Google Cloud Instance 上出现 Terraform ssh 错误?

tag-icon tag-icon ssh google-cloud-platform google-compute-engine terraform
Google Cloud Instance 上出现 Terraform ssh 错误?

今天我一直在努力解决 Terraform Provisioner 与 ssh 的连接问题。到目前为止,我已经尝试了想法之前曾使用过这个:

  provisioner "remote-exec" {
    inline = [
      "echo ${google_compute_instance.testing-elastic-1.network_interface.0.access_config.0.assigned_nat_ip}"]
      connection {
        type = "ssh"
        user = "root"
        private_key = "${file("~/.ssh/google_compute_engine")}"
        timeout = "45s"
      }
  }

但我一直收到以下错误。

Error applying plan:

1 error(s) occurred:

* ssh: handshake failed: ssh: unable to authenticate, attempted methods [none publickey], no supported methods remain

我也尝试过在终端上直接使用 ssh 登录 IP。

ssh -i ~/.ssh/google_compute_engine.pub 122.122.122.122

这很有效。所以我也在配置中尝试了这一点,或者我认为可以在配置中模仿这一点。

provisioner "remote-exec" {
  inline = [
    "echo ${google_compute_instance.testing-elastic-1.network_interface.0.access_config.0.assigned_nat_ip}"]
    connection {
      type = "ssh"
      user = ""
      private_key = "${file("~/.ssh/google_compute_engine")}"
      timeout = "45s"
    }
}

又遇到错误。

应用计划错误:

发生了 1 个错误:

  • ssh:握手失败:ssh:无法验证,尝试的方法 [none publickey],没有剩余支持的方法

于是我尝试了这个。

provisioner "remote-exec" {
  inline = [
    "echo ${google_compute_instance.testing-elastic-1.network_interface.0.access_config.0.assigned_nat_ip}"]
    connection {
      type = "ssh"
      private_key = "${file("~/.ssh/google_compute_engine")}"
      timeout = "45s"
    }
}

最后,似乎什么都没有改变。我又收到了这个错误信息。

Error applying plan:

1 error(s) occurred:

* ssh: handshake failed: ssh: unable to authenticate, attempted methods [none publickey], no supported methods remain

我不太确定为了使 ssh 身份验证能够正常工作我还应该有什么或者需要什么。

答案1

您的项目中可能设置了错误。假设您的或sshKey中附加了类似以下内容:provisionerresource

resource "google_compute_instance" "my-host" {
  // ...
  connection {
    type        = "ssh"
    agent       = false
    user        = "${var.gce_ssh_user}"
    port        = "${var.gce_ssh_port}"
    timeout     = "5m"
    private_key = "${file("${var.gce_ssh_private_key_file}")}"
  }
  // ...
}

您应该能够验证项目的sshKey

$ gcloud compute project-info describe

我猜想,sshKey根据 GCE,项目中的值设置部分格式不正确。如果您按照以下步骤操作,您可能会发现导致此问题的配置混乱:

$ gcloud compute project-info describe > project.yaml
$ cat project.yaml| egrep 'ssh-' | awk '{print $1 " " $2 " " $3}' > existing_project_keys.pub
$ awk -v USER="$USER" '{print USER ":" $1 " " $2 " " USER}' .ssh_id_rsa.pub > new_keys.pub
$ cat existing_project_keys.pub >> new_keys.pub
$ gcloud compute project-info add-metadata --metadata-from-file sshKeys=new_keys.pub

(或者,可能是一些简单的事情,比如您在代理中加载了太多密钥,这就是我在上面禁用代理的原因connection

相关内容