How to set "ssh_password" to use instanceID created by packer builder on aws to overcome ssh authentication error

Packer
1

Hi,
This is for aws builder. Our AMI instance doesn’t support ssh-keypair. In the builder I can’t pass ssh_password as it is value is dynamic (set to instanceID). How do I set the value to use that instanceID.
I was trying to do something like
“ssh_password”: “{{ build ID}}”. but it doesn’t work (throws error).
How do I achieve it to pass the instanceID packer created.
is there a way to prompt for password? so that I can input it

Error is

==> amazon-ebs: Launching a source AWS instance…
==> amazon-ebs: Adding tags to source instance
amazon-ebs: Adding tag: “Name”: “Packer Builder”
amazon-ebs: Instance ID: i-038b675f3fbf23aca
==> amazon-ebs: Waiting for instance (i-038b675f3fbf23aca) to become ready…
amazon-ebs: Public DNS: ec2-54-91-170-51.compute-1.amazonaws.com
amazon-ebs: Public IP: 54.91.170.51
amazon-ebs: Private IP: 172.31.23.129
==> amazon-ebs: Pausing after run of step ‘StepRunSourceInstance’. Press enter to continue.
==> amazon-ebs: Pausing after run of step ‘StepGetPassword’. Press enter to continue.
==> amazon-ebs: Pausing after run of step ‘StepCreateSSMTunnel’. Press enter to continue.
==> amazon-ebs: Using ssh communicator to connect: 54.91.170.51
==> amazon-ebs: Waiting for SSH to become available…
==> amazon-ebs: Error waiting for SSH: Packer experienced an authentication error when trying to connect via SSH. This can happen if your username/password are wrong. You may want to double-check your credentials as part of your debugging process. original error: ssh: handshake failed: ssh: unable to authenticate, attempted methods [none publickey], no supported methods remain

{
“variables”: {
“aws_access_key”: “{{env AWS_ACCESS_KEY_ID}}”,
“aws_secret_key”: “{{env AWS_SECRET_ACCESS_KEY}}”,
“region”: “us-east-1”
},
“builders”: [
{
“access_key”: “{{user aws_access_key}}”,
“ami_name”: “vk-adcaas-aws-demo-{{timestamp}}”,
“instance_type”: “m4.xlarge”,
“region”: “us-east-1”,
“secret_key”: “{{user aws_secret_key}}”,
“source_ami”: “ami-04fc8fbd00691cb28”,
“source_ami_filter”: {
“filters”: {
“virtualization-type”: “hvm”,
“root-device-type”: “ebs”
},
“owners”: [“679593333241”]
},
“ssh_username”: “nsrecover”,
“type”: “amazon-ebs”
}
],
“provisioners”: [
{
“type”: “shell-local”,
“environment_vars”: [
“TESTVAR={{ build PackerRunUUID}}”,
“INSTANCEVAR={{ build ID}}”
],
“inline”: [
“echo $TESTVAR”,
“echo $INSTANCEVAR”
]

2

Is there any specific reason you want to use the instanceID as the ssh_password?

3

That is our stock password.

4

The build values don’t get interpolated until provision time, so not until after SSH connects. Those won’t work for you here. We don’t currently have a way to set ssh_password or other early-stage variables using custom instance information.

We don’t love the idea of manually inputting ssh credentials because you wouldn’t be able to run the build entirely in CI.

It looks like you’re using some flavor of linux instance, which means the normal Packer way of adding an ssh key and just using that rather than a password should work for you. Have you tried running without setting an ssh_password at all?

5

Thanks for your time and pointers. We use freebsd old version. ssh-key pair isn’t supported. If I leave out ssh_pasword, authentication failure happens (communicator) and build fails. To get over for now, I created a different source AMI image with password set manually than used packer to build, configure and provision additional software.

I agree with interactive entering of ssh credentials is not automation.

I tried using vault (as it dynamic use case) for ssh_password and tried updating the pasword with new instanceID so that within the default retry (10) it would use correct password and establish ssh connection. However it didn’t work. Is the vault password loaded at the time of loading the json? or it should work?
Thanks in advance.