sftp icon indicating copy to clipboard operation
sftp copied to clipboard

Published 20 hours ago verified publisher icon atmoz

Alpine specific host key 'invalid format' error

Open ThomDietrich opened this issue 3 years ago • 9 comments

Following error only shows on the alpine image, not with the latest image.

-> % docker-compose up
Starting sftpserver_sftp_1 ... done
Attaching to sftpserver_sftp_1
sftp_1  | [/entrypoint] Executing sshd
sftp_1  | Unable to load host key "/etc/ssh/ssh_host_rsa_key": invalid format
sftp_1  | Server listening on 0.0.0.0 port 22.
sftp_1  | Server listening on :: port 22.

We followed README instructions on how to create and bind the key files. Happy to provide further details if this can not immediately be reproduced. Best and thanks!

ThomDietrich avatar Jul 24 '20 16:07 ThomDietrich

I get the same error on alpine.

And on latest I get this error:

"Error loading host key "/etc/ssh/ssh_host_ed25519_key": invalid format"

On latest the rsa key load fine, the issue is only with ssh_host_ed25519_key

jorioux avatar Aug 14 '20 15:08 jorioux

Please provide any configuration files (docker-compose.yml etc.) with relevant parts. Also do a ls -l of all files so we can see file permissions as well.

Also try to generate fresh new host files (see README.md for instructions).

I'll try to add some tests

atmoz avatar Aug 19 '20 19:08 atmoz

Tests are now using host keys (f735906) and it's working in both debian and alpine: https://github.com/atmoz/sftp/runs/1005016889?check_suite_focus=true#step:9:1

So there must be something related to your setup that is different. Which operating system are you using? Also see previous comment above :point_up:

atmoz avatar Aug 19 '20 21:08 atmoz

I also have the error with :alpine tag, hosted on Debian stretch.

docker-compose.yml

  sftp:
    image: atmoz/sftp:latest
    container_name: sftp
    volumes:
    # Server keys
      - ./config/sftp/ssh_sftp_ed25519_key:/etc/ssh/ssh_host_ed25519_key:ro
      - ./config/sftp/ssh_host_rsa_key:/etc/ssh/ssh_host_rsa_key:ro
    # Users config
      - ./config/sftp/users.conf:/etc/sftp/users.conf:ro

A new key was generated with the following command: ssh-keygen -t rsa -b 4096 -f ssh_host_rsa_key < /dev/null

I'm switching for the :latest tag tor the moment.

Thanks for your help and for your time !

CyrilLD avatar Aug 27 '20 13:08 CyrilLD

I am also getting same error on alpine but on latest or alpine-3.7, it works fine...

docker run --init -v $(pwd)/ssh_host_ed25519_key:/etc/ssh/ssh_host_ed25519_key -v $(pwd)/ssh_host_rsa_key:/etc/ssh/ssh_host_rsa_key -p 2222:22 -it atmoz/sftp:alpine ali:pwd:1001

Logs:

[/usr/local/bin/create-sftp-user] Parsing user data: "ali:pwd:1001"
[/entrypoint] Executing sshd
Unable to load host key "/etc/ssh/ssh_host_rsa_key": invalid format
Server listening on 0.0.0.0 port 22.
Server listening on :: port 22.

And same command with latest or alpine:3.7 works fine

docker run --init -v $(pwd)/ssh_host_ed25519_key:/etc/ssh/ssh_host_ed25519_key -v $(pwd)/ssh_host_rsa_key:/etc/ssh/ssh_host_rsa_key -p 2222:22 -it atmoz/sftp:latest ali:pwd:1001

Logs:

[/usr/local/bin/create-sftp-user] Parsing user data: "ali:pwd:1001"
[/entrypoint] Executing sshd
Server listening on 0.0.0.0 port 22.
Server listening on :: port 22.

kahootali avatar Sep 07 '20 09:09 kahootali

Seems to be related to newer OpenSSH version has changed format outputted by ssh-keygen: https://www.openssh.com/txt/release-7.8

 * ssh-keygen(1): write OpenSSH format private keys by default
   instead of using OpenSSL's PEM format. The OpenSSH format,
   supported in OpenSSH releases since 2014 and described in the
   PROTOCOL.key file in the source distribution, offers substantially
   better protection against offline password guessing and supports
   key comments in private keys. If necessary, it is possible to write
   old PEM-style keys by adding "-m PEM" to ssh-keygen's arguments
   when generating or updating a key.

This is mention as a possible issue in BitBucket as well: https://community.atlassian.com/t5/Bitbucket-questions/From-OpenSSH-7-8-the-default-format-RSA-key-pair-has-changed/qaq-p/922645

One workaround was to use ssh-keygen -m PEM -t rsa -b 4096 to get the old format.

Make sure to check which version of ssh-keygen you are using. alpine is currently using OpenSSH version 8 while debian is still on version 7.

atmoz avatar Oct 29 '20 19:10 atmoz

This may or may not help, but when I encountered the issue I noticed that my host keys did not have a newline at the end of the file - the new ones did. I did not analyze the private key contents directly though... I did generate my keys with the commands listed in the docker hub repository as far as I remember.

philippfreyer avatar Oct 30 '20 06:10 philippfreyer

Missing line ending at the end of the key files was the issue for me with this errror. Also use LF instead of CRLF.

masonb81 avatar Feb 08 '21 09:02 masonb81

@atmoz sounds like a bit of pre-use modification of the provided key file could solve the issue? I am unsure whether this is a clean solution or just a minor patch for a bigger problem.

ThomDietrich avatar Feb 08 '21 09:02 ThomDietrich