Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add support for sk-ecdsa-sha2-nistp256@openssh.com and sk-ssh-ed25519@openssh.com #72

Open
fbettag opened this issue May 31, 2020 · 1 comment
Open

Add support for sk-ecdsa-sha2-nistp256@openssh.com and sk-ssh-ed25519@openssh.com #72

fbettag opened this issue May 31, 2020 · 1 comment

Comments

@fbettag
Copy link

fbettag commented May 31, 2020

Can we add support for sk-ssh-ed25519@openssh.com and sk-ecdsa-sha2-nistp256@openssh.com keys. Maybe even check https://man.openbsd.org/sshd#AUTHORIZED_KEYS_FILE_FORMAT for other formats this is missing :)
@HLFH HLFH mentioned this issue Jun 22, 2021
Closed
@smlx smlx mentioned this issue Feb 24, 2022
Closed
@cdchris12 cdchris12 mentioned this issue Mar 31, 2022
Merged
3 tasks
@ThibaudLopez
Copy link

ThibaudLopez commented Sep 14, 2022
edited
Loading

We confirm the bug:

Here are two examples of valid SSH public key fingerprints, they are from physical security keys, where prefix sk is for SSH Security Keys, see https://www.yubico.com/blog/github-now-supports-ssh-security-keys/ :

> cat .ssh/id_ecdsa_sk.pub
sk-ecdsa-sha2-nistp256@openssh.com AAAAInNrLWVjZHNhLXNoYTItbmlzdHAyNTZAb3BlbnNzaC5jb20AAAAIbmlzdHAyNTYAAABBBAlulpLk2cp9XsbCWxwpxgKIBpxUlSki4Y3k+0huraRzVtYy4FaKyXGZ4kyCpkdhsSrkSD8ptbeks9lzV1tGe2wAAAAEc3NoOg== [REDACTED]@[REDACTED].com

> cat [REDACTED]
sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIKdtLKvpwRRMdmoo1Exj8/MxSVOb5zN47eJmVg9ttVP2AAAABHNzaDo= [REDACTED]

But sshpk fails to parse them:

let sshpk = require('sshpk');
sshpk.parseKey('sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIKdtLKvpwRRMdmoo1Exj8/MxSVOb5zN47eJmVg9ttVP2AAAABHNzaDo=', 'ssh');
sshpk.parseKey('sk-ecdsa-sha2-nistp256@openssh.com AAAAInNrLWVjZHNhLXNoYTItbmlzdHAyNTZAb3BlbnNzaC5jb20AAAAIbmlzdHAyNTYAAABBBAlulpLk2cp9XsbCWxwpxgKIBpxUlSki4Y3k+0huraRzVtYy4FaKyXGZ4kyCpkdhsSrkSD8ptbeks9lzV1tGe2wAAAAEc3NoOg==', 'ssh');
Uncaught:
KeyParseError: Failed to parse (unnamed) as a valid ssh format key: key must match regex
    at Object.Key.parse [as parseKey] (node_modules/sshpk/lib/key.js:261:10) {
  format: 'ssh',
  keyName: '(unnamed)',
  innerErr: AssertionError [ERR_ASSERTION]: key must match regex
      at Object.read (node_modules/sshpk/lib/formats/ssh.js:32:9)
      at Object.Key.parse [as parseKey] (node_modules/sshpk/lib/key.js:252:27)
      at Script.runInThisContext (node:vm:129:12)
      at REPLServer.defaultEval (node:repl:566:29)
      at bound (node:domain:421:15)
      at REPLServer.runBound [as eval] (node:domain:432:12)
      at REPLServer.onLine (node:repl:893:10)
      at REPLServer.emit (node:events:539:35)
      at REPLServer.emit (node:domain:475:12) {
    generatedMessage: false,
    code: 'ERR_ASSERTION',
    actual: null,
    expected: true,
    operator: '=='
  }
}
It also fails when parsing as `openssh` and `auto`. 
> sshpk.parseKey('sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIKdtLKvpwRRMdmoo1Exj8/MxSVOb5zN47eJmVg9ttVP2AAAABHNzaDo=', 'opensshssh');
Uncaught AssertionError [ERR_ASSERTION]: formats[format] (object) is required
    at Object.Key.parse [as parseKey] (node_modules/sshpk/lib/key.js:249:9)
    at REPL2:1:7
    at Script.runInThisContext (node:vm:129:12)
    at REPLServer.defaultEval (node:repl:566:29)
    at bound (node:domain:421:15)
    at REPLServer.runBound [as eval] (node:domain:432:12)
    at REPLServer.onLine (node:repl:893:10)
    at REPLServer.emit (node:events:539:35)
    at REPLServer.emit (node:domain:475:12)
    at REPLServer.Interface._onLine (node:readline:487:10) {
  generatedMessage: false,
  code: 'ERR_ASSERTION',
  actual: 'undefined',
  expected: 'object',
  operator: '==='
}

