I don't think you understand the error message. You don't have a tty so you can't type yes to add the hsot key to the known hosts file. Just add: -o StrictHostKeyChecking=no To your ssh commands.
On Mon, Jan 7, 2019, 09:31 Tekchand Dagar <[email protected] wrote: > Hello Rickard, > > I am aware about the below error: > > Host key verification failed > > Below is the scenario at my end: > > 1. We have gitlab server and my laptop public SSH key is there for a > repository and i am able to clone it over my laptop. > 2. I have installed Virtualbox over my laptop and packer is running there. > 3. I have copied my laptop Private SSH key on packer machine in a file and > run the below command on packer machine: > eval "$(ssh-agent)" > ps aux | grep ssh > ssh-add /path/to/my/private/ssh/key/file > > Can you please help me why its showing this error? Where i need to add my > private key? > > Thanks. > > > On Monday, January 7, 2019 at 12:55:02 PM UTC+5:30, Rickard von Essen > wrote: >> >> Google "Host key verification failed" >> >> On Mon, Jan 7, 2019 at 8:20 AM Tekchand Dagar <[email protected]> >> wrote: >> >>> Hello Rickard, >>> >>> Thank you for your response and apologies for late reply from my side. >>> >>> Now i have made the changes in my `*.yml*` file and now i am trying to >>> clone the git as root user rather than deploy user. Please refer the >>> attached files for my builder and yml files. >>> >>> Below are the Error logs: >>> >>> ==> digitalocean: Provisioning with shell script: ch.sh >>> ==> digitalocean: Provisioning with shell script: >>> /tmp/packer-shell176262049 >>> digitalocean: SSH_AUTH_SOCK='/tmp/ssh-lq0EZ6xnBa/agent.1617' >>> digitalocean: SSH_CLIENT='1.2.3.4 57414 22' >>> digitalocean: SSH_CONNECTION='1.2.3.4 57414 3.4.5.6 22' >>> digitalocean: OpenSSH_7.2p2 Ubuntu-4ubuntu2.6, OpenSSL 1.0.2g 1 Mar >>> 2016 >>> digitalocean: ssh-rsa >>> AAAAB3NzaC1yc2EAAAADAQABAAABAQDjnEEn4+sO3U9o4+Xr9KEtjrDX+i2jMPazXNPnMFoZNwFG3XPDrnl+Whb+SHjBsdfXx+iQkasASKCo1ap118g0hSFMgLVtIlFyD0GqePId4uejLrYZG79AbbEWn0kB+RitaG2S2S2OMHcUAeGtmoyIXHqvPEo9tDoSht6ReFk9UY2eGQUjy8QFz/2TIbF8IpEZz5JvGkmuGF0PqPn0GQZw6sw4VJlE5Zre52qyEMQel4mHAKXQiWhSG0wpK5IOfPuUmXXLCzJp07tYqZR/lcKsJMBm6BkqVG3JRf/cpJo0n9oB >>> id_rsa >>> digitalocean: debug1: Reading configuration data /etc/ssh/ssh_config >>> digitalocean: debug1: /etc/ssh/ssh_config line 19: Applying options >>> for * >>> digitalocean: Pseudo-terminal will not be allocated because stdin is >>> not a terminal. >>> digitalocean: /root >>> digitalocean: debug2: resolving "ab.xyz.com" port 971 >>> digitalocean: debug2: ssh_connect_direct: needpriv 0 >>> digitalocean: debug1: Connecting to git.promobitech.com [5.6.7.8] >>> port 971. >>> digitalocean: debug1: Connection established. >>> digitalocean: debug1: permanently_set_uid: 0/0 >>> digitalocean: debug1: key_load_public: No such file or directory >>> digitalocean: debug1: identity file /root/.ssh/id_rsa type -1 >>> digitalocean: debug1: key_load_public: No such file or directory >>> digitalocean: debug1: identity file /root/.ssh/id_rsa-cert type -1 >>> digitalocean: debug1: key_load_public: No such file or directory >>> digitalocean: debug1: identity file /root/.ssh/id_dsa type -1 >>> digitalocean: debug1: key_load_public: No such file or directory >>> digitalocean: debug1: identity file /root/.ssh/id_dsa-cert type -1 >>> digitalocean: debug1: key_load_public: No such file or directory >>> digitalocean: debug1: identity file /root/.ssh/id_ecdsa type -1 >>> digitalocean: debug1: