no check for id_ed25519 ssh key (only id_rsa is checked)

[korncola]

Linux distribution

Arch Linux

Terraform version

1.9.7

Provider and libvirt versions

provider: 0.8.0

Description of Issue/Question

module only checks for id_rsa ssh key, not for other types like the recommend state of the art key typeid_ed25519

Steps to Reproduce Issue

• have no id_rsa just a id_ed25519
• ssh connect to qemu fails with:
• [INFO] provider.terraform-provider-libvirt_v0.8.0: 2024/10/12 19:53:03 [ERROR] Failed to read ssh key '${HOME}/.ssh/id_rsa': open /Users/korncola/.ssh/id_rsa: no such file or directory: timestamp="2024-10-12T19:53:03.332+0200"
• [ERROR] provider.terraform-provider-libvirt_v0.8.0: Response contains error diagnostic: tf_req_id=6d164000-3306-e756-43da-748d1f0823de tf_rpc=Configure @caller=github.com/hashicorp/[email protected]/tfprotov5/internal/diag/diagnostics.go:58 diagnostic_detail="" diagnostic_severity=ERROR tf_proto_version=5.6 @module=sdk.proto diagnostic_summary="failed to connect: failed to connect to remote host 'kvm.example.com': ssh: handshake failed: ssh: unable to authenticate, attempted methods [none publickey], no supported methods remain" tf_provider_addr=provider timestamp="2024-10-12T19:53:03.373+0200"

[memetb]

@korncola can you confirm that the latest release v0.8.1 in PR #1112 solves your problem.

[mhtr]

@memetb hi
I have the same issue on Debian 12 with v.0.8.1 provider version.

2024-10-24T09:08:15.008Z [INFO]  provider.terraform-provider-libvirt_v0.8.1: 2024/10/24 09:08:15 [DEBUG] Reading ssh key '/home/username/.ssh/id_rsa': timestamp=2024-10-24T09:08:15.008Z
2024-10-24T09:08:15.008Z [INFO]  provider.terraform-provider-libvirt_v0.8.1: 2024/10/24 09:08:15 [INFO] SSH connecting to '<libvirt_host_ip>' (<libvirt_host_ip>): timestamp=2024-10-24T09:08:15.008Z
2024-10-24T09:08:15.050Z [ERROR] provider.terraform-provider-libvirt_v0.8.1: Response contains error diagnostic: @caller=/home/username/go/pkg/mod/github.com/hashicorp/[email protected]/tfprotov5/internal/diag/diagnostics.go:58 @module=sdk.proto tf_proto_version=5.6 tf_provider_addr=provider tf_req_id=01fb2630-12dc-657a-23a6-7767d8f7e822 tf_rpc=Configure diagnostic_detail="" diagnostic_severity=ERROR diagnostic_summary="failed to connect: failed to connect to remote host '<libvirt_host_ip>': ssh: handshake failed: ssh: unable to authenticate, attempted methods [none publickey], no supported methods remain" timestamp=2024-10-24T09:08:15.050Z
2024-10-24T09:08:15.051Z [ERROR] vertex "provider[\"terraform.local/local/libvirt\"]" error: failed to connect: failed to connect to remote host '<libvirt_host_ip>': ssh: handshake failed: ssh: unable to authenticate, attempted methods [none publickey], no supported methods remain
2024-10-24T09:08:15.052Z [WARN]  Planning encountered errors, so plan is not applyable
2024-10-24T09:08:15.052Z [INFO]  backend/local: plan operation completed

Planning failed. Terraform encountered an error while generating this plan.

╷
│ Error: failed to connect: failed to connect to remote host '<libvirt_host_ip>': ssh: handshake failed: ssh: unable to authenticate, attempted methods [none publickey], no supported methods remain
│ 

[mhtr]

it seems the problem occurs when you do not specify the user in the uri line
if you specify the user like this

provider "libvirt" {
    uri = "qemu+ssh://username@<ip>/system"
}

then the connection is via ssh

[memetb]

@mhtr the error message is stating the problem:

ssh: handshake failed: ssh: unable to authenticate, attempted methods [none publickey], no supported methods remain

This means that it failed to authenticate. If you are seeing that setting the username in the query string works, then either set it in your ~/.ssh/config as per man page (using User attribute), or specify it in the query string as part of your TF plan.

[llajas]

Reporting the same on 0.8.0 - I get the exact same error as above (ssh: handshake failed: ssh: unable to authenticate, attempted methods [none publickey], no supported methods remain).

I'm using the same ed25519 key I would usually use for accessing my libvirt host and normal SSH works fine there, it just doesn't when using this provider.

Generating a new RSA key and using that instead works without issue so I assume it's a provider or dependency limitation.

[rismalrv]

Reporting the same on 0.8.0 - I get the exact same error as above (ssh: handshake failed: ssh: unable to authenticate, attempted methods [none publickey], no supported methods remain).

I'm using the same ed25519 key I would usually use for accessing my libvirt host and normal SSH works fine there, it just doesn't when using this provider.

Generating a new RSA key and using that instead works without issue so I assume it's a provider or dependency limitation.

This worked for me when using an Ed25519 key with a passphrase:

cat ~/.ssh/config
AddKeysToAgent yes

provider "libvirt" {
  uri = "qemu+ssh://user@remote-ip/system?keyfile=/path/to/key/.ssh/id_ed25519&no_verify=1&known_hosts_verify=ignore&sshauth=privkey,agent"
}

The "agent" option in sshauth is required when using the modular Libvirt daemon with private keys secured by passphrases.
Additionally, ssh-agent must already be running. However, when using the monolithic Libvirt daemon, the "agent" part is not needed.