Ssh

Google Cloud 實例上的 Terraform ssh 錯誤?

  • September 14, 2016

我今天一直在解決 Terraform Provisioner 與 ssh 的連接問題。到目前為止,我已經嘗試過我以前認為的方法:

 provisioner "remote-exec" {
   inline = [
     "echo ${google_compute_instance.testing-elastic-1.network_interface.0.access_config.0.assigned_nat_ip}"]
     connection {
       type = "ssh"
       user = "root"
       private_key = "${file("~/.ssh/google_compute_engine")}"
       timeout = "45s"
     }
 }

但我不斷收到以下錯誤。

Error applying plan:

1 error(s) occurred:

* ssh: handshake failed: ssh: unable to authenticate, attempted methods [none publickey], no supported methods remain

我還嘗試在終端使用 ssh 直接登錄 IP。

ssh -i ~/.ssh/google_compute_engine.pub 122.122.122.122

這工作得很好。所以我也在配置中嘗試了這個,或者我認為在配置中會模仿這個。

provisioner "remote-exec" {
 inline = [
   "echo ${google_compute_instance.testing-elastic-1.network_interface.0.access_config.0.assigned_nat_ip}"]
   connection {
     type = "ssh"
     user = ""
     private_key = "${file("~/.ssh/google_compute_engine")}"
     timeout = "45s"
   }
}

又遇到一個錯誤。

申請計劃時出錯:

發生 1 個錯誤:

  • ssh:握手失敗:ssh:無法驗證,嘗試的方法$$ none publickey $$, 沒有支持的方法

所以我嘗試了這個。

provisioner "remote-exec" {
 inline = [
   "echo ${google_compute_instance.testing-elastic-1.network_interface.0.access_config.0.assigned_nat_ip}"]
   connection {
     type = "ssh"
     private_key = "${file("~/.ssh/google_compute_engine")}"
     timeout = "45s"
   }
}

最後,似乎什麼都沒有改變。我馬上回來了這個錯誤消息。

Error applying plan:

1 error(s) occurred:

* ssh: handshake failed: ssh: unable to authenticate, attempted methods [none publickey], no supported methods remain

我不確定我還應該擁有或需要什麼才能使 ssh 身份驗證正常工作。

您的項目中可能有錯誤的sshKey設置。假設您的provisioneror附加了以下內容resource

resource "google_compute_instance" "my-host" {
 // ...
 connection {
   type        = "ssh"
   agent       = false
   user        = "${var.gce_ssh_user}"
   port        = "${var.gce_ssh_port}"
   timeout     = "5m"
   private_key = "${file("${var.gce_ssh_private_key_file}")}"
 }
 // ...
}

您應該能夠驗證項目的sshKey

$ gcloud compute project-info describe

我的猜測是sshKey根據 GCE,項目的值設置部分沒有很好地形成。如果您逐步執行以下操作,您可能會發現導致此問題的配置問題:

$ gcloud compute project-info describe > project.yaml
$ cat project.yaml| egrep 'ssh-' | awk '{print $1 " " $2 " " $3}' > existing_project_keys.pub
$ awk -v USER="$USER" '{print USER ":" $1 " " $2 " " USER}' .ssh_id_rsa.pub > new_keys.pub
$ cat existing_project_keys.pub >> new_keys.pub
$ gcloud compute project-info add-metadata --metadata-from-file sshKeys=new_keys.pub

(或者,這可能很簡單,例如您的代理中載入了太多密鑰,這就是我在connection上面禁用代理的原因)

引用自:https://serverfault.com/questions/799433