key_load_public: No such file or directory >>> digitalocean: debug1: identity file /root/.ssh/id_ecdsa-cert type -1 >>> digitalocean: debug1: key_load_public: No such file or directory >>> digitalocean: debug1: identity file /root/.ssh/id_ed25519 type -1 >>> digitalocean: debug1: key_load_public: No such file or directory >>> digitalocean: debug1: identity file /root/.ssh/id_ed25519-cert type >>> -1 >>> digitalocean: debug1: Enabling compatibility mode for protocol 2.0 >>> digitalocean: debug1: Local version string SSH-2.0-OpenSSH_7.2p2 >>> Ubuntu-4ubuntu2.6 >>> digitalocean: debug1: Remote protocol version 2.0, remote software >>> version OpenSSH_6.6.1p1 Ubuntu-2ubuntu2.10 >>> digitalocean: debug1: match: OpenSSH_6.6.1p1 Ubuntu-2ubuntu2.10 pat >>> OpenSSH_6.6.1* compat 0x04000000 >>> digitalocean: debug2: fd 3 setting O_NONBLOCK >>> digitalocean: debug1: Authenticating to ab.xyz.com:971 as 'git' >>> digitalocean: debug3: put_host_port: [ab.xyz.com]:971 >>> digitalocean: debug3: send packet: type 20 >>> digitalocean: debug1: SSH2_MSG_KEXINIT sent >>> digitalocean: debug3: receive packet: type 20 >>> digitalocean: debug1: SSH2_MSG_KEXINIT received >>> digitalocean: debug2: local client KEXINIT proposal >>> digitalocean: debug2: KEX algorithms: [email protected] >>> ,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,ext-info-c >>> digitalocean: debug2: host key algorithms: >>> [email protected],[email protected], >>> [email protected], >>> [email protected],[email protected] >>> ,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa >>> digitalocean: debug2: ciphers ctos: [email protected] >>> ,aes128-ctr,aes192-ctr,aes256-ctr,[email protected], >>> [email protected],aes128-cbc,aes192-cbc,aes256-cbc,3des-cbc >>> digitalocean: debug2: ciphers stoc: [email protected] >>> ,aes128-ctr,aes192-ctr,aes256-ctr,[email protected], >>> [email protected],aes128-cbc,aes192-cbc,aes256-cbc,3des-cbc >>> digitalocean: debug2: MACs ctos: [email protected], >>> [email protected],[email protected], >>> [email protected],[email protected], >>> [email protected],[email protected] >>> ,hmac-sha2-256,hmac-sha2-512,hmac-sha1 >>> digitalocean: debug2: MACs stoc: [email protected], >>> [email protected],[email protected], >>> [email protected],[email protected], >>> [email protected],[email protected] >>> ,hmac-sha2-256,hmac-sha2-512,hmac-sha1 >>> digitalocean: debug2: compression ctos: none,[email protected],zlib >>> digitalocean: debug2: compression stoc: none,[email protected],zlib >>> digitalocean: debug2: languages ctos: >>> digitalocean: debug2: languages stoc: >>> digitalocean: debug2: first_kex_follows 0 >>> digitalocean: debug2: reserved 0 >>> digitalocean: debug2: peer server KEXINIT proposal >>> digitalocean: debug2: KEX algorithms: [email protected] >>> ,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1 >>> digitalocean: debug2: host key algorithms: >>> ssh-rsa,ssh-dss,ecdsa-sha2-nistp256 >>> digitalocean: debug2: ciphers ctos: >>> aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128, >>> [email protected],[email protected],[email protected] >>> ,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour, >>> [email protected] >>> digitalocean: debug2: ciphers stoc: >>> aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128, >>> [email protected],[email protected],[email protected] >>> ,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour, >>> [email protected] >>> digitalocean: debug2: MACs ctos: [email protected], >>> [email protected],[email