Cannot Import SSH key

[leepa]

Whenever I load the app, go to Keys -> Add -> Import from Clipboard the app, with no error, generates a new key.

This confused me a for while.

The key works in Terminus (it's a basic RSA key) and having no idea why it doesn't work it not helpful. The app should really tell me what's going on or error.

To clarify, I have pasted the exact same contents of the clipboard into another app and it works fine. In fact said key works everywhere else other than Blink.

[yury]

Hi @leepa,

Thank you for you feedback. We definitely should improve that flow.

[archite]

I’m experiencing the same issue as well.

[yury]

Hi @archite and @leepa.

It is UI a little bit confusing, New Key Screen after import from clipboard is actually screen for set a name for the key.

Or I missing something?

May be we should rename import from clipboard to create from clipboard?

[leepa]

I indeed thought that but then it generated a new key and wiped what I imported.

[sandrinr]

This is true for me too. I am unable to import SSH keys. Only generating new ones. When trying to import them it just generates a new 2048 bit key. Even copying between different Blink instances does not work. Unfortunately, this renders Blinks useless to me 😢

[yury]

Hi @sandrinr,

New version with the fix will be on next week.

[brianjdoherty]

This doesn't seem fixed to me. I'm using the app version that hit the App Store today (Nov 2, 2018). Importing a private key from the clipboard seems to work, but ssh'ing to the host does not work. The key and host IP address are being copied from another iOS ssh app, where it all does work. The first time, it asks if I want to save things to the system, and I say yes. Then I just get the blink prompt back. Subsequent ssh commands just instantly give me the ssh prompt back w/o any error messages. Kind of frustraing - app doesn't do anything! Am I missing something?

[carloscabanero]

Hi Brian! Are you using version 12.1? We had an issue today with v12.0 that was preventing ssh keys from being used. We patched super quickly on 12.1, it is already approved and we are just waiting for it to be propagated to everyone (I can see it in my iPhone but not iPad). Let us know if that fixed the issue. Thanks!

[UrsaDK]

• Blink: 12.2
• iOS: 12.1
• Device: iPhone X

I too have run into problems with importing a password protected ssh keys via [Config > Keys > Import from clipboard]. Here is a brief and (hopefully) replicatable description:

I wanted to have a password protected ssh key, but Blink's config GUI doesn't appear to have a way of creating a password protected key. So I figured "not a problem, I'll create the key on the command line and import it into GUI via the clipboard."

1. I created a new password protected key:

   blink> ssh-keygen -t ed25519 -C 'Blink Test Key' -f ~/.ssh/id_ed25519
   # Enter non-blank Password x2

2. Tested the key by connecting to my Mac:

   I had to use iCloud to deliver the public key to the mac, since ssh-copy-id only works with [Config > Keys] (see #554):

   blink> cp ~/.ssh/id_ed25519.pub ~/iCloud
   # Authorise the key on the Mac with: 
   # cat ~/Library/Mobile\ Documents/iCloud\~com\~carloscabanero\~blinkshell/Documents/id_ed25519.pub >> ~/.ssh/authorized_keys
   blink> ssh USER@MAC_IP
   # Enter ssh key password from Step 1 (above)
   me@MyMac:~ $ sw_vers
   ProductName:    Mac OS X
   ProductVersion: 10.13.6
   BuildVersion:   17G65

3. Finally, I tried to import the key into [Config > Keys]:

   blink> cat ~/.ssh/id_ed25519 | pbcopy
   blink> config
   # Goto [Config > Keys > Import from clipboard]
   # Enter ssh key password from Step 1 (above)

   Resulted in:

   Invalid key Clipboard content couldn't be validated as a key

Since there is no way of creating password protected keys or keys with and expiry date from within the app, I would say that it is pretty essential that such keys could be imported from the clipboard.

--

PS: Interestingly, the above process works just fine for importing unencrypted keys, ie: keys with a blank password.

[yury]

Hi @UmkaDK,

Thank you for reproducible steps. Working on that.

Side note: Blink stores keys in Secure Enclave so password protection for keys is rudimental since its main purpose to protected your key in file system and not authorize you on server.

You can add extra layer of protection to Blink with "Auto Lock".

[yury]

Hi @UmkaDK v12.5 should be ok.

[UrsaDK]

Thanks @yury! I'll try to update tonight and give it another go.

[UrsaDK]

@yury, fix confirmed! Importing ed25519 key from ~/.ssh into the config now works as expected.

However, simply upgrading the app is not enough. You need to close (exit) the old session and open a new one in order to do it.

[raubreywhite]

Hi. This is still broken.

I have an iPhone X and an iPad Pro. I go into my Mac, I open ~/.ssh/id_rsa, copy the text inside. I then open my iPhone/iPad and confirm that the private key is in the clipboard by pasting into an iMessage chat. I then go into Blink.sh and "import from clipboard". I then have a key whose RSA fingerprint is not correct (different to the one on GitHub). It also does not work when I try to ssh/mosh into my servers.

[yury]

Hi @raubreywhite,

Can you check again with 12.9? we parse keys with OpenSSH, so we can read all keys...

