I’ve started experimenting with making a custom AMI with Amazon Linux 2022. I based this on a successful Amazon Linux 2 AMI project I have previously worked on. However during the initial setup phase I’m seeing an SSH error that Communicator cannot connect to the instance due to a Handshake error. Is this a known bug in packer at the moment? This SAME code works fine with Amazon Linux 2. Any guidance would be appreciated.
2 Likes
Hi @johnowens looking at the documentation for Amazon Linux 2022 it appears to based off of Fedora 35 which by default requires key pair types of ED25519. As of the current release of Packer and the Amazon Packer Plugin the only supported type for the Amazon builder is RSA.
However, we just merged in a new change to support ED25519 key types which should resolve this issue. To verify that this is indeed the issue I tested against the following template and confirmed that using a dev build of the latest plugin code fixes the issue.
I’ll follow up with the team on making an Amazon plugin release.
source "amazon-ebs" "basic-example" {
region = "us-west-2"
source_ami = "ami-044065b5480679567"
instance_type = "t2.small"
ssh_username = "ec2-user"
ssh_agent_auth = false
temporary_key_pair_type = "ed25519"
ami_name = "packer_AWS {{timestamp}}"
}
build {
sources = [
"source.amazon-ebs.basic-example"
]
provisioner "shell"{
inline = ["echo Hello from Amazon Linux 2022"]
}
}
Excellent! I look forward to the release announcement!
the latest release of the Amazon plugin is available for use with Packer. Since plugins are released independently of Packer you can download and install the plugin using one of the following methods.
If you are using HCL2 templates you can place the following block at the top of you template file. Then run packer init . to have Packer install the latest available version of the plugin.
packer {
required_plugins {
amazon = {
version = ">= 1.0.8"
source = "github.com/hashicorp/amazon"
}
}
}
If you are using JSON templates you need to install the plugin manually please refer to the documentation here
This plugin still fails for me on OSX, with this sort of logged error:
2022/02/21 17:01:26 packer-plugin-amazon_v1.0.8_x5.0_darwin_amd64 plugin: 2022/02/21 17:01:26 [DEBUG] SSH handshake err: ssh: handshake failed: ssh: unable to authenticate, attempted methods [none publickey], no supported methods remain
the target ami is Fedora 35. I’m not sure how to wind up the debugging to get details on the attempted key types.
I deleted my post above because I didn’t read the config carefully enough. When the line
temporary_key_pair_type = “ed25519”
is added then it does indeed work.
Still not working for me, even when I explicitly set SSH-related configs in my Packer template:
ssh_username = "ec2-user"
ssh_agent_auth = false
associate_public_ip_address = true
ssh_interface = "public_ip"
ssh_timeout = "2m"
temporary_key_pair_type = "ed25519"
Tried with source AMIs from 2022 (amzn2-ami-kernel-5.10-hvm-2.0.20220426.0-x86_64-gp2) and 2021 (amzn2-ami-kernel-5.10-hvm-2.0.20210701.0-x86_64-gp2).
Packer version: 1.8.1
AWS plugin version: v1.1.0_x5
Error message: TCP connection to SSH ip/port failed: dial tcp xx.xxx.xxx.xx:22: i/o timeout
I/O timeout makes me think you need to look at the security groups packer is applying to the instance. My error was a handshake error, yours is saying it can’t connect to the port. Does it need to be ssh_interface: public_ip? Maybe try and set as private?
That was the first thing I checked before posting here.
When I manually launch an EC2 instance from the same source AMI + same security group and in the same subnet, I can SSH into it without a problem.
Having issues with SSH on AL2022/2023
==> amazon-ebs.al2023: Pausing after run of step ‘StepRunSourceInstance’. Press enter to continue.
==> amazon-ebs.al2023: Pausing after run of step ‘StepGetPassword’. Press enter to continue.
==> amazon-ebs.al2023: Pausing after run of step ‘StepCreateSSMTunnel’. Press enter to continue.
==> amazon-ebs.al2023: Using SSH communicator to connect: 10.176.72.117
==> amazon-ebs.al2023: Waiting for SSH to become available…
but I can open a separate window and use the keypair generated from debug and ssh in fine.
1 Like
Seeing the same on my attempts to build AL2023 images. I have set temporary_key_pair_type = "ed25519" and it does not resolve the issue. I’m also able to run packer in -debug to pause before the SSH connection step and access the created EC2 instance using the packer generated ssh pem key. I’m connecting from my codebuild container via ssm session with ssh -i <key_packer_generated>.pem ec2-user@<packer_instance_ip>.
I was able to resolve my issue by updating the packer version we’re using to 1.9.2 and setting a require block for the amazon plugin in the HCL file.
packer {
required_plugins {
amazon = {
version = ">= 1.0.8"
source = "github.com/hashicorp/amazon"
}
}
}