal/diag/diagnostics.go:55 tf_provider_addr=provider tf_req_id=83e75e58-75f7-0104-79e7-ccc33227a62e tf_rpc=Configure @module=sdk.proto timestamp=2024-05-10T19:56:28.064Z