Re: Possible bug in EC2 plugin: check of SSH key may be too strict (confirmation needed before filing bug report)
It's not just ed25519. (and you were right about AWS not supporting it)
I created a rsa key with length 8192, and the private key was also
-BEGIN OPENSSH PRIVATE KEY-
This was accepted by Jenkins as a valid key, and also by AWS itself, but it
wasn't accepted by the EC2 plugin.
So I had to replace OPENSSH with RSA again.
So my pull request is still valid. :)
Could it be that more recent versions of ssh-keygen have replaced RSA with
OPENSSH?
On Wednesday, April 14, 2021 at 1:05:32 AM UTC+2 Thomas Matthijs wrote:
> Currently AWS doesn't support ed25519 (at least last time i checked in
> 2020)
> People been asking for a few year, but maybe the plugin should accept
> them already, hopefully only a matter of time till aws does
>
> On Tue, 13 Apr 2021 at 11:49, Amedee Van Gasse
> wrote:
> >
> > So I went ahead and submitted a pull request anyway:
> > https://github.com/jenkinsci/ec2-plugin/pull/595
> >
> > I'm sure it's not all up to standards but as it is my first
> contribution, I assume that the Jenkins community will be very happy to
> explain me where it can be improved. :-)
> >
> > On Tuesday, April 13, 2021 at 11:19:16 AM UTC+2 Amedee Van Gasse wrote:
> >>
> >> I have a question about https://github.com/jenkinsci/ec2-plugin. It
> may be a bug, but I'd like to have confirmation before I try to find out
> how to file a bug report.
> >>
> >> In
> https://github.com/jenkinsci/ec2-plugin/blob/master/src/main/java/hudson/plugins/ec2/EC2Cloud.java
>
> there is the following validation in doCheckSshKeysCredentialsId:
> >>
> >> boolean hasStart = false, hasEnd = false;
> >> BufferedReader br = new BufferedReader(new StringReader(privateKey));
> >> String line;
> >> while ((line = br.readLine()) != null) {
> >> if (line.equals("-BEGIN RSA PRIVATE KEY-"))
> >> hasStart = true;
> >> if (line.equals("-END RSA PRIVATE KEY-"))
> >> hasEnd = true;
> >> }
> >> if (!hasStart)
> >> return FormValidation.error("This doesn't look like a private key at
> all");
> >> if (!hasEnd)
> >> return FormValidation
> >> .error("The private key is missing the trailing 'END RSA PRIVATE KEY'
> marker. Copy error?");
> >>
> >> I have generated an ed25519 key, with
> >>
> >> ssh-keygen -t ed25519 -f ~/.ssh/id_ed25519
> >>
> >> SSH version:
> >> OpenSSH_8.4p1 Ubuntu-5ubuntu1, OpenSSL 1.1.1j 16 Feb 2021
> >>
> >> This key looks like
> >>
> >> -BEGIN OPENSSH PRIVATE KEY-
> >> (...)
> >> -END OPENSSH PRIVATE KEY-
> >>
> >> I can successfully use this key to connect to manually started
> instances (with Manage Nodes -> Add New Node).
> >>
> >> I can not use this key to connect to an instance started by the EC2
> plugin. The EC2 plugin tells me "This doesn't look like a private key at
> all".
> >>
> >> It appears as if the validation is too strict.
> >>
> >> Workaround:
> >> In the private key file, I replaced
> >> -BEGIN OPENSSH PRIVATE KEY-
> >> (...)
> >> -END OPENSSH PRIVATE KEY-
> >>
> >> with
> >> -BEGIN RSA PRIVATE KEY-
> >> (...)
> >> -END RSA PRIVATE KEY-
> >>
> >>
> >> Can someone confirm if this is an actual bug, or is the problem at my
> end?
> >> If it is a bug, then how do I proceed to file a bug report? The repo at
> https://github.com/jenkinsci/ec2-plugin only has pull requests, no issue
> tracker.
> >
> > --
> > You received this message because you are subscribed to the Google
> Groups "Jenkins Users" group.
> > To unsubscribe from this group and stop receiving emails from it, send
> an email to jenkinsci-use...@googlegroups.com.
> > To view this discussion on the web visit
> https://groups.google.com/d/msgid/jenkinsci-users/3abaa47f-7d0a-442f-ad7f-c12c57d7cc6en%40googlegroups.com
> .
>
--
You received this message because you are subscribed to the Google Groups
"Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to jenkinsci-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/jenkinsci-users/cc104a69-6b24-4c78-af9e-bae5e5bb0f7bn%40googlegroups.com.
Re: Possible bug in EC2 plugin: check of SSH key may be too strict (confirmation needed before filing bug report)
Currently AWS doesn't support ed25519 (at least last time i checked in 2020)
People been asking for a few year, but maybe the plugin should accept
them already, hopefully only a matter of time till aws does
On Tue, 13 Apr 2021 at 11:49, Amedee Van Gasse
wrote:
>
> So I went ahead and submitted a pull request anyway:
> https://github.com/jenkinsci/ec2-plugin/pull/595
>
> I'm sure it's not all up to standards but as it is my first contribution, I
> assume that the Jenkins community will be very happy to explain me where it
> can be improved. :-)
>
> On Tuesday, April 13, 2021 at 11:19:16 AM UTC+2 Amedee Van Gasse wrote:
>>
>> I have a question about https://github.com/jenkinsci/ec2-plugin. It may be a
>> bug, but I'd like to have confirmation before I try to find out how to file
>> a bug report.
>>
>> In
>> https://github.com/jenkinsci/ec2-plugin/blob/master/src/main/java/hudson/plugins/ec2/EC2Cloud.java
>> there is the following validation in doCheckSshKeysCredentialsId:
>>
>> boolean hasStart = false, hasEnd = false;
>> BufferedReader br = new BufferedReader(new StringReader(privateKey));
>> String line;
>> while ((line = br.readLine()) != null) {
>> if (line.equals("-BEGIN RSA PRIVATE KEY-"))
>> hasStart = true;
>> if (line.equals("-END RSA PRIVATE KEY-"))
>> hasEnd = true;
>> }
>> if (!hasStart)
>> return FormValidation.error("This doesn't look like a private key at
>> all");
>> if (!hasEnd)
>> return FormValidation
>> .error("The private key is missing the trailing 'END RSA PRIVATE
>> KEY' marker. Copy error?");
>>
>> I have generated an ed25519 key, with
>>
>> ssh-keygen -t ed25519 -f ~/.ssh/id_ed25519
>>
>> SSH version:
>> OpenSSH_8.4p1 Ubuntu-5ubuntu1, OpenSSL 1.1.1j 16 Feb 2021
>>
>> This key looks like
>>
>> -BEGIN OPENSSH PRIVATE KEY-
>> (...)
>> -END OPENSSH PRIVATE KEY-
>>
>> I can successfully use this key to connect to manually started instances
>> (with Manage Nodes -> Add New Node).
>>
>> I can not use this key to connect to an instance started by the EC2 plugin.
>> The EC2 plugin tells me "This doesn't look like a private key at all".
>>
>> It appears as if the validation is too strict.
>>
>> Workaround:
>> In the private key file, I replaced
>> -BEGIN OPENSSH PRIVATE KEY-
>> (...)
>> -END OPENSSH PRIVATE KEY-
>>
>> with
>> -BEGIN RSA PRIVATE KEY-
>> (...)
>> -END RSA PRIVATE KEY-
>>
>>
>> Can someone confirm if this is an actual bug, or is the problem at my end?
>> If it is a bug, then how do I proceed to file a bug report? The repo at
>> https://github.com/jenkinsci/ec2-plugin only has pull requests, no issue
>> tracker.
>
> --
> You received this message because you are subscribed to the Google Groups
> "Jenkins Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to jenkinsci-users+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/jenkinsci-users/3abaa47f-7d0a-442f-ad7f-c12c57d7cc6en%40googlegroups.com.
--
You received this message because you are subscribed to the Google Groups
"Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to jenkinsci-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/jenkinsci-users/CABY_-Z5i5dntEgQ%2BadW0%3DDgDrUjOKZofQWzL_uxv1g%3DA7ybsSQ%40mail.gmail.com.
Re: Possible bug in EC2 plugin: check of SSH key may be too strict (confirmation needed before filing bug report)
Oh wow, my PR is merged already, I did not expect that!
