My key generated with default settings is incompatible with this extension

[jcgoble3]

Hi,

Earlier this afternoon I posted a negative review on the Marketplace that the extension only seemed to work with *.pem keys. However, after some debugging with a friend who's nerdier than me I was able to get an RSA key to work only by creating a new 4,096-bit key.

It turns out that something in the chain (either this extension, VSCode, or Electron; my friend suspects Electron) has dropped support for RSA keys smaller than 4,096 bits. (For the record, the latest version of VSCode is using Electron 11.3.0.) Unfortunately, the default bits for ssh-keygen on my system (Debian testing) is 3,072 bits, meaning that keys generated with default settings produce this cryptic error:

Couldn't start a terminal for bender: Error while signing data with privateKey: error:06000066:public key routines:OPENSSL_internal:DECODE_ERROR (bender is the system I'm connecting to)

I've updated my review to be neutral and reflect the new discoveries, but since generating a key with default settings produces a key incompatible with this extension, then either the documentation should explain what the error means and the proper options to ssh-keygen to generate a compatible key, or the extension should be fixed to support these default-settings keys. (FWIW, Microsoft's own Remote Development - SSH extension does not have this limitation.)

[SchoofsKelvin]

Now with that error, this is probably the same issue as in #162 which points to mscdex/ssh2-streams#164.

Can you list the command you use to produce an incompatible key? I've tried the following:

• PuTTY RSA 3072 bits exported as OpenSSH key
• openssl genrsa -des3 -out issue-244.pem 3072
• ssh-keygen -C "issue #244" -f issue-244.pem (resulted in RSA 2048)
• ssh-keygen -t rsa -b 3072 -C "issue #244" -f issue-244.pem (tested it both on my laptop and an Ubuntu 20.4 server)

All these generated keys worked for me. For good measure I also tried ssh-keygen -p -m PEM -f .\issue-244.pem to, according to the docs, use the "legacy PEM private key format" instead. If you could provide the "right" way to generate an incompatible key (and even provide a fresh one), that'd be great.

The only key that I could find (not generate though) that had this issue is from mscdex/ssh2-streams#163. I'll see if there's an easy quick fix. I might have to end up forking ssh2/ssh2-streams, as they're busy with a big rewrite since a few months, blocking PRs and releases.

[jcgoble3]

The incompatible key was created a few months ago when I converted this computer to Linux (it ran Windows for a while out of necessity) by running ssh-keygen without arguments and pressing Enter at each interactive prompt (accepting all defaults with no passphrase).

I tried creating a new key this afternoon in the same manner, only providing a new filename of default_rsa. That key worked with this extension.

So it seems I can only reproduce the issue with my main key that is several months old and that I use for virtually everything (SSH shells, SFTP, Git, etc.), and that a freshly created key doesn't exhibit this problem. Yet that main key works perfectly fine on all of those other things; this extension is the only thing it doesn't work with. So I'm not sure what's wrong here.

Obviously I can't give you that key right now, but I probably ought to upgrade it to 4,096 bits and maybe a passphrase anyway, so if I have some time soon I may replace the key everywhere I have it and if I can confirm with certainty that it's no longer an authorized key anywhere, I may be able to give it to you then so you can test with it. I don't have a lot of places to find it; I just have to triple-check that I haven't missed a server.

[SchoofsKelvin]

In v1.20.0 of the extension, I switched from the official ssh2-streams to the fixed version from mscdex/ssh2-streams#164. The extension can now handle the key provided in mscdex/ssh2-streams#163, and perhaps the issue with your key is also solved now. Can you validate this?

[jcgoble3]

I can confirm that it is indeed fixed and my main key is now working with this extension. Thanks for looking into it. :)