Now a different Net:SSH error

Thanks Jamis, Tom, Josh, Ara...

"The details are in the -devel."

This little test now works:

   $ ruby -ropenssl -e "p OpenSSL::PKey::DH.instance_method(:g)"
   #<UnboundMethod: OpenSSL::PKey::DH#g>

And here's what that little script is doing now:

$ ruby ssh1.rb
/usr/local/lib/ruby/gems/1.8/gems/net-ssh-0.0.3/lib/net/ssh/openssl.rb:80:in `initialize': Neither PUB key nor PRIV key:: header too long (OpenSSL::PKey::RSAError)
           from /usr/local/lib/ruby/gems/1.8/gems/net-ssh-0.0.3/lib/net/ssh/openssl.rb:80:in `new'
         from /usr/local/lib/ruby/gems/1.8/gems/net-ssh-0.0.3/lib/net/ssh/openssl.rb:80:in `load_private_key'
         from /usr/local/lib/ruby/gems/1.8/gems/net-ssh-0.0.3/lib/net/ssh.rb:196:in `load_key'
         from /usr/local/lib/ruby/gems/1.8/gems/net-ssh-0.0.3/lib/net/ssh.rb:193:in `each'
         from /usr/local/lib/ruby/gems/1.8/gems/net-ssh-0.0.3/lib/net/ssh.rb:193:in `load_key'
         from /usr/local/lib/ruby/gems/1.8/gems/net-ssh-0.0.3/lib/net/ssh.rb:121:in `open'
         from /usr/local/lib/ruby/gems/1.8/gems/net-ssh-0.0.3/lib/net/ssh.rb:121:in `each'
         from /usr/local/lib/ruby/gems/1.8/gems/net-ssh-0.0.3/lib/net/ssh.rb:121:in `open'
         from /usr/local/lib/ruby/gems/1.8/gems/net-ssh-0.0.3/lib/net/ssh.rb:67:in `start'
         from ssh1.rb:7

Hal Fulton wrote:

Thanks Jamis, Tom, Josh, Ara...

"The details are in the -devel."

This little test now works:

  $ ruby -ropenssl -e "p OpenSSL::PKey::DH.instance_method(:g)"
  #<UnboundMethod: OpenSSL::PKey::DH#g>

And here's what that little script is doing now:

Ah, yes. This is on my TODO list. I suspect, if you were to do a cat on your private key (.ssh/id_rsa), you would see (in addition to a lot of base64 encoded gibberish) some "Name: Value" pairs in your key... (please check, if you don't mind) If you don't, then there is something else afoot. If you do, then that's the problem, and I would REALLY appreciate it if you could send me the exact command you used to generate that key so I can try to duplicate this problem... :slight_smile:

What I mean is the following. Net::SSH understands private key files of the following format:

-----BEGIN RSA PRIVATE KEY-----
MIICWgIBAAKBgQClJtD8rqQ4A6s85CsD8DfLZ1bMlPRpGeppvG/+JlOlwjPvWLqQ
jAI5IpqcSr83BXlrZTMleKh3oKvuaAEm+I8JVjG/FmX87I56MVWGKXWozQtfoJCq
...[snip]...
D7nq578W5BbXwbZTAkAz+2ubnchiHHPwDFZzVdOcecut45fpVzK7YGr0oBVxTFfI
ThcI61E7U1qr64WJjXAsSznVolCysMhL5esyqr0B
-----END RSA PRIVATE KEY-----

However, some keys seem to possess name/value pairs just after the BEGIN RSA PRIVATE KEY section:

-----BEGIN RSA PRIVATE KEY-----
Something: Like-This
And: Something-Else

MIICWgIBAAKBgQClJtD8rqQ4A6s85CsD8DfLZ1bMlPRpGeppvG/+JlOlwjPvWLqQ
jAI5IpqcSr83BXlrZTMleKh3oKvuaAEm+I8JVjG/FmX87I56MVWGKXWozQtfoJCq
...[snip]...
D7nq578W5BbXwbZTAkAz+2ubnchiHHPwDFZzVdOcecut45fpVzK7YGr0oBVxTFfI
ThcI61E7U1qr64WJjXAsSznVolCysMhL5esyqr0B
-----END RSA PRIVATE KEY-----

Net::SSH knows how to parse out the name/value pairs, but it doesn't know what to do with them, and since I've never been able to generate a key that has those name/value pairs, I can't duplicate the problem. :frowning:

What REALLY needs to happen is I need to write some code that will query the active ssh-agent (if one is running) and have the agent give me all the info I need about the keys.

Like I said, it's on my TODO list. The workaround is to specify the username/password in your script, or to generate a key that doesn't have the name/value pairs in them.

Gotta love experimental software. :slight_smile:

···

--
Jamis Buck
jgb3@email.byu.edu
http://www.jamisbuck.org/jamis

"I use octal until I get to 8, and then I switch to decimal."

I get this error when I try to use a key with a pass phrase. The top of my encrypted key has this key value pair:
Proc-Type: 4,ENCRYPTED

I have a patch for Net::SSH that lets you specify alternate keys to use so I can generate a key without a pass phrase to test with.

Hal Fulton wrote:

···

Thanks Jamis, Tom, Josh, Ara...

"The details are in the -devel."

This little test now works:

  $ ruby -ropenssl -e "p OpenSSL::PKey::DH.instance_method(:g)"
  #<UnboundMethod: OpenSSL::PKey::DH#g>

And here's what that little script is doing now:

$ ruby ssh1.rb
/usr/local/lib/ruby/gems/1.8/gems/net-ssh-0.0.3/lib/net/ssh/openssl.rb:80:in `initialize': Neither PUB key nor PRIV key:: header too long (OpenSSL::PKey::RSAError)
          from /usr/local/lib/ruby/gems/1.8/gems/net-ssh-0.0.3/lib/net/ssh/openssl.rb:80:in `new'
        from /usr/local/lib/ruby/gems/1.8/gems/net-ssh-0.0.3/lib/net/ssh/openssl.rb:80:in `load_private_key'
        from /usr/local/lib/ruby/gems/1.8/gems/net-ssh-0.0.3/lib/net/ssh.rb:196:in `load_key'
        from /usr/local/lib/ruby/gems/1.8/gems/net-ssh-0.0.3/lib/net/ssh.rb:193:in `each'
        from /usr/local/lib/ruby/gems/1.8/gems/net-ssh-0.0.3/lib/net/ssh.rb:193:in `load_key'
        from /usr/local/lib/ruby/gems/1.8/gems/net-ssh-0.0.3/lib/net/ssh.rb:121:in `open'
        from /usr/local/lib/ruby/gems/1.8/gems/net-ssh-0.0.3/lib/net/ssh.rb:121:in `each'
        from /usr/local/lib/ruby/gems/1.8/gems/net-ssh-0.0.3/lib/net/ssh.rb:121:in `open'
        from /usr/local/lib/ruby/gems/1.8/gems/net-ssh-0.0.3/lib/net/ssh.rb:67:in `start'
        from ssh1.rb:7

--
Daniel Hobe <daniel@nightrunner.com>
http://www.nightrunner.com

Jamis Buck wrote:

Ah, yes. This is on my TODO list. I suspect, if you were to do a cat on your private key (.ssh/id_rsa), you would see (in addition to a lot of base64 encoded gibberish) some "Name: Value" pairs in your key... (please check, if you don't mind) If you don't, then there is something else afoot. If you do, then that's the problem, and I would REALLY appreciate it if you could send me the exact command you used to generate that key so I can try to duplicate this problem... :slight_smile:

Quite right, I have a couple of pairs at the top.

Unfortunately, I can't begin to recall how I generated that file.

Net::SSH knows how to parse out the name/value pairs, but it doesn't know what to do with them, and since I've never been able to generate a key that has those name/value pairs, I can't duplicate the problem. :frowning:

What REALLY needs to happen is I need to write some code that will query the active ssh-agent (if one is running) and have the agent give me all the info I need about the keys.

Like I said, it's on my TODO list. The workaround is to specify the username/password in your script, or to generate a key that doesn't have the name/value pairs in them.

Well... I *did* specify the username and password in the script.

As for generating a new key... I'm not sure what to use for -t:

   $ ssh-keygen
   You must specify a key type (-t).
   Usage: ssh-keygen [options]
   Options:
     -b bits Number of bits in the key to create.
     -c Change comment in private and public key files.
     -e Convert OpenSSH to IETF SECSH key file.
     -f filename Filename of the key file.
     -i Convert IETF SECSH to OpenSSH key file.
     -l Show fingerprint of key file.
     -p Change passphrase of private key file.
     -q Quiet.
     -y Read private key file and print public key.
     -t type Specify type of key to create.
     -B Show bubblebabble digest of key file.
     -C comment Provide new comment.
     -N phrase Provide new passphrase.
     -P phrase Provide old passphrase.

Gotta love experimental software. :slight_smile:

Oh, yeah!

Hal

Daniel Hobe wrote:

I get this error when I try to use a key with a pass phrase. The top of my encrypted key has this key value pair:
Proc-Type: 4,ENCRYPTED

I have a patch for Net::SSH that lets you specify alternate keys to use so I can generate a key without a pass phrase to test with.

What is your patch? I'd be curious to see it. For now, I just wrapped line 196 of net/ssh.rb in a begin/rescue clause so that the program won't die when it tries to load a key. What approach did you take?

···

--
Jamis Buck
jgb3@email.byu.edu
http://www.jamisbuck.org/jamis

"I use octal until I get to 8, and then I switch to decimal."

Hal Fulton wrote:

Jamis Buck wrote:

Net::SSH knows how to parse out the name/value pairs, but it doesn't know what to do with them, and since I've never been able to generate a key that has those name/value pairs, I can't duplicate the problem. :frowning:

What REALLY needs to happen is I need to write some code that will query the active ssh-agent (if one is running) and have the agent give me all the info I need about the keys.

Like I said, it's on my TODO list. The workaround is to specify the username/password in your script, or to generate a key that doesn't have the name/value pairs in them.

Well... I *did* specify the username and password in the script.

Ouch. Yah, that makes sense. I guess I'm reading all the available keys even if the username/password is given... I guess I should make it not die if it can't load a key...

I'll fix my copy, but if you'd like yours to work just wrap a begin/rescue clause around line 196 of net/ssh.rb. That ought to do the trick.

As for generating a new key... I'm not sure what to use for -t:

  $ ssh-keygen
  You must specify a key type (-t).
  Usage: ssh-keygen [options]
  Options:
    -b bits Number of bits in the key to create.
    -c Change comment in private and public key files.
    -e Convert OpenSSH to IETF SECSH key file.
    -f filename Filename of the key file.
    -i Convert IETF SECSH to OpenSSH key file.
    -l Show fingerprint of key file.
    -p Change passphrase of private key file.
    -q Quiet.
    -y Read private key file and print public key.
    -t type Specify type of key to create.
    -B Show bubblebabble digest of key file.
    -C comment Provide new comment.
    -N phrase Provide new passphrase.
    -P phrase Provide old passphrase.

Yah, I've tried various permutations of options with ssh-keygen and never managed to get a key with "parameter" values. That's why I'm dying for someone to show me how they generated their key, but everyone I've talked to that has one with the parameter values can't remember how they generated it! :slight_smile: Ah, well.

···

--
Jamis Buck
jgb3@email.byu.edu
http://www.jamisbuck.org/jamis

"I use octal until I get to 8, and then I switch to decimal."

Jamis Buck wrote:

Ouch. Yah, that makes sense. I guess I'm reading all the availa(/home/hal/.ssh/identity)ble keys even if the username/password is given... I guess I should make it not die if it can't load a key...

I'll fix my copy, but if you'd like yours to work just wrap a begin/rescue clause around line 196 of net/ssh.rb. That ought to do the trick.

Well, it seems to be hanging now... I'll break it soon and look at the
backtrace.

Yah, I've tried various permutations of options with ssh-keygen and never managed to get a key with "parameter" values.

I used -t rsa1 and it gave me a file called /home/hal/.ssh/identity
rather than the other name -- is that right?? And it doesn't have
the pairs in it FWIW.

Hal

Yah, I've tried various permutations of options with ssh-keygen and never managed to get a key with "parameter" values. That's why I'm dying for someone to show me how they generated their key, but everyone I've talked to that has one with the parameter values can't remember how they generated it! :slight_smile: Ah, well.

Those pairs are from people running ssh-keygen from ssh.com. I don't believe that OpenSSH adds pairs. If you use the -i or -e option on OpenSSH ssh-keygen to convert to/from OpenSSH it should add some of those pairs. Also the ssh-keygen -t dsa might be more likely to have the pairs. RSA is not the preferred method of authentication with ssh, DSA seems to be the standard.
  Charles Comstock

Charles Comstock wrote:

Yah, I've tried various permutations of options with ssh-keygen and never managed to get a key with "parameter" values. That's why I'm dying for someone to show me how they generated their key, but everyone I've talked to that has one with the parameter values can't remember how they generated it! :slight_smile: Ah, well.

Those pairs are from people running ssh-keygen from ssh.com. I don't believe that OpenSSH adds pairs. If you use the -i or -e option on OpenSSH ssh-keygen to convert to/from OpenSSH it should add some of those pairs. Also the ssh-keygen -t dsa might be more likely to have the pairs. RSA is not the preferred method of authentication with ssh, DSA seems to be the standard.
    Charles Comstock

.

That's what I needed to know. Thanks, Charles! I'll experiment with the ssh-keygen from ssh.com.

···

--
Jamis Buck
jgb3@email.byu.edu
http://www.jamisbuck.org/jamis

"I use octal until I get to 8, and then I switch to decimal."