On Tuesday, April 13, 2021 at 11:49:11 AM UTC+2 Amedee Van Gasse wrote:
> So I went ahead and submitted a pull request anyway:
> https://github.com/jenkinsci/ec2-plugin/pull/595
>
> I'm sure it's not all up to standards but as it is my first contribution,
> I assume that the Jenkins community will be very happy to explain me where
> it can be improved. :-)
>
> On Tuesday, April 13, 2021 at 11:19:16 AM UTC+2 Amedee Van Gasse wrote:
>
>> I have a question about https://github.com/jenkinsci/ec2-plugin. It may
>> be a bug, but I'd like to have confirmation before I try to find out how to
>> file a bug report.
>>
>> In
>> https://github.com/jenkinsci/ec2-plugin/blob/master/src/main/java/hudson/plugins/ec2/EC2Cloud.java
>>
>> there is the following validation in doCheckSshKeysCredentialsId:
>>
>> boolean hasStart = false, hasEnd = false;
>> BufferedReader br = new BufferedReader(new StringReader(privateKey));
>> String line;
>> while ((line = br.readLine()) != null) {
>> if (line.equals("-BEGIN RSA PRIVATE KEY-"))
>> hasStart = true;
>> if (line.equals("-END RSA PRIVATE KEY-"))
>> hasEnd = true;
>> }
>> if (!hasStart)
>> return FormValidation.error("This doesn't look like a private key at
>> all");
>> if (!hasEnd)
>> return FormValidation
>> .error("The private key is missing the trailing 'END RSA
>> PRIVATE KEY' marker. Copy error?");
>>
>> I have generated an *ed25519* key, with
>>
>> ssh-keygen -t ed25519 -f ~/.ssh/id_ed25519
>>
>> SSH version:
>> *OpenSSH_8.4p1 Ubuntu-5ubuntu1, OpenSSL 1.1.1j 16 Feb 2021*
>>
>> This key looks like
>>
>> -BEGIN OPENSSH PRIVATE KEY-
>> (...)
>> -END OPENSSH PRIVATE KEY-
>>
>> I can successfully use this key to connect to manually started instances
>> (with *Manage Nodes* -> *Add New Node*).
>>
>> I can not use this key to connect to an instance started by the EC2
>> plugin. The EC2 plugin tells me *"This doesn't look like a private key
>> at all"*.
>>
>> It appears as if the validation is too strict.
>>
>> Workaround:
>> In the private key file, I replaced
>> -BEGIN OPENSSH PRIVATE KEY-
>> (...)
>> -END OPENSSH PRIVATE KEY-
>>
>> with
>> -BEGIN RSA PRIVATE KEY-
>> (...)
>> -END RSA PRIVATE KEY-
>>
>>
>> Can someone confirm if this is an actual bug, or is the problem at my end?
>> If it is a bug, then how do I proceed to file a bug report? The repo at
>> https://github.com/jenkinsci/ec2-plugin only has pull requests, no issue
>> tracker.
>>
>
--
You received this message because you are subscribed to the Google Groups
"Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to jenkinsci-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/jenkinsci-users/76960146-538c-49ee-8df9-d2e9cdcdd925n%40googlegroups.com.
Re: Possible bug in EC2 plugin: check of SSH key may be too strict (confirmation needed before filing bug report)
So I went ahead and submitted a pull request anyway:
https://github.com/jenkinsci/ec2-plugin/pull/595
I'm sure it's not all up to standards but as it is my first contribution, I
assume that the Jenkins community will be very happy to explain me where it
can be improved. :-)
On Tuesday, April 13, 2021 at 11:19:16 AM UTC+2 Amedee Van Gasse wrote:
> I have a question about https://github.com/jenkinsci/ec2-plugin. It may
> be a bug, but I'd like to have confirmation before I try to find out how to
> file a bug report.
