-
Notifications
You must be signed in to change notification settings - Fork 3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
ACS k8s get-credentials encrypted private key #1773
Comments
I don't want get-credentials to use my password-protected key from ~/.ssh/id_rsa, but rather unprotected one that I located in ~/.ssh/azure/id_rsa How to configure it? |
@sheerun You can configure that when you run the |
I'm afraid I never used
I makes much more sense to configure ssh path in get-credentials as it's one-time only aciton. |
@sheerun You should now be able to use See here for the code: I'm not sure if that has made it into the official release yet or not, but if it hasn't it will shortly. Thanks! |
And @nerdondon yeah, there is some issue between parimiko and encrypted keys. For now you need to use an unecrypted key, I'm looking into figuring out the issue. Thanks! |
I tried creating an unencrypted key and referencing it but it seem to fail on authenticating against my public key (makes sense to me since I have not uploaded any public key to Azure? Could not find any UI for it). I could never under any circumstance decrypt my main ssh key so this would have to be a separate one but why does it not work? As I read the log the there is a second failed attempt with my main encrypted key, it's the first failure that is with my unencrypted azure key. How long until you support proper encrypted keys same way as GitHub/GitLab or any other system does it?
|
My colleague also have problems, but he is on Windows (I'm on Arch Linux). How can we upload our public key to Azure before running $ az acs kubernetes get-credentials ? Is there an other manual way of downloading these credentials? |
+1 Having this same issue. Also, what would be the process to specify a password if I am using an encrypted key? |
I need to dig into the parimiko SSH library to figure this out, apologies for the delay... |
Colleague recently hit the same issue -- as a temporary workaround to obtaining the kubeconfig, you can ssh into the master node and |
Paramiko has support for getting the key from the ssh-agent which would be my preferred way of dealing with encrypted keys. |
Is this issue still open? I see this closed but I'm getting:
I have a passphrase protected keyfile. |
+1 -- ditto. passphrase protected keyfile. EDIT: I'm on WSL for Windows here. :-| |
Update: Same event on most recent CLI on mac as well. |
My bad: ignore above comments: user error. |
@squillace what was the error? Maybe it's worth sharing. Did you get the PasswordRequiredException |
No. I get the same Private key file is encrypted line. |
Hope you'll find a solution. I'm still stuck here, no luck. |
I followed these instructions: https://docs.microsoft.com/en-us/azure/container-service/container-service-kubernetes-walkthrough @squillace I'm also getting |
Workaround:
where |
This PR may fix the continued pain of this issue #3612 |
OMG you are the best. |
Another workaround: Background: Executed again: |
@marcote I added ssh-agent: I had previously installed with homebrew but uninstalled and grabbed the latest version of azure-cli w/curl. Is anyone else still struggling with this same issue? |
If I do Am I missing something? |
@dtrapezoid I had the same issue. What I found to fix it was to do a Hope this helps. |
When running the
az acs kubernetes get-credentials
command it errors out sayingPasswordRequiredException: Private key file is encrypted
. I am on macOS and my private key is password protected.Please find the logs here:
A quick search leads to http://stackoverflow.com/questions/15579117/paramiko-using-encrypted-private-key-file-on-os-x . Looks like there may bean issue with paramiko and macOS's keyring? Let me know if I'm completely off base. I was able to copy the kube config from the master node via scp.
The text was updated successfully, but these errors were encountered: