Auth fails with Vagrant ubuntu/jammy64 image

[dnaka91]

Overview of the Issue

I have a Packer setup with DigitalOcean as main source to create VPS image snapshots, and using Vagrant as source for local testing.

For provisioning, I use Ansible.

My setup works perfectly fine when using ubuntu/impish64 as image for Vagrant, but as soon a I try to update to the latest LTS release ubuntu/jammy64, an error happens during authentication.

If I just create a new VM with Vagrant and image ubuntu/jammy64, everything works fine and I can ssh into the instance.

Reproduction Steps

Use the Packer template from below and run packer build. The provisioner doesn't really matter, as the error happens before provisioning.

Packer version

Packer v1.8.0

Simplified Packer Template

source "vagrant" "main" {
  communicator    = "ssh"
  source_path     = "ubuntu/jammy64"
  provider        = "virtualbox"
  teardown_method = "destroy"
  skip_add        = true
  skip_package    = true
}

build {
  name    = "main"
  sources = ["source.vagrant.main"]

  provisioner "shell" {
    inline = ["echo hi"]
  }
}

Operating system and Environment details

MacOS 12.3.1
Darwin 21.4.0 x86_64 i386

Using the VirtualBox provider with Vagrant.

Log Fragments and crash.log files

The relevant logs are probable these:

2022/05/18 16:14:55 packer-builder-vagrant plugin: Calling Vagrant CLI: []string{"ssh-config", "source"}
2022/05/18 16:14:57 packer-builder-vagrant plugin: [vagrant driver] stdout: Host source
2022/05/18 16:14:57 packer-builder-vagrant plugin: [vagrant driver] stdout:   HostName 127.0.0.1
2022/05/18 16:14:57 packer-builder-vagrant plugin: [vagrant driver] stdout:   User vagrant
2022/05/18 16:14:57 packer-builder-vagrant plugin: [vagrant driver] stdout:   Port 2222
2022/05/18 16:14:57 packer-builder-vagrant plugin: [vagrant driver] stdout:   UserKnownHostsFile /dev/null
2022/05/18 16:14:57 packer-builder-vagrant plugin: [vagrant driver] stdout:   StrictHostKeyChecking no
2022/05/18 16:14:57 packer-builder-vagrant plugin: [vagrant driver] stdout:   PasswordAuthentication no
2022/05/18 16:14:57 packer-builder-vagrant plugin: [vagrant driver] stdout:   IdentityFile /Users/dnaka91/.vagrant.d/insecure_private_key
2022/05/18 16:14:57 packer-builder-vagrant plugin: [vagrant driver] stdout:   IdentitiesOnly yes
2022/05/18 16:14:57 packer-builder-vagrant plugin: [vagrant driver] stdout:   LogLevel FATAL
2022/05/18 16:14:57 packer-builder-vagrant plugin: [vagrant driver] stdout:
2022/05/18 16:14:57 packer-builder-vagrant plugin: identity file is /Users/dnaka91/.vagrant.d/insecure_private_key
2022/05/18 16:14:57 packer-builder-vagrant plugin: Removing quotes from identity file
==> main.vagrant.main: Using SSH communicator to connect: 127.0.0.1
2022/05/18 16:14:57 packer-builder-vagrant plugin: [INFO] Waiting for SSH, up to timeout: 10m0s
==> main.vagrant.main: Waiting for SSH to become available...
2022/05/18 16:14:57 packer-builder-vagrant plugin: [INFO] Attempting SSH connection to 127.0.0.1:2222...
2022/05/18 16:14:57 packer-builder-vagrant plugin: [DEBUG] reconnecting to TCP connection for SSH
2022/05/18 16:14:57 packer-builder-vagrant plugin: [DEBUG] handshaking with SSH
2022/05/18 16:14:57 packer-builder-vagrant plugin: [DEBUG] SSH handshake err: ssh: handshake failed: ssh: unable to authenticate, attempted methods [none publickey], no supported methods remain
2022/05/18 16:14:57 packer-builder-vagrant plugin: [DEBUG] Detected authentication error. Increasing handshake attempts.

[sc250024]

I wonder if this is related to the same errors encountered in this issue: #11733. Namely, Ubuntu 22.04 updates OpenSSL to a version that does not accept ssh-rsa keys by default.

[dnaka91]

I saw that issue too, but what surprised me is that a manual vagrant up just works. Doesn't Packer use the same mechanism?

As far as I understood, it calls vagrant ssh-config and then extracts the private key location for connection to SSH. But that doesn't seem to work. Something is different there.

Also, tried the same directly on a Digital Ocean VPS instance, but got the same connection issue. For that case, it's probably the same problem as in #11733.

[sc250024]

Out of curiosity, what type of key is generated at /Users/dnaka91/.vagrant.d/insecure_private_key ?

[dnaka91]

Seems to be an RSA key. And there is an option to inject a more secure key (specific to that instance), which is done by Vagrant, but still an RSA key I believe.

Even with that key injection enabled, it fails. And there seems to be no option to tell Vagrant to generate ed25519 keys instead, as mentioned in other issues for AWS.

[dnaka91]

I saw that the relevant plugins are updated by now (as mentioned in the AWS issue). I added a plugin block to depend on the latest released version, and it solved the problem for me.

Auth works again 🎉

[nywilken]

@dnaka91 thanks for testing and closing the issue. I noted this issue yesterday but didn't get a chance to come back and update. Thanks to all for pushing this issue forward, and for your patience why we got this squared away.

[dnaka91]

Just for reference, anybody that may find this issue in the future. This needed to be added to my Packer file to use the latest versions for Vagrant and Ansible (which contain the required fixes for the SSH authentication).

packer {
  required_plugins {
    digitalocean = {
      version = "~> 1.0" # effectively 1.0.6
      source  = "github.com/hashicorp/digitalocean"
    }

    vagrant = {
      version = "~> 1.0" # effectively 1.0.2
      source  = "github.com/hashicorp/vagrant"
    }
  }
}

[github-actions]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.
If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.