Ok good the you know that do. In reality the whitelists dns names are resolved to an IP and that is allowed.
It can be useful to take a refresher on IP networking and DNS. On Feb 8, 2018 21:13, "Christopher Kalan" <[email protected]> wrote: > This is not an AWS issue. Our firewall/proxy denies us using and DNS name. > For example taking HashiCorp out of the equation: > > I can SSH to the DNS name of EC2. Our security teams deny us SSH'ing to IP > and only allow DNS. They do not want to maintain long lists of whitelisted > IPs I was told. > > On Thu, Feb 8, 2018 at 2:14 PM, Rickard von Essen < > [email protected]> wrote: > >> When you are running with the private DNS name it fails on lookup of the >> DNS name, since you are not running inside a AWS VPC and use their domain >> resolvers (DNS servers). >> > TCP connection to SSH ip/port failed: dial tcp: lookup >> ip-172-31-34-206.ec2.internal: no such host >> >> When you are running with a public DNS name it is resolved to the IP >> 52.90.77.167 which Packer tries to connect to (on port 22). But nothings >> answers, most likely one of these four things are wrong: 1) Your local >> (company) firewall blocks outgoing SSH (tcp/22), 2) a AWS VPC ACL denies >> tcp/22, 3) AWS Security Group don't allow traffic to the instance on >> tcp/22, 4) your EC2 instance fails to bring up sshd and thus doesn't >> answer. >> > TCP connection to SSH ip/port failed: dial tcp 52.90.77.167:2: i/o >> timeout >> >> Just speculating, I would guess the most likely is nr 1. Get into contact >> with one of your network admins. >> >> On 8 February 2018 at 20:01, Christopher Kalan < >> [email protected]> wrote: >> >>> I am confused. We connect to our instances through our proxy with a DNS >>> name. Our proxy rejects anything that is not DNS. So if we try to SSH to an >>> EC2 instance using IP through our proxy it will fail but will work with DNS. >>> >>> When setting packer to use private_DNS is shows DNS not IP. This is what >>> I would expect when setting it to public_DNS also but the log shows it >>> setting it to IP. >>> >>> Here is an comparison of the logs using >>> >>> private: >>> >>> 2018/02/08 14:00:27 packer: 2018/02/08 14:00:27 [DEBUG] TCP connection >>> to SSH ip/port failed: dial tcp: lookup ip-172-31-34-206.ec2.internal: no >>> such host >>> >>> public: >>> >>> 2018/02/08 13:03:44 packer: 2018/02/08 13:03:44 [DEBUG] TCP connection >>> to SSH ip/port failed: dial tcp 52.90.77.167:2: i/o timeout >>> >>> >>> >>> >>> >>> >>> On Thu, Feb 8, 2018 at 1:34 PM, Rickard von Essen < >>> [email protected]> wrote: >>> >>>> Sorry I'm not sure I follow what your problem is? >>>> >>>> A DNS record resolves to an IP, it is impossible "to connect to a DNS >>>> name" >>>> >>>> On Feb 8, 2018 19:27, "Dayma" <[email protected]> wrote: >>>> >>>>> All, our proxy is only allowing us to go after DNS instead of IP. When >>>>> I use the : "ssh_interface": "public_dns" I was hoping that it would >>>>> use the DNS of the EC2 instance. Looking in the logs it appears that even >>>>> though I am telling it to use DNS it's still using the IP of the EC2 >>>>> instance: >>>>> >>>>> 018/02/08 13:02:29 packer: 2018/02/08 13:02:29 [INFO] Waiting for SSH, >>>>> up to timeout: 5m0s >>>>> 2018/02/08 13:02:29 ui: [1;32m==> amazon-ebs: Waiting for SSH to >>>>> become available... [0m >>>>> 2018/02/08 13:02:44 packer: 2018/02/08 13:02:44 [DEBUG] TCP connection >>>>> to SSH ip/port failed: dial tcp 52.90.77.167:2: i/o timeout >>>>> 2018/02/08 13:03:04 packer: 2018/02/08 13:03:04 [DEBUG] TCP connection >>>>> to SSH ip/port failed: dial tcp 52.90.77.167:2: i/o timeout >>>>> 2018/02/08 13:03:24 packer: 2018/02/08 13:03:24 [DEBUG] TCP connection >>>>> to SSH ip/port failed: dial tcp 52.90.77.167:2: i/o timeout >>>>> 2018/02/08 13:03:44 packer: 2018/02/08 13:03:44 [DEBUG] TCP connection >>>>> to SSH ip/port failed: dial tcp 52.90.77.167:2: i/o timeout >>>>> >>>>> *Interesting though. When I set it to "private_DNS" is seems to >>>>> actually go after the private DNS of the EC2 instance. So that appears to >>>>> be working for private_DNS. >>>>> >>>>> Any help is appreciated. >>>>> >>>>> Thanks!!! >>>>> >>>>> -- >>>>> This mailing list is governed under the HashiCorp Community Guidelines >>>>> - https://www.hashicorp.com/community-guidelines.html. Behavior in >>>>> violation of those guidelines may result in your removal from this mailing >>>>> list. >>>>> >>>>> GitHub Issues: https://github.com/mitchellh/packer/issues >>>>> IRC: #packer-tool on Freenode >>>>> --- >>>>> You received this message because you are subscribed to the Google >>>>> Groups "Packer" group. >>>>> To unsubscribe from this group and stop receiving