Error in bootstrapping chef nodes with chef workstation using ssh

Question

I am facing issue while running this command on my chef workstation

knife bootstrap <private-ip> --ssh-user ec2-user --sudo -i node1-key.pem -N node1

It is returning this error instead of bootstrapping my node with workstation

[root@ip-172-31-39-176 chef-repo]# knife bootstrap 172.31.42.29 --ssh-user ec2-user --sudo -i node1-key.pem -N node1
--ssh-user: This flag is deprecated. Use -U/--connection-user instead.
Connecting to 172.31.42.29 using ssh
The authenticity of host '172.31.42.29 ()' can't be established.
fingerprint is SHA256:sm4WkVY+9fvemldz5CjSkracEZL8dSv9UnHkbk3DICk.

Are you sure you want to continue connecting
? (Y/N) Y
Connecting to 172.31.42.29 using ssh
WARN: [SSH] connection failed, terminating (#<Net::SSH::AuthenticationFailed: Authentication failed for user [email protected]>)
WARNING: Failed to authenticate ec2-user to 172.31.42.29 - trying password auth
Enter password for [email protected]:
Connecting to 172.31.42.29 using ssh
ERROR: Train::ClientError: Your SSH Agent has no keys added, and you have not specified a password or a key file

I have tried recreating node server with updated .pem file

Answer 1

Since the issue you are experiencing is related to the ssh connection and not something unique to knife, it would be a good idea to drop down into ssh directly and troubleshoot from there.

Somethings to try/verify:

• (SSH) Make sure pem key has only read/write permissions for the owner (chmod 600 node1-key.pem), and that root (since that is the user in your example) is the owner/group (chown root:root node1-key.pem).
• (AWS) Ensure that the new keypair you generated is associated with your nodes. It sounds like you did this already, but it doesn't hurt to call it out
• (AWS) Ensure the ec2 node is in a security group that accepts inbound ssh connections