You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
[2023-06-27T17:11:47+00:00] FATAL: Stacktrace dumped to /tmp/kitchen/cache/chef-stacktrace.out
[2023-06-27T17:11:47+00:00] FATAL: ---------------------------------------------------------------------------------------
[2023-06-27T17:11:47+00:00] FATAL: PLEASE PROVIDE THE CONTENTS OF THE stacktrace.out FILE (above) IF YOU FILE A BUG REPORT
[2023-06-27T17:11:47+00:00] FATAL: ---------------------------------------------------------------------------------------
[2023-06-27T17:11:47+00:00] FATAL: NotImplementedError: OpenSSH keys only supported if ED25519 is available
net-ssh requires the following gems for ed25519 support:
* ed25519 (>= 1.2, < 2.0)
* bcrypt_pbkdf (>= 1.0, < 2.0)
See https://github.com/net-ssh/net-ssh/issues/565 for more information
Gem::MissingSpecError : "Could not find 'bcrypt_pbkdf' (~> 1.0) among 223 total gem(s)
Checked in 'GEM_PATH=/home/cloud-user/.local/share/gem/ruby/3.1.0:/opt/chef/embedded/lib/ruby/gems/3.1.0' , execute `gem env` for more information"
System configuration
Oracle Linux 8.6 (Did NOT see this on Oracle 7.x)
Both of these are installed through Chef 18.2.7
net-ssh version 7.1.0
Ruby version 3.1.2
openssh.x86_64 8.0p1-13.el8
Example App
Please provide an example script that reproduces the problem. This will save maintainers time so they can spend it fixing your issues instead of trying to build a reproduction case from sparse instructions.
gem'net-ssh'require'net/ssh'putsNet::SSH::Version::CURRENThost='<actual hostname where you run this>remote_user = 'root'timeout = 10stdout = ''stderr = ''Net::SSH.start(host, remote_user, auth_methods: ['publickey'], timeout: timeout, keys: ['/root/.ssh/id_rsa']) do |ssh| ssh.exec!('echo"hello"')do |_channel,stream,data|
stdout << dataifstream == :stdoutstderr << dataifstream == :stderrendreturn{stdout: stdout,stderr: stderr}end
Output for me from above in IRB:
/opt/chef/embedded/lib/ruby/gems/3.1.0/gems/net-ssh-7.1.0/lib/net/ssh/authentication/ed25519_loader.rb:19:in `raiseUnlessLoaded': OpenSSH keys only supported if ED25519 is available (NotImplementedError)
net-ssh requires the following gems for ed25519 support:
* ed25519 (>= 1.2, < 2.0)
* bcrypt_pbkdf (>= 1.0, < 2.0)
Believe the issue stems from how key_factory checks for ED25519.
Creating the keys on a Oracle Linux 8 node to be RSA, still sets the header to OPENSSH:
# ssh-keygen -t rsa -N "" -f /root/.ssh/id_rsa
Generating public/private rsa key pair.
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:8SPOX7+fOuIsyceSxFFbH5pk3w+BYKh8qzs43IwqnXg root@<redacted>
The key's randomart image is:
+---[RSA 3072]----+
| .o. . |
| .. ..+.. |
| . .. . = =.o|
| o .+ . o.o.|
| .S.+ ..|
| o.+ . .|
| o o = .= + . |
|o E = = B.= o .|
| o.. ..o *o..=+.|
+----[SHA256]-----+
root@<redacted>:~/.ssh
14:47:35 # cat id_rsa | head -1
-----BEGIN OPENSSH PRIVATE KEY-----
Expected behavior
Tell us what should happen
Running:
It should ssh to the remote node without issue using RSA
Actual behavior
Tell us what happens instead.
Instead, it raises:
System configuration
Oracle Linux 8.6 (Did NOT see this on Oracle 7.x)
Both of these are installed through Chef 18.2.7
7.1.0
3.1.2
8.0p1-13.el8
Example App
Please provide an example script that reproduces the problem. This will save maintainers time so they can spend it fixing your issues instead of trying to build a reproduction case from sparse instructions.
Output for me from above in IRB:
Believe the issue stems from how key_factory checks for ED25519.
Creating the keys on a Oracle Linux 8 node to be RSA, still sets the header to OPENSSH:
But actually checking the key, it is RSA:
Then actually creating a ed25519 key also sets the header to OPENSSH:
And checking the key, it is ED25519:
Think this can be resolved with just checking the
ssh-keygen -l -f <file>
output for the auth type and not just reading theid_rsa
file.The text was updated successfully, but these errors were encountered: