search

hashicorp / packer

Packer is a tool for creating identical machine images for multiple platforms from a single source configuration.
http://www.packer.io
Other
15.05k stars 3.32k forks source link

SSH handshake err: ssh: handshake failed: ssh: unable to authenticate, attempted methods [none publickey], no supported methods remain #8750

Closed jmgilman closed 4 years ago

jmgilman commented 4 years ago

Overview of the Issue

Packer is failing to connect to a vmware virtual machine after cloning. Packer is being run inside of a container and upon connecting to the container in interactive mode I'm able to manually SSH into the respective vmware machine with no issues. Unfortunately forcing Packer into debug mode doesn't reveal the actual command being run, so I have no way to validate it's using the username and private key file I specified.

With the docker container I can successfully connect:

$ docker run -it --entrypoint /bin/bash packer
appuser@354362362ad7:~$ ssh -i /home/appuser/.ssh/id_rsa josh@192.168.10.189
Welcome to Ubuntu 18.04.4 LTS (GNU/Linux 4.15.0-76-generic x86_64)

Here is the Dockerfile for reference.

It may be worth noting that I'm using signed public SSH keys. In other words, sshd_config has the following in it:

TrustedUserCAKeys /etc/ssh/trusted

Reproduction Steps

Packer version

From packer version: 1.4.5

Simplified Packer Buildfile

{
    "builders": [
        {
            "type": "vsphere-clone",
            "ssh_username": "{{ user `ssh_username` }}",
            "ssh_private_key_file": "{{ user `ssh_private_key` }}",
            "vcenter_server": "{{ user `vsphere_server` }}",
            "username": "{{ user `vsphere_username` }}",
            "password": "{{ user `vsphere_password` }}",
            "insecure_connection": "true",
            "datacenter": "{{ user `vsphere_datacenter` }}",
            "template": "{{ user `vsphere_template` }}",
            "vm_name": "{{ user `vm_name` }}",
            "host": "{{ user `vm_host` }}",
            "datastore": "{{ user `vm_datastore` }}",
            "notes": "{{ user `vm_notes` }}",
            "CPUs": "{{ user `hardware_cpus` }}",
            "cpu_cores": "{{ user `hardware_cores` }}",
            "RAM": "{{ user `hardware_ram` }}"
        }
    ],
    "provisioners": [
        {
            "type": "file",
            "source": "{{ user `name` }}/files",
            "destination": "/tmp"
        },
        {
            "type": "shell",
            "script": "{{ user `bootstrap_script` }}",
            "environment_vars": [
                "VAULT_ADDR={{ user `VAULT_ADDR` }}",
                "VAULT_TOKEN={{ user `VAULT_TOKEN` }}",
                "VAULT_URL={{ user `VAULT_URL` }}"
            ],
            "override": {
                "vsphere-clone": {
                    "execute_command": "echo '{{ user `user_password` }}' | sudo -S bash -c '{{ .Vars }} {{ .Path }}'"
                }
            }
        }
    ]
}

The respective variables for reference:

    "ssh_username": "josh",
    "ssh_private_key": "/home/appuser/.ssh/id_rsa",

I've tried manually specifying ssh_host (I know the IP ahead of time) as well as removing ssh_private_key entirely with no change in the result.

Operating system and Environment details

Ubuntu 18.04

Here is the specific Docker digest: FROM ubuntu@sha256:bc025862c3e8ec4a8754ea4756e33da6c41cba38330d7e324abd25c8e0b93300

