travis.rb icon indicating copy to clipboard operation
travis.rb copied to clipboard

Published 20 hours ago verified publisher icon travis-ci

Private key without passphrase are no supported

Open nbessi opened this issue 10 years ago • 13 comments

Hello,

You can not upload a private key without pass phase or an empty pass phrase a the client keeps asking a pass phrase infinitly.

This feature was working before and prevent us to upload our deployment key on travis.

Regards

Nicolas

nbessi avatar Jan 23 '15 09:01 nbessi

Hi @nbessi, we'll look into the issue. In the meantime, you should be able to upload the key via the web interface (under settings).

rkh avatar Jan 24 '15 11:01 rkh

This is still an issue. Also, when uploading the private key via the web interface the error "This key is not a private key." appears.

grmoon avatar Nov 30 '18 14:11 grmoon

Same issue. Pasting ssh private key in settings gives the error "This key is not a private key."

notmedia avatar Jan 04 '19 00:01 notmedia

Same here.

yaroslav-ilin avatar Jan 15 '19 14:01 yaroslav-ilin

Same problem!

cristian-eriomenco avatar Jan 16 '19 11:01 cristian-eriomenco

Same here!

danburtenshaw avatar Jan 16 '19 11:01 danburtenshaw

Same here, this problem is really annoying as I can't pull down a repo!

Burtbox avatar Jan 16 '19 11:01 Burtbox

Got same issue.

ps. In my case, using openssl instead of opnssh and using RSA instead of ed25519 worked in the web interface:

To create private key: openssl genrsa -out deployment.key 4096

To extract public key in OpenSSH format to upload to GitHub: ssh-keygen -f deployment.key -y > deployment.pub

ozars avatar Jan 16 '19 23:01 ozars

I got "This key is not a private key." when uploading a key generated with Mac OS Mojave. This is because Mojave uses Open SSH 7.8, which has changed the file format of the private key from RSA to OpenSSH. The key is still in RSA format.

You can make Mac OS generate a key with the RSA file format by adding -m PEM to the ssh-keygen command, e.g.

ssh-keygen -t rsa -b 4096 -f 'github_deploy_key' -N '' -m PEM

https://stackoverflow.com/a/52548720/691427 https://serverfault.com/questions/939909/ssh-keygen-does-not-create-rsa-private-key

jakul avatar Jan 24 '19 11:01 jakul

Yall might consider limiting the wrong answers for passphrases to 3, otherwise the Travis CLI gets stuck in an infinite loop and due to HighLine swallowing SIGINT you can't cancel out. That would at least prevent having to close the terminal window. Something along the lines of (sorry my Ruby is extremely rusty at this point):

diff --git a/lib/travis/cli/sshkey.rb b/lib/travis/cli/sshkey.rb
index 80b0179..17459d3 100644
--- a/lib/travis/cli/sshkey.rb
+++ b/lib/travis/cli/sshkey.rb
@@ -80,9 +80,14 @@ module Travis
         return Tools::SSLKey.remove_passphrase(value, passphrase) || error("wrong pass phrase") if passphrase
         error "Key is encrypted, but missing --passphrase option" unless interactive?
         say "The private key is protected by a pass phrase."
-        result = Tools::SSLKey.remove_passphrase(value, ask("Enter pass phrase: ") { |q| q.echo = "*" }) until result
-        empty_line
-        result
+        3.times do
+          result = Tools::SSLKey.remove_passphrase(value, ask("Enter pass phrase: ") { |q| q.echo = "*" })
+          if result
+            empty_line
+            return result
+          end
+        end
+        error "3 incorrect passcode attempts, exiting"
       end
 
       def check_access(gh)

Faheetah avatar Feb 23 '21 18:02 Faheetah

Huge painful issue

yackermann avatar Apr 16 '22 08:04 yackermann