no check for id_ed25519 ssh key (only id_rsa is checked)

korncola commented 3 weeks ago

Linux distribution

Arch Linux

Terraform version

1.9.7

Provider and libvirt versions

provider: 0.8.0

Description of Issue/Question

module only checks for id_rsa ssh key, not for other types like the recommend state of the art key typeid_ed25519

Steps to Reproduce Issue

have no id_rsa just a id_ed25519
ssh connect to qemu fails with:
[INFO] provider.terraform-provider-libvirt_v0.8.0: 2024/10/12 19:53:03 [ERROR] Failed to read ssh key '${HOME}/.ssh/id_rsa': open /Users/korncola/.ssh/id_rsa: no such file or directory: timestamp="2024-10-12T19:53:03.332+0200"
[ERROR] provider.terraform-provider-libvirt_v0.8.0: Response contains error diagnostic: tf_req_id=6d164000-3306-e756-43da-748d1f0823de tf_rpc=Configure @caller=github.com/hashicorp/terraform-plugin-go@v0.24.0/tfprotov5/internal/diag/diagnostics.go:58 diagnostic_detail="" diagnostic_severity=ERROR tf_proto_version=5.6 @module=sdk.proto diagnostic_summary="failed to connect: failed to connect to remote host 'kvm.example.com': ssh: handshake failed: ssh: unable to authenticate, attempted methods [none publickey], no supported methods remain" tf_provider_addr=provider timestamp="2024-10-12T19:53:03.373+0200"

memetb commented 2 weeks ago

@korncola can you confirm that the latest release v0.8.1 in PR #1112 solves your problem.

mhtr commented 2 weeks ago

@memetb hi I have the same issue on Debian 12 with v.0.8.1 provider version.

2024-10-24T09:08:15.008Z [INFO]  provider.terraform-provider-libvirt_v0.8.1: 2024/10/24 09:08:15 [DEBUG] Reading ssh key '/home/username/.ssh/id_rsa': timestamp=2024-10-24T09:08:15.008Z
2024-10-24T09:08:15.008Z [INFO]  provider.terraform-provider-libvirt_v0.8.1: 2024/10/24 09:08:15 [INFO] SSH connecting to '<libvirt_host_ip>' (<libvirt_host_ip>): timestamp=2024-10-24T09:08:15.008Z
2024-10-24T09:08:15.050Z [ERROR] provider.terraform-provider-libvirt_v0.8.1: Response contains error diagnostic: @caller=/home/username/go/pkg/mod/github.com/hashicorp/terraform-plugin-go@v0.24.0/tfprotov5/internal/diag/diagnostics.go:58 @module=sdk.proto tf_proto_version=5.6 tf_provider_addr=provider tf_req_id=01fb2630-12dc-657a-23a6-7767d8f7e822 tf_rpc=Configure diagnostic_detail="" diagnostic_severity=ERROR diagnostic_summary="failed to connect: failed to connect to remote host '<libvirt_host_ip>': ssh: handshake failed: ssh: unable to authenticate, attempted methods [none publickey], no supported methods remain" timestamp=2024-10-24T09:08:15.050Z
2024-10-24T09:08:15.051Z [ERROR] vertex "provider[\"terraform.local/local/libvirt\"]" error: failed to connect: failed to connect to remote host '<libvirt_host_ip>': ssh: handshake failed: ssh: unable to authenticate, attempted methods [none publickey], no supported methods remain
2024-10-24T09:08:15.052Z [WARN]  Planning encountered errors, so plan is not applyable
2024-10-24T09:08:15.052Z [INFO]  backend/local: plan operation completed

Planning failed. Terraform encountered an error while generating this plan.

╷
│ Error: failed to connect: failed to connect to remote host '<libvirt_host_ip>': ssh: handshake failed: ssh: unable to authenticate, attempted methods [none publickey], no supported methods remain
│

mhtr commented 2 weeks ago

it seems the problem occurs when you do not specify the user in the uri line if you specify the user like this

provider "libvirt" {
    uri = "qemu+ssh://username@<ip>/system"
}

then the connection is via ssh

memetb commented 2 weeks ago

@mhtr the error message is stating the problem:

ssh: handshake failed: ssh: unable to authenticate, attempted methods [none publickey], no supported methods remain

This means that it failed to authenticate. If you are seeing that setting the username in the query string works, then either set it in your ~/.ssh/config as per man page (using User attribute), or specify it in the query string as part of your TF plan.

dmacvicar / terraform-provider-libvirt