Hi,
I built an image based on Flatcar 3227.2.0 using Packer.
Then via Terraform created AWS EC2 instance using this image.
When try to connect to this EC2 instance via vault ssh command, receive an error:
failed to generate credential: failed to get credentials: Error making API request.
URL: PUT https://my_vault_url/path
Code: 500. Errors:
1 error occurred:
failed to add public key to authorized_keys file in target: ssh: handshake failed: ssh: unable to authenticate, attempted methods [none publickey], no supported methods remain
I can successfully login via vault ssh to EC2 instances built on Flatcar 3033.2.2 image.
But received the same error, when tried to connect to instance, built on Flatcar 3139.2.3.
Maybe someone knows what can be the root cause?
I noticed that in Flatcar 3139.2.0 openssh version changed to 8.8.
I have vault cluster v1.7.2, locally installed vault client 1.9.2, locally have ssh version OpenSSH_8.6p1 .
I tried to implement a fix, like described here Vault SSH CA engine issuing certs with deprecated type ssh-rsa-cert-v01@openssh.com user certificate · Issue #15488 · hashicorp/vault · GitHub , to add the following line to /etc/ssh/sshd_config on the Flatcar server image, but it didn’t help.
PubkeyAcceptedAlgorithms +ssh-rsa-cert-v01@openssh.com