Log Fragments and crash.log files

==> vsphere-clone: Waiting for SSH to become available...
2020/02/16 06:09:11 packer-builder-vsphere-clone: 2020/02/16 06:09:11 [INFO] Attempting SSH connection...
2020/02/16 06:09:11 packer-builder-vsphere-clone: 2020/02/16 06:09:11 [DEBUG] reconnecting to TCP connection for SSH
2020/02/16 06:09:11 packer-builder-vsphere-clone: 2020/02/16 06:09:11 [DEBUG] handshaking with SSH
2020/02/16 06:09:11 packer-builder-vsphere-clone: 2020/02/16 06:09:11 [DEBUG] SSH handshake err: ssh: handshake failed: ssh: unable to authenticate, attempted methods [publickey none], no supported methods remain
2020/02/16 06:09:11 packer-builder-vsphere-clone: 2020/02/16 06:09:11 [DEBUG] Detected authentication error. Increasing handshake attempts.
2020/02/16 06:09:18 packer-builder-vsphere-clone: 2020/02/16 06:09:18 [INFO] Attempting SSH connection...
2020/02/16 06:09:18 packer-builder-vsphere-clone: 2020/02/16 06:09:18 [DEBUG] reconnecting to TCP connection for SSH
2020/02/16 06:09:18 packer-builder-vsphere-clone: 2020/02/16 06:09:18 [DEBUG] handshaking with SSH
2020/02/16 06:09:18 packer-builder-vsphere-clone: 2020/02/16 06:09:18 [DEBUG] SSH handshake err: ssh: handshake failed: ssh: unable to authenticate, attempted methods [none publickey], no supported methods remain
2020/02/16 06:09:18 packer-builder-vsphere-clone: 2020/02/16 06:09:18 [DEBUG] Detected authentication error. Increasing handshake attempts.
2020/02/16 06:09:25 packer-builder-vsphere-clone: 2020/02/16 06:09:25 [INFO] Attempting SSH connection...
2020/02/16 06:09:25 packer-builder-vsphere-clone: 2020/02/16 06:09:25 [DEBUG] reconnecting to TCP connection for SSH
2020/02/16 06:09:25 packer-builder-vsphere-clone: 2020/02/16 06:09:25 [DEBUG] handshaking with SSH
2020/02/16 06:09:25 packer-builder-vsphere-clone: 2020/02/16 06:09:25 [DEBUG] SSH handshake err: ssh: handshake failed: ssh: unable to authenticate, attempted methods [none publickey], no supported methods remain
2020/02/16 06:09:25 packer-builder-vsphere-clone: 2020/02/16 06:09:25 [DEBUG] Detected authentication error. Increasing handshake attempts.
2020/02/16 06:09:32 packer-builder-vsphere-clone: 2020/02/16 06:09:32 [INFO] Attempting SSH connection...
2020/02/16 06:09:32 packer-builder-vsphere-clone: 2020/02/16 06:09:32 [DEBUG] reconnecting to TCP connection for SSH
2020/02/16 06:09:32 packer-builder-vsphere-clone: 2020/02/16 06:09:32 [DEBUG] handshaking with SSH
2020/02/16 06:09:32 packer-builder-vsphere-clone: 2020/02/16 06:09:32 [DEBUG] SSH handshake err: ssh: handshake failed: ssh: unable to authenticate, attempted methods [none publickey], no supported methods remain
2020/02/16 06:09:32 packer-builder-vsphere-clone: 2020/02/16 06:09:32 [DEBUG] Detected authentication error. Increasing handshake attempts.
2020/02/16 06:09:39 packer-builder-vsphere-clone: 2020/02/16 06:09:39 [INFO] Attempting SSH connection...
2020/02/16 06:09:39 packer-builder-vsphere-clone: 2020/02/16 06:09:39 [DEBUG] reconnecting to TCP connection for SSH
2020/02/16 06:09:39 packer-builder-vsphere-clone: 2020/02/16 06:09:39 [DEBUG] handshaking with SSH
2020/02/16 06:09:39 packer-builder-vsphere-clone: 2020/02/16 06:09:39 [DEBUG] SSH handshake err: ssh: handshake failed: ssh: unable to authenticate, attempted methods [publickey none], no supported methods remain
2020/02/16 06:09:39 packer-builder-vsphere-clone: 2020/02/16 06:09:39 [DEBUG] Detected authentication error. Increasing handshake attempts.
2020/02/16 06:09:46 packer-builder-vsphere-clone: 2020/02/16 06:09:46 [INFO] Attempting SSH connection...
2020/02/16 06:09:46 packer-builder-vsphere-clone: 2020/02/16 06:09:46 [DEBUG] reconnecting to TCP connection for SSH
2020/02/16 06:09:46 packer-builder-vsphere-clone: 2020/02/16 06:09:46 [DEBUG] handshaking with SSH
