hetzner-k3s icon indicating copy to clipboard operation
hetzner-k3s copied to clipboard

Published 20 hours ago verified publisher icon vitobotta

support for ed25519 SSH keys broken

Open krauthosting opened this issue 1 year ago • 7 comments

Hey @vitobotta just migrate us from Podman with your image to your static linked binaries. But seems support for modern SSH keys in ed25519 is now broken unlike with image/gem:

LoadError : "cannot load such file -- ed25519_ref10"
#<Thread:0x0000560baa9dc360 /__enclose_io_memfs__/local/lib/hetzner/k3s/cluster.rb:272 run> terminated with exception (report_on_exception is true):
Traceback (most recent call last):
	24: from /__enclose_io_memfs__/local/lib/hetzner/k3s/cluster.rb:272:in `block (2 levels) in wait_for_servers'
	23: from /__enclose_io_memfs__/local/lib/hetzner/utils.rb:54:in `wait_for_ssh'
	22: from /__enclose_io_memfs__/lib/ruby/2.7.0/timeout.rb:110:in `timeout'
	21: from /__enclose_io_memfs__/lib/ruby/2.7.0/timeout.rb:33:in `catch'
	20: from /__enclose_io_memfs__/lib/ruby/2.7.0/timeout.rb:33:in `catch'
	19: from /__enclose_io_memfs__/lib/ruby/2.7.0/timeout.rb:33:in `block in catch'
	18: from /__enclose_io_memfs__/lib/ruby/2.7.0/timeout.rb:95:in `block in timeout'
	17: from /__enclose_io_memfs__/local/lib/hetzner/utils.rb:59:in `block in wait_for_ssh'
	16: from /__enclose_io_memfs__/local/lib/hetzner/utils.rb:59:in `loop'
	15: from /__enclose_io_memfs__/local/lib/hetzner/utils.rb:60:in `block (2 levels) in wait_for_ssh'
	14: from /__enclose_io_memfs__/local/lib/hetzner/utils.rb:83:in `ssh'
	13: from /__enclose_io_memfs__/lib/ruby/gems/2.7.0/gems/net-ssh-7.0.1/lib/net/ssh.rb:254:in `start'
	12: from /__enclose_io_memfs__/lib/ruby/gems/2.7.0/gems/net-ssh-7.0.1/lib/net/ssh/authentication/session.rb:71:in `authenticate'
	11: from /__enclose_io_memfs__/lib/ruby/gems/2.7.0/gems/net-ssh-7.0.1/lib/net/ssh/authentication/session.rb:71:in `each'
	10: from /__enclose_io_memfs__/lib/ruby/gems/2.7.0/gems/net-ssh-7.0.1/lib/net/ssh/authentication/session.rb:87:in `block in authenticate'
	 9: from /__enclose_io_memfs__/lib/ruby/gems/2.7.0/gems/net-ssh-7.0.1/lib/net/ssh/authentication/methods/publickey.rb:18:in `authenticate'
	 8: from /__enclose_io_memfs__/lib/ruby/gems/2.7.0/gems/net-ssh-7.0.1/lib/net/ssh/authentication/key_manager.rb:110:in `each_identity'
	 7: from /__enclose_io_memfs__/lib/ruby/gems/2.7.0/gems/net-ssh-7.0.1/lib/net/ssh/authentication/key_manager.rb:264:in `load_identities'
	 6: from /__enclose_io_memfs__/lib/ruby/gems/2.7.0/gems/net-ssh-7.0.1/lib/net/ssh/authentication/key_manager.rb:264:in `map'
	 5: from /__enclose_io_memfs__/lib/ruby/gems/2.7.0/gems/net-ssh-7.0.1/lib/net/ssh/authentication/key_manager.rb:267:in `block in load_identities'
	 4: from /__enclose_io_memfs__/lib/ruby/gems/2.7.0/gems/net-ssh-7.0.1/lib/net/ssh/key_factory.rb:83:in `load_public_key'
	 3: from /__enclose_io_memfs__/lib/ruby/gems/2.7.0/gems/net-ssh-7.0.1/lib/net/ssh/key_factory.rb:102:in `load_data_public_key'
	 2: from /__enclose_io_memfs__/lib/ruby/gems/2.7.0/gems/net-ssh-7.0.1/lib/net/ssh/buffer.rb:248:in `read_key'
	 1: from /__enclose_io_memfs__/lib/ruby/gems/2.7.0/gems/net-ssh-7.0.1/lib/net/ssh/buffer.rb:337:in `read_keyblob'
/__enclose_io_memfs__/lib/ruby/gems/2.7.0/gems/net-ssh-7.0.1/lib/net/ssh/authentication/ed25519_loader.rb:19:in `raiseUnlessLoaded': unsupported key type `ssh-ed25519' (NotImplementedError)
net-ssh requires the following gems for ed25519 support:
 * ed25519 (>= 1.2, < 2.0)
 * bcrypt_pbkdf (>= 1.0, < 2.0)
See https://github.com/net-ssh/net-ssh/issues/565 for more information

Is it just a Gem missing or is there something more to why this doesn't work with v0.6.4 binary? As always thanks for you much appreciated efforts to this very neat tool from belove Finland :smile:

krauthosting avatar Sep 02 '22 08:09 krauthosting

check this – I encountered the same issue but was able toi run the tool by adding the keys to my keychain

Privatecoder avatar Sep 02 '22 09:09 Privatecoder

@Privatecoder Thanks for this info. What is the difference when adding the key to keychain? I am not familiar with it. If that solves these issues I could see if I can make the tool use the agent somehow.

vitobotta avatar Sep 02 '22 12:09 vitobotta

I just tested with an ed25519 key and I was finally able to reproduce the same problem using the mac binary.

However I tried with the Ruby gem I didn't have any problems. I didn't try anything to keychain.

Still investigating....

vitobotta avatar Sep 02 '22 16:09 vitobotta

@vitobotta I found the keychain-solution following this

also this might be helpful

To get it working against an ssh host with ed25519 key, I had to add launch the ssh-agent: eval `ssh-agent -s and add ~/.ssh/config with:

Host *
  AddKeysToAgent yes

Privatecoder avatar Sep 02 '22 16:09 Privatecoder

Thanks, will check it out later. I made a small change to the gems required and am building new prerelease binary to check if it makes any difference.

Are you using a key with a passphrase then if you use an agent? same question for @krauthosting

vitobotta avatar Sep 02 '22 16:09 vitobotta

no

Privatecoder avatar Sep 02 '22 16:09 Privatecoder

Like I said in the other issue I've started rewriting it in Rust to solve these issues and the standalone binaries. It shouldn't take long.

vitobotta avatar Sep 02 '22 22:09 vitobotta