emails from it, send >>>>> an email to [email protected]. >>>>> To view this discussion on the web visit >>>>> https://groups.google.com/d/msgid/packer-tool/2d767812-d48a- >>>>> 4d26-a518-13e03521e8c6%40googlegroups.com >>>>> <https://groups.google.com/d/msgid/packer-tool/2d767812-d48a-4d26-a518-13e03521e8c6%40googlegroups.com?utm_medium=email&utm_source=footer> >>>>> . >>>>> For more options, visit https://groups.google.com/d/optout. >>>>> >>>> -- >>>> This mailing list is governed under the HashiCorp Community Guidelines >>>> - https://www.hashicorp.com/community-guidelines.html. Behavior in >>>> violation of those guidelines may result in your removal from this mailing >>>> list. >>>> >>>> GitHub Issues: https://github.com/mitchellh/packer/issues >>>> IRC: #packer-tool on Freenode >>>> --- >>>> You received this message because you are subscribed to the Google >>>> Groups "Packer" group. >>>> To unsubscribe from this group and stop receiving emails from it, send >>>> an email to [email protected]. >>>> To view this discussion on the web visit https://groups.google.com/d/ms >>>> gid/packer-tool/CALz9Rt_1ojMw3F_K8ju5Du%3Dg6XWj71JDCRaj6t-KC >>>> X4XU12nzw%40mail.gmail.com >>>> <https://groups.google.com/d/msgid/packer-tool/CALz9Rt_1ojMw3F_K8ju5Du%3Dg6XWj71JDCRaj6t-KCX4XU12nzw%40mail.gmail.com?utm_medium=email&utm_source=footer> >>>> . >>>> For more options, visit https://groups.google.com/d/optout. >>>> >>> >>> -- >>> This mailing list is governed under the HashiCorp Community Guidelines - >>> https://www.hashicorp.com/community-guidelines.html. Behavior in >>> violation of those guidelines may result in your removal from this mailing >>> list. >>> >>> GitHub Issues: https://github.com/mitchellh/packer/issues >>> IRC: #packer-tool on Freenode >>> --- >>> You received this message because you are subscribed to the Google >>> Groups "Packer" group. >>> To unsubscribe from this group and stop receiving emails from it, send >>> an email to [email protected]. >>> To view this discussion on the web visit https://groups.google.com/d/ms >>> gid/packer-tool/CADd1N9cGSi-LToZoZ-OzFHiDPECZ%3DyK59WYkhwqGJ >>> VCqDffNuA%40mail.gmail.com >>> <https://groups.google.com/d/msgid/packer-tool/CADd1N9cGSi-LToZoZ-OzFHiDPECZ%3DyK59WYkhwqGJVCqDffNuA%40mail.gmail.com?utm_medium=email&utm_source=footer> >>> . >>> >>> For more options, visit https://groups.google.com/d/optout. >>> >> >> -- >> This mailing list is governed under the HashiCorp Community Guidelines - >> https://www.hashicorp.com/community-guidelines.html. Behavior in >> violation of those guidelines may result in your removal from this mailing >> list. >> >> GitHub Issues: https://github.com/mitchellh/packer/issues >> IRC: #packer-tool on Freenode >> --- >> You received this message because you are subscribed to the Google Groups >> "Packer" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected]. >> To view this discussion on the web visit https://groups.google.com/d/ms >> gid/packer-tool/CALz9Rt8L4VnmsX5uVe-zpoKp8f%3DcrEdQ5JK- >> 8iAQjDb8AXKtRA%40mail.gmail.com >> <https://groups.google.com/d/msgid/packer-tool/CALz9Rt8L4VnmsX5uVe-zpoKp8f%3DcrEdQ5JK-8iAQjDb8AXKtRA%40mail.gmail.com?utm_medium=email&utm_source=footer> >> . >> For more options, visit https://groups.google.com/d/optout. >> > > -- > This mailing list is governed under the HashiCorp Community Guidelines - > https://www.hashicorp.com/community-guidelines.html. Behavior in > violation of those guidelines may result in your removal from this mailing > list. > > GitHub Issues: https://github.com/mitchellh/packer/issues > IRC: #packer-tool on Freenode > --- > You received this message because you are subscribed to the Google Groups > "Packer" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit https://groups.google.com/d/ > msgid/packer-tool/CADd1N9f00-Zs4HA_Wy87hXyaAusUZpWw% > 2BfCmSXzhkyZquE%2BiGQ%40mail.gmail.com > <https://groups.google.com/d/msgid/packer-tool/CADd1N9f00-Zs4HA_Wy87hXyaAusUZpWw%2BfCmSXzhkyZquE%2BiGQ%40mail.gmail.com?utm_medium=email&utm_source=footer> > . > For more options, visit https://groups.google.com/d/optout. > -- This mailing list is governed under the HashiCorp Community Guidelines - https://www.hashicorp.com/community-guidelines.html. Behavior in violation of those guidelines may result in your removal from this mailing list. GitHub Issues: https://github.com/mitchellh/packer/issues IRC: #packer-tool on Freenode --- You received this message because you are subscribed to the Google Groups "Packer" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/packer-tool/CALz9Rt_qRRpArhKYvu3AfLbW9ZMLFYnbDhcPOYYdS_49cgb3kg%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
