1

I am creating servers on AWS using Terraform on a Windows machine and that is working great. When they are created I want to install docker on them. However, after creating them, the SSH connection from Terraform fails (manually using Linux subsystem or Putty I can login just fine).

Excerpt from terraform script:

resource "aws_instance" "worker-01" {
ami           = "ami-1b2bb774"
instance_type = "t2.medium"
subnet_id     = "${data.aws_subnet.public.id}"
key_name      = "deployer-key"
security_groups = [
  "${data.aws_security_group.ssh-access.id}"
]

tags {
  Name = "worker-01"
}

connection {
  user = "ec2-user"
}

provisioner "remote-exec" {
  inline = [
    // Install all updates
    "sudo yum update -y",
    // Install docker and add user to docker group
    "sudo yum install docker -y",
    "sudo service docker start",
    "sudo usermod -a -G docker ec2-user"
  ]
}

}

The error message is very clear: ssh: handshake failed: ssh: unable to authenticate, attempted methods [none], no supported methods remain. Apparently the identity is not loaded in an ssh agent. Here is the catch: I have pageant running, with my identity loaded! Or rather, the KeeAgent plugin in KeePass is acting on behalf of it and has loaded the identity into pageant.

This works for any other SSH connection, but now it fails. Is that because of the username or is it something else that I am missing? If it is the username, then is there some way to tell KeeAgent / pageant that it should use my identity also for ec2-user? I know it should just try all identities, but no idea why it doesn't.

PS: I just realised I am running all of this in a normal command prompt. Maybe that doesn't have access to pageant by default? Anyone have an idea about this?

titusn
  • 111
  • 3

1 Answers1

0

See the following on

https://www.terraform.io/docs/provisioners/connection.html

Additional arguments only supported by the ssh connection type:

    private_key - The contents of an SSH key to use for the connection. These can be loaded from a file on disk using the file() interpolation function. This takes preference over the password if provided.

    agent - Set to false to disable using ssh-agent to authenticate. On Windows the only supported SSH authentication agent is Pageant.

    agent_identity - The preferred identity from the ssh agent for authentication.

    host_key - The public key from the remote host or the signing CA, used to verify the connection.

Make sure you set the agent_identity in the connection {} block inside the provisioner

Mike
  • 22,310
  • 7
  • 56
  • 79
  • Oh, I had actually seen that option, but the IntelliJ autocomplete didn't suggest it, so I ignored it. I'll try and get back here. – titusn Apr 06 '18 at 07:06