-
Notifications
You must be signed in to change notification settings - Fork 461
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
keyfile query parameter doesn't work in connection string when ~/.ssh/config is empty #1104
Comments
discovered the same, as I dont use RSA keys anymore, as the are legacy. The provider should at least do 2 things:
|
@korncola can you clarify your second point: did you encounter a situation where the connection string was ignored? If so, can you please document? Augmenting default behaviour re: |
Yes, lets keep separate issues separate 🙏 |
Thanks for your quick response 👍 I have no
getting following error: ( The moment i create a But this should not be necessary as the connection string contains already all relevant information. IMHO even the parameters should not be necessary, as key auth is the first to try for every ssh client (except told otherwise explicitly) and also check for keys like
|
I believe I've also got a similar problem as described here. FYI, I doubt it matters, but I've got a host of other issues on the remote device as I'm brand new to this VM business and trying to set that all up now |
System Information
Linux distribution
Debian GNU/Linux 12
Terraform version
Provider and libvirt versions
$ terraform providers Providers required by configuration: . └── provider[registry.terraform.io/dmacvicar/libvirt] 0.8.0
Description of Issue/Question
I observed the
keyfile
query param is ignored, and only the~/.ssh/id_rsa
is added to the list of key files, when~/.ssh/config
is an empty file.I expect the
keyfile
provided in the query param to be included in the list of key files, even when~/.ssh/config
file is just an empty file.Problem Setup
The system setup:
~/.ssh/config
is an empty file. The file must exist.ansible.key
in the same folder as the Terraform workspace.The
main.tf
file:Steps to Reproduce Issue
Run
terraform plan
with the above system setup.Relevant logs
TF_LOG=debug tf plan
Relevant code section:
The bug appears to be here in this code block (v0.8.0).
terraform-provider-libvirt/libvirt/uri/ssh.go
Lines 37 to 59 in 1a88931
Connection string for reference:
In this section, the
keyfile
query param value in the connection string is retrieved and added tosshKeyPaths
.terraform-provider-libvirt/libvirt/uri/ssh.go
Lines 42 to 45 in 1a88931
In this section, the
~/.ssh/config
file is scanned for any instance ofIdentityFile
.terraform-provider-libvirt/libvirt/uri/ssh.go
Lines 47 to 52 in 1a88931
In this section, the
keyfile
query param value is overwritten because~/.ssh/config
file is empty and then initializes with thedefaultSSHKeyPath
which is just${HOME}/.ssh/id_rsa
.terraform-provider-libvirt/libvirt/uri/ssh.go
Lines 54 to 57 in 1a88931
Workaround
With the above understanding of the bug, there is one happy path. If the
~/.ssh/config
includes any instance ofIdentityFile
for the given host, then it will also accept the query paramkeyfile
.In the terraform log below, see that it reads the
ansible.key
from the connection string, and the~/.ssh/some-random.key
from the~/.ssh/config
. It then connects tovhost-1
successfully.The text was updated successfully, but these errors were encountered: