How can I use a non-root user and private key with PACKER?

[andy.w...@newvoicemedia.com]

Hi,

Within our organisation we want to use Packer. So far we use the root account and an AMI from Amazon but we would really like to do this using a non-root user. (so within the ssh_config of the AMI, we have 'PermitRootLogin = no'

We have created a user = 0hftAr_U98ZcyhNkw which has full sudo without password access. I can ssh login (using putty) to a server built from this AMI as this user and can issue elevated commands without a password. I can login using the public / private keypair that I have created (using ssh keygen). The keypair is using RSA 2048.

I have placed the private key within the folder I am running Packer, but I can't seem to get Packer to use it. 

Within my JSON I have added the following -

      "ssh_username": "0hftAr_U98ZcyhNkw",

      "ssh_timeout": "10000s",

      "ssh_keypair_name": "0hftAr_U98ZcyhNkw_160108",

      "ssh_private_key_file": "0hftAr_U98ZcyhNkw_160108",

      "ssh_private_ip": "true",

When I kick off Packer, I get the following error/s -

[andyw@nvmjenkins02 packer templates]$ packer build --only=AWSCentOS6AdvNetwork CentOS6.json

AWSCentOS6AdvNetwork output will be in this color.

==> AWSCentOS6AdvNetwork: Prevalidating AMI Name...

==> AWSCentOS6AdvNetwork: Inspecting the source AMI...

==> AWSCentOS6AdvNetwork: Creating temporary security group for this instance...

==> AWSCentOS6AdvNetwork: Authorizing access to port 22 the temporary security group...

==> AWSCentOS6AdvNetwork: Launching a source AWS instance...

==> AWSCentOS6AdvNetwork: Error launching source instance: InvalidKeyPair.NotFound: The key pair '0hftAr_U98ZcyhNkw_160108' does not exist

==> AWSCentOS6AdvNetwork:       status code: 400, request id: []

==> AWSCentOS6AdvNetwork: No AMIs to cleanup

==> AWSCentOS6AdvNetwork: Deleting temporary security group...

Build 'AWSCentOS6AdvNetwork' errored: Error launching source instance: InvalidKeyPair.NotFound: The key pair '0hftAr_U98ZcyhNkw_160108' does not exist

        status code: 400, request id: []

==> Some builds didn't complete successfully and had errors:

--> AWSCentOS6AdvNetwork: Error launching source instance: InvalidKeyPair.NotFound: The key pair '0hftAr_U98ZcyhNkw_160108' does not exist

        status code: 400, request id: []

==> Builds finished but no artifacts were created.

So do I have ssh_private_key_file referenced correctly in the JSON? Do I need to include ssh_keypair_name ?

Where does the private key need to be stored for Packer to reference it? (It's currently in the same directory as my JSON and other config files).

I have tried:

 

      "ssh_keypair_name": "0hftAr_U98ZcyhNkw_160108",

      "ssh_private_key_file": "./0hftAr_U98ZcyhNkw_160108",

 

      "ssh_keypair_name": "0hftAr_U98ZcyhNkw_160108",

      "ssh_private_key_file": "0hftAr_U98ZcyhNkw_160108",

      "ssh_keypair_name": "0hftAr_U98ZcyhNkw_160108",

      "ssh_private_key_file": "/blah/blah/blah/blah/0hftAr_U98ZcyhNkw_160108",

      "ssh_keypair_name": "0hftAr_U98ZcyhNkw_160108",

      "ssh_private_key_file": "{{user `0hftAr_U98ZcyhNkw_160108`}}",

I have tried a keypair generated using SSH KeyGen and PuttyGen, I am referencing the private key file (not ppk file). 

Could it be a permissions? The file has 400 permissions (I have tried 444 also).

Packer Version - 0.8.6

OS - CentOS 6.6

I've looked at quite a few threads - 

https://groups.google.com/forum/#!topic/packer-tool/Squ0nStU5_8 - 

https://groups.google.com/forum/#!topic/packer-tool/dYU0yVF01-0

https://github.com/mitchellh/packer/issues/2526

I would really appreciate any pointers as to what I'm doing wrong.

Thanks in advance.

Andy

[Bernd Naumann]

On 01/11/2016 12:10 PM, andy.w...@newvoicemedia.com wrote:
> Hi,

Hey Andy!

See my comments in-line...

