Ssh
Google Cloud 實例上的 Terraform ssh 錯誤?
我今天一直在解決 Terraform Provisioner 與 ssh 的連接問題。到目前為止,我已經嘗試過我以前認為的方法:
provisioner "remote-exec" { inline = [ "echo ${google_compute_instance.testing-elastic-1.network_interface.0.access_config.0.assigned_nat_ip}"] connection { type = "ssh" user = "root" private_key = "${file("~/.ssh/google_compute_engine")}" timeout = "45s" } }
但我不斷收到以下錯誤。
Error applying plan: 1 error(s) occurred: * ssh: handshake failed: ssh: unable to authenticate, attempted methods [none publickey], no supported methods remain
我還嘗試在終端使用 ssh 直接登錄 IP。
ssh -i ~/.ssh/google_compute_engine.pub 122.122.122.122
這工作得很好。所以我也在配置中嘗試了這個,或者我認為在配置中會模仿這個。
provisioner "remote-exec" { inline = [ "echo ${google_compute_instance.testing-elastic-1.network_interface.0.access_config.0.assigned_nat_ip}"] connection { type = "ssh" user = "" private_key = "${file("~/.ssh/google_compute_engine")}" timeout = "45s" } }
又遇到一個錯誤。
申請計劃時出錯:
發生 1 個錯誤:
- ssh:握手失敗:ssh:無法驗證,嘗試的方法$$ none publickey $$, 沒有支持的方法
所以我嘗試了這個。
provisioner "remote-exec" { inline = [ "echo ${google_compute_instance.testing-elastic-1.network_interface.0.access_config.0.assigned_nat_ip}"] connection { type = "ssh" private_key = "${file("~/.ssh/google_compute_engine")}" timeout = "45s" } }
最後,似乎什麼都沒有改變。我馬上回來了這個錯誤消息。
Error applying plan: 1 error(s) occurred: * ssh: handshake failed: ssh: unable to authenticate, attempted methods [none publickey], no supported methods remain
我不確定我還應該擁有或需要什麼才能使 ssh 身份驗證正常工作。
您的項目中可能有錯誤的
sshKey
設置。假設您的provisioner
or附加了以下內容resource
:resource "google_compute_instance" "my-host" { // ... connection { type = "ssh" agent = false user = "${var.gce_ssh_user}" port = "${var.gce_ssh_port}" timeout = "5m" private_key = "${file("${var.gce_ssh_private_key_file}")}" } // ... }
您應該能夠驗證項目的
sshKey
:
$ gcloud compute project-info describe
我的猜測是
sshKey
根據 GCE,項目的值設置部分沒有很好地形成。如果您逐步執行以下操作,您可能會發現導致此問題的配置問題:$ gcloud compute project-info describe > project.yaml $ cat project.yaml| egrep 'ssh-' | awk '{print $1 " " $2 " " $3}' > existing_project_keys.pub $ awk -v USER="$USER" '{print USER ":" $1 " " $2 " " USER}' .ssh_id_rsa.pub > new_keys.pub $ cat existing_project_keys.pub >> new_keys.pub $ gcloud compute project-info add-metadata --metadata-from-file sshKeys=new_keys.pub
(或者,這可能很簡單,例如您的代理中載入了太多密鑰,這就是我在
connection
上面禁用代理的原因)