SSH Tunnel Identity File Problems

[JeffreyAngell]

While attempting to connect via SSH tunnel using an identity file and passphrase on the latest stable community version, I was only able to get it to work with an RSA key encrypted with AES-128-CBC or DES-EDE3-CBC. It failed to work with AES-192-CBC, AES-256-CBC, or with an openssh private key.

I got a variety of errors when using these other ciphers, including Uncaught Error: Expected 0x2: got 0x18, Uncaught Error: encoding too long, and Uncaught Error: Cannot parse privateKey: Unsupported key format.

Please add support at least for at least longer key lengths of AES, and potentially for other ciphers and key formats.

[JeffreyAngell]

Confirmed that I get this same issue on current tip of master for at least AES-256-CBC

[imlucas]

These algorithms are supported but not enabled by default. COMPASS-4069 will update ssh2 and when combined with #1873 adding the below to client/server construction in ssh-tunnel.js will resolve this problem.

{ algorithms: { cipher: require('ssh2-streams').constants.ALGORITHMS.SUPPORTED_CIPHER } }

[Anemy]

Looks like we've updated ssh2 which should pull in support for these algorithms. Thanks for bringing this up!

Commit: mongodb-js/connection-model@32ee5b3

[imlucas]

Thanks, @Anemy!