-
Notifications
You must be signed in to change notification settings - Fork 181
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Vagrant up infinitely hangs due to retrying after permanent ssh errors #273
Comments
It seems the underlying problem lies with To start it, you have to run You can automate this process on login in various ways, a couple are explained on the Arch Wiki, for example. Can someone else with this issue confirm that starting |
@JonasVerhofste - having problems with the ssh-agent is perhaps just another example for an permanent ssh error condition where In the 2 cases I described in my original report, ssh-agent didn't play any role, at all. In fact, the involved ssh private keys weren't password protected. At that time, I worked around A) by using a non-ed25519 key and I worked around B) by manually deleting the vagrant key name slot in the Digital Ocean Web GUI. |
Mine aren't either. Even better: my key was always RSA, and the problem above still occurred. I noticed something was off when I tried to manually ssh into the server with
This notice is pretty normal the first time you authenticate, but it shouldn't say "ECDSA" for an RSA-key, I reckon. Starting ssh-agent and adding my (unencrypted) key solved it. I also think that running multiple instances of |
@JonasVerhofste The ECDSA message you are seeing is about the host key (of the server) and not about the RSA key you are using to authorize the client. Usually, servers have multiple host keys (i.e. rsa, ecdsa ...) and they basically use the one the client is asking for (where the ECDSA type is the default for recent and not so recent openssh/sshd versions). You get that message if the fingerprint of that host key isn't in your known hosts file, yet. The default of the ssh client is then to ask to add it - but only if it runs interactively. Thus, it would be plausible if it fails repeatedly with that message if the client runs non-interactively. |
Hello, please provide an update to either your resolution or if this continues to be a problem and we'll do our best to help in a timely manner. |
How to reproduce - case A:
override.ssh.private_key_path
to an ed25519 ssh keyvagrant up --provider=digital_ocean
Actual result: the command hangs after it prints
==> dropletname: Assigned IP address: xxx.xxx.xx.xxx
Expected result: Command exits with exit status != 0 after printing a clear error message regarding ssh key type incompatibility. Optimally, the plugin would check net-ssh ed25519 support before uploading the ed25519 key to DO (using the Vagrant key name) and proceed with uploading if and only if net-ssh has support.
How to reproduce - case B:
provider.ssh_key_name
in the Vagrantfileoverride.ssh.private_key_path
to yet another ssh key (i.e. one with a different fingerprint)vagrant up --provider=digital_ocean
Actual result: the command hangs after it prints
==> dropletname: Assigned IP address: xxx.xxx.xx.xxx
Expected result: Command exits with exit status != 0 after printing an error message indicating that public key authentication has failed. Ideally, the plugin would check if the ssh key name slot is already occupied in the DO settings. If it is, it would compare the key fingerprints and error out if the already uploaded public key doesn't match the one specified in the Vagrantfile (i.e. in
override.ssh.private_key_path + '.pub'
).Additional information:
Turning on debug mode (
VAGRANT_LOG=debug vagrant up ...
) reveals the root causes:And for case B:
Sure, it would be great if those errors wouldn't be classified as 'Retryable exception' and if those messages would have the proper severity such they are always displayed without having to increase the verbosity to DEBUG.
There seem to be several bug reports about hung commands and unclear ssh failures related to the above root causes - often collecting several variations of the original issue. Thus, fixing the above should reduce the number of such reports, in the future. Examples:
The text was updated successfully, but these errors were encountered: