我正在 Windows 机器上使用 Terraform 在 AWS 上创建服务器,效果很好。创建服务器后,我想在服务器上安装 docker。但是,创建服务器后,Terraform 的 SSH 连接失败(手动使用 Linux 子系统或 Putty 可以正常登录)。
摘自 Terraform 脚本:
resource "aws_instance" "worker-01" {
ami = "ami-1b2bb774"
instance_type = "t2.medium"
subnet_id = "${data.aws_subnet.public.id}"
key_name = "deployer-key"
security_groups = [
"${data.aws_security_group.ssh-access.id}"
]
tags {
Name = "worker-01"
}
connection {
user = "ec2-user"
}
provisioner "remote-exec" {
inline = [
// Install all updates
"sudo yum update -y",
// Install docker and add user to docker group
"sudo yum install docker -y",
"sudo service docker start",
"sudo usermod -a -G docker ec2-user"
]
}
}
错误消息非常清楚:ssh: handshake failed: ssh: unable to authenticate, attempted methods [none], no supported methods remain。显然,身份未加载到 ssh 代理中。问题在于:我正在运行 pageant,并且已加载我的身份!或者更确切地说,KeePass 中的 KeeAgent 插件代表它运行,并将身份加载到 pageant 中。
这适用于任何其他 SSH 连接,但现在失败了。这是因为用户名还是我遗漏了其他东西?如果是用户名,那么有什么方法可以告诉 KeeAgent / pageant 它也应该将我的身份用于 ec2-user?我知道它应该尝试所有身份,但不知道为什么不这样做。
附言:我刚刚意识到我在普通命令提示符下运行了所有这些。也许默认情况下无法访问 pageant?有人知道吗?
答案1
请参阅以下内容
https://www.terraform.io/docs/provisioners/connection.html
Additional arguments only supported by the ssh connection type:
private_key - The contents of an SSH key to use for the connection. These can be loaded from a file on disk using the file() interpolation function. This takes preference over the password if provided.
agent - Set to false to disable using ssh-agent to authenticate. On Windows the only supported SSH authentication agent is Pageant.
agent_identity - The preferred identity from the ssh agent for authentication.
host_key - The public key from the remote host or the signing CA, used to verify the connection.
agent_identity确保在connection {}配置器内的块中设置