Invalid private key - secrets #3923

squigley · 2020-01-14T23:19:58Z

Environment

Python version: 3.6.8
NetBox version: 2.6.12

Steps to Reproduce

Add a preexisting public key to the admin's profile
Attempt to add a secret to a device, click create, get prompted for the private key to get a session key
Provide the private key which matches the public key in the admin's profile (with header/footer, without header/footer, with newlines, without newlines..)
Box goes away
Click create again, get prompted for the private key again.

Expected Behaviour

System would accept my private key matching the public key in the profile, give me a session key, and allow me to save the secret.

Observed Behaviour

Just keeps prompting for the private key.
Using the dev tools I see that in response to submitting the private key, I am getting a 400 error, with the text "Invalid Private Key."
It doesn't matter what format I try submitting the private key, eg including the BEGIN/END lines etc, and with the encoded body as one long line, or split after x number of characters, every attempt is invalid.

I was having this issue with 2.6.7, so I upgraded to 2.6.12, deleted the public key from the profile, readded it, but there was no change. I have tried using both Firefox and Chrome, and both fail.

hSaria · 2020-01-15T09:24:50Z

I tried to recreate this but wasn't able to. What do you mean by preexisting, like one you've generated elsewhere? If you navigate to /user/user-key/, does it say that the user key is active?

Here's a dummy private and public key pair. It works with those

private

Generated with openssl genrsa -out private.pem 2048

public

Generated with openssl rsa -in private.pem -outform PEM -pubout -out public.pem

squigley · 2020-01-15T16:09:51Z

Oh. I was trying to use my existing SSH private and public keys, and while it is an RSA key, I guess it is not in the PEM format which is required.

After using your generation commands to create a new private and public key in PEM format, and loading them into Netbox, I now get "session key received!" and am able to create and unlock secrets.

Can I suggest that the Secrets documentation page at https://netbox.readthedocs.io/en/stable/core-functionality/secrets/ be modified to add a note that SSH keys can't be used, or if they can, how to convert them into the correct format?

I think I got lead down the wrong path when I read the line "you can either generate a new RSA key pair, or upload the public key belonging to a pair you already have.", and I presumed this meant I could use my existing SSH key pair.

Thanks for the quick reply, which resolved my issue.

jeremystretch · 2020-01-15T16:13:35Z

I'm going to treat this as a bug, since we should be validating the key format on input. (But the docs also need to be improved.)

@squigley Would you mind generating a new key pair in the same format as the one you tried and posting it here to assist with testing? I'm pretty sure I know what's going on but it would help to be sure.

squigley · 2020-01-15T18:39:50Z

Sure, the keypair I was trying to use was one which was generated by "ssh-keygen", with no parameters. eg:

$ ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/home/squigley/.ssh/id_rsa): /tmp/id_rsa
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /tmp/id_rsa.
Your public key has been saved in /tmp/id_rsa.pub.
The key fingerprint is:
SHA256:K/717DPH8CaAuoRhpoaxCtGwBX0bU9rw5vOMVobJoBg squigley@9K771Z2L

ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDzWu/eCYGNvKE1jfeoPIzW+lVnWxRIvlAanFvbdfbX563sR2SflIYUI555ZcADYUlF00c6OTraqe734AGDMe2o74mn2ByHwRYGnJMRpBzED3VxHRqKjsCODM440qXwLWnwmkxQLo71GH66UmfyX68CX2wI684QRXpelkikAZzHum2IcRIhBs2E1wtxTUkBUkHxcxux2EkZROm+Qog00pjS31bnsaW5NitJOJImHCV7e7sirAXScx8MO7monJj5T03g6d0gucEPDS/6lBgFhpZ9PA46dLkeq9LoDJdvZGksIkwkBK7eaCXdFTapGVbiFO8cewKkhr/wW3+2Idnl/9L+/DQWl1H85gVCc+f0Q9YwqqXSIo8B5aU30hOHcVqit1K8Sr5XXUGH5pI5+r3OzZcemOEZZVy64Mtawii7KMfa4/Ywg07xsV34f+/VexBh9s264VH83jYaM6+LUv1D16ijVQpJZLsfSDHxnCCQntjPIm5ezWPW2+8c4wz8NcKDDDs= squigley@9K771Z2L

jeremystretch added status: accepted This issue has been accepted for implementation type: bug A confirmed report of unexpected behavior in the application labels Jan 15, 2020

kobayashi mentioned this issue Jan 19, 2020

Fixes: #3923 validate key format #3957

Merged

jeremystretch closed this as completed in 9dfd0e5 Jan 21, 2020

jeremystretch mentioned this issue Jan 21, 2020

Release v2.7.2 #3980

Merged

lock bot locked as resolved and limited conversation to collaborators Apr 25, 2020

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Invalid private key - secrets #3923

Invalid private key - secrets #3923

squigley commented Jan 14, 2020

hSaria commented Jan 15, 2020

squigley commented Jan 15, 2020

jeremystretch commented Jan 15, 2020

squigley commented Jan 15, 2020

Invalid private key - secrets #3923

Invalid private key - secrets #3923

Comments

squigley commented Jan 14, 2020

Environment

Steps to Reproduce

Expected Behaviour

Observed Behaviour

hSaria commented Jan 15, 2020

squigley commented Jan 15, 2020

jeremystretch commented Jan 15, 2020

squigley commented Jan 15, 2020