cpu icon indicating copy to clipboard operation
cpu copied to clipboard
verified publisher icon u-root

RFE: doc is cpu able to use password protected keys ?

Open truatpasteurdotfr opened this issue 4 years ago • 5 comments

Hi,

I am trying to use cpu with an ssh host with a password protected key and fails... (here is just an alias for localhost)

[tru@elitebook840g3 cpu]$ ./cpu_linux_amd64 -d -bin `pwd`/cpud_linux_amd64 here  cat -r /tmp/toto
2022/02/15 17:15:40 
Running as client, to host "here", args "cat -r /tmp/toto"
2022/02/15 17:15:40 getKeyFile for ""
2022/02/15 17:15:40 key file from config is "~/.ssh/keys/5CG6481CF1/id_ed25519"
2022/02/15 17:15:40 getKeyFile returns "/home/tru/.ssh/keys/5CG6481CF1/id_ed25519"
2022/02/15 17:15:40 getPort("here", "")
2022/02/15 17:15:40 config.Get("here",""): "22"
2022/02/15 17:15:40 getPort: return default "23"
2022/02/15 17:15:40 returns "23"
2022/02/15 17:15:40 SSH error ParsePrivateKey /home/tru/.ssh/keys/5CG6481CF1/id_ed25519: ssh: this private key is passphrase protected

ssh-agent is running and the key is added:

[tru@elitebook840g3 cpu]$ ssh-add -l
...
256 SHA256:VIYMqpyDakJNiscj3srwC4VivwK1HYPIr9xh2UF/Occ 5CG6481CF1 (ED25519)
...
[tru@elitebook840g3 cpu]$ ssh here cat /tmp/toto
X11 forwarding request failed on channel 1
toto

truatpasteurdotfr avatar Feb 15 '22 16:02 truatpasteurdotfr

that's weird, this should work, can you try again. I could have sworn the new ssh client package I'm using does this.

rminnich avatar Mar 07 '22 20:03 rminnich 

[tru@elitebook840g3 cpu]$ go version
go version go1.17 linux/amd64
[tru@elitebook840g3 cpu]$ git pull
Already up-to-date.
[tru@elitebook840g3 cpu]$ git status
# On branch main
# Changes not staged for commit:
#   (use "git add <file>..." to update what will be committed)
#   (use "git checkout -- <file>..." to discard changes in working directory)
#
#	modified:   go.mod
#
no changes added to commit (use "git add" and/or "git commit -a")
[tru@elitebook840g3 cpu]$ git diff
diff --git a/go.mod b/go.mod
index acb4545..8fb3b74 100644
--- a/go.mod
+++ b/go.mod
@@ -23,3 +23,5 @@ require (
        github.com/vishvananda/netlink v1.1.1-0.20211118161826-650dca95af54 // indirect
        github.com/vishvananda/netns v0.0.0-20210104183010-2eb08e3e575f // indirect
 )
+
+require github.com/hashicorp/errwrap v1.0.0 // indirect
[tru@elitebook840g3 cpu]$ ~/go/bin/gox -os="linux" -arch="amd64"  ./...
Number of parallel builds: 3

-->     linux/amd64: github.com/u-root/cpu/cmds/cpud
-->     linux/amd64: github.com/u-root/cpu/cmds/cpu

trying ssh and cpu:

[tru@elitebook840g3 cpu]$ ssh here cat /tmp/toto
titi
[tru@elitebook840g3 cpu]$ ./cpu_linux_amd64 -d -bin /home/tru/git/github.com/u-root/cpu/cpud_linux_amd64 here  cat -r /tmp/toto
2022/03/07 22:23:04 
Running as client, to host "here", args "cat -r /tmp/toto"
2022/03/07 22:23:04 getKeyFile for ""
2022/03/07 22:23:04 key file from config is "~/.ssh/keys/5CG6481CF1/id_ed25519"
2022/03/07 22:23:04 getKeyFile returns "/home/tru/.ssh/keys/5CG6481CF1/id_ed25519"
2022/03/07 22:23:04 getPort("here", "")
2022/03/07 22:23:04 config.Get("here",""): "22"
2022/03/07 22:23:04 getPort: return default "23"
2022/03/07 22:23:04 returns "23"
2022/03/07 22:23:04 SSH error ParsePrivateKey /home/tru/.ssh/keys/5CG6481CF1/id_ed25519: ssh: this private key is passphrase protected

truatpasteurdotfr avatar Mar 07 '22 21:03 truatpasteurdotfr

Ah, that thing. This is because of an opinionated decision. Look closely at the port decision: cpu forces using port 23 when 22 is provided.

https://github.com/u-root/cpu/blob/59e1ebe6207a2294ce032c73b0476bbae956ceb6/cmds/cpu/cpu.go#L401-403

orangecms avatar Mar 27 '22 06:03 orangecms

IIRC, the idea was to distinguish between regular SSH and this implementation of cpu building on top of it.

Should we add a flag in order to allow for using cpu as a regular SSH client? Like, cpu -ssh remote-machine ls? It could imply the port 22 even.

orangecms avatar Mar 27 '22 06:03 orangecms

I have added port 23 in my .ssh/config file:

Host localhost here
        hostname localhost
        IdentitiesOnly=yes
        IdentityFile ~/.ssh/keys/5CG6481CF1/id_ed25519
        ForwardX11 yes
        Port 23

I need to force the -p 22 to have ssh working:

[tru@elitebook840g3 cpu]$ ssh -p 22 here cat /tmp/toto
X11 forwarding request failed on channel 1
tototot

[tru@elitebook840g3 cpu]$ ./cpu_linux_amd64 -d -bin /home/tru/git/github.com/u-root/cpu/cpud_linux_amd64 here  cat -r /tmp/toto
2022/03/31 14:50:17 
Running as client, to host "here", args "cat -r /tmp/toto"
2022/03/31 14:50:17 getKeyFile for ""
2022/03/31 14:50:18 key file from config is "~/.ssh/keys/5CG6481CF1/id_ed25519"
2022/03/31 14:50:18 getKeyFile returns "/home/tru/.ssh/keys/5CG6481CF1/id_ed25519"
2022/03/31 14:50:18 getPort("here", "")
2022/03/31 14:50:18 config.Get("here",""): "23"
2022/03/31 14:50:18 returns "23"
2022/03/31 14:50:18 SSH error ParsePrivateKey /home/tru/.ssh/keys/5CG6481CF1/id_ed25519: ssh: this private key is passphrase protected

truatpasteurdotfr avatar Mar 31 '22 13:03 truatpasteurdotfr