-
DescriptionWhen trying to use ssh key agent to connect to the vms, terraform fails to connect.
But the remote exec itself doesn't, due to the connection setting
Kube.tf file# Customize the SSH port (by default 22)
ssh_port = 2222
# * Your ssh public key
ssh_public_key = file("~/.ssh/hetzner_id_ed25519.pub")
# * Your private key must be "ssh_private_key = null" when you want to use ssh-agent for a Yubikey-like device authentification or an SSH key-pair with a passphrase.
# For more details on SSH see https://github.com/kube-hetzner/kube-hetzner/blob/master/docs/ssh.md
ssh_private_key = null
# You can add additional SSH public Keys to grant other team members root access to your cluster nodes.
# ssh_additional_public_keys = [] ScreenshotsNo response PlatformLinux |
Beta Was this translation helpful? Give feedback.
Replies: 13 comments
-
@pschiffe Your public key path is wrong, it should be So this is probably not a bug, you have a mismatch between your public key and the private key loaded through your ssh-agent. |
Beta Was this translation helpful? Give feedback.
-
Also FYI, you need to |
Beta Was this translation helpful? Give feedback.
-
My private key is only in ssh key agent, not on the file system (it's loaded from keepassxc). I've created the file Now, here's the content of the file Problem is here, where it's still the content of the file, not the file path: https://github.com/kube-hetzner/terraform-hcloud-kube-hetzner/blob/master/modules/host/main.tf#L49 If I use |
Beta Was this translation helpful? Give feedback.
-
The Thanks for the note about blacklisting, I'm aware. |
Beta Was this translation helpful? Give feedback.
-
@pschiffe How of curiosity, do try by commenting out the Also make sure to triple check by following https://github.com/kube-hetzner/kube-hetzner/blob/master/docs/ssh.md |
Beta Was this translation helpful? Give feedback.
-
Hi @mysticaltech, thanks for looking into this issue. I've tried with commenting out the When looking into the source code of terraform, I see that the But there's this one interesting condition in here: Now, there is also this thing. If terraform doesn't find the file defined in I have more than 3 keys in my ssh agent, so it doesn't work for me. If I increase Here's my minimal example I'm testing this with:
|
Beta Was this translation helpful? Give feedback.
-
@pschiffe Great debug! Basically, if I follow you correctly, if we parametrize MaxAuthTries via a variable, your problem can be fixed? Please PR welcome to add this variable, you could call it |
Beta Was this translation helpful? Give feedback.
-
hi @mysticaltech, parametrizing The culprit is that the Alternatively, non-breaking change would be to set the local
The third option could just be to expose the local Please let me know what you think about these options. In the meantime I'll see if I can prepare the PR for parametrization of |
Beta Was this translation helpful? Give feedback.
-
@pschiffe Thanks for looking deeper into this. Please don't worry about breaking changes, this project is still young and users that use ssh-agent can fork the module and work around breaking changes to upgrade. Just please propose changes you think would be good! Usually, the simpler the better! 🙏 About the temp file reasoning, here it is in the description of that PR: #204 Just FYI, people that submitted those changes are no longer involved with the project. |
Beta Was this translation helpful? Give feedback.
-
@pschiffe Any updates on this, were you able to make it work? |
Beta Was this translation helpful? Give feedback.
-
sorry @mysticaltech, I'm still on it, will try to prepare the PR soon |
Beta Was this translation helpful? Give feedback.
-
hi @mysticaltech, I've finally prepared the PR #774 , sorry it took some time. |
Beta Was this translation helpful? Give feedback.
-
Fix released in https://github.com/kube-hetzner/terraform-hcloud-kube-hetzner/releases/tag/v2.1.4 by introducing new |
Beta Was this translation helpful? Give feedback.
Fix released in https://github.com/kube-hetzner/terraform-hcloud-kube-hetzner/releases/tag/v2.1.4 by introducing new
ssh_max_auth_tries
variable.