Terraform-provider-azurerm: Problem to provision ssh keys on resource azurerm_linux_virtual_machine

Created on 9 Mar 2020 · 13Comments · Source: terraform-providers/terraform-provider-azurerm

_This issue was originally opened by @gcontrer87 as hashicorp/terraform#24323. It was migrated here as a result of the provider split. The original body of the issue is below._

Terraform Version

Terraform v0.12.23

Terraform Configuration Files

resource "azurerm_linux_virtual_machine" "vm1" {
  name                = "changos"
  resource_group_name = azurerm_resource_group.rg1.name
  location            = azurerm_resource_group.rg1.location
  size                = "Standard_B1s"
  admin_username      = "gcontrer"
  network_interface_ids = [
    azurerm_network_interface.interface1.id,
    ]

  admin_ssh_key {
      username   = "gcontrer"
      public_key = file("~/azurecli2.pub")
  }

  os_disk {
    caching              = "ReadWrite"
    storage_account_type = "Standard_LRS"
  }

  source_image_reference {
    publisher = "OpenLogic"
    offer     = "CentOS"
    sku       = "7.7"
    version   = "latest"
  }
}

Debug Output

Crash Output

Expected Behavior

Public key should be aprovisioned correctly, since it follows the convention requested on the documentation:
"public_key - (Required) The Public Key which should be used for authentication, which needs to be at least 2048-bit and in ssh-rsa format. Changing this forces a new resource to be created."

Actual Behavior

When terraform plan is run, the following error appears:
terraform plan
2020/03/08 15:19:27 [WARN] Log levels other than TRACE are currently unreliable, and are supported only for backward compatibility.
Use TF_LOG=TRACE to see Terraform's internal logs.

2020/03/08 15:19:28 [ERROR] : eval: *terraform.EvalSequence, err: Error decoding "admin_ssh_key.0.public_key" for public key data

Error: Error decoding "admin_ssh_key.0.public_key" for public key data

on vm.tf line 86, in resource "azurerm_linux_virtual_machine" "vm1":
86: resource "azurerm_linux_virtual_machine" "vm1" {

Steps to Reproduce

Additional Context

It didn't work either with format ---- BEGIN SSH2 PUBLIC KEY ---- (old resource type azurerm_virtual_machine used to work with this format)

References

bug servicvirtual-machine

Source

hashibot[bot]

👍6

Most helpful comment

I can confirm this is not working in v2.1.0. To further add, here's my public key:

ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEApPfAr86p0bQjzFJw5R/2LoxMR68CWG0YOxQQYwRQV6lCeoLyErURYFeRZsFXAnN2lHlE5QMPTeDIgQEf4zhFu8O6DCQeGEl9GUWbGizMANcSLa+sOhnLg8CNJ5BzEFEamC/JmHjHkkzQF7vFqE1XpgBwTpgJgXbYqHed3BCpNfoQHGWfzmBx25lQ0GRCm70HfBoAhwAIFukfFxqEM1Ms7gHrV7Ul9rtKt+AibAzfhXOmC/oNXftxLWCo1lOVWEAVyFMzbHcPbNF8T1nu2BcFuQnb5/ACaTpovEbkJ8iTRuHeDXn4I7snB++9fZpD4bTUQBvk/Ma7puccbjsZSzcIVQ== rgl

And its a 2048-key as you can see from ssh-keygen:

ssh-keygen -l -f ~/.ssh/id_rsa.pub
2048 SHA256:aMiPCGx6Ae2IxvPYKU9wmAlH2oaA36BKyN+nF8eeRSY rgl (RSA)

Looking at the code, there are two paths that return the same error message, which makes troubleshooting quite impossible:

Can those be changed to show the exact problem with the key? like, I was expecting X but got Y.

After further debugging, the problem lies in this branch (sizeDec is 164):

https://github.com/terraform-providers/terraform-provider-azurerm/blob/029e4e0e6490c060184054fb55c6e3838eff3664/azurerm/internal/services/compute/ssh_keys.go#L145-L151

I believe that branch needs to be changed to something alike:

            rsaPubKey, ok := pubKey.(ssh.CryptoPublicKey).CryptoPublicKey().(*rsa.PublicKey)
            if !ok {
                log.Fatalf("ops")
            }
            rsaPubKeyBits := rsaPubKey.Size() * 8
            log.Fatalf("RSA pub key bits is %d", rsaPubKeyBits)

which outputs 2048 with my key.

