Oxidized doesn't warn on incompatible OpenSSH key format for githubrepo hook

[xanarin]

I was seeing the behavior documented in #1877 and #2219 today while running Oxidized in Docker (oxidized/oxidized:0.25.1) where the githubrepo:post_store hook attempts to push the new Git commits to a remote (in my case it was a self-hosted Gitlab instance). With debug: true in my config file, I saw dozens of these messages per second, for about 30 seconds, as Oxidized attempted to push:

D, [2021-06-15TXX:XX:XX.XXXXXX #17] DEBUG -- : GithubRepo: Authenticating using ssh keys as 'git'

The solution to my problem ended up being the one described in #1877. The key I was using was the OpenSSH PEM format when Oxidized needed it to be in the RSA PEM format.

I think it would be really helpful if Oxidized could detect that the key that has been configured with privatekey and publickey are in the wrong format and warn the user instead of just repeatedly attempting to authenticate unsuccessfully.

[mortzu]

Can you create a PR and add your informations to the README file?

[xanarin]

I dug further down into the root cause of this issue to determine if this is an easy fix, or if the limitation should just be documented as suggested.

Oxidized uses the rugged gem for its Git support, which uses libgit2 for its handling of SSH keys for Git authentication. libgit2 uses libssh2 to deal with SSH keys directly, and because the rugged gem uses C extensions, the libgit2 library is built on the system when the rugged gem is installed. This means that the version of libssh2 (the library that parses the keys) used is defined by the available version on the system onto which the rugged gem is installed.

The SSH private key format that begins with BEING OPENSSH PRIVATE KEY is called "OpenSSL formatted keys" by libssh2 and support for it was added in commit libssh2@0309229. AFAICT, the code added in this commit was first released in libssh2 version 1.9.0.

However, the official oxidized Docker image (that I use to run oxidized) is based on Ubuntu 18.04, which includes libssh2 version 1.8. Sadly, Ubuntu 20.04 (the next available LTS version at the time of writing) only provides libssh2 version 1.8. It is not until Ubuntu 21.04 and 21.10 that newer libssh2 versions are available that include support for the "OpenSSL formatted keys".

In my opinion, the best way to handle this issue is to:

1. Document the format the SSH keys need to be in (in agreement with @mortzu)
2. Add error handling around the call to Ruggd::Credentials::SshKey.new(username, publickey, privatekey, passphrase), printing a useful error message (perhaps pointing towards the documentation/) and don't allow the bad call to happen endlessly like the current implementation in the error case