Google "Host key verification failed" On Mon, Jan 7, 2019 at 8:20 AM Tekchand Dagar <[email protected]> wrote:
> Hello Rickard, > > Thank you for your response and apologies for late reply from my side. > > Now i have made the changes in my `*.yml*` file and now i am trying to > clone the git as root user rather than deploy user. Please refer the > attached files for my builder and yml files. > > Below are the Error logs: > > ==> digitalocean: Provisioning with shell script: ch.sh > ==> digitalocean: Provisioning with shell script: > /tmp/packer-shell176262049 > digitalocean: SSH_AUTH_SOCK='/tmp/ssh-lq0EZ6xnBa/agent.1617' > digitalocean: SSH_CLIENT='1.2.3.4 57414 22' > digitalocean: SSH_CONNECTION='1.2.3.4 57414 3.4.5.6 22' > digitalocean: OpenSSH_7.2p2 Ubuntu-4ubuntu2.6, OpenSSL 1.0.2g 1 Mar > 2016 > digitalocean: ssh-rsa > AAAAB3NzaC1yc2EAAAADAQABAAABAQDjnEEn4+sO3U9o4+Xr9KEtjrDX+i2jMPazXNPnMFoZNwFG3XPDrnl+Whb+SHjBsdfXx+iQkasASKCo1ap118g0hSFMgLVtIlFyD0GqePId4uejLrYZG79AbbEWn0kB+RitaG2S2S2OMHcUAeGtmoyIXHqvPEo9tDoSht6ReFk9UY2eGQUjy8QFz/2TIbF8IpEZz5JvGkmuGF0PqPn0GQZw6sw4VJlE5Zre52qyEMQel4mHAKXQiWhSG0wpK5IOfPuUmXXLCzJp07tYqZR/lcKsJMBm6BkqVG3JRf/cpJo0n9oB > id_rsa > digitalocean: debug1: Reading configuration data /etc/ssh/ssh_config > digitalocean: debug1: /etc/ssh/ssh_config line 19: Applying options > for * > digitalocean: Pseudo-terminal will not be allocated because stdin is > not a terminal. > digitalocean: /root > digitalocean: debug2: resolving "ab.xyz.com" port 971 > digitalocean: debug2: ssh_connect_direct: needpriv 0 > digitalocean: debug1: Connecting to git.promobitech.com [5.6.7.8] > port 971. > digitalocean: debug1: Connection established. > digitalocean: debug1: permanently_set_uid: 0/0 > digitalocean: debug1: key_load_public: No such file or directory > digitalocean: debug1: identity file /root/.ssh/id_rsa type -1 > digitalocean: debug1: key_load_public: No such file or directory > digitalocean: debug1: identity file /root/.ssh/id_rsa-cert type -1 > digitalocean: debug1: key_load_public: No such file or directory > digitalocean: debug1: identity file /root/.ssh/id_dsa type -1 > digitalocean: debug1: key_load_public: No such file or directory > digitalocean: debug1: identity file /root/.ssh/id_dsa-cert type -1 > digitalocean: debug1: key_load_public: No such file or directory > digitalocean: debug1: identity file /root/.ssh/id_ecdsa type -1 > digitalocean: debug1: key_load_public: No such file or directory > digitalocean: debug1: identity file /root/.ssh/id_ecdsa-cert type -1 > digitalocean: debug1: key_load_public: No such file or directory > digitalocean: debug1: identity file /root/.ssh/id_ed25519 type -1 > digitalocean: debug1: key_load_public: No such file or directory > digitalocean: debug1: identity file /root/.ssh/id_ed25519-cert type -1 > digitalocean: debug1: Enabling compatibility mode for protocol 2.0 > digitalocean: debug1: Local version string SSH-2.0-OpenSSH_7.2p2 > Ubuntu-4ubuntu2.6 > digitalocean: debug1: Remote protocol version 2.0, remote software > version OpenSSH_6.6.1p1 Ubuntu-2ubuntu2.10 > digitalocean: debug1: match: OpenSSH_6.6.1p1 Ubuntu-2ubuntu2.10 pat > OpenSSH_6.6.1* compat 0x04000000 > digitalocean: debug2: fd 3 setting O_NONBLOCK > digitalocean: debug1: Authenticating to ab.xyz.com:971 as 'git' > digitalocean: debug3: put_host_port: [ab.xyz.com]:971 > digitalocean: debug3: send packet: type 20 > digitalocean: debug1: SSH2_MSG_KEXINIT sent > digitalocean: debug3: receive packet: type 20 > digitalocean: debug1: SSH2_MSG_KEXINIT received > digitalocean: debug2: local client KEXINIT proposal > digitalocean: debug2: KEX algorithms: [email protected] > ,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,ext-info-c > digitalocean: debug2: host key algorithms: > [email protected], > [email protected], > [email protected],[email protected], > [email protected] > ,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa > digitalocean: debug2: ciphers ctos: [email protected] > ,aes128-ctr,aes192-ctr,aes256-ctr,[email protected], > [email protected],aes128-cbc,aes192-cbc,aes256-cbc,3des-cbc > digitalocean: debug2: ciphers stoc: [email protected] > ,aes128-ctr,aes192-ctr,aes256-ctr,[email protected], > [email protected],aes128-cbc,aes192-cbc,aes256-cbc,3des-cbc > digitalocean: debug2: MACs ctos: [email protected], > [email protected],[email protected], > [email protected],[email protected], > [email protected],[email protected] > ,hmac-sha2-256,hmac-sha2-512,hmac-sha1 > digitalocean: debug2: MACs stoc: [email protected], > [email protected],[email protected], > [email protected],[email protected], > [email protected],[email protected] > ,hmac-sha2-256,hmac-sha2-512,hmac-sha1 > digitalocean: debug2: compression ctos: none,[email protected],zlib > digitalocean: debug2: compression stoc: none,[email protected],zlib > digitalocean: debug2: languages ctos: > digitalocean: debug2: languages stoc: > digitalocean: debug2: first_kex_follows 0 > digitalocean: debug2: reserved 0 > digitalocean: debug2: peer server KEXINIT proposal > digitalocean: debug2: KEX algorithms: [email protected] > ,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1 > digitalocean: debug2: host key algorithms: > ssh-rsa,ssh-dss,ecdsa-sha2-nistp256 > digitalocean: debug2: ciphers ctos: > aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128, > [email protected],[email protected], > [email protected] > ,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour, > [email protected] > digitalocean: debug2: ciphers stoc: > aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128, > [email protected],[email protected], > [email protected] > ,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour, > [email protected] > digitalocean: debug2: MACs ctos: [email protected], > [email protected],[email protected],[email protected] > ,[email protected],[email protected], > [email protected],[email protected], > [email protected],hmac-md5,hmac-sha1,[email protected], > [email protected],hmac-sha2-256,hmac-sha2-512,hmac-ripemd160, > [email protected],hmac-sha1-96,hmac-md5-96 > digitalocean: debug2: MACs stoc: [email protected], > [email protected],[email protected],[email protected] > ,[email protected],[email protected], > [email protected],[email protected], > [email protected],hmac-md5,hmac-sha1,[email protected], > [email protected],hmac-sha2-256,hmac-sha2-512,hmac-ripemd160, > [email protected],hmac-sha1-96,hmac-md5-96 > digitalocean: debug2: compression ctos: none,[email protected] > digitalocean: debug2: compression stoc: none,[email protected] > digitalocean: debug2: languages ctos: > digitalocean: debug2: languages stoc: > digitalocean: debug2: first_kex_follows 0 > digitalocean: debug2: reserved 0 > digitalocean: debug1: kex: algorithm: [email protected] > digitalocean: debug1: kex: host key algorithm: ecdsa-sha2-nistp256 > digitalocean: debug1: kex: server->client cipher: > [email protected] MAC: <implicit> compression: none > digitalocean: debug1: kex: client->server cipher: > [email protected] MAC: <implicit> compression: none > digitalocean: debug3: send packet: type 30 > digitalocean: debug1: expecting SSH2_MSG_KEX_ECDH_REPLY > digitalocean: debug3: receive packet: type 31 > digitalocean: debug1: Server host key: ecdsa-sha2-nistp256 > SHA256:RurlZ68vkLDzi8UiN1CwbAqlD8Ogmxw+E4hxYZ1RU9g > digitalocean: debug3: put_host_port: [4.5.6.7]:971 > digitalocean: debug3: put_host_port: [ab.xyz.com]:971 > digitalocean: debug1: checking without port identifier > digitalocean: debug1: read_passphrase: can't open /dev/tty: No such > device or address > digitalocean: Host key verification failed. > > > Above is the error please help me. > > On Sunday, January 6, 2019 at 2:33:44 AM UTC+5:30, Rickard von Essen wrote: >> >> I already explained that you can't really do it this way. You get: >> >> digitalocean: Could not open a connection to your authentication agent. >> >> Since the deploy user is not allowed to connect to the ssh agent socket >> owned by the root user. To quote my self: >> >> "when you switch to the deploy user (become_user: deploy) that user can't >> access the Unix socket forwarding the ssh-agent, only root can do that >> since root is the owner of it. >> >> There is no way around that that and my recommendation is that you >> instead let root clone the repo and then move/chown it to deploy." >> >> >> On Fri, Jan 4, 2019, 18:06 Vincent Rubiolo <[email protected] >> wrote: >> >>> Hi Tekchand, >>> >>> Thank you for your response and suggestion. >>>> >>> >>> You're welcome, but you did not try what I had suggested (putting 'pwd' >>> in your git clone command and reporting the output). Can you do that? >>> >>> >>>> Yes...after adding -p 987 in my SSH command getting connection time out >>>> error. I need to fix it first and you are right in my build json file the >>>> connection part is coming first and then clone part. So now its not >>>> reaching on clone because it fail at SSH connection. >>> >>> >>> I will let you check that with Rickard. >>> >>> Vincent >>> >>> >>> On Wed, Jan 2, 2019 at 10:50 PM Tekchand Dagar <[email protected]> >>> wrote: >>> >>>> Hello Vincent, >>>> >>>> Thank you for your response and suggestion. >>>> >>>> Yes...after adding -p 987 in my SSH command getting connection time out >>>> error. I need to fix it first and you are right in my build json file the >>>> connection part is coming first and then clone part. So now its not >>>> reaching on clone because it fail at SSH connection. >>>> >>>> Thanks a lot for your time and support. >>>> >>>> On Thursday, January 3, 2019 at 11:36:48 AM UTC+5:30, Vincent Rubiolo >>>> wrote: >>>>> >>>>> Hi again Tekchand, >>>>> >>>>> On Wed, Jan 2, 2019 at 9:52 PM Tekchand Dagar <[email protected]> >>>>> wrote: >>>>> >>>>>> Hello Vincent, >>>>>> >>>>>> Thank you for your prompt response. >>>>>> >>>>>> Please refer the attach file of ansible-playbook which us used for >>>>>> clone from git. I am switching the user from root to deploy so when it >>>>>> switch the user deploy then it will go into deploy user home directory. >>>>>> >>>>> >>>>> There is no guarantee about the directory switch being made when >>>>> changing users, this will depend on the internal implementation of the >>>>> 'become' command within Ansible. As you can see at >>>>> https://docs.ansible.com/ansible/latest/user_guide/become.html?highlight=become, >>>>> 'become' has 'become_method' which can provide different means to do so >>>>> (su, sudo, etc). >>>>> >>>>> For instance, with the 'su' command, it will depend on whether this is >>>>> a login shell ('su' does not switch directories, 'su -' or 'su -l' does >>>>> switch directories). >>>>> >>>>> >>>>>> And user deploy have full right to create a file in his/her home >>>>>> directory. I am correct? >>>>>> >>>>> >>>>> You are right _if_ the directory is the 'deploy' user home dir. >>>>> >>>>> I suggest adding a simple call to 'pwd' in your shell 'git clone' >>>>> command to check you are where you expect to be (another way would be to >>>>> do >>>>> a 'touch test_file ./' before running the 'git clone' command). Then past >>>>> the output here. >>>>> >>>>> Note that I do not doubt you also have a connection issue (cf your >>>>> unability to connect via ssh), I just think there might be 2 issues, with >>>>> the 'permission denied' one masking the other (you have seen that your SSH >>>>> connection fails with a timeout for instance, not a permission problem). >>>>> >>>>> HTH, >>>>> >>>>> Vincent >>>>> >>>> -- >>>> This mailing list is governed under the HashiCorp Community Guidelines >>>> - https://www.hashicorp.com/community-guidelines.html. Behavior in >>>> violation of those guidelines may result in your removal from this mailing >>>> list. >>>> >>>> GitHub Issues: https://github.com/mitchellh/packer/issues >>>> IRC: #packer-tool on Freenode >>>> --- >>>> You received this message because you are subscribed to the Google >>>> Groups "Packer" group. >>>> To unsubscribe from this group and stop receiving emails from it, send >>>> an email to [email protected]. >>>> To view this discussion on the web visit >>>> https://groups.google.com/d/msgid/packer-tool/1729b8d5-9da1-4050-900a-8f473899d734%40googlegroups.com >>>> <https://groups.google.com/d/msgid/packer-tool/1729b8d5-9da1-4050-900a-8f473899d734%40googlegroups.com?utm_medium=email&utm_source=footer> >>>> . >>>> For more options, visit https://groups.google.com/d/optout. >>>> >>> >>> >>> -- >>> >>> -------- >>> *Vincent Rubiolo* >>> Senior Platform Engineer >>> www.datameer.com >>> Slack: Vincent >>> >>> >>> >>> >>> >>> Datameer, Inc. >>> 577 2nd Street, Suite 200, San Francisco, CA 94107 >>> >>> -- >>> This mailing list is governed under the HashiCorp Community Guidelines - >>> https://www.hashicorp.com/community-guidelines.html. Behavior in >>> violation of those guidelines may result in your removal from this mailing >>> list. >>> >>> GitHub Issues: https://github.com/mitchellh/packer/issues >>> IRC: #packer-tool on Freenode >>> --- >>> You received this message because you are subscribed to the Google >>> Groups "Packer" group. >>> To unsubscribe from this group and stop receiving emails from it, send >>> an email to [email protected]. >>> To view this discussion on the web visit >>> https://groups.google.com/d/msgid/packer-tool/CADZPgZdai1dxXkfNZXscmbrh69%2B2xBBBRD-qjFqZEQaK%2BtMh3g%40mail.gmail.com >>> <https://groups.google.com/d/msgid/packer-tool/CADZPgZdai1dxXkfNZXscmbrh69%2B2xBBBRD-qjFqZEQaK%2BtMh3g%40mail.gmail.com?utm_medium=email&utm_source=footer> >>> . >>> For more options, visit https://groups.google.com/d/optout. >>> >> -- > This mailing list is governed under the HashiCorp Community Guidelines - > https://www.hashicorp.com/community-guidelines.html. Behavior in > violation of those guidelines may result in your removal from this mailing > list. > > GitHub Issues: https://github.com/mitchellh/packer/issues > IRC: #packer-tool on Freenode > --- > You received this message because you are subscribed to the Google Groups > "Packer" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/d/msgid/packer-tool/a5f609e0-e9a4-4a4c-b003-fca3c7a2863d%40googlegroups.com > <https://groups.google.com/d/msgid/packer-tool/a5f609e0-e9a4-4a4c-b003-fca3c7a2863d%40googlegroups.com?utm_medium=email&utm_source=footer> > . > For more options, visit https://groups.google.com/d/optout. > -- This mailing list is governed under the HashiCorp Community Guidelines - https://www.hashicorp.com/community-guidelines.html. Behavior in violation of those guidelines may result in your removal from this mailing list. GitHub Issues: https://github.com/mitchellh/packer/issues IRC: #packer-tool on Freenode --- You received this message because you are subscribed to the Google Groups "Packer" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/packer-tool/CALz9Rt-4UJOiXLvk9tju8NdLrJxvHxXv-C_HCYLT8ZE3S5qpuw%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