2020/02/16 06:09:46 packer-builder-vsphere-clone: 2020/02/16 06:09:46 [DEBUG] SSH handshake err: ssh: handshake failed: ssh: unable to authenticate, attempted methods [none publickey], no supported methods remain
2020/02/16 06:09:46 packer-builder-vsphere-clone: 2020/02/16 06:09:46 [DEBUG] Detected authentication error. Increasing handshake attempts.
2020/02/16 06:09:53 packer-builder-vsphere-clone: 2020/02/16 06:09:53 [INFO] Attempting SSH connection...
2020/02/16 06:09:53 packer-builder-vsphere-clone: 2020/02/16 06:09:53 [DEBUG] reconnecting to TCP connection for SSH
2020/02/16 06:09:53 packer-builder-vsphere-clone: 2020/02/16 06:09:53 [DEBUG] handshaking with SSH
2020/02/16 06:09:53 packer-builder-vsphere-clone: 2020/02/16 06:09:53 [DEBUG] SSH handshake err: ssh: handshake failed: ssh: unable to authenticate, attempted methods [none publickey], no supported methods remain
2020/02/16 06:09:53 packer-builder-vsphere-clone: 2020/02/16 06:09:53 [DEBUG] Detected authentication error. Increasing handshake attempts.
2020/02/16 06:10:00 packer-builder-vsphere-clone: 2020/02/16 06:10:00 [INFO] Attempting SSH connection...
2020/02/16 06:10:00 packer-builder-vsphere-clone: 2020/02/16 06:10:00 [DEBUG] reconnecting to TCP connection for SSH
2020/02/16 06:10:00 packer-builder-vsphere-clone: 2020/02/16 06:10:00 [DEBUG] handshaking with SSH
2020/02/16 06:10:00 packer-builder-vsphere-clone: 2020/02/16 06:10:00 [DEBUG] SSH handshake err: ssh: handshake failed: ssh: unable to authenticate, attempted methods [none publickey], no supported methods remain
2020/02/16 06:10:00 packer-builder-vsphere-clone: 2020/02/16 06:10:00 [DEBUG] Detected authentication error. Increasing handshake attempts.
2020/02/16 06:10:07 packer-builder-vsphere-clone: 2020/02/16 06:10:07 [INFO] Attempting SSH connection...
2020/02/16 06:10:07 packer-builder-vsphere-clone: 2020/02/16 06:10:07 [DEBUG] reconnecting to TCP connection for SSH
2020/02/16 06:10:07 packer-builder-vsphere-clone: 2020/02/16 06:10:07 [DEBUG] handshaking with SSH
2020/02/16 06:10:07 packer-builder-vsphere-clone: 2020/02/16 06:10:07 [DEBUG] SSH handshake err: ssh: handshake failed: ssh: unable to authenticate, attempted methods [publickey none], no supported methods remain
2020/02/16 06:10:07 packer-builder-vsphere-clone: 2020/02/16 06:10:07 [DEBUG] Detected authentication error. Increasing handshake attempts.
2020/02/16 06:10:14 packer-builder-vsphere-clone: 2020/02/16 06:10:14 [INFO] Attempting SSH connection...
2020/02/16 06:10:14 packer-builder-vsphere-clone: 2020/02/16 06:10:14 [DEBUG] reconnecting to TCP connection for SSH
2020/02/16 06:10:14 packer-builder-vsphere-clone: 2020/02/16 06:10:14 [DEBUG] handshaking with SSH
2020/02/16 06:10:14 packer-builder-vsphere-clone: 2020/02/16 06:10:14 [DEBUG] SSH handshake err: ssh: handshake failed: ssh: unable to authenticate, attempted methods [publickey none], no supported methods remain
2020/02/16 06:10:14 packer-builder-vsphere-clone: 2020/02/16 06:10:14 [DEBUG] Detected authentication error. Increasing handshake attempts.
==> vsphere-clone: Error waiting for SSH: ssh: handshake failed: ssh: unable to authenticate, attempted methods [publickey none], no supported methods remain
==> vsphere-clone: ssh: handshake failed: ssh: unable to authenticate, attempted methods [publickey none], no supported methods remain
==> vsphere-clone: Step "StepConnect" failed, aborting...
2020/02/16 06:10:14 [INFO] (telemetry) ending vsphere-clone
2020/02/16 06:10:14 machine readable: error-count []string{"1"}
==> Some builds didn't complete successfully and had errors:
2020/02/16 06:10:14 machine readable: vsphere-clone,error []string{"unexpected EOF"}
==> Builds finished but no artifacts were created.
Build 'vsphere-clone' errored: unexpected EOF
2020/02/16 06:10:14 /home/appuser/packer-builder-vsphere-clone: plugin process exited
2020/02/16 06:10:14 [INFO] (telemetry) Finalizing.

==> Some builds didn't complete successfully and had errors:
--> vsphere-clone: unexpected EOF

==> Builds finished but no artifacts were created.
2020/02/16 06:10:15 waiting for all plugin processes to complete...
2020/02/16 06:10:15 /home/appuser/packer: plugin process exited
2020/02/16 06:10:15 /home/appuser/packer: plugin process exited
jmgilman commented 4 years ago

This is what the vm that Packer is attempting to connect to is seeing in the ssh log:

Feb 16 10:02:29 ubuntu1804 sshd[597]: Connection from 192.168.10.196 port 34212 on 192.168.10.190 port 22
Feb 16 10:02:29 ubuntu1804 sshd[598]: Connection from 192.168.10.196 port 34214 on 192.168.10.190 port 22
Feb 16 10:02:29 ubuntu1804 sshd[597]: Did not receive identification string from 192.168.10.196 port 34212
Feb 16 10:02:29 ubuntu1804 sshd[598]: Failed publickey for josh from 192.168.10.196 port 34214 ssh2: RSA SHA256:fF6+1kmfhyRtnX+eJOEsEZALiX4uU0EMixXcs8PaZyM
Feb 16 10:02:29 ubuntu1804 sshd[598]: Connection closed by authenticating user josh 192.168.10.196 port 34214 [preauth]
Feb 16 10:02:45 ubuntu1804 sshd[600]: Connection from 192.168.10.196 port 48792 on 192.168.10.190 port 22
Feb 16 10:02:45 ubuntu1804 sshd[600]: Failed publickey for josh from 192.168.10.196 port 48792 ssh2: RSA SHA256:KgSKl0gWtDcOLy+v8ilB9ZOuYNml+heCGaQ3HcqE4pY
Feb 16 10:02:45 ubuntu1804 sshd[600]: Accepted certificate ID "vault-radius-jmgilman-2a048a974816b4370e2f2faff22941f593ae60d9a5fa178219a4371dca84e296" (serial 7257757255081811737) signed by RSA CA SHA256:bXANuNBDOpIhy8aeeFW0KGkX4YwWXDyNxr1xKxR5Yvw via /etc/ssh/trusted
Feb 16 10:02:45 ubuntu1804 sshd[600]: Postponed publickey for josh from 192.168.10.196 port 48792 ssh2 [preauth]
Feb 16 10:02:45 ubuntu1804 sshd[600]: Accepted certificate ID "vault-radius-jmgilman-2a048a974816b4370e2f2faff22941f593ae60d9a5fa178219a4371dca84e296" (serial 7257757255081811737) signed by RSA CA SHA256:bXANuNBDOpIhy8aeeFW0KGkX4YwWXDyNxr1xKxR5Yvw via /etc/ssh/trusted
Feb 16 10:02:45 ubuntu1804 sshd[600]: Accepted publickey for josh from 192.168.10.196 port 48792 ssh2: RSA-CERT ID vault-radius-jmgilman-2a048a974816b4370e2f2faff22941f593ae60d9a5fa178219a4371dca84e296 (serial 7257757255081811737) CA RSA SHA256:bXANuNBDOpIhy8aeeFW0KGkX4YwWXDyNxr1xKxR5Yvw
Feb 16 10:02:45 ubuntu1804 sshd[600]: pam_unix(sshd:session): session opened for user josh by (uid=0)
Feb 16 10:02:45 ubuntu1804 systemd-logind[466]: New session 1 of user josh.
Feb 16 10:02:45 ubuntu1804 systemd: pam_unix(systemd-user:session): session opened for user josh by (uid=0)
Feb 16 10:02:46 ubuntu1804 sshd[600]: User child is on pid 637
Feb 16 10:02:46 ubuntu1804 sshd[637]: Starting session: shell on pts/0 for josh from 192.168.10.196 port 48792 id 0

192.168.10.196 is the host running Packer 192.168.10.190 is the virtual machine its trying to connect to

The last bit of the log at 10:02:45 is where I connected successfully from the container using the ssh client. It appears Packer simply has no idea what to do with a signed SSH certificate - as in it doesn't appear to be attempting to pass it at all.

