Packer, Ansible, AWS, RHEL: SSH misunderstandings

I’ve recently been giving a go to Packer, trying to build an AWS AMI off the Red Hat Entreprise Linux 8 images (I use Fedora as my own system so I tend to use RHEL for its familiarity).

sign_and_send_pubkey: no mutual signature supported

To provision the image I’m also using Ansible, which I’ve also recently discovered and am trying to leverage.

Now I stumbled quite early into an issue with Ansible unable to talk to the spun-up EC2 instance with the backed AMI.

I’ll paste the end of the backtrace here (extracted through "extra_arguments": ["-vvvv"] in the Packer), just because it took me quite a while to find something that seemed relevant on the web.

\"Failed to connect to the host via ssh: OpenSSH_8.4p1, OpenSSL 1.1.1h FIPS 22 Sep 2020
debug1: Will attempt key: /tmp/ansible-key907850994  explicit
debug2: pubkey_prepare: done
debug3: send packet: type 5
debug3: receive packet: type 6
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug3: send packet: type 50
debug3: receive packet: type 51
debug1: Authentications that can continue: publickey
debug3: start over, passed a different list publickey
debug3: preferred gssapi-with-mic,gssapi-keyex,hostbased,publickey
debug3: authmethod_lookup publickey
debug3: remaining preferred: ,gssapi-keyex,hostbased,publickey
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Trying private key: /tmp/ansible-key907850994
debug3: sign_and_send_pubkey: RSA SHA256:[redacted]
sign_and_send_pubkey: no mutual signature supported
debug2: we did not send a packet, disable method
debug1: No more authentication methods to try.

ec2-user@127.0.0.1: Permission denied (publickey).\""

I got sidetracked a lot looking for answers, but eventually found a rather simple solution which I’ll relay here: just allow this specific SSH key type into your SSH config (/.ssh/config):

Host *
  PubkeyAcceptedKeyTypes=+ssh-dss

That re-established dialogue between Ansible and the EC2 instance; hopefully this helps someone else.

Date: 2020-11-19 Thu 00:00

Created: 2020-11-20 Fri 00:13