SSH failed with Ubuntu 22 and Centos 9

[hcuiasv]

🗣️ Foreword

Thank for taking the time to fill this bug report fully. Without it we may not be able to fix the bug, and the issue may be closed without resolution.

👻 Brief Description

I am doing kitchen test with docker driver on Ubuntu 22 and Centos 9 platforms but it fails in SSH of kitchen create step.

Version

chef_version=17.10.3
platform=centos
ruby=ruby 3.0.3p157 (2021-11-24 revision 3fb7d2cadc) [x86_64-linux]
program_name=/opt/chef/bin/chef-solo
executable=/opt/chef/bin/chef-solo

Environment

Scenario

The kitchen test fails in kitchen create:

Successfully built fb2ef53a9909
D      [local command] END (0m1.06s)
D      build_run_command: run -d -p 22 -v /home/***:/vagrant --name defaultcentos9-***-gwxyskp5 --privileged fb2ef53a9909 /sbin/init
D      docker_command: docker -H unix:///var/run/docker.sock run -d -p 22 -v /home/***:/vagrant --name defaultcentos9-***-gwxyskp5 --privileged fb2ef53a9909 /sbin/init shell_opts: {}
D      [local command] BEGIN (docker -H unix:///var/run/docker.sock run -d -p 22 -v /home/***:/vagrant --name defaultcentos9-***-gwxyskp5 --privileged fb2ef53a9909 /sbin/init)
       cf4de9be2f979e561dfc7be1d2c938eb3c3665016015553e0a864d063878d745
D      [local command] END (0m0.29s)
D      docker_command: docker -H unix:///var/run/docker.sock port cf4de9be2f979e561dfc7be1d2c938eb3c3665016015553e0a864d063878d745 22/tcp shell_opts: {}
D      [local command] BEGIN (docker -H unix:///var/run/docker.sock port cf4de9be2f979e561dfc7be1d2c938eb3c3665016015553e0a864d063878d745 22/tcp)
       0.0.0.0:49197
       :::49197
D      [local command] END (0m0.01s)
D      [SSH] opening connection to kitchen@localhost<{:user_known_hosts_file=>"/dev/null", :port=>49197, :compression=>false, :compression_level=>0, :keepalive=>true, :keepalive_interval=>60, :keepalive_maxcount=>3, :timeout=>15, :keys_only=>true, :keys=>["/home/***/.kitchen/docker_id_rsa"], :auth_methods=>["publickey"], :verify_host_key=>:never}>
D      [SSH] connection failed (#<Errno::ECONNRESET: Connection reset by peer>)
       Waiting for SSH service on localhost:49197, retrying in 3 seconds
D      [SSH] opening connection to kitchen@localhost<{:user_known_hosts_file=>"/dev/null", :port=>49197, :compression=>false, :compression_level=>0, :keepalive=>true, :keepalive_interval=>60, :keepalive_maxcount=>3, :timeout=>15, :keys_only=>true, :keys=>["/home/***/.kitchen/docker_id_rsa"], :auth_methods=>["publickey"], :verify_host_key=>:never}>
D      [SSH] connection failed (#<Net::SSH::AuthenticationFailed: Authentication failed for user kitchen@localhost>)
       Waiting for SSH service on localhost:49197, retrying in 3 seconds
D      [SSH] opening connection to kitchen@localhost<{:user_known_hosts_file=>"/dev/null", :port=>49197, :compression=>false, :compression_level=>0, :keepalive=>true, :keepalive_interval=>60, :keepalive_maxcount=>3, :timeout=>15, :keys_only=>true, :keys=>["/home/***/.kitchen/docker_id_rsa"], :auth_methods=>["publickey"], :verify_host_key=>:never, :logger=>#<Logger:0x0000560d298caaf0 @level=4, @progname=nil, @default_formatter=#<Logger::Formatter:0x0000560d298caac8 @datetime_format=nil>, @formatter=nil, @logdev=#<Logger::LogDevice:0x0000560d298caa78 @shift_period_suffix=nil, @shift_size=nil, @shift_age=nil, @filename=nil, @dev=#<IO:<STDERR>>, @binmode=false, @mon_data=#<Monitor:0x0000560d298caa28>, @mon_data_owner_object_id=2880>>, :password_prompt=>#<Net::SSH::Prompt:0x0000560d298ca9b0>, :user=>"kitchen"}>

My kitchen.yml file is as below:

---
driver:
  name: docker
  use_sudo: false
  privileged: true
  volume: <%= Dir.pwd %>:/vagrant
  socket: <%= ENV['DOCKER_HOST'] || 'unix:///var/run/docker.sock' %>
  ssh_timeout: 5
  ssh_retries: 5

provisioner:
  name: chef_solo

platforms:
  - name: centos-9
    driver_config:
      image: rockylinux/rockylinux:9
      provision_command:
        - yum -y install initscripts
        - yum -y install iproute
      run_command: /sbin/init

suites:
  - name: default
    run_list:
      - ***

I can ssh to it with command ssh -p <port> -i <private-key-path> kitchen@localhost without any issue. And I checked that the container is forwarding the correct port:

CONTAINER ID   IMAGE          COMMAND        CREATED          STATUS          PORTS                                     NAMES
cf4de9be2f97   fb2ef53a9909   "/sbin/init"   14 minutes ago   Up 14 minutes   0.0.0.0:49197->22/tcp, :::49197->22/tcp   defaultcentos9-

I tried every effort in unsettling ssh-agent or stop it's daemon. None of them work. This issue only happens with Ubuntu 22 or Centos 9. It works well with Ubutnu 18, 20 and Centos 8

Any advice would be helpful, thanks in advance!

[aerickson]

22.04 isn't working because it requires an ECDSA key.

Sep 01 19:14:27 337de265b081 sshd[231]: userauth_pubkey: key type ssh-rsa not in PubkeyAcceptedAlgorithms [preauth]
Sep 01 19:14:27 337de265b081 sshd[231]: Connection closed by authenticating user kitchen 172.17.0.1 port 62764 [preauth]

hashicorp/packer#11656 has some more details.

[aerickson]

I've gotten this to work by specifying an ed25519 key like below:

driver:
  name: docker
  public_key: test/id_ed25519.pub
  private_key: test/id_ed25519

The key can be generated with ssh-keygen -t ed25519.