Can't connect with OpenSSH private keys #53
Comments
|
Ah yes this is an issue I saw when reading documentation while investigating the other key issue #23 and has to do with JSch not natively recognising the OpenSSH format (starts with a different --- line on the PEM, says |
|
turns out to be harder than I thought: https://github.com/is/jsch/blob/master/src/main/java/com/jcraft/jsch/KeyPair.java#L209-L245 and https://coolaj86.com/articles/the-openssh-private-key-format/ |
|
Might be time to look at moving to a maintained fork of Jsch which addresses this very issue: https://github.com/mwiede/jsch It is more than just a drop in replacement though, I tried it and was getting KeyExchange exceptions. Probably has something to with "For compatibility with OpenSSH and improved security, the order of crypto algorithms was changed. If you still want to use older or deprecated algorithms, you need to change the configuration." I have not tried changing the configuration. |
|
fixed in 0.1.1 |
I continued to have ssh issues after upgrading to 0.1.0-alpha.9 so I tried a couple different things.
Using PEM keys works fine for me:
With that I can ssh with
ssh -i privatekey user@hostand can connect with spire, using the :username, :hostname, and :identity options.Using the default format (on my MacOS 10.15.4 using OpenSSH_8.1p1) doesn't work with spire:
With that I can ssh with
ssh -i privatekey user@hostbut attempting to connect with spire gives meinvalid privatekey: [B@106e2d130 [at provision.clj, line 1, column 1] {:type :sci/error, :line 1, :column 1, :message "invalid privatekey: [B@106e2d1 30 [at provision.clj, line 1, column 1]"}I'm just going to use PEM format keys, but perhaps spire should support the OpenSSH format as well.
The text was updated successfully, but these errors were encountered: