Error: Failed to authenticate SSH session: Unable to extract public key from private key #1606
Description
System information
- node version: 8.10.0
- npm or yarn version: yarn ver 1.12.3
- OS/version/architecture: Mac OS X Mojave 10.14.2
- Applicable nodegit version: 0.23.0
$ node -v
yarn -v # (or yarn -v)
node -e "console.log(process.platform)"
node -e "console.log(require('os').release())"
node -e "console.log(process.arch)"
v8.10.0
1.12.3
darwin
18.2.0
x64
When running nodegit I ran into this error message:
Error: Failed to authenticate SSH session: Unable to extract public key from private key.
After much debugging I eventually landed on this stack exchange article which ultimately provided a work around to this problem:
https://security.stackexchange.com/questions/143114/what-is-the-difference-between-pem-format-to-dsa-rsa-ecc-might-i-confuse-pem-w
Specifically Mac OSX Mojave's ssh-keygen will generate newer style OpenSSH key pairs by default, as these keys more more secure. However, these keys may not be backwards compatible. They do not seem to be backwards compatible with the ssh lib that nodegit uses.
You can tell the kind of keypair you are generating by looking at the preamble of the private key file. If it begins with
-----BEGIN OPENSSH PRIVATE KEY-----
then your keypair is the newer style OpenSSH key that is not currently compatible with nodegit.
To create the older style PEM keypair that is compatible with nodegit you can include the following args in your ssh-keygen command: -m PEM. You can tell this is a PEM keypair that is compatible with nodegit because it's private key preamble begins with:
-----BEGIN RSA PRIVATE KEY-----
I think ultimately nodegit will probably want to upgrade the ssh lib to a version that is compatible with the newer OpenSSH key format as these keys are more secure and are becoming the default types of keys that are generated from ssh-keygen.