Open achimnol opened 7 years ago
achimnol
commented
7 years ago Okay, I found that authentication failure happens with new EC2 instances from a custom AMI (created before masterkey renewal) only. This means that the key renewal process has gone flawlessly though the displayed fingerprints differ (we need to fix this!).
On my side, I need to figure out what actions should be done when using custom AMIs across masterkey renewals.
achimnol
commented
7 years ago After some experiments, I found that giving cloud-config to change default username (specific to my environment) in the instance launch wizard fixes the authentication problem. It will be nice if we have explicit documentation about this situation.
Then let's figure out why fingerprints look different.
achimnol
commented
7 years ago And here is the reason for different views of the same public key: https://serverfault.com/questions/603982/why-does-my-openssh-key-fingerprint-not-match-the-aws-ec2-console-keypair-finger
According to my server log, masterkey renewal was done successfully. However, I cannot access new instances created with the master public key stored in EC2 KeyPair after renewal. The interesting thing is that the fingerprint value in AWS Console's KeyPair list and the result of
geofront-cli masterkeyis not same while I can still access existing instances created before the key renewal. Even more interestingly, the manually re-imported keypair in the AWS console from the output ofgeofront-cli masterkey -vshows the same fingerprint that was shown in the AWS console before.I hope this is a just configuration miss in my side, but just reporting upfront.