git-resource icon indicating copy to clipboard operation
git-resource copied to clipboard

Published 20 hours ago verified publisher icon concourse

ed25519 private keys report 'invalid format'

Open GJKrupa opened this issue 4 years ago • 4 comments

I'm trying to access a GitLab instance using an ed25519 keypair. The resource config is as follows:

resources:
  - name: source-code
    type: git
    source:
      uri: git@my-gitlab-server:test/test.git
      branch: master
      private_key: |
        -----BEGIN OPENSSH PRIVATE KEY-----
        b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtz
        c2gtZWQyNTUxOQAAACBW07R2sSrocj/6pT3d0+dp9Y6Bj6NfHJUjmEypXFniSgAA
        AIMA/wD/AP8A/wAAAAtzc2gtZWQyNTUxOQAAACBW07R2sSrocj/6pT3d0+dp9Y6B
        j6NfHJUjmEypXFniSgAAAECH7LxFlFkKVw9rRN0vImKc/lE8wqlI2lfpyKPI3unR
        9lbTtHaxKuhyP/qlPd3T52n1joGPo18clSOYTKlcWeJKAAAAAA==
        -----END OPENSSH PRIVATE KEY-----

(this private key is no longer valid ofc)

When using this config, builds stall at the first stage and running check-resource results in the following:

$ fly -t my-team check-resource -r test/source-code
error: check failed with exit status '1':
Error loading key "/tmp/git-resource-private-key": invalid format

If I use an RSA2048 key-pair instead, it works fine.

GJKrupa avatar Dec 06 '19 17:12 GJKrupa

Still doesn't work in v7.3.2.

adwski avatar Jul 05 '21 14:07 adwski

At least with programs like ssh-add (not sure about this) - ed25519 keys require a blank newline at the end of the file. Not sure how best to represent that in YAML.

# invalid:
 -----BEGIN OPENSSH PRIVATE KEY-----
b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtz
c2gtZWQyNTUxOQAAACBW07R2sSrocj/6pT3d0+dp9Y6Bj6NfHJUjmEypXFniSgAA
AIMA/wD/AP8A/wAAAAtzc2gtZWQyNTUxOQAAACBW07R2sSrocj/6pT3d0+dp9Y6B
j6NfHJUjmEypXFniSgAAAECH7LxFlFkKVw9rRN0vImKc/lE8wqlI2lfpyKPI3unR
9lbTtHaxKuhyP/qlPd3T52n1joGPo18clSOYTKlcWeJKAAAAAA==
-----END OPENSSH PRIVATE KEY-----

but

# valid:
 -----BEGIN OPENSSH PRIVATE KEY-----
b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtz
c2gtZWQyNTUxOQAAACBW07R2sSrocj/6pT3d0+dp9Y6Bj6NfHJUjmEypXFniSgAA
AIMA/wD/AP8A/wAAAAtzc2gtZWQyNTUxOQAAACBW07R2sSrocj/6pT3d0+dp9Y6B
j6NfHJUjmEypXFniSgAAAECH7LxFlFkKVw9rRN0vImKc/lE8wqlI2lfpyKPI3unR
9lbTtHaxKuhyP/qlPd3T52n1joGPo18clSOYTKlcWeJKAAAAAA==
-----END OPENSSH PRIVATE KEY-----

dwanderson-intel avatar Apr 11 '22 21:04 dwanderson-intel

when i changed the last CRLF to LF, it works well.

KomiMoe avatar Jun 14 '22 00:06 KomiMoe

I was just trying to access a blank VPS from the Chromebook SSH app and landed here. Adding the trailing newline onto the private key fixed the error here as well. It's a very interesting (and arbitrary) failure case :) thanks for the fix

danopia avatar Aug 22 '22 16:08 danopia