protected],[email protected], >>> [email protected],[email protected], >>> [email protected],[email protected], >>> [email protected],hmac-md5,hmac-sha1,[email protected], >>> [email protected],hmac-sha2-256,hmac-sha2-512,hmac-ripemd160, >>> [email protected],hmac-sha1-96,hmac-md5-96 >>> digitalocean: debug2: MACs stoc: [email protected], >>> [email protected],[email protected],[email protected], >>> [email protected],[email protected], >>> [email protected],[email protected], >>> [email protected],hmac-md5,hmac-sha1,[email protected], >>> [email protected],hmac-sha2-256,hmac-sha2-512,hmac-ripemd160, >>> [email protected],hmac-sha1-96,hmac-md5-96 >>> digitalocean: debug2: compression ctos: none,[email protected] >>> digitalocean: debug2: compression stoc: none,[email protected] >>> digitalocean: debug2: languages ctos: >>> digitalocean: debug2: languages stoc: >>> digitalocean: debug2: first_kex_follows 0 >>> digitalocean: debug2: reserved 0 >>> digitalocean: debug1: kex: algorithm: [email protected] >>> digitalocean: debug1: kex: host key algorithm: ecdsa-sha2-nistp256 >>> digitalocean: debug1: kex: server->client cipher: >>> [email protected] MAC: <implicit> compression: none >>> digitalocean: debug1: kex: client->server cipher: >>> [email protected] MAC: <implicit> compression: none >>> digitalocean: debug3: send packet: type 30 >>> digitalocean: debug1: expecting SSH2_MSG_KEX_ECDH_REPLY >>> digitalocean: debug3: receive packet: type 31 >>> digitalocean: debug1: Server host key: ecdsa-sha2-nistp256 >>> SHA256:RurlZ68vkLDzi8UiN1CwbAqlD8Ogmxw+E4hxYZ1RU9g >>> digitalocean: debug3: put_host_port: [4.5.6.7]:971 >>> digitalocean: debug3: put_host_port: [ab.xyz.com]:971 >>> digitalocean: debug1: checking without port identifier >>> digitalocean: debug1: read_passphrase: can't open /dev/tty: No such >>> device or address >>> digitalocean: Host key verification failed. >>> >>> >>> Above is the error please help me. >>> >>> On Sunday, January 6, 2019 at 2:33:44 AM UTC+5:30, Rickard von Essen >>> wrote: >>>> >>>> I already explained that you can't really do it this way. You get: >>>> >>>> digitalocean: Could not open a connection to your authentication agent. >>>> >>>> Since the deploy user is not allowed to connect to the ssh agent socket >>>> owned by the root user. To quote my self: >>>> >>>> "when you switch to the deploy user (become_user: deploy) that user >>>> can't access the Unix socket forwarding the ssh-agent, only root can do >>>> that since root is the owner of it. >>>> >>>> There is no way around that that and my recommendation is that you >>>> instead let root clone the repo and then move/chown it to deploy." >>>> >>>> >>>> On Fri, Jan 4, 2019, 18:06 Vincent Rubiolo <[email protected] >>>> wrote: >>>> >>>>> Hi Tekchand, >>>>> >>>>> Thank you for your response and suggestion. >>>>>> >>>>> >>>>> You're welcome, but you did not try what I had suggested (putting >>>>> 'pwd' in your git clone command and reporting the output). Can you do >>>>> that? >>>>> >>>>> >>>>>> Yes...after adding -p 987 in my SSH command getting connection time >>>>>> out error. I need to fix it first and you are right in my build json file >>>>>> the connection part is coming first and then clone part. So now its not >>>>>> reaching on clone because it fail at SSH connection. >>>>> >>>>> >>>>> I will let you check that with Rickard. >>>>> >>>>> Vincent >>>>> >>>>> >>>>> On Wed, Jan 2, 2019 at 10:50 PM Tekchand Dagar <[email protected]> >>>>> wrote: >>>>> >>>>>> Hello