DigitalOcean Builder Unable to Connect over SSH

[tserkov]

Overview of the Issue

DigitalOcean builder is unable to connect to Droplet over SSH using its generated private key.

packer build -debug . allowed me to connect using ssh -i do_web.pem root@{{droplet_ip}} without any issues.

Reproduction Steps

Run packer build . with the buildfile below (providing a do_token, of course).

Packer version

Packer v1.7.0

Simplified Packer Buildfile

variable "do_token" {}

source "digitalocean" "web" {
	api_token = var.do_token
	image = "fedora-33-x64"
	region = "nyc2"
	size = "s-1vcpu-1gb"
	ssh_username = "root"
	snapshot_name = "web"
}

build {
	sources = [ "source.digitalocean.web" ]
	provisioner "shell" {
		inline = [ "dnf upgrade -y", "dnf install -y unzip wget" ]
	}
}

Operating system and Environment details

Reproduced on the following systems:

• Debian 10 (ChromeOS's Linux Development Environment)
• Debian 10 (DigitalOcean Droplet, fresh)
• Fedora 33 (DigitalOcean Droplet, fresh)

Log Fragments and crash.log files

PACKER_LOG=1 packer build . => https://gist.github.com/tserkov/9d0ec9478527d2a2ec7367cf746859ec

Errata

I am also experiencing this issue with Terraform's provisioning (same error message and all).

[tserkov]

On further investigation, this seems to only occur when using the fedora-33-x64 image, fedora-32-x64 and ubuntu-20-04-x64 work fine.

[nywilken]

Hi there @tserkov it looks like you are running into the issue captured here #10074 (comment). The latest version Fedora is expecting a different key type.

Have you tired using you own private key of the expected type with the build?

source "digitalocean" "dobuild" {
api_token = var.do_api_token
image = "fedora-33-x64"
size = "s-1vcpu-1gb"
region = "nyc3"
ssh_username = "root"
ssh_private_key_file= "do_web.pem"
}

[tserkov]

I added ssh_private_key_file = "/path/to/my_ed25519_key" and the builder still generated & used its own temporary key.

Looking at builder/digitalocean/builder.go#L83-L86, builder/digitalocean/step_create_ssh_key#L35, and builder/digitalocean/step_create_droplet#L24 the builder ignores the provided key, so that may be a separate issue. 😅

I do want to point out something I mentioned in the first post -- I am able to use the builder-generated RSA key to ssh into the droplet (ssh -i do_web.pem root@{droplet_ip}) while running packer builder -debug ..

[tserkov]

I'm going to attribute my ability to manually log in over SSH using the generated temporary RSA key as some local config voodoo, and instead focus on resolving this for the larger community in the PR tagged above by including ECDSA and ED29919 support for the digitalocean builder.

[ghost]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.