Cannot connect to an Instance using ssh after Broken pipe

Question

I'm totally new using SaltStack and AWS, probably this is a dumb question, I created an AMI (using packer) with SaltStack (masterless) as a provisioner... I was able to connect via ssh and make a configuration to the minion. I was able to run salt-call state.highstate successfully. Later, I lost the connection to my instance, ([root@<ip> ec2-user]# Write failed: Broken pipe) and after that, I wasn't able to connect again.

What's been tried:

1. Reboot the instance and didn't work
2. I've checked the permissions on the .ssh files and they seem fine
3. Create a new instance and use the same key.pem and I was able to connect to this new instance.

I'm not sure if I'm missing a configuration in SaltStack. Is there a possibility that the keys on my instance changed after running salt-call state.highstate ??

What am I doing wrong?

Answer 1

There's nothing inherent in running highstate that would have terminated the SSH connection and prevented you from reconnecting. I would suspect it's something in your SLS files which is breaking SSH - which is applied when you run highstate.

Things that might have been done by your Salt states:

• your SSH keys were removed/mangled
• opensshd config was changed
• openssh-server was uninstalled

EDIT: Having seen the output from Salt in the pastebin linked in comments, it's probably the AuthorizedKeysFile option being commented out:

-AuthorizedKeysFile .ssh/authorized_keys
+#AuthorizedKeysFile    .ssh/authorized_keys

I recommend using file.replace to patch in specific changes you need, as opposed to replacing the whole /etc/ssh/sshd_config with a new version.