Vincent, >>>>>> >>>>>> Thank you for your response and suggestion. >>>>>> >>>>>> Yes...after adding -p 987 in my SSH command getting connection time >>>>>> out error. I need to fix it first and you are right in my build json file >>>>>> the connection part is coming first and then clone part. So now its not >>>>>> reaching on clone because it fail at SSH connection. >>>>>> >>>>>> Thanks a lot for your time and support. >>>>>> >>>>>> On Thursday, January 3, 2019 at 11:36:48 AM UTC+5:30, Vincent Rubiolo >>>>>> wrote: >>>>>>> >>>>>>> Hi again Tekchand, >>>>>>> >>>>>>> On Wed, Jan 2, 2019 at 9:52 PM Tekchand Dagar <[email protected]> >>>>>>> wrote: >>>>>>> >>>>>>>> Hello Vincent, >>>>>>>> >>>>>>>> Thank you for your prompt response. >>>>>>>> >>>>>>>> Please refer the attach file of ansible-playbook which us used for >>>>>>>> clone from git. I am switching the user from root to deploy so when it >>>>>>>> switch the user deploy then it will go into deploy user home directory. >>>>>>>> >>>>>>> >>>>>>> There is no guarantee about the directory switch being made when >>>>>>> changing users, this will depend on the internal implementation of the >>>>>>> 'become' command within Ansible. As you can see at >>>>>>> https://docs.ansible.com/ansible/latest/user_guide/become.html?highlight=become, >>>>>>> 'become' has 'become_method' which can provide different means to do so >>>>>>> (su, sudo, etc). >>>>>>> >>>>>>> For instance, with the 'su' command, it will depend on whether this >>>>>>> is a login shell ('su' does not switch directories, 'su -' or 'su -l' >>>>>>> does >>>>>>> switch directories). >>>>>>> >>>>>>> >>>>>>>> And user deploy have full right to create a file in his/her home >>>>>>>> directory. I am correct? >>>>>>>> >>>>>>> >>>>>>> You are right _if_ the directory is the 'deploy' user home dir. >>>>>>> >>>>>>> I suggest adding a simple call to 'pwd' in your shell 'git clone' >>>>>>> command to check you are where you expect to be (another way would be >>>>>>> to do >>>>>>> a 'touch test_file ./' before running the 'git clone' command). Then >>>>>>> past >>>>>>> the output here. >>>>>>> >>>>>>> Note that I do not doubt you also have a connection issue (cf your >>>>>>> unability to connect via ssh), I just think there might be 2 issues, >>>>>>> with >>>>>>> the 'permission denied' one masking the other (you have seen that your >>>>>>> SSH >>>>>>> connection fails with a timeout for instance, not a permission problem). >>>>>>> >>>>>>> HTH, >>>>>>> >>>>>>> Vincent >>>>>>> >>>>>> -- >>>>>> This mailing list is governed under the HashiCorp Community >>>>>> Guidelines - https://www.hashicorp.com/community-guidelines.html. >>>>>> Behavior in violation of those guidelines may result in your removal from >>>>>> this mailing list. >>>>>> >>>>>> GitHub Issues: https://github.com/mitchellh/packer/issues >>>>>> IRC: #packer-tool on Freenode >>>>>> --- >>>>>> You received this message because you are subscribed to the Google >>>>>> Groups "Packer" group. >>>>>> To unsubscribe from this group and stop receiving emails from it, >>>>>> send an email to [email protected]. >>>>>> To view this discussion on the web visit >>>>>> https://groups.google.com/d/msgid/packer-tool/1729b8d5-9da1-4050-900a-8f473899d734%40googlegroups.com >>>>>> <https://groups.google.com/d/msgid/packer-tool/1729b8d5-9da1-4050-900a-8f473899d734%40googlegroups.com?utm_medium=email&utm_source=footer> >>>>>> . >>>>>> For more options, visit https://groups.google.com/d/optout. >>>>>> >>>>> >>>>> >>>>> -- >>>>> >>>>> -------- >>>>> *Vincent