>
> Within our organisation we want to use Packer. So far we use the root
> account and an AMI from Amazon but we would really like to do this using a
> non-root user. (so within the ssh_config of the AMI, we have
> 'PermitRootLogin = no'
>

> We have created a user = *0hftAr_U98ZcyhNkw* which has full sudo without

> password access. I can ssh login (using putty) to a server built from this
> AMI as this user and can issue elevated commands without a password. I can
> login using the public / private keypair that I have created (using ssh
> keygen). The keypair is using RSA 2048.
>
> I have placed the private key within the folder I am running Packer, but I
> can't seem to get Packer to use it.
>
> Within my JSON I have added the following -
>
> "ssh_username": "0hftAr_U98ZcyhNkw",
> "ssh_timeout": "10000s",
> "ssh_keypair_name": "0hftAr_U98ZcyhNkw_160108",
> "ssh_private_key_file": "0hftAr_U98ZcyhNkw_160108",
> "ssh_private_ip": "true",
>
> When I kick off Packer, I get the following error/s -
>
> [andyw@nvmjenkins02 packer templates]$ packer build
> --only=AWSCentOS6AdvNetwork CentOS6.json
> AWSCentOS6AdvNetwork output will be in this color.
>
> ==> AWSCentOS6AdvNetwork: Prevalidating AMI Name...
> ==> AWSCentOS6AdvNetwork: Inspecting the source AMI...
> ==> AWSCentOS6AdvNetwork: Creating temporary security group for this
> instance...
> ==> AWSCentOS6AdvNetwork: Authorizing access to port 22 the temporary
> security group...
> ==> AWSCentOS6AdvNetwork: Launching a source AWS instance...

> *==> AWSCentOS6AdvNetwork: Error launching source instance:

> InvalidKeyPair.NotFound: The key pair '0hftAr_U98ZcyhNkw_160108' does not

> exist*

> ==> AWSCentOS6AdvNetwork: status code: 400, request id: []
> ==> AWSCentOS6AdvNetwork: No AMIs to cleanup
> ==> AWSCentOS6AdvNetwork: Deleting temporary security group...
> Build 'AWSCentOS6AdvNetwork' errored: Error launching source instance:
> InvalidKeyPair.NotFound: The key pair '0hftAr_U98ZcyhNkw_160108' does not
> exist
> status code: 400, request id: []
>
> ==> Some builds didn't complete successfully and had errors:
> --> AWSCentOS6AdvNetwork: Error launching source instance:
> InvalidKeyPair.NotFound: The key pair '0hftAr_U98ZcyhNkw_160108' does not
> exist
> status code: 400, request id: []
>
> ==> Builds finished but no artifacts were created.
>

> So do I have *ssh_private_key_file* referenced correctly in the JSON? Do I
> need to include *ssh_keypair_name* ?

>
> Where does the private key need to be stored for Packer to reference it?
> (It's currently in the same directory as my JSON and other config files).
>
> I have tried:
>
>
> "ssh_keypair_name": "0hftAr_U98ZcyhNkw_160108",
>
> "ssh_private_key_file": "./0hftAr_U98ZcyhNkw_160108",
>
>
>
> "ssh_keypair_name": "0hftAr_U98ZcyhNkw_160108",
>
> "ssh_private_key_file": "0hftAr_U98ZcyhNkw_160108",
>
>
> "ssh_keypair_name": "0hftAr_U98ZcyhNkw_160108",
>
> "ssh_private_key_file":
> "/blah/blah/blah/blah/0hftAr_U98ZcyhNkw_160108",
>
>
> "ssh_keypair_name": "0hftAr_U98ZcyhNkw_160108",
>
> "ssh_private_key_file": "{{user `0hftAr_U98ZcyhNkw_160108`}}",
>
>

Did you have tried, to specify a full-path? And/or run packer with
enabled logging to get more infos about the environment?

> I have tried a keypair generated using SSH KeyGen and PuttyGen, I am
> referencing the private key file (not ppk file).
>
> Could it be a permissions? The file has 400 permissions (I have tried 444
> also).
>

The normal (and correct) file permission for private ssh keys is 600.
(ssh can be really strict on that.)

> Packer Version - 0.8.6
> OS - CentOS 6.6
>
> I've looked at quite a few threads -
>
> https://groups.google.com/forum/#!topic/packer-tool/Squ0nStU5_8 -
> https://groups.google.com/forum/#!topic/packer-tool/dYU0yVF01-0
> https://github.com/mitchellh/packer/issues/2526
>
>
> I would really appreciate any pointers as to what I'm doing wrong.
>
>
> Thanks in advance.
>
>
> Andy

Good luck,
Bernd

[andy.w...@newvoicemedia.com]

Hi Bernd,

Thank you for replying.

I took your recommendation regarding the permission of the private key. I also uploaded the public key into AWS (that was an oversight on my part).

Anyway the good news is that the Packer job now see's the key and logs into the AMI so good news.

thanks again

Andy