failed to dial libvirt: ssh: handshake failed: knownhosts: key is unknown - Githubissues

dmacvicar / terraform-provider-libvirt

Terraform provider to provision infrastructure with Linux's KVM using libvirt

Apache License 2.0

1.54k stars 457 forks source link

failed to dial libvirt: ssh: handshake failed: knownhosts: key is unknown #944

Closed serafeimgr closed 2 years ago

serafeimgr commented 2 years ago

System Information

Linux distribution

Ubuntu

Terraform version

Terraform v1.1.7
on linux_amd64

Provider and libvirt versions

- Installing dmacvicar/libvirt v0.6.13...
- Installed dmacvicar/libvirt v0.6.13 (self-signed, key ID [0m[1m96B1FE1A8D4E1EAB[0m[0m)

Checklist

[x] Is it a bug or something that does not work as expected? Please make sure you fill the version information below:

Description of Issue/Question

Setup

provider "libvirt" {
  uri = "qemu+ssh://root:${var.ssh_password}@${var.host_ip_address}/system?sshauth=ssh-password"
}

Steps to Reproduce Issue

2022-04-06T11:53:42.112Z [ERROR] vertex "provider[\"registry.terraform.io/dmacvicar/libvirt\"]" error: failed to dial libvirt: ssh: handshake failed: knownhosts: key is unknown

Additional information:

Do you have SELinux or Apparmor/Firewall enabled? Some special configuration?

firewall is not enabled

Have you tried to reproduce the issue without them enabled?

serafeimgr commented 2 years ago

Not a bug added the following and it works as expected

  uri = "qemu+ssh://root:${var.ssh_password}@${var.host_ip_address}/system?sshauth=ssh-password&known_hosts_verify=ignore"

MikePadge commented 1 year ago

Ignoring the known_hosts file isn't really a proper solution here. The problem appears to be that the known_hosts file isn't being read properly.

uri = "qemu+ssh://non_root_libvirt_user>@<ip/system?keyfile=/home/user/.ssh/id_rsa"

│ Error: failed to dial libvirt: ssh: handshake failed: knownhosts: key mismatch
│ 
│   with provider["registry.terraform.io/dmacvicar/libvirt"],
│   on simple.tf line 8, in provider "libvirt":
│    8: provider "libvirt" {

Glancing through https://github.com/dmacvicar/terraform-provider-libvirt/blob/main/libvirt/uri/ssh.go

Maybe https://github.com/dmacvicar/terraform-provider-libvirt/blob/9260f4ce9ba2e24e98c4b7970f85790c5436cf7d/libvirt/uri/ssh.go#L88

Isn't returning properly? I can ssh to the same host with no key mismatch, using the same default id_rsa key, and known_hosts file, so something strange is happening.

I found this, I might poke at it later. https://cyruslab.net/2020/10/23/golang-how-to-write-ssh-hostkeycallback/