Rubiolo* >>>>> Senior Platform Engineer >>>>> www.datameer.com >>>>> Slack: Vincent >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> Datameer, Inc. >>>>> 577 2nd Street, Suite 200, San Francisco, CA 94107 >>>>> >>>>> -- >>>>> This mailing list is governed under the HashiCorp Community Guidelines >>>>> - https://www.hashicorp.com/community-guidelines.html. Behavior in >>>>> violation of those guidelines may result in your removal from this mailing >>>>> list. >>>>> >>>>> GitHub Issues: https://github.com/mitchellh/packer/issues >>>>> IRC: #packer-tool on Freenode >>>>> --- >>>>> You received this message because you are subscribed to the Google >>>>> Groups "Packer" group. >>>>> To unsubscribe from this group and stop receiving emails from it, send >>>>> an email to [email protected]. >>>>> To view this discussion on the web visit >>>>> https://groups.google.com/d/msgid/packer-tool/CADZPgZdai1dxXkfNZXscmbrh69%2B2xBBBRD-qjFqZEQaK%2BtMh3g%40mail.gmail.com >>>>> <https://groups.google.com/d/msgid/packer-tool/CADZPgZdai1dxXkfNZXscmbrh69%2B2xBBBRD-qjFqZEQaK%2BtMh3g%40mail.gmail.com?utm_medium=email&utm_source=footer> >>>>> . >>>>> For more options, visit https://groups.google.com/d/optout. >>>>> >>>> -- >>> This mailing list is governed under the HashiCorp Community Guidelines - >>> https://www.hashicorp.com/community-guidelines.html. Behavior in >>> violation of those guidelines may result in your removal from this mailing >>> list. >>> >>> GitHub Issues: https://github.com/mitchellh/packer/issues >>> IRC: #packer-tool on Freenode >>> --- >>> You received this message because you are subscribed to the Google >>> Groups "Packer" group. >>> To unsubscribe from this group and stop receiving emails from it, send >>> an email to [email protected]. >>> To view this discussion on the web visit >>> https://groups.google.com/d/msgid/packer-tool/a5f609e0-e9a4-4a4c-b003-fca3c7a2863d%40googlegroups.com >>> <https://groups.google.com/d/msgid/packer-tool/a5f609e0-e9a4-4a4c-b003-fca3c7a2863d%40googlegroups.com?utm_medium=email&utm_source=footer> >>> . >>> For more options, visit https://groups.google.com/d/optout. >>> >> -- > This mailing list is governed under the HashiCorp Community Guidelines - > https://www.hashicorp.com/community-guidelines.html. Behavior in > violation of those guidelines may result in your removal from this mailing > list. > > GitHub Issues: https://github.com/mitchellh/packer/issues > IRC: #packer-tool on Freenode > --- > You received this message because you are subscribed to the Google Groups > "Packer" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/d/msgid/packer-tool/4ed9574b-9365-48f7-aa39-0a3ac5a6b0db%40googlegroups.com > <https://groups.google.com/d/msgid/packer-tool/4ed9574b-9365-48f7-aa39-0a3ac5a6b0db%40googlegroups.com?utm_medium=email&utm_source=footer> > . > For more options, visit https://groups.google.com/d/optout. > -- This mailing list is governed under the HashiCorp Community Guidelines - https://www.hashicorp.com/community-guidelines.html. Behavior in violation of those guidelines may result in your removal from this mailing list. GitHub Issues: https://github.com/mitchellh/packer/issues IRC: #packer-tool on Freenode --- You received this message because you are subscribed to the Google Groups "Packer" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/packer-tool/CALz9Rt-H%3DQFQMYy8osF%3DM3Ruuw-64QG9bL_iqyhdLxiyLQvvew%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
