When specifying ssh_private_key_file, is a public key supposed to be required?

19 views
Skip to first unread message

Jack Davidson

unread,
Jan 11, 2019, 12:43:59 AM1/11/19
to Packer
I'm not sure if I have found a bug or if this is expected behavior. I expected the matching public key for the private key I passed to be generated and added to my instance automatically, since I saw no mention or ways of providing the public key. But it looks like this is not the behavior.

The situation is that when I specify 'ssh_private_key_file' in a gcp builder like this:

{
  "builders": [
    {
      "type": "googlecompute",
      "project_id": "redacted",
      "source_image": "ubuntu-1604-xenial-v20181204",
      "image_name": "my-packer-image",
      "disk_size": "50",
      "machine_type": "n1-standard-2",
      "communicator": "ssh",
      "ssh_username": "packer_user",
      "ssh_private_key_file": "./id_rsa.pem",
      "network": "packer-network",
      "zone": "us-west1-b",
      "state_timeout" : "15m",
      "instance_name" : "some-instance-name"
    }
  ]
}

The build fails, after timing out trying to connect over ssh:
SSH handshake err: ssh: handshake failed: ssh: unable to authenticate, attempted methods [none publickey], no supported methods remain
I can make it succeed by manually adding the public key on instance metadata:

{
  "builders": [
    {
      "type": "googlecompute",
      "project_id": "redacted",
      "source_image": "ubuntu-1604-xenial-v20181204",
      "image_name": "my-packer-image",
      "disk_size": "50",
      "machine_type": "n1-standard-2",
      "communicator": "ssh",
      "ssh_username": "packer_user",
      "ssh_private_key_file": "./id_rsa.pem",
      "network": "packer-network",
      "zone": "us-west1-b",
      "state_timeout" : "15m",
      "instance_name" : "some-instance-name",
      "metadata" : {
        "ssh-keys": "packer_user:ssh-rsa [ssh public key data] packer_user"
      }
    }
  ]
}


Is this expected?

Rickard von Essen

unread,
Jan 11, 2019, 2:37:30 AM1/11/19
to packe...@googlegroups.com
Yes that's the expected and correct behavior. 

--
This mailing list is governed under the HashiCorp Community Guidelines - https://www.hashicorp.com/community-guidelines.html. Behavior in violation of those guidelines may result in your removal from this mailing list.
 
GitHub Issues: https://github.com/mitchellh/packer/issues
IRC: #packer-tool on Freenode
---
You received this message because you are subscribed to the Google Groups "Packer" group.
To unsubscribe from this group and stop receiving emails from it, send an email to packer-tool...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/packer-tool/a4d934ce-daca-40cc-8339-87cd7a4453d0%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Reply all
Reply to author
Forward
0 new messages