> sshpk.parseKey('sk-ecdsa-sha2-nistp256@openssh.com AAAAInNrLWVjZHNhLXNoYTItbmlzdHAyNTZAb3BlbnNzaC5jb20AAAAIbmlzdHAyNTYAAABBBAlulpLk2cp9XsbCWxwpxgKIBpxUlSki4Y3k+0huraRzVtYy4FaKyXGZ4kyCpkdhsSrkSD8ptbeks9lzV1tGe2wAAAAEc3NoOg==', 'openssh');
Uncaught:
KeyParseError: Failed to parse (unnamed) as a valid openssh format key: Cannot read properties of undefined (reading 'match')
    at Object.Key.parse [as parseKey] (node_modules/sshpk/lib/key.js:261:10) {
  format: 'openssh',
  keyName: '(unnamed)',
  innerErr: TypeError: Cannot read properties of undefined (reading 'match')
      at Object.read (node_modules/sshpk/lib/formats/pem.js:63:19)
      at Object.read (node_modules/sshpk/lib/formats/ssh-private.js:26:14)
      at Object.Key.parse [as parseKey] (node_modules/sshpk/lib/key.js:252:27)
      at REPL3:1:7
      at Script.runInThisContext (node:vm:129:12)
      at REPLServer.defaultEval (node:repl:566:29)
      at bound (node:domain:421:15)
      at REPLServer.runBound [as eval] (node:domain:432:12)
      at REPLServer.onLine (node:repl:893:10)
      at REPLServer.emit (node:events:539:35)
}

> sshpk.parseKey('sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIKdtLKvpwRRMdmoo1Exj8/MxSVOb5zN47eJmVg9ttVP2AAAABHNzaDo=', 'auto');
Uncaught:
KeyParseError: Failed to parse (unnamed) as a valid auto format key: Failed to auto-detect format of key
    at Object.Key.parse [as parseKey] (node_modules/sshpk/lib/key.js:261:10) {
  format: 'auto',
  keyName: '(unnamed)',
  innerErr: Error: Failed to auto-detect format of key
      at Object.read (node_modules/sshpk/lib/formats/auto.js:48:9)
      at Object.Key.parse [as parseKey] (node_modules/sshpk/lib/key.js:252:27)
      at REPL4:1:7
      at Script.runInThisContext (node:vm:129:12)
      at REPLServer.defaultEval (node:repl:566:29)
      at bound (node:domain:421:15)
      at REPLServer.runBound [as eval] (node:domain:432:12)
      at REPLServer.onLine (node:repl:893:10)
      at REPLServer.emit (node:events:539:35)
      at REPLServer.emit (node:domain:475:12)
}

> sshpk.parseKey('sk-ecdsa-sha2-nistp256@openssh.com AAAAInNrLWVjZHNhLXNoYTItbmlzdHAyNTZAb3BlbnNzaC5jb20AAAAIbmlzdHAyNTYAAABBBAlulpLk2cp9XsbCWxwpxgKIBpxUlSki4Y3k+0huraRzVtYy4FaKyXGZ4kyCpkdhsSrkSD8ptbeks9lzV1tGe2wAAAAEc3NoOg==', 'auto');
Uncaught:
KeyParseError: Failed to parse (unnamed) as a valid auto format key: Failed to auto-detect format of key
    at Object.Key.parse [as parseKey] (node_modules/sshpk/lib/key.js:261:10) {
  format: 'auto',
  keyName: '(unnamed)',
  innerErr: Error: Failed to auto-detect format of key
      at Object.read (node_modules/sshpk/lib/formats/auto.js:48:9)
      at Object.Key.parse [as parseKey] (node_modules/sshpk/lib/key.js:252:27)
      at REPL5:1:7
      at Script.runInThisContext (node:vm:129:12)
      at REPLServer.defaultEval (node:repl:566:29)
      at bound (node:domain:421:15)
      at REPLServer.runBound [as eval] (node:domain:432:12)
      at REPLServer.onLine (node:repl:893:10)
      at REPLServer.emit (node:events:539:35)
      at REPLServer.emit (node:domain:475:12)
}

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@fbettag @ThibaudLopez