Hello Rickard, I am aware about the below error:
Host key verification failed Below is the scenario at my end: 1. We have gitlab server and my laptop public SSH key is there for a repository and i am able to clone it over my laptop. 2. I have installed Virtualbox over my laptop and packer is running there. 3. I have copied my laptop Private SSH key on packer machine in a file and run the below command on packer machine: eval "$(ssh-agent)" ps aux | grep ssh ssh-add /path/to/my/private/ssh/key/file Can you please help me why its showing this error? Where i need to add my private key? Thanks. On Monday, January 7, 2019 at 12:55:02 PM UTC+5:30, Rickard von Essen wrote: > > Google "Host key verification failed" > > On Mon, Jan 7, 2019 at 8:20 AM Tekchand Dagar <[email protected] > <javascript:>> wrote: > >> Hello Rickard, >> >> Thank you for your response and apologies for late reply from my side. >> >> Now i have made the changes in my `*.yml*` file and now i am trying to >> clone the git as root user rather than deploy user. Please refer the >> attached files for my builder and yml files. >> >> Below are the Error logs: >> >> ==> digitalocean: Provisioning with shell script: ch.sh >> ==> digitalocean: Provisioning with shell script: >> /tmp/packer-shell176262049 >> digitalocean: SSH_AUTH_SOCK='/tmp/ssh-lq0EZ6xnBa/agent.1617' >> digitalocean: SSH_CLIENT='1.2.3.4 57414 22' >> digitalocean: SSH_CONNECTION='1.2.3.4 57414 3.4.5.6 22' >> digitalocean: OpenSSH_7.2p2 Ubuntu-4ubuntu2.6, OpenSSL 1.0.2g 1 Mar >> 2016 >> digitalocean: ssh-rsa >> AAAAB3NzaC1yc2EAAAADAQABAAABAQDjnEEn4+sO3U9o4+Xr9KEtjrDX+i2jMPazXNPnMFoZNwFG3XPDrnl+Whb+SHjBsdfXx+iQkasASKCo1ap118g0hSFMgLVtIlFyD0GqePId4uejLrYZG79AbbEWn0kB+RitaG2S2S2OMHcUAeGtmoyIXHqvPEo9tDoSht6ReFk9UY2eGQUjy8QFz/2TIbF8IpEZz5JvGkmuGF0PqPn0GQZw6sw4VJlE5Zre52qyEMQel4mHAKXQiWhSG0wpK5IOfPuUmXXLCzJp07tYqZR/lcKsJMBm6BkqVG3JRf/cpJo0n9oB >> >> id_rsa >> digitalocean: debug1: Reading configuration data /etc/ssh/ssh_config >> digitalocean: debug1: /etc/ssh/ssh_config line 19: Applying options >> for * >> digitalocean: Pseudo-terminal will not be allocated because stdin is >> not a terminal. >> digitalocean: /root >> digitalocean: debug2: resolving "ab.xyz.com" port 971 >> digitalocean: debug2: ssh_connect_direct: needpriv 0 >> digitalocean: debug1: Connecting to git.promobitech.com [5.6.7.8] >> port 971. >> digitalocean: debug1: Connection established. >> digitalocean: debug1: permanently_set_uid: 0/0 >> digitalocean: debug1: key_load_public: No such file or directory >> digitalocean: debug1: identity file /root/.ssh/id_rsa type -1 >> digitalocean: debug1: key_load_public: No such file or directory >> digitalocean: debug1: identity file /root/.ssh/id_rsa-cert type -1 >> digitalocean: debug1: key_load_public: No such file or directory >> digitalocean: debug1: identity file /root/.ssh/id_dsa type -1 >> digitalocean: debug1: key_load_public: No such file or directory >> digitalocean: debug1: identity file /root/.ssh/id_dsa-cert type -1 >> digitalocean: debug1: key_load_public: No such file or directory >> digitalocean: debug1: identity file /root/.ssh/id_ecdsa type -1 >> digitalocean: debug1: key_load_public: No such file or directory >> digitalocean: debug1: identity file /root/.ssh/id_ecdsa-cert type -1 >> digitalocean: debug1: key_load_public: No such file or directory >> digitalocean: debug1: identity file /root/.ssh/id_ed25519 type -1 >> digitalocean: debug1: key_load_public: No such file or directory >> digitalocean: debug1: identity file /root/.ssh/id_ed25519-cert type -1 >> digitalocean: debug1: Enabling compatibility mode for protocol 2.0 >> digitalocean: debug1: Local version string SSH-2.0-OpenSSH_7.2p2 >> Ubuntu-4ubuntu2.6 >> digitalocean: debug1: Remote protocol version 2.0, remote software >> version OpenSSH_6.6.1p1 Ubuntu-2ubuntu2.10 >> digitalocean: debug1: match: OpenSSH_6.6.1p1 Ubuntu-2ubuntu2.10 pat >> OpenSSH_6.6.1* compat 0x04000000 >> digitalocean: debug2: fd 3 setting O_NONBLOCK >> digitalocean: debug1: Authenticating to ab.xyz.com:971 as 'git' >> digitalocean: debug3: put_host_port: [ab.xyz.com]:971 >> digitalocean: debug3: send packet: type 20 >> digitalocean: debug1: SSH2_MSG_KEXINIT sent >> digitalocean: debug3: receive packet: type 20 >> digitalocean: debug1: SSH2_MSG_KEXINIT received >> digitalocean: debug2: local client KEXINIT proposal >> digitalocean: debug2: KEX algorithms: [email protected] >> <javascript:> >> ,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,ext-info-c >> digitalocean: debug2: host key algorithms: >> [email protected] <javascript:>, >> [email protected] <javascript:>, >> [email protected] <javascript:>, >> [email protected] <javascript:>, >> [email protected] <javascript:> >> ,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa >> digitalocean: debug2: ciphers ctos: [email protected] >> <javascript:>,aes128-ctr,aes192-ctr,aes256-ctr,[email protected] >> <javascript:>,[email protected] <javascript:> >> ,aes128-cbc,aes192-cbc,aes256-cbc,3des-cbc >> digitalocean: debug2: ciphers stoc: [email protected] >> <javascript:>,aes128-ctr,aes192-ctr,aes256-ctr,[email protected] >> <javascript:>,[email protected] <javascript:> >> ,aes128-cbc,aes192-cbc,aes256-cbc,3des-cbc >> digitalocean: debug2: MACs ctos: [email protected] <javascript:>, >> [email protected] <javascript:>,[email protected] >> <javascript:>,[email protected] <javascript:>, >> [email protected] <javascript:>,[email protected] <javascript:>, >> [email protected] <javascript:>,hmac-sha2-256,hmac-sha2-512,hmac-sha1 >> digitalocean: debug2: MACs stoc: [email protected] <javascript:>, >> [email protected] <javascript:>,[email protected] >> <javascript:>,[email protected] <javascript:>, >> [email protected] <javascript:>,[email protected] <javascript:>, >> [email protected] <javascript:>,hmac-sha2-256,hmac-sha2-512,hmac-sha1 >> digitalocean: debug2: compression ctos: none,[email protected] >> <javascript:>,zlib >> digitalocean: debug2: compression stoc: none,[email protected] >> <javascript:>,zlib >> digitalocean: debug2: languages ctos: >> digitalocean: debug2: languages stoc: >> digitalocean: debug2: first_kex_follows 0 >> digitalocean: debug2: reserved 0 >> digitalocean: debug2: peer server KEXINIT proposal >> digitalocean: debug2: KEX algorithms: [email protected] >> <javascript:> >> ,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1 >> digitalocean: debug2: host key algorithms: >> ssh-rsa,ssh-dss,ecdsa-sha2-nistp256 >> digitalocean: debug2: ciphers ctos: >> aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128, >> [email protected] <javascript:>,[email protected] <javascript:>, >> [email protected] <javascript:> >> ,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour, >> [email protected] <javascript:> >> digitalocean: debug2: ciphers stoc: >> aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128, >> [email protected] <javascript:>,[email protected] <javascript:>, >> [email protected] <javascript:> >> ,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour, >> [email protected] <javascript:> >> digitalocean: debug2: MACs ctos: [email protected] <javascript:>, >> [email protected] <javascript:>,[email protected] >> <javascript:>,[email protected] <javascript:>,[email protected] >> <javascript:>,[email protected] <javascript:>, >> [email protected] <javascript:>,[email protected] >> <javascript:>,[email protected] <javascript:> >> ,hmac-md5,hmac-sha1,[email protected] <javascript:>,[email protected] >> <javascript:>,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160, >> [email protected] <javascript:>,hmac-sha1-96,hmac-md5-96 >> digitalocean: debug2: MACs stoc: [email protected] <javascript:>, >> [email protected] <javascript:>,[email protected] >> <javascript:>,[email protected] <javascript:>,[email protected] >> <javascript:>,[email protected] <javascript:>, >> [email protected] <javascript:>,[email protected] >> <javascript:>,[email protected] <javascript:> >> ,hmac-md5,hmac-sha1,[email protected] <javascript:>,[email protected] >> <javascript:>,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160, >> [email protected] <javascript:>,hmac-sha1-96,hmac-md5-96 >> digitalocean: debug2: compression ctos: none,[email protected] >> <javascript:> >> digitalocean: debug2: compression stoc: none,[email protected] >> <javascript:> >> digitalocean: debug2: languages ctos: >> digitalocean: debug2: languages stoc: >> digitalocean: debug2: first_kex_follows 0 >> digitalocean: debug2: reserved 0 >> digitalocean: debug1: kex: algorithm: [email protected] >> <javascript:> >> digitalocean: debug1: kex: host key algorithm: ecdsa-sha2-nistp256 >> digitalocean: debug1: kex: server->client cipher: >> [email protected] <javascript:> MAC: <implicit> compression: none >> digitalocean: debug1: kex: client->server cipher: >> [email protected] <javascript:> MAC: <implicit> compression: none >> digitalocean: debug3: send packet: type 30 >> digitalocean: debug1: expecting SSH2_MSG_KEX_ECDH_REPLY >> digitalocean: debug3: receive packet: type 31 >> digitalocean: debug1: Server host key: ecdsa-sha2-nistp256 >> SHA256:RurlZ68vkLDzi8UiN1CwbAqlD8Ogmxw+E4hxYZ1RU9g >> digitalocean: debug3: put_host_port: [4.5.6.7]:971 >> digitalocean: debug3: put_host_port: [ab.xyz.com]:971 >> digitalocean: debug1: checking without port identifier >> digitalocean: debug1: read_passphrase: can't open /dev/tty: No such >> device or address >> digitalocean: Host key verification failed. >> >> >> Above is the error please help me. >> >> On Sunday, January 6, 2019 at 2:33:44 AM UTC+5:30, Rickard von Essen >> wrote: >>> >>> I already explained that you can't really do it this way. You get: >>> >>> digitalocean: Could not open a connection to your authentication agent. >>> >>> Since the deploy user is not allowed to connect to the ssh agent socket >>> owned by the root user. To quote my self: >>> >>> "when you switch to the deploy user (become_user: deploy) that user >>> can't access the Unix socket forwarding the ssh-agent, only root can do >>> that since root is the owner of it. >>> >>> There is no way around that that and my recommendation is that you >>> instead let root clone the repo and then move/chown it to deploy." >>> >>> >>> On Fri, Jan 4, 2019, 18:06 Vincent Rubiolo <[email protected] >>> wrote: >>> >>>> Hi Tekchand, >>>> >>>> Thank you for your response and suggestion. >>>>> >>>> >>>> You're welcome, but you did not try what I had suggested (putting 'pwd' >>>> in your git clone command and reporting the output). Can you do that? >>>> >>>> >>>>> Yes...after adding -p 987 in my SSH command getting connection time >>>>> out error. I need to fix it first and you are right in my build json file >>>>> the connection part is coming first and then clone part. So now its not >>>>> reaching on clone because it fail at SSH connection. >>>> >>>> >>>> I will let you check that with Rickard. >>>> >>>> Vincent >>>> >>>> >>>> On Wed, Jan 2, 2019 at 10:50 PM Tekchand Dagar <[email protected]> >>>> wrote: >>>> >>>>> Hello Vincent, >>>>> >>>>> Thank you for your response and suggestion. >>>>> >>>>> Yes...after adding -p 987 in my SSH command getting connection time >>>>> out error. I need to fix it first and you are right in my build json file >>>>> the connection part is coming first and then clone part. So now its not >>>>> reaching on clone because it fail at SSH connection. >>>>> >>>>> Thanks a lot for your time and support. >>>>> >>>>> On Thursday, January 3, 2019 at 11:36:48 AM UTC+5:30, Vincent Rubiolo >>>>> wrote: >>>>>> >>>>>> Hi again Tekchand, >>>>>> >>>>>> On Wed, Jan 2, 2019 at 9:52 PM Tekchand Dagar <[email protected]> >>>>>> wrote: >>>>>> >>>>>>> Hello Vincent, >>>>>>> >>>>>>> Thank you for your prompt response. >>>>>>> >>>>>>> Please refer the attach file of ansible-playbook which us used for >>>>>>> clone from git. I am switching the user from root to deploy so when it >>>>>>> switch the user deploy then it will go into deploy user home directory. >>>>>>> >>>>>> >>>>>> There is no guarantee about the directory switch being made when >>>>>> changing users, this will depend on the internal implementation of the >>>>>> 'become' command within Ansible. As you can see at >>>>>> https://docs.ansible.com/ansible/latest/user_guide/become.html?highlight=become, >>>>>> >>>>>> 'become' has 'become_method' which can provide different means to do so >>>>>> (su, sudo, etc). >>>>>> >>>>>> For instance, with the 'su' command, it will depend on whether this >>>>>> is a login shell ('su' does not switch directories, 'su -' or 'su -l' >>>>>> does >>>>>> switch directories). >>>>>> >>>>>> >>>>>>> And user deploy have full right to create a file in his/her home >>>>>>> directory. I am correct? >>>>>>> >>>>>> >>>>>> You are right _if_ the directory is the 'deploy' user home dir. >>>>>> >>>>>> I suggest adding a simple call to 'pwd' in your shell 'git clone' >>>>>> command to check you are where you expect to be (another way would be to >>>>>> do >>>>>> a 'touch test_file ./' before running the 'git clone' command). Then >>>>>> past >>>>>> the output here. >>>>>> >>>>>> Note that I do not doubt you also have a connection issue (cf your >>>>>> unability to connect via ssh), I just think there might be 2 issues, >>>>>> with >>>>>> the 'permission denied' one masking the other (you have seen that your >>>>>> SSH >>>>>> connection fails with a timeout for instance, not a permission problem). >>>>>> >>>>>> HTH, >>>>>> >>>>>> Vincent >>>>>> >>>>> -- >>>>> This mailing list is governed under the HashiCorp Community Guidelines >>>>> - https://www.hashicorp.com/community-guidelines.html. Behavior in >>>>> violation of those guidelines may result in your removal from this >>>>> mailing >>>>> list. >>>>> >>>>> GitHub Issues: https://github.com/mitchellh/packer/issues >>>>> IRC: #packer-tool on Freenode >>>>> --- >>>>> You received this message because you are subscribed to the Google >>>>> Groups "Packer" group. >>>>> To unsubscribe from this group and stop receiving emails from it, send >>>>> an email to [email protected]. >>>>> To view this discussion on the web visit >>>>> https://groups.google.com/d/msgid/packer-tool/1729b8d5-9da1-4050-900a-8f473899d734%40googlegroups.com >>>>> >>>>> <https://groups.google.com/d/msgid/packer-tool/1729b8d5-9da1-4050-900a-8f473899d734%40googlegroups.com?utm_medium=email&utm_source=footer> >>>>> . >>>>> For more options, visit https://groups.google.com/d/optout. >>>>> >>>> >>>> >>>> -- >>>> >>>> -------- >>>> *Vincent Rubiolo* >>>> Senior Platform Engineer >>>> www.datameer.com >>>> Slack: Vincent >>>> >>>> >>>> >>>> >>>> >>>> Datameer, Inc. >>>> 577 2nd Street, Suite 200, San Francisco, CA 94107 >>>> >>>> -- >>>> This mailing list is governed under the HashiCorp Community Guidelines >>>> - https://www.hashicorp.com/community-guidelines.html. Behavior in >>>> violation of those guidelines may result in your removal from this mailing >>>> list. >>>> >>>> GitHub Issues: https://github.com/mitchellh/packer/issues >>>> IRC: #packer-tool on Freenode >>>> --- >>>> You received this message because you are subscribed to the Google >>>> Groups "Packer" group. >>>> To unsubscribe from this group and stop receiving emails from it, send >>>> an email to [email protected]. >>>> To view this discussion on the web visit >>>> https://groups.google.com/d/msgid/packer-tool/CADZPgZdai1dxXkfNZXscmbrh69%2B2xBBBRD-qjFqZEQaK%2BtMh3g%40mail.gmail.com >>>> >>>> <https://groups.google.com/d/msgid/packer-tool/CADZPgZdai1dxXkfNZXscmbrh69%2B2xBBBRD-qjFqZEQaK%2BtMh3g%40mail.gmail.com?utm_medium=email&utm_source=footer> >>>> . >>>> For more options, visit https://groups.google.com/d/optout. >>>> >>> -- >> This mailing list is governed under the HashiCorp Community Guidelines - >> https://www.hashicorp.com/community-guidelines.html. Behavior in >> violation of those guidelines may result in your removal from this mailing >> list. >> >> GitHub Issues: https://github.com/mitchellh/packer/issues >> IRC: #packer-tool on Freenode >> --- >> You received this message because you are subscribed to the Google Groups >> "Packer" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected] <javascript:>. >> To view this discussion on the web visit >> https://groups.google.com/d/msgid/packer-tool/a5f609e0-e9a4-4a4c-b003-fca3c7a2863d%40googlegroups.com >> >> <https://groups.google.com/d/msgid/packer-tool/a5f609e0-e9a4-4a4c-b003-fca3c7a2863d%40googlegroups.com?utm_medium=email&utm_source=footer> >> . >> For more options, visit https://groups.google.com/d/optout. >> > -- This mailing list is governed under the HashiCorp Community Guidelines - https://www.hashicorp.com/community-guidelines.html. Behavior in violation of those guidelines may result in your removal from this mailing list. GitHub Issues: https://github.com/mitchellh/packer/issues IRC: #packer-tool on Freenode --- You received this message because you are subscribed to the Google Groups "Packer" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/packer-tool/4ed9574b-9365-48f7-aa39-0a3ac5a6b0db%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
