The only two security related things packer does is setting up temporary security groups and that is only relevant to the building of the AMI. And it creates a temporary ssh key and uploads the public key to aws which injects it into the instance via cloud-init. I feel there is some key information missing here.
For trouble shooting I recomend: 1) check the console log of the instance you can't access. Does it contain any errors regarding network, sshd, or authorized? 2) run packer with debug logging enabled: PACKER_LOG=1 packer build template.json, this will reveal exactly what packer does. 3) in your AMI build, including a hard-coded authorized public key that you can use. This will allow you to ssh a into the instance even if there is some cloud-init related problems. On Sep 16, 2016 00:52, "Synaesthete" <[email protected]> wrote: > I've been building AMIs using Packer for a while. I'm basing these on > Amazon Linux, and have been using the same base AMI version. I'm using > Packer 10.1. Recently I have not been able to SSH in to instances built > from these Packer base AMIs. I get a Connection Refused error. I'm using a > Terraform configuration to manage my infrastructure, so have defined > security groups, etc. with that. If I build my infrastructure with the > hard-coded Amazon Linux base AMI, I'm able to SSH in. If I do the same with > a Packer-built AMI, I can't log in. I've even tried removing the > provisioner block from my Packerfile. It's as if Packer is doing something > that prevents SSH (disables SSH agent? Messes with the firewall?) > > Does this ring a bell for anyone? What could be happening? > > -- > This mailing list is governed under the HashiCorp Community Guidelines - > https://www.hashicorp.com/community-guidelines.html. Behavior in > violation of those guidelines may result in your removal from this mailing > list. > > GitHub Issues: https://github.com/mitchellh/packer/issues > IRC: #packer-tool on Freenode > --- > You received this message because you are subscribed to the Google Groups > "Packer" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit https://groups.google.com/d/ > msgid/packer-tool/9d70cf00-a2db-48ae-8a13-cb0ee8b26b9e%40googlegroups.com > <https://groups.google.com/d/msgid/packer-tool/9d70cf00-a2db-48ae-8a13-cb0ee8b26b9e%40googlegroups.com?utm_medium=email&utm_source=footer> > . > For more options, visit https://groups.google.com/d/optout. > -- This mailing list is governed under the HashiCorp Community Guidelines - https://www.hashicorp.com/community-guidelines.html. Behavior in violation of those guidelines may result in your removal from this mailing list. GitHub Issues: https://github.com/mitchellh/packer/issues IRC: #packer-tool on Freenode --- You received this message because you are subscribed to the Google Groups "Packer" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/packer-tool/CALz9Rt999-0_AY2xPFjdC%2Bgr004%3DKjsC%2B0oEFpRnG2T04sfO7A%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