what do you think? can I submit PR with this change?

rgl on 12 Mar 2020

👍10

All 13 comments

I can confirm this is not working in v2.1.0. To further add, here's my public key:

ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEApPfAr86p0bQjzFJw5R/2LoxMR68CWG0YOxQQYwRQV6lCeoLyErURYFeRZsFXAnN2lHlE5QMPTeDIgQEf4zhFu8O6DCQeGEl9GUWbGizMANcSLa+sOhnLg8CNJ5BzEFEamC/JmHjHkkzQF7vFqE1XpgBwTpgJgXbYqHed3BCpNfoQHGWfzmBx25lQ0GRCm70HfBoAhwAIFukfFxqEM1Ms7gHrV7Ul9rtKt+AibAzfhXOmC/oNXftxLWCo1lOVWEAVyFMzbHcPbNF8T1nu2BcFuQnb5/ACaTpovEbkJ8iTRuHeDXn4I7snB++9fZpD4bTUQBvk/Ma7puccbjsZSzcIVQ== rgl

And its a 2048-key as you can see from ssh-keygen:

ssh-keygen -l -f ~/.ssh/id_rsa.pub
2048 SHA256:aMiPCGx6Ae2IxvPYKU9wmAlH2oaA36BKyN+nF8eeRSY rgl (RSA)

Looking at the code, there are two paths that return the same error message, which makes troubleshooting quite impossible:

Can those be changed to show the exact problem with the key? like, I was expecting X but got Y.

After further debugging, the problem lies in this branch (sizeDec is 164):

https://github.com/terraform-providers/terraform-provider-azurerm/blob/029e4e0e6490c060184054fb55c6e3838eff3664/azurerm/internal/services/compute/ssh_keys.go#L145-L151

I believe that branch needs to be changed to something alike:

            rsaPubKey, ok := pubKey.(ssh.CryptoPublicKey).CryptoPublicKey().(*rsa.PublicKey)
            if !ok {
                log.Fatalf("ops")
            }
            rsaPubKeyBits := rsaPubKey.Size() * 8
            log.Fatalf("RSA pub key bits is %d", rsaPubKeyBits)

which outputs 2048 with my key.

what do you think? can I submit PR with this change?

rgl on 12 Mar 2020

👍10

I am getting the same issue while creating a scale set using azurerm_linux_virtual_machine_scale_set

terraform version is 0.12.24
azurerm provider version is 2.4.0

goswami-soumik on 9 Apr 2020

Any updates on this ?

beaudryj on 29 Apr 2020

Can confirm the same issue, at this point creating Azure Virtual Machines with preset ssh keys appear to be blocked unless there's a known workaround?

terraform version is 0.12.24
azurerm provider version is 2.9.0

stephanbuys on 11 May 2020

👍2

@tombuildsstuff can you look into this? Should I submit a pr for this?

rgl on 11 May 2020

👍1

I'm getting a similar error.. Creating vms using the old azurerm_virtual_machine worked fine so I know my ssh key is 2048 bit.
Trying to use the new azurerm_linux_virtual_machine and I get an error that the key is not 2048 bit.
I'm passing my key in as a variable, but even reading it from a file gives the same error.

terraform version is 0.12.17
azurerm provider version is 2.10.0

nrjohnstone on 15 May 2020

I have the same. Isn't solved with the current version of Terraform/Azure

KevinHannisse on 21 May 2020

I used the Putty key generator, but the error is not displaying when I use ssh-keygen on Linux. That will be a work around for y'all.

KevinHannisse on 21 May 2020

👍1

using ssh-keygen on windows also worked for me, whereas PuttyGen didn't (same PC)

paul-haigh on 22 May 2020

@rgl - happy to accept a pr making the error messages more clear!

katbyte on 22 May 2020

@katbyte the PR is at https://github.com/terraform-providers/terraform-provider-azurerm/pull/7061

rgl on 24 May 2020

This has been released in version 2.12.0 of the provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading. As an example:

provider "azurerm" {
    version = "~> 2.12.0"
}
# ... other configuration ...

hashibot[bot] on 29 May 2020

I'm going to lock this issue because it has been closed for _30 days_ ⏳. This helps our maintainers find and focus on the active issues.

If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. If you feel I made an error 🤖 🙉 , please reach out to my human friends 👉 [email protected]. Thanks!

hashibot[bot] on 23 Jun 2020

Was this page helpful?

0 / 5 - 0 ratings