search

hashicorp / packer

Packer is a tool for creating identical machine images for multiple platforms from a single source configuration.
http://www.packer.io
Other
15.03k stars 3.32k forks source link

SSH keys left in agent using amazon-ebs and ansible #5798

Open dowlingw opened 6 years ago

dowlingw commented 6 years ago

Environment Packer 1.1.3 macOS 10.13.2 (17C205)

Build Details Builder: amazon-ebs Provisioners: ansible

What happened Following a successful packer build, SSH keys are left in the ssh agent.

Most SSH daemons will reject authentication after 3 attempted failures, so successive runs of the packer tool can cause unexpected authentication failures both in successive packer runs and for the SSH client in general.

The user can work around this by issuing a ssh-add -D command to clear all identities from the SSH agent.

Expected Packer (or one of it's provisioners or builders) should not load keys into the SSH agent, or if it does - should remove them when it's done.

Notes This might be environmental on my machine, I haven't had a chance to replicate on a spare user profile yet. Likewise, I'll update with a minimal config and debug shortly.

davidebelloni commented 5 years ago

Hi, I've the same issue with builder googlecompute and provisioners ansible

davidebelloni commented 5 years ago

I've resolved adding at the beginning of ssh_config these lines:

Host 127.0.0.1
        AddKeysToAgent no