SSH authentication fails

[chrissound]

Hello! First off, thank you for the project!

I'm not too familiar with Terraform so maybe I'm doing something dumb. I've essentially copied example to another directory and modified the deploy_nixos.tf file.

Previous to the I ran eval "$(ssh-agent -s)" and ssh-add ~/.ssh/id_rsa.

Error: Error applying plan:

1 error occurred:
    * module.deploy_nixos.null_resource.deploy_nixos: timeout - last error: ssh: handshake failed: ssh: unable to authenticate, attempted methods [none publickey], no supported methods remain

data "google_compute_network" "default" {
  name = "default"
}

resource "google_compute_firewall" "deploy-nixos" {
  name    = "deploy-nixos"
  network = "${data.google_compute_network.default.name}"

  allow {
    protocol = "icmp"
  }

  // Allow SSH access
  allow {
    protocol = "tcp"
    ports    = ["22", "80", "443"]
  }

  source_tags = ["nixos"]
}

resource "google_compute_instance" "deploy-nixos" {
  name         = "deploy-nixos-example"
  machine_type = "g1-small"
  zone         = "europe-west2-a"
  # region      = "eu-west2"

  // Bind the firewall rules
  tags = ["nixos"]

  boot_disk {
    initialize_params {
      // Start with an image the deployer can SSH into
      image = "${module.nixos_image_custom.self_link}"
      size  = "25"
    }
  }

  network_interface {
    network = "default"

    // Give it a public IP
    access_config {}
  }

  lifecycle {
    // No need to re-deploy the machine if the image changed
    // NixOS is already immutable
    ignore_changes = ["boot_disk"]
  }
}

module "deploy_nixos" {
  source = "../../deploy_nixos"

  // Deploy the given NixOS configuration. In this case it's the same as the
  // original image. So if the configuration is changed later it will be
  // deployed here.
  nixos_config = "${path.module}/image_nixos_custom.nix"

  target_user = "root"
  target_host = "${google_compute_instance.deploy-nixos.network_interface.0.access_config.0.nat_ip}"

  triggers = {
    // Also re-deploy whenever the VM is re-created
    instance_id = "${google_compute_instance.deploy-nixos.id}"
  }
}

If I manually try to SSH I get the same authentication error. I've mounted the disk on another instance and inspecting /root shows no .ssh directory:

root@instance-2:/home/chris/mount/root# ls -altr
total 12
drwx------  3 root root 4096 Jun  8 20:47 .
drwx------  2 root root 4096 Jun  8 20:47 .nix-defexpr
drwxr-xr-x 16 root root 4096 Jun  8 21:09 ..

[zimbatm]

Do you have the $SSH_AUTH_SOCK environment variable set? This is needed by the SSH client to talk to the agent.

[chrissound]

Yup that is set by eval "$(ssh-agent -s)":

echo $SSH_AUTH_SOCK  
/tmp/ssh-Wpyng4AamOwb/agent.25936

[zimbatm]

It could be a number of things:

• the target_host IP isn't reachable
• the NixOS VM image didn't start the SSH server (look at the console logs of the VM)
• firewalling issue

[chrissound]

Just tried this again and it just worked fine - without any changes. So maybe I did mess up the ssh-agent part earlier, not sure.

Thanks for the pointers @zimbatm .