Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Feature request: Clean up known hosts after instance creation. #9324

Open
JackBracken opened this issue Oct 11, 2016 · 2 comments
Open

Feature request: Clean up known hosts after instance creation. #9324

JackBracken opened this issue Oct 11, 2016 · 2 comments
Labels
enhancement

Comments

@JackBracken
Copy link

A common minor niggle I run into using Terraform these days is getting SSH host key mismatches when re-provisioning a machine with a static IP or creating a new one in a small subnet in our AWS development environment.

@    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the RSA key sent by the remote host is
SHA256:w4yYen8fzP8mBv/wl1uG+y337dLZFsVLZUCuyLiMax8.
Please contact your system administrator.
Add correct host key in /Users/jack/.ssh/known_hosts to get rid of this message.
Offending RSA key in /Users/jack/.ssh/known_hosts:158
RSA host key for 172.28.131.8 has changed and you have requested strict checking.
Host key verification failed.

It's simple enough to run the command sed -i.bak -e '158d' ~/.ssh/known_hosts, but still slightly tedious, and something I think it might be good for Terraform to be able to do.

I'm interested in adding this functionality myself, but I'm not sure where to start. I think it should be platform agnostic, so able to work with aws_instance, azure_virtual_machine, google_compute_instance etc. but I'm not sure where the best place for an end user to specify it would be. In the provider block? The resource itself?

Any help or feedback on how/where to get started would be greatly appreciated.
@mrwacky42
Copy link
Contributor

Consider local-exec provisioner ?

@JackBracken
Copy link
Author

local-exec would work, but seems a little messy to me. We currently use Makefiles in our projects to force a slightly less error prone workflow and I've the functionality there with: @ssh-keygen -R jq -cr '.modules[].resources[] | select(.type | contains("aws_instance")) | .primary.attributes.private_ip' < .terraform/terraform.tfstate`` after an apply, which still isn't ideal imo, but cleaner than a local-exec in every project imo.

@jeffbrl jeffbrl mentioned this issue Feb 11, 2019
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@apparentlymart @JackBracken @mrwacky42