Packer unable to SSH into Amazon Linux 2022

I’ve started experimenting with making a custom AMI with Amazon Linux 2022. I based this on a successful Amazon Linux 2 AMI project I have previously worked on. However during the initial setup phase I’m seeing an SSH error that Communicator cannot connect to the instance due to a Handshake error. Is this a known bug in packer at the moment? This SAME code works fine with Amazon Linux 2. Any guidance would be appreciated.

2 Likes

Hi @johnowens looking at the documentation for Amazon Linux 2022 it appears to based off of Fedora 35 which by default requires key pair types of ED25519. As of the current release of Packer and the Amazon Packer Plugin the only supported type for the Amazon builder is RSA.

However, we just merged in a new change to support ED25519 key types which should resolve this issue. To verify that this is indeed the issue I tested against the following template and confirmed that using a dev build of the latest plugin code fixes the issue.

I’ll follow up with the team on making an Amazon plugin release.

source "amazon-ebs" "basic-example" {
  region =  "us-west-2"
  source_ami = "ami-044065b5480679567"
  instance_type =  "t2.small"
  ssh_username =  "ec2-user"
  ssh_agent_auth = false
  temporary_key_pair_type = "ed25519"
  ami_name =  "packer_AWS {{timestamp}}"
}

build {
  sources = [
    "source.amazon-ebs.basic-example"
  ]

  provisioner "shell"{
    inline = ["echo Hello from Amazon Linux 2022"]
  }

}

Excellent! I look forward to the release announcement!

:wave: the latest release of the Amazon plugin is available for use with Packer. Since plugins are released independently of Packer you can download and install the plugin using one of the following methods.

If you are using HCL2 templates you can place the following block at the top of you template file. Then run packer init . to have Packer install the latest available version of the plugin.

packer {
  required_plugins {
    amazon = {
      version = ">= 1.0.8"
      source  = "github.com/hashicorp/amazon"
    }
  }
}

If you are using JSON templates you need to install the plugin manually please refer to the documentation here

This plugin still fails for me on OSX, with this sort of logged error:

2022/02/21 17:01:26 packer-plugin-amazon_v1.0.8_x5.0_darwin_amd64 plugin: 2022/02/21 17:01:26 [DEBUG] SSH handshake err: ssh: handshake failed: ssh: unable to authenticate, attempted methods [none publickey], no supported methods remain

the target ami is Fedora 35. I’m not sure how to wind up the debugging to get details on the attempted key types.

I deleted my post above because I didn’t read the config carefully enough. When the line

temporary_key_pair_type = “ed25519”

is added then it does indeed work.

Still not working for me, even when I explicitly set SSH-related configs in my Packer template:

ssh_username                = "ec2-user"
ssh_agent_auth              = false
associate_public_ip_address = true
ssh_interface               = "public_ip"
ssh_timeout                 = "2m"
temporary_key_pair_type     = "ed25519"

Tried with source AMIs from 2022 (amzn2-ami-kernel-5.10-hvm-2.0.20220426.0-x86_64-gp2) and 2021 (amzn2-ami-kernel-5.10-hvm-2.0.20210701.0-x86_64-gp2).

Packer version: 1.8.1
AWS plugin version: v1.1.0_x5
Error message: TCP connection to SSH ip/port failed: dial tcp xx.xxx.xxx.xx:22: i/o timeout

I/O timeout makes me think you need to look at the security groups packer is applying to the instance. My error was a handshake error, yours is saying it can’t connect to the port. Does it need to be ssh_interface: public_ip? Maybe try and set as private?

That was the first thing I checked before posting here.

When I manually launch an EC2 instance from the same source AMI + same security group and in the same subnet, I can SSH into it without a problem.