Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

HostKeyFile Not support ED25519 #56

Closed
fcharlie opened this issue Sep 18, 2017 · 7 comments
Closed

HostKeyFile Not support ED25519 #56

fcharlie opened this issue Sep 18, 2017 · 7 comments
Labels
bug help wanted

Comments

@fcharlie
Copy link

When I use ssh.HostKeyFile add a /etc/ssh/ssh_host_ed25519_key, Start ssh server error, Report: unsupported key type 'OPENSSH PRIVATE KEY'

In fact, when i use ssh.ParsePrivateKey(x/crypto/ssh), it can support ed25519

func AddHostKeyFile(filepath string, srv *ssh.Server) {
	pemBytes, err := ioutil.ReadFile(filepath)
	if err != nil {
		log.Printf("AddHostKeyFile: %s", err)
		return
	}
	hostKey, err := gossh.ParsePrivateKey(pemBytes)
	if err != nil {
		log.Printf("Fatal to parse host key: %s, %s", filepath, err)
		return
	}
	srv.AddHostKey(hostKey)
	return
}

Bug in:

ssh/util.go

Line 14 in 4a4de39

func signerFromBlock(block *pem.Block) (ssh.Signer, error) { 

func signerFromBlock(block *pem.Block) (ssh.Signer, error) {
	var key interface{}
	var err error
	switch block.Type {
	case "RSA PRIVATE KEY":
		key, err = x509.ParsePKCS1PrivateKey(block.Bytes)
	case "EC PRIVATE KEY":
		key, err = x509.ParseECPrivateKey(block.Bytes)
	case "DSA PRIVATE KEY":
		key, err = ssh.ParseDSAPrivateKey(block.Bytes)
	default:// NOT parse ed25519
		return nil, fmt.Errorf("unsupported key type %q", block.Type)
	}
	if err != nil {
		return nil, err
	}
	signer, err := ssh.NewSignerFromKey(key)
	if err != nil {
		return nil, err
	}
	return signer, nil
}
@progrium progrium added the bug label Nov 1, 2017
@progrium
Copy link
Contributor

progrium commented Nov 1, 2017

Yep, easy fix is to use ssh.ParsePrivateKey from x/crypto/ssh. I don't believe it existed at the time. Would love a PR.

@belak
Copy link
Collaborator

belak commented Nov 1, 2017

It looks like signerFromBlock is pretty close to a direct copy from ParseRawPrivateKey. The main downside to ssh.ParsePrivateKey is that it only supports a single private key block, while the code here supports adding multiple keys from a single file.

@progrium
Copy link
Contributor

progrium commented Nov 1, 2017

I don't think it's very common for an SSH key to have more than key in a file, right? I'd love to optimize for less code to maintain here.

@belak
Copy link
Collaborator

belak commented Nov 1, 2017

Not that I'm aware of. It would be a trivial fix to rip out the custom code and move to gossh.ParsePrivateKey as long as we're aware it would break this specific case.

belak added a commit that referenced this issue Nov 1, 2017
@belak
Switch to using gossh.ParsePrivateKey when reading PrivateKeys
dee3e16 
Refs #56
@belak belak mentioned this issue Nov 1, 2017
Merged
@progrium
Copy link
Contributor

progrium commented Nov 1, 2017

I'm down, now is the time to break stuff pre-1.0 still.

progrium pushed a commit that referenced this issue Nov 1, 2017
@belak @progrium
Switch to using gossh.ParsePrivateKey when reading PrivateKeys (#61)
0c9c357 
Refs #56
@progrium
Copy link
Contributor

progrium commented Nov 1, 2017

@fcharlie can you pull master and let us know if this is still an issue?

@fcharlie
Copy link
Author

fcharlie commented Nov 2, 2017

OK, it work !

@fcharlie fcharlie closed this as completed Nov 2, 2017
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug help wanted
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@progrium @belak @fcharlie