Now a different Net:SSH error...

[Hal Fulton]

Thanks Jamis, Tom, Josh, Ara...

"The details are in the -devel."

This little test now works:

$ ruby -ropenssl -e "p OpenSSL:Key:H.instance_methodg)"
#<UnboundMethod: OpenSSL:Key:H#g>

And here's what that little script is doing now:


$ ruby ssh1.rb
/usr/local/lib/ruby/gems/1.8/gems/net-ssh-0.0.3/lib/net/ssh/openssl.rb:80:in
`initialize': Neither PUB key nor PRIV key:: header too long (OpenSSL:Key::RSAError)
from
/usr/local/lib/ruby/gems/1.8/gems/net-ssh-0.0.3/lib/net/ssh/openssl.rb:80:in `new'
from
/usr/local/lib/ruby/gems/1.8/gems/net-ssh-0.0.3/lib/net/ssh/openssl.rb:80:in
`load_private_key'
from /usr/local/lib/ruby/gems/1.8/gems/net-ssh-0.0.3/lib/net/ssh.rb:196:in
`load_key'
from /usr/local/lib/ruby/gems/1.8/gems/net-ssh-0.0.3/lib/net/ssh.rb:193:in
`each'
from /usr/local/lib/ruby/gems/1.8/gems/net-ssh-0.0.3/lib/net/ssh.rb:193:in
`load_key'
from /usr/local/lib/ruby/gems/1.8/gems/net-ssh-0.0.3/lib/net/ssh.rb:121:in
`open'
from /usr/local/lib/ruby/gems/1.8/gems/net-ssh-0.0.3/lib/net/ssh.rb:121:in
`each'
from /usr/local/lib/ruby/gems/1.8/gems/net-ssh-0.0.3/lib/net/ssh.rb:121:in
`open'
from /usr/local/lib/ruby/gems/1.8/gems/net-ssh-0.0.3/lib/net/ssh.rb:67:in
`start'
from ssh1.rb:7

 

[Jamis Buck]

Thanks Jamis, Tom, Josh, Ara...

"The details are in the -devel."

This little test now works:

$ ruby -ropenssl -e "p OpenSSL:Key:H.instance_methodg)"
#<UnboundMethod: OpenSSL:Key:H#g>

And here's what that little script is doing now:

Ah, yes. This is on my TODO list. I suspect, if you were to do a cat on
your private key (.ssh/id_rsa), you would see (in addition to a lot of
base64 encoded gibberish) some "Name: Value" pairs in your key...
(please check, if you don't mind) If you don't, then there is something
else afoot. If you do, then that's the problem, and I would REALLY
appreciate it if you could send me the exact command you used to
generate that key so I can try to duplicate this problem...

What I mean is the following. Net::SSH understands private key files of
the following format:

-----BEGIN RSA PRIVATE KEY-----
MIICWgIBAAKBgQClJtD8rqQ4A6s85CsD8DfLZ1bMlPRpGeppvG/+JlOlwjPvWLqQ
jAI5IpqcSr83BXlrZTMleKh3oKvuaAEm+I8JVjG/FmX87I56MVWGKXWozQtfoJCq
...[snip]...
D7nq578W5BbXwbZTAkAz+2ubnchiHHPwDFZzVdOcecut45fpVzK7YGr0oBVxTFfI
ThcI61E7U1qr64WJjXAsSznVolCysMhL5esyqr0B
-----END RSA PRIVATE KEY-----

However, some keys seem to possess name/value pairs just after the BEGIN
RSA PRIVATE KEY section:

-----BEGIN RSA PRIVATE KEY-----
Something: Like-This
And: Something-Else

MIICWgIBAAKBgQClJtD8rqQ4A6s85CsD8DfLZ1bMlPRpGeppvG/+JlOlwjPvWLqQ
jAI5IpqcSr83BXlrZTMleKh3oKvuaAEm+I8JVjG/FmX87I56MVWGKXWozQtfoJCq
...[snip]...
D7nq578W5BbXwbZTAkAz+2ubnchiHHPwDFZzVdOcecut45fpVzK7YGr0oBVxTFfI
ThcI61E7U1qr64WJjXAsSznVolCysMhL5esyqr0B
-----END RSA PRIVATE KEY-----

Net::SSH knows how to parse out the name/value pairs, but it doesn't
know what to do with them, and since I've never been able to generate a
key that has those name/value pairs, I can't duplicate the problem.

What REALLY needs to happen is I need to write some code that will query
the active ssh-agent (if one is running) and have the agent give me all
the info I need about the keys.

Like I said, it's on my TODO list. The workaround is to specify the
username/password in your script, or to generate a key that doesn't have
the name/value pairs in them.

Gotta love experimental software.


--
Jamis Buck
(e-mail address removed)
http://www.jamisbuck.org/jamis

"I use octal until I get to 8, and then I switch to decimal."

 

[Hal Fulton]

Ah, yes. This is on my TODO list. I suspect, if you were to do a cat on
your private key (.ssh/id_rsa), you would see (in addition to a lot of
base64 encoded gibberish) some "Name: Value" pairs in your key...
(please check, if you don't mind) If you don't, then there is something
else afoot. If you do, then that's the problem, and I would REALLY
appreciate it if you could send me the exact command you used to
generate that key so I can try to duplicate this problem...

Quite right, I have a couple of pairs at the top.

Unfortunately, I can't begin to recall how I generated that file.

Net::SSH knows how to parse out the name/value pairs, but it doesn't
know what to do with them, and since I've never been able to generate a
key that has those name/value pairs, I can't duplicate the problem.

What REALLY needs to happen is I need to write some code that will query
the active ssh-agent (if one is running) and have the agent give me all
the info I need about the keys.

Like I said, it's on my TODO list. The workaround is to specify the
username/password in your script, or to generate a key that doesn't have
the name/value pairs in them.

Well... I *did* specify the username and password in the script.

As for generating a new key... I'm not sure what to use for -t:

$ ssh-keygen
You must specify a key type (-t).
Usage: ssh-keygen [options]
Options:
-b bits Number of bits in the key to create.
-c Change comment in private and public key files.
-e Convert OpenSSH to IETF SECSH key file.
-f filename Filename of the key file.
-i Convert IETF SECSH to OpenSSH key file.
-l Show fingerprint of key file.
-p Change passphrase of private key file.
-q Quiet.
-y Read private key file and print public key.
-t type Specify type of key to create.
-B Show bubblebabble digest of key file.
-C comment Provide new comment.
-N phrase Provide new passphrase.
-P phrase Provide old passphrase.

Gotta love experimental software.

Oh, yeah!


Hal

 

[Jamis Buck]

Well... I *did* specify the username and password in the script.

Ouch. Yah, that makes sense. I guess I'm reading all the available keys
even if the username/password is given... I guess I should make it not
die if it can't load a key...

I'll fix my copy, but if you'd like yours to work just wrap a
begin/rescue clause around line 196 of net/ssh.rb. That ought to do the
trick.

As for generating a new key... I'm not sure what to use for -t:

$ ssh-keygen
You must specify a key type (-t).
Usage: ssh-keygen [options]
Options:
-b bits Number of bits in the key to create.
-c Change comment in private and public key files.
-e Convert OpenSSH to IETF SECSH key file.
-f filename Filename of the key file.
-i Convert IETF SECSH to OpenSSH key file.
-l Show fingerprint of key file.
-p Change passphrase of private key file.
-q Quiet.
-y Read private key file and print public key.
-t type Specify type of key to create.
-B Show bubblebabble digest of key file.
-C comment Provide new comment.
-N phrase Provide new passphrase.
-P phrase Provide old passphrase.

Yah, I've tried various permutations of options with ssh-keygen and
never managed to get a key with "parameter" values. That's why I'm dying
for someone to show me how they generated their key, but everyone I've
talked to that has one with the parameter values can't remember how they
generated it! Ah, well.

--
Jamis Buck
(e-mail address removed)
http://www.jamisbuck.org/jamis

"I use octal until I get to 8, and then I switch to decimal."

 

[Hal Fulton]

Ouch. Yah, that makes sense. I guess I'm reading all the availa(/home/hal/.ssh/identity)ble keys
even if the username/password is given... I guess I should make it not
die if it can't load a key...

I'll fix my copy, but if you'd like yours to work just wrap a
begin/rescue clause around line 196 of net/ssh.rb. That ought to do the
trick.

Well, it seems to be hanging now... I'll break it soon and look at the
backtrace.

Yah, I've tried various permutations of options with ssh-keygen and
never managed to get a key with "parameter" values.

I used -t rsa1 and it gave me a file called /home/hal/.ssh/identity
rather than the other name -- is that right?? And it doesn't have
the pairs in it FWIW.


Hal

 

[Charles Comstock]

Yah, I've tried various permutations of options with ssh-keygen and

never managed to get a key with "parameter" values. That's why I'm dying
for someone to show me how they generated their key, but everyone I've
talked to that has one with the parameter values can't remember how they
generated it! Ah, well.

Those pairs are from people running ssh-keygen from ssh.com. I don't
believe that OpenSSH adds pairs. If you use the -i or -e option on
OpenSSH ssh-keygen to convert to/from OpenSSH it should add some of
those pairs. Also the ssh-keygen -t dsa might be more likely to have
the pairs. RSA is not the preferred method of authentication with ssh,
DSA seems to be the standard.
Charles Comstock

 

[Daniel Hobe]

I get this error when I try to use a key with a pass phrase. The top of
my encrypted key has this key value pair:
Proc-Type: 4,ENCRYPTED

I have a patch for Net::SSH that lets you specify alternate keys to use
so I can generate a key without a pass phrase to test with.

 

[Jamis Buck]

Those pairs are from people running ssh-keygen from ssh.com. I don't
believe that OpenSSH adds pairs. If you use the -i or -e option on
OpenSSH ssh-keygen to convert to/from OpenSSH it should add some of
those pairs. Also the ssh-keygen -t dsa might be more likely to have
the pairs. RSA is not the preferred method of authentication with ssh,
DSA seems to be the standard.
Charles Comstock

.

That's what I needed to know. Thanks, Charles! I'll experiment with the
ssh-keygen from ssh.com.

--
Jamis Buck
(e-mail address removed)
http://www.jamisbuck.org/jamis

"I use octal until I get to 8, and then I switch to decimal."

 

[Jamis Buck]

I get this error when I try to use a key with a pass phrase. The top of
my encrypted key has this key value pair:
Proc-Type: 4,ENCRYPTED

I have a patch for Net::SSH that lets you specify alternate keys to use
so I can generate a key without a pass phrase to test with.

What is your patch? I'd be curious to see it. For now, I just wrapped
line 196 of net/ssh.rb in a begin/rescue clause so that the program
won't die when it tries to load a key. What approach did you take?

--
Jamis Buck
(e-mail address removed)
http://www.jamisbuck.org/jamis

"I use octal until I get to 8, and then I switch to decimal."