Open geoff-reason opened 3 years ago
Also referencing this - where it was only applied to bastion hosts, not build machines (I think??) https://github.com/hashicorp/packer/pull/4940
Ok this will probably be a docker problem, not being able to access the ssh-agent from the host. Sorry for the issue.
I will research how to forward the agent into the container to see if it works, or start up an ssh-agent inside the container instead - and post back a solution if I get it working.
I decided to reopen the issue, as could the error message be a bit more helpful. The error message might be that it cant find a suitable agent, not that the key is not valid - as the key IS valid according to known configurations. I will amend the title
Hi, thanks for reaching out. this seems like a valid desire -- I'll leave this open until the Packer team or a community member have a chance to update the error messaging.
Just some notes from my own exploration of this issue:
golang/crypto throws this error when asked to parse a private key:
ParseRawPrivateKey
: https://github.com/golang/crypto/blob/master/ssh/keys.go#L1087
However, if there is a passphrase, this function should be used:
ParseRawPrivateKeyWithPassphrase
: https://github.com/golang/crypto/blob/master/ssh/keys.go#L1123
However, Packer uses the first function from above: https://github.com/hashicorp/packer-plugin-sdk/blob/9b87bcd755118d050b7481ca4d16f00aade700b2/communicator/ssh/ssh.go#L53
which is called from here: https://github.com/hashicorp/packer-plugin-sdk/blob/9b87bcd755118d050b7481ca4d16f00aade700b2/communicator/config.go#L555
What I'm trying to say is I think the error message is fine, until the point that Packer decides to support passphrases on ssh private keys.
Overview of the Issue
It seems that when using a predefined ssh key with a passphrase, and that key already being preentered into an ssh-agent with passphrase submitted, packer refuses to build an image.
This was fixed for bastion/jumphosts in this issue https://github.com/hashicorp/packer/issues/4732 .
However, I note that there is also:
ssh_agent_auth
referred to in the documentation, but does not seem to work.I note also that there was an attempt to be able to specify passphrase in the config, but I want to use the agent one for the standard ssh access model and possible future agent forwarding functionality.
Reproduction Steps
use:
Add this key to your ssh-agent
Now try packering
Packer version
Packer v1.7.3
Simplified Packer Buildfile
No need for this, the error happens straight away
Operating system and Environment details
Mac OS X Apple M1 Silicon running packer 1.7.3 for arm64 in a linux docker image.
Log Fragments and crash.log files
Already specified above