terraform-provider-libvirt: SSH transport regression in 0.6.11

According to #864 comments, some users are experiencing regressions when using the ssh transport.

Please comment (in a single comment):

Your connection URL
TF_LOG=debug terraform plan output
make sure authorized_hosts on the server is correct
Any other error
Relevant info (client & server OS, etc)
env variable SSH_AUTH_SOCK

About this issue

Original URL
State: closed
Created 3 years ago
Reactions: 1
Comments: 15 (8 by maintainers)

Commits related to this issue

use a fork of golang-crypto with RFC8308 patches Closes: #916 Closes: #886 — committed to dmacvicar/terraform-provider-libvirt by dmacvicar 2 years ago
use a fork of golang-crypto with RFC8308 patches (#925) The fork adds the following patches: - ssh: add support for extension negotiation (rfc 8308) https://github.com/golang/crypto/pull/197 -... — committed to dmacvicar/terraform-provider-libvirt by dmacvicar 2 years ago

Most upvoted comments

I can propose this workaround.

Make remote unix socket forwarding to local port with root access on remote host: ssh -nNT -L localhost:5000:/run/libvirt/libvirt-sock root@192.168.7.59

And use connection string to local port: qemu+tcp://localhost:5000/system

It’s working for me.

pnsafonov on Feb 14, 2022

I came across the same issue and was searching for an answer.

╷
│ Error: failed to dial libvirt: ssh: handshake failed: ssh: unable to authenticate, attempted methods [none publickey], no supported methods remain
│ 
│   with provider["registry.terraform.io/dmacvicar/libvirt"],
│   on k8s.tf line 10, in provider "libvirt":
│   10: provider "libvirt" {
│ 
╵

After checking the documentation on https://libvirt.org/uri.html I added sshauth=privkey to the URI and it works!!!

qemu+ssh://<USERNAME>@<ADDRESS>/system?keyfile=<PATH TO PRIVATE KEY>&sshauth=privkey

I hope this could help.

mc256 on Dec 6, 2021