Terraform-provider-aws: Can't ssh-connect to newly created instance with a key_name
_This issue was originally opened by @MarounMaroun as hashicorp/terraform#14348. It was migrated here as a result of the provider split. The original body of the issue is below._
Terraform Version
v0.9.2
Affected Resource(s)
Please list the resources as a list, for example:
- aws_instance
- aws_key_pair
Terraform Configuration Files
resource "aws_instance" "web" {
subnet_id = "${aws_subnet.main.id}"
vpc_security_group_ids = ["${aws_security_group.allow_all.id}"]
ami = "${var.aws_ami}"
instance_type = "t2.nano"
key_name = "${aws_key_pair.auth.id}"
tags {
"Name" = "instance1"
}
}
resource "aws_key_pair" "auth" {
key_name = "Terraform key"
public_key = "${file("/tmp/tf_temp/key.pub")}"
}
Debug Output
terraform apply returns success, nothing interesting in the debug log.
Expected Behavior
I expect to successfully ssh-connect to the instance
Actual Behavior
I can't ssh-connect to the newly created instance, and asked to enter the password:
ssh username@address -i key
address's password:
After running ssh with -v, I get:
debug1: Skipping ssh-dss key example@com - not in PubkeyAcceptedKeyTypes
I tried to add PubkeyAcceptedKeyTypes=+ssh-dss to the ssh config file, but that didn't help.
hashibot[bot]
All 7 comments
Faced the same issue with already created key_name.
But upon investigation found that default terraform configs created an EC2 instance with the "default" security group which doesn't have any inbound rule for port 22 SSH TCP connection.
So first create a new security group with the proper inbound rule for SSH connection, then pass this security group name in the terraform file
resource "aws_instance" "dev_portal" {
ami = "ami-0b69ea66ff7391e80"
instance_type = "t2.small"
key_name = "<key name here>"
security_groups = [
"<security group name here>"
]
}
cvmmojo
on 14 Oct 2019
resource "aws_instance" "dev_portal" { ami = "ami-0b69ea66ff7391e80" instance_type = "t2.small" key_name = "<key name here>" security_groups = [ "<security group name here>" ] }
This worked for me! Thank you.
LorsK
on 14 Apr 2020
Got stuck on this while going through the official docs/tutorial here: https://learn.hashicorp.com/terraform/getting-started/provision
Make sure your security group's inbound rules explicitly allow port 22.. I thought this was enabled by default in the "All" setting... but I guess 22 is not part of "All" ports??
This is how my inbound rules look so that I'm able to connect:
Of course I had to use the UI to expose port 22.. which defeats the purpose of infra as code. Maybe I'll learn the security group resource type next.
alexklibisz
on 9 May 2020
Hi all,
I still face the same issue, I have a security group created with inbound rules allowing 22 snd the same has been assigned to the instance.
But I still can't SSH to the server using putty even after creating the PPK file from the PEM using putty gen.
Harshadocker
on 19 May 2020
im facing the issue still. is there any workaround solution for this.
ghost
on 10 Aug 2020
Using "depends_on" <-- im able to provision first key_pair and then instances. that way i'm able use the keys and able to login to instances.
ghost
on 10 Aug 2020
When creating a new ec2 resource on AWS, SSH is enabled by default. But, Terraform does not create an SSH access by default. To create a new ec2 instance provided with SSH access through Terraform, you have to create a VPC, a security group, an elastic IP and some other resources you can find on this link.
SlitiBrahim
on 2 Nov 2020
Related issues
hashibot
路
3Comments
hazmeister
路
3Comments
reedloden
路
3Comments
ghost
路
3Comments
EmmN
路
3Comments
Most helpful comment
Faced the same issue with already created key_name.
But upon investigation found that default terraform configs created an EC2 instance with the "default" security group which doesn't have any inbound rule for port 22 SSH TCP connection.
So first create a new security group with the proper inbound rule for SSH connection, then pass this security group name in the terraform file