>
> In
> https://github.com/jenkinsci/ec2-plugin/blob/master/src/main/java/hudson/plugins/ec2/EC2Cloud.java
>
> there is the following validation in doCheckSshKeysCredentialsId:
>
> boolean hasStart = false, hasEnd = false;
> BufferedReader br = new BufferedReader(new StringReader(privateKey));
> String line;
> while ((line = br.readLine()) != null) {
> if (line.equals("-BEGIN RSA PRIVATE KEY-"))
> hasStart = true;
> if (line.equals("-END RSA PRIVATE KEY-"))
> hasEnd = true;
> }
> if (!hasStart)
> return FormValidation.error("This doesn't look like a private key at
> all");
> if (!hasEnd)
> return FormValidation
> .error("The private key is missing the trailing 'END RSA
> PRIVATE KEY' marker. Copy error?");
>
> I have generated an *ed25519* key, with
>
> ssh-keygen -t ed25519 -f ~/.ssh/id_ed25519
>
> SSH version:
> *OpenSSH_8.4p1 Ubuntu-5ubuntu1, OpenSSL 1.1.1j 16 Feb 2021*
>
> This key looks like
>
> -BEGIN OPENSSH PRIVATE KEY-
> (...)
> -END OPENSSH PRIVATE KEY-
>
> I can successfully use this key to connect to manually started instances
> (with *Manage Nodes* -> *Add New Node*).
>
> I can not use this key to connect to an instance started by the EC2
> plugin. The EC2 plugin tells me *"This doesn't look like a private key at
> all"*.
>
> It appears as if the validation is too strict.
>
> Workaround:
> In the private key file, I replaced
> -BEGIN OPENSSH PRIVATE KEY-
> (...)
> -END OPENSSH PRIVATE KEY-
>
> with
> -BEGIN RSA PRIVATE KEY-
> (...)
> -END RSA PRIVATE KEY-
>
>
> Can someone confirm if this is an actual bug, or is the problem at my end?
> If it is a bug, then how do I proceed to file a bug report? The repo at
> https://github.com/jenkinsci/ec2-plugin only has pull requests, no issue
> tracker.
>
--
You received this message because you are subscribed to the Google Groups
"Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to jenkinsci-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/jenkinsci-users/3abaa47f-7d0a-442f-ad7f-c12c57d7cc6en%40googlegroups.com.
Possible bug in EC2 plugin: check of SSH key may be too strict (confirmation needed before filing bug report)
I have a question about https://github.com/jenkinsci/ec2-plugin. It may be
a bug, but I'd like to have confirmation before I try to find out how to
file a bug report.
In
https://github.com/jenkinsci/ec2-plugin/blob/master/src/main/java/hudson/plugins/ec2/EC2Cloud.java
there is the following validation in doCheckSshKeysCredentialsId:
boolean hasStart = false, hasEnd = false;
BufferedReader br = new BufferedReader(new StringReader(privateKey));
String line;
while ((line = br.readLine()) != null) {
if (line.equals("-BEGIN RSA PRIVATE KEY-"))
hasStart = true;
if (line.equals("-END RSA PRIVATE KEY-"))
hasEnd = true;
}
if (!hasStart)
return FormValidation.error("This doesn't look like a private key at
all");
if (!hasEnd)
return FormValidation
.error("The private key is missing the trailing 'END RSA
PRIVATE KEY' marker. Copy error?");
I have generated an *ed25519* key, with
ssh-keygen -t ed25519 -f ~/.ssh/id_ed25519
SSH version:
*OpenSSH_8.4p1 Ubuntu-5ubuntu1, OpenSSL 1.1.1j 16 Feb 2021*
This key looks like
-BEGIN OPENSSH PRIVATE KEY-
(...)
-END OPENSSH PRIVATE KEY-
I can successfully use this key to connect to manually started instances
(with *Manage Nodes* -> *Add New Node*).
I can not use this key to connect to an instance started by the EC2 plugin.
The EC2 plugin tells me *"This doesn't look like a private key at all"*.
It appears as if the validation is too strict.
Workaround:
In the private key file, I replaced
-BEGIN OPENSSH PRIVATE KEY-
(...)
-END OPENSSH PRIVATE KEY-
with
-BEGIN RSA PRIVATE KEY-
(...)
-END RSA PRIVATE KEY-
Can someone confirm if this is an actual bug, or is the problem at my end?
If it is a bug, then how do I proceed to file a bug report? The repo
at https://github.com/jenkinsci/ec2-plugin only has pull requests, no issue
tracker.
--
You received this message because you are subscribed to the Google Groups
"Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to jenkinsci-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/jenkinsci-users/26dd4e46-c712-4b98-9559-d929c129bd06n%40googlegroups.com.