Here is the associated sshd_config:

# What ports, IPs and protocols we listen for
Port 22

Protocol 2

# Supported HostKey algorithms by order of preference.
HostKey /etc/ssh/ssh_host_ed25519_key
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_ecdsa_key

KexAlgorithms curve25519-sha256@libssh.org,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,diffie-hellman-group-exchange-sha256
Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr
MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,umac-128@openssh.com

# Password based logins are disabled - only public key based logins are allowed.
AuthenticationMethods publickey

# Logging
SyslogFacility AUTH
LogLevel VERBOSE

# Authentication:
LoginGraceTime 120
PermitRootLogin No
StrictModes yes

# Trust signed keys
TrustedUserCAKeys /etc/ssh/trusted

# Do not permit empty passwords
PermitEmptyPasswords no

# No need for X11 forwarding
X11Forwarding no

# Should be safe to perform this check
UseDNS yes

# Limit attempts to 15 to stop bruteforcing
MaxAuthTries 15

# Log sftp level file access (read/write/etc.) that would not be easily logged otherwise.
Subsystem sftp /usr/lib/openssh/sftp-server -f AUTHPRIV -l INFO

# Set this to 'yes' to enable PAM authentication, account processing,
# and session processing. If this is enabled, PAM authentication will
# be allowed through the ChallengeResponseAuthentication and
# PasswordAuthentication.  Depending on your PAM configuration,
# PAM authentication via ChallengeResponseAuthentication may bypass
# the setting of "PermitRootLogin without-password".
# If you just want the PAM account and session checks to run without
# PAM authentication, then enable this but set PasswordAuthentication
# and ChallengeResponseAuthentication to 'no'.
UsePAM yes

In the meantime, I was able to circumvent this issue by temporarily adding the generated Docker public key to ~/.ssh/authorized_keys on the virtual machine and then deleting it after the bootstrap process. I'm fairly certain this is a bug in Packer with it not being able to deal with signed certificates (for example, Ansible supports this out of the box).

schiller256 commented 4 years ago

The same here for builder vagrant and packer Version 1.5.4. ssh-bug.json { "builders": [ { "type": "vagrant", "provider": "virtualbox", "communicator": "ssh", "source_path": "centos/7", "skip_add": true } ] }

Error Log:

PACKER_LOG=1 packer build -force ssh-bug.json 2020/02/24 15:45:10 [INFO] Packer version: 1.5.4 [go1.13.8 darwin amd64] 2020/02/24 15:45:10 [DEBUG] Discovered plugin: vagrant-s3 = /Users/fhennig/.packer.d/plugins/packer-post-processor-vagrant-s3 2020/02/24 15:45:10 using external post-processors [vagrant-s3] 2020/02/24 15:45:10 Checking 'PACKER_CONFIG' for a config file path 2020/02/24 15:45:10 'PACKER_CONFIG' not set; checking the default config file path 2020/02/24 15:45:10 Attempting to open config file: /Users/fhennig/.packerconfig 2020/02/24 15:45:10 [WARN] Config file doesn't exist: /Users/fhennig/.packerconfig 2020/02/24 15:45:10 Setting cache directory: /Users/fhennig/repo/git/gitlab-runner-images/packer/packer_cache 2020/02/24 15:45:10 Creating plugin client for path: /usr/local/bin/packer 2020/02/24 15:45:10 Starting plugin: /usr/local/bin/packer []string{"/usr/local/bin/packer", "plugin", "packer-builder-vagrant"} 2020/02/24 15:45:10 Waiting for RPC address for: /usr/local/bin/packer 2020/02/24 15:45:10 packer-builder-vagrant plugin: [INFO] Packer version: 1.5.4 [go1.13.8 darwin amd64] 2020/02/24 15:45:10 packer-builder-vagrant plugin: Checking 'PACKER_CONFIG' for a config file path 2020/02/24 15:45:10 packer-builder-vagrant plugin: 'PACKER_CONFIG' not set; checking the default config file path 2020/02/24 15:45:10 packer-builder-vagrant plugin: Attempting to open config file: /Users/fhennig/.packerconfig 2020/02/24 15:45:10 packer-builder-vagrant plugin: [WARN] Config file doesn't exist: /Users/fhennig/.packerconfig 2020/02/24 15:45:10 packer-builder-vagrant plugin: Setting cache directory: /Users/fhennig/repo/git/gitlab-runner-images/packer/packer_cache 2020/02/24 15:45:10 packer-builder-vagrant plugin: args: []string{"packer-builder-vagrant"} 2020/02/24 15:45:10 packer-builder-vagrant plugin: Plugin address: unix /var/folders/g4/yxc_6rbd00nfrt61z29np2rr0000gn/T/packer-plugin082095374 2020/02/24 15:45:10 packer-builder-vagrant plugin: Waiting for connection... 2020/02/24 15:45:10 Received unix RPC address for /usr/local/bin/packer: addr is /var/folders/g4/yxc_6rbd00nfrt61z29np2rr0000gn/T/packer-plugin082095374 2020/02/24 15:45:10 packer-builder-vagrant plugin: Serving a plugin connection... 2020/02/24 15:45:10 Build debug mode: false 2020/02/24 15:45:10 Force build: true 2020/02/24 15:45:10 On error: 2020/02/24 15:45:10 Preparing build: vagrant vagrant: output will be in this color.

2020/02/24 15:45:10 Waiting on builds to complete... 2020/02/24 15:45:10 Starting build run: vagrant 2020/02/24 15:45:10 Running builder: vagrant 2020/02/24 15:45:10 [INFO] (telemetry) Starting builder vagrant 2020/02/24 15:45:10 packer-builder-vagrant plugin: Calling Vagrant CLI: []string{"--version"} 2020/02/24 15:45:10 packer-builder-vagrant plugin: [vagrant driver] stdout: Vagrant 2.2.7 ==> vagrant: Creating a Vagrantfile in the build directory... 2020/02/24 15:45:10 packer-builder-vagrant plugin: Created vagrantfile at /Users/fhennig/repo/git/gitlab-runner-images/packer/output-vagrant/Vagrantfile ==> vagrant: skip_add was set so we assume the box is already in Vagrant... ==> vagrant: Calling Vagrant Up (this can take some time)... 2020/02/24 15:45:10 packer-builder-vagrant plugin: Calling Vagrant CLI: []string{"up", "source", "--provider=virtualbox"} 2020/02/24 15:45:12 packer-builder-vagrant plugin: [vagrant driver] stdout: Bringing machine 'source' up with 'virtualbox' provider... 2020/02/24 15:45:12 packer-builder-vagrant plugin: [vagrant driver] stdout: ==> source: Importing base box 'centos/7'... 2020/02/24 15:45:14 packer-builder-vagrant plugin: [vagrant driver] stdout: 2020/02/24 15:45:15 packer-builder-vagrant plugin: [vagrant driver] stdout: Progress: 20% 2020/02/24 15:45:15 packer-builder-vagrant plugin: [vagrant driver] stdout: Progress: 40% 2020/02/24 15:45:16 packer-builder-vagrant plugin: [vagrant driver] stdout: Progress: 70% 2020/02/24 15:45:17 packer-builder-vagrant plugin: [vagrant driver] stdout: Progress: 90% 2020/02/24 15:45:17 packer-builder-vagrant plugin: [vagrant driver] stdout: ==> source: Matching MAC address for NAT networking... 2020/02/24 15:45:18 packer-builder-vagrant plugin: [vagrant driver] stdout: ==> source: Checking if box 'centos/7' version '1905.1' is up to date... 2020/02/24 15:45:18 packer-builder-vagrant plugin: [vagrant driver] stdout: ==> source: Setting the name of the VM: output-vagrant_source_1582555518668_32961 2020/02/24 15:45:19 packer-builder-vagrant plugin: [vagrant driver] stdout: ==> source: Clearing any previously set network interfaces... 2020/02/24 15:45:19 packer-builder-vagrant plugin: [vagrant driver] stdout: ==> source: Preparing network interfaces based on configuration... 2020/02/24 15:45:19 packer-builder-vagrant plugin: [vagrant driver] stdout: source: Adapter 1: nat 2020/02/24 15:45:19 packer-builder-vagrant plugin: [vagrant driver] stdout: ==> source: Forwarding ports... 2020/02/24 15:45:19 packer-builder-vagrant plugin: [vagrant driver] stdout: source: 22 (guest) => 2222 (host) (adapter 1) 2020/02/24 15:45:19 packer-builder-vagrant plugin: [vagrant driver] stdout: ==> source: Booting VM... 2020/02/24 15:45:20 packer-builder-vagrant plugin: [vagrant driver] stdout: ==> source: Waiting for machine to boot. This may take a few minutes... 2020/02/24 15:45:20 packer-builder-vagrant plugin: [vagrant driver] stdout: source: SSH address: 127.0.0.1:2222 2020/02/24 15:45:20 packer-builder-vagrant plugin: [vagrant driver] stdout: source: SSH username: vagrant 2020/02/24 15:45:20 packer-builder-vagrant plugin: [vagrant driver] stdout: source: SSH auth method: private key 2020/02/24 15:45:37 packer-builder-vagrant plugin: [vagrant driver] stdout: ==> source: Machine booted and ready! 2020/02/24 15:45:37 packer-builder-vagrant plugin: [vagrant driver] stdout: ==> source: Checking for guest additions in VM... 2020/02/24 15:45:37 packer-builder-vagrant plugin: [vagrant driver] stdout: source: No guest additions were detected on the base box for this VM! Guest 2020/02/24 15:45:37 packer-builder-vagrant plugin: [vagrant driver] stdout: source: additions are required for forwarded ports, shared folders, host only 2020/02/24 15:45:37 packer-builder-vagrant plugin: [vagrant driver] stdout: source: networking, and more. If SSH fails on this machine, please install 2020/02/24 15:45:37 packer-builder-vagrant plugin: [vagrant driver] stdout: source: the guest additions and repackage the box to continue. 2020/02/24 15:45:37 packer-builder-vagrant plugin: [vagrant driver] stdout: source: 2020/02/24 15:45:37 packer-builder-vagrant plugin: [vagrant driver] stdout: source: This is not an error message; everything may continue to work properly, 2020/02/24 15:45:37 packer-builder-vagrant plugin: [vagrant driver] stdout: source: in which case you may ignore this message. 2020/02/24 15:45:38 packer-builder-vagrant plugin: Calling Vagrant CLI: []string{"ssh-config", "source"} 2020/02/24 15:45:41 packer-builder-vagrant plugin: [vagrant driver] stdout: Host source 2020/02/24 15:45:41 packer-builder-vagrant plugin: [vagrant driver] stdout: HostName 127.0.0.1 2020/02/24 15:45:41 packer-builder-vagrant plugin: [vagrant driver] stdout: User vagrant 2020/02/24 15:45:41 packer-builder-vagrant plugin: [vagrant driver] stdout: Port 2222 2020/02/24 15:45:41 packer-builder-vagrant plugin: [vagrant driver] stdout: UserKnownHostsFile /dev/null 2020/02/24 15:45:41 packer-builder-vagrant plugin: [vagrant driver] stdout: StrictHostKeyChecking no 2020/02/24 15:45:41 packer-builder-vagrant plugin: [vagrant driver] stdout: PasswordAuthentication no 2020/02/24 15:45:41 packer-builder-vagrant plugin: [vagrant driver] stdout: IdentityFile /Users/fhennig/.vagrant.d/insecure_private_key 2020/02/24 15:45:41 packer-builder-vagrant plugin: [vagrant driver] stdout: IdentitiesOnly yes 2020/02/24 15:45:41 packer-builder-vagrant plugin: [vagrant driver] stdout: LogLevel FATAL 2020/02/24 15:45:41 packer-builder-vagrant plugin: [vagrant driver] stdout: 2020/02/24 15:45:41 packer-builder-vagrant plugin: identity file is /Users/fhennig/.vagrant.d/insecure_private_key 2020/02/24 15:45:41 packer-builder-vagrant plugin: Removing quotes from identity file 2020/02/24 15:45:41 packer-builder-vagrant plugin: Error unquoting identity file: invalid syntax ==> vagrant: Using ssh communicator to connect: 127.0.0.1 2020/02/24 15:45:41 packer-builder-vagrant plugin: [INFO] Waiting for SSH, up to timeout: 10m0s ==> vagrant: Waiting for SSH to become available... 2020/02/24 15:45:41 packer-builder-vagrant plugin: [INFO] Attempting SSH connection to 127.0.0.1:2222... 2020/02/24 15:45:41 packer-builder-vagrant plugin: [DEBUG] reconnecting to TCP connection for SSH 2020/02/24 15:45:41 packer-builder-vagrant plugin: [DEBUG] handshaking with SSH 2020/02/24 15:45:41 packer-builder-vagrant plugin: [DEBUG] SSH handshake err: ssh: handshake failed: ssh: unable to authenticate, attempted methods [none], no supported methods remain 2020/02/24 15:45:41 packer-builder-vagrant plugin: [DEBUG] Detected authentication error. Increasing handshake attempts. ==> vagrant: Error waiting for SSH: Packer experienced an authentication error when trying to connect via SSH. This can happen if your username/password are wrong. You may want to double-check your credentials as part of your debugging process. original error: ssh: handshake failed: ssh: unable to authenticate, attempted methods [none], no supported methods remain ==> vagrant: destroying Vagrant box... 2020/02/24 15:45:41 packer-builder-vagrant plugin: Calling Vagrant CLI: []string{"destroy", "-f", "source"} 2020/02/24 15:45:45 packer-builder-vagrant plugin: [vagrant driver] stdout: ==> source: Forcing shutdown of VM... 2020/02/24 15:45:46 packer-builder-vagrant plugin: [vagrant driver] stdout: ==> source: Destroying VM and associated drives... ==> vagrant: Deleting output directory... 2020/02/24 15:45:47 [INFO] (telemetry) ending vagrant 2020/02/24 15:45:47 machine readable: error-count []string{"1"} ==> Some builds didn't complete successfully and had errors: 2020/02/24 15:45:47 machine readable: vagrant,error []string{"Packer experienced an authentication error when trying to connect via SSH. This can happen if your username/password are wrong. You may want to double-check your credentials as part of your debugging process. original error: ssh: handshake failed: ssh: unable to authenticate, attempted methods [none], no supported methods remain"} ==> Builds finished but no artifacts were created. 2020/02/24 15:45:47 [INFO] (telemetry) Finalizing. Build 'vagrant' errored: Packer experienced an authentication error when trying to connect via SSH. This can happen if your username/password are wrong. You may want to double-check your credentials as part of your debugging process. original error: ssh: handshake failed: ssh: unable to authenticate, attempted methods [none], no supported methods remain

==> Some builds didn't complete successfully and had errors: --> vagrant: Packer experienced an authentication error when trying to connect via SSH. This can happen if your username/password are wrong. You may want to double-check your credentials as part of your debugging process. original error: ssh: handshake failed: ssh: unable to authenticate, attempted methods [none], no supported methods remain

==> Builds finished but no artifacts were created. 2020/02/24 15:45:47 waiting for all plugin processes to complete... 2020/02/24 15:45:47 /usr/local/bin/packer: plugin process exited

jmgilman commented 4 years ago

I noticed the other day while using Terraform that the SSH handler has an explicit property for passing a signed certificate: https://www.terraform.io/docs/provisioners/connection.html#certificate

It's likely this feature needs to be migrated to Packer (especially if the goal is consistency in being able to use both platforms in a pipeline).

nmische commented 4 years ago

@SwampDragons: Do you know if this is being worked on yet? I may be able to contribute some cycles to this if not.

nmische commented 4 years ago

@jmgilman: As a workaround, assuming the host running packer has a modern OpenSSH, you can run ssh-add to add the public key cert to your SSH agent then use ssh_agent_auth.

SwampDragons commented 4 years ago

As far as I know, no one is working on it.

sylviamoss commented 4 years ago

Hey there! I wrote a solution for https://github.com/hashicorp/packer/issues/8769 using vApp properties. Since you're using ssh_private_key_file I think you need to provide the public key and depending on the template you're using you can do that via vApp property or configuration parameters. See the notes under ssh_agent_auth from this docs https://5f0580dbc12d6b0008d0e22b--packer-www.netlify.app/docs/builders/vmware/vsphere-clone#ssh_private_key_file (this is not yet released so you can only find it on this preview)

Binaries you can use to test this: https://circleci.com/gh/hashicorp/packer/64916#artifacts/containers/0

Please, let me know if this works for you!

SwampDragons commented 4 years ago

Hi! Good news -- support for certificate-signed keys was just added in v1.6.1 (see #9521); If you're using a signed key, then you'll need to provide the ssh_certificate_file. I'm going to close this since I believe that this should solve the original issue, but we can reopen if the above option doesn't un-stick the build.

ghost commented 4 years ago

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.