[peterhop]

I had this problem too. A workaround to fix it is to reinstall Blink. I’ve got Blink 12.9, iPad Air 2, iOS 12.3.1. My host is an AWS lightsail instance.

THE PROBLEM: Blink has been installed for several months.

• I put my key on the clipboard.
• In Blink I created a key via ‘Install from clipboard’ then I created my host using this key. When I tried to ssh to the host it said ‘Host key for server changed / (it said the key fingerprint) / For security reason connection will be stopped’.
• I immediately started Coda (iOS), created a new key from the clipboard, created a host using this key. I could ssh to the host fine.

THE WORKAROUND: I uninstalled Blink, reinstalled it. I can now create a key from the clipboard, create a host using this key, then ssh and mosh to the host fine.

[yury]

Hi @peterhop,

Can it be that uninstall/install is actually version upgrade? Because we reimplemented import keys using openssh.

[peterhop]

Good point.

No, the uninstall/install was not a version upgrade. I’d upgraded to Blink 12.9 immediately after it was released a few days ago and I only saw the problem in Blink 12.9.

I’m happy now. Maybe it was a glitch on my iPad. How about I wait a few weeks and see how it is then. And you can know if others report the problem.

[aalmenar]

I still cannot import ed25519 keys no matter what. Tried reinstalling the app but it says it’s invalid

[yury]

Hi @aalmenar,

How do you generate key? Can you generate key for me?

[aalmenar]

The first time i created it:

ssh-keygen -t ed25519 -o -a 256

[aalmenar]

@yury found a solution after a lot of testing.

If i add a newline at the end of the private key, it gets correctly imported.

[yury]

@aalmenar,

Oh! really? I was testing with cat ~/.ssh/id_ed25519 | pbcopy :)

Thank you, I will check that!

[peterhop]

Hi Adrian and Yury,

I reported this problem, or one like it a few months ago. You have ccd me by mistake or on purpose.

Anyway, while I have your attention: A few months ago had an error with an ssh connection (with a key) not working. I reinstalled Blink (iOS) and it came right. It is still working fine,

But, my ssh connection with a password suddenly stopped connecting about a month ago. And it gives me an error as if it is expecting a key. See screenshot.

Cheers, Peter

[Image]

---

From: Yury Korolev notifications@github.com Sent: Monday, September 2, 2019 7:39 AM To: blinksh/blink Cc: peterhop; Mention Subject: Re: [blinksh/blink] Cannot Import SSH key (#522)

@aalmenarhttps://github.com/aalmenar,

Oh! really? I was testing with cat ~/.ssh/id_ed25519 | pbcopy :)

Thank you, I will check that!

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHubhttps://github.com/blinksh/blink/issues/522?email_source=notifications&email_token=ABOVQIKFZNE6MQX2NWILQPTQHQLAHA5CNFSM4FDJGTP2YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOD5UJG6Q#issuecomment-526947194, or mute the threadhttps://github.com/notifications/unsubscribe-auth/ABOVQIIQ6J24GLBADBEVTLDQHQLAHANCNFSM4FDJGTPQ.

[innomadic]

What is the prescribed method for importing an SSH key from a Mac? I’m not seeing this documentation anywhere. In comments I see people talking about their clipboard and iCloud.

[phuntsogwangdus]

If you are using putty... After importing the ssh private key .... Go back to the session Tab and fill the Host address and other prerequisites .... and then try...

[innomadic]

If you are using putty... After importing the ssh private key .... Go back to the session Tab and fill the Host address and other prerequisites .... and then try...

Are you replying to me? I am talking about importing an SSH key to blink... from a Mac. Not using Putty (on Windows?)

[peterhop]

I’m not using putty, nor windows, nor Mac. Peter

---

From: innomadic notifications@github.com Sent: Monday, October 28, 2019 10:39 PM To: blinksh/blink Cc: peterhop; Mention Subject: Re: [blinksh/blink] Cannot Import SSH key (#522)

If you are using putty... After importing the ssh private key .... Go back to the session Tab and fill the Host address and other prerequisites .... and then try...

Are you replying to me? I am talking about importing an SSH key to blink... from a Mac. Not using Putty (on Windows?)

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHubhttps://github.com/blinksh/blink/issues/522?email_source=notifications&email_token=ABOVQIKE54GB4L637G4VBZLQQ2XLJA5CNFSM4FDJGTP2YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOECMIMYI#issuecomment-546866785, or unsubscribehttps://github.com/notifications/unsubscribe-auth/ABOVQIKSTNJZXGYD36GWAS3QQ2XLJANCNFSM4FDJGTPQ.

[maxgashkov]

Issue is still there. I've tried importing ed25519 ssh key created on another iOS device and was not able to do so.

Key was initially created with blink itself, so this is quite frustrating.

[carloscabanero]

I just tested it on same device and it is working perfectly. Could you check by pasting on notes that there are no weird spaces, or symbols? How are you moving it to the other device? AirDrop?

[maxgashkov]

I'm doing precisely that (pasting into notes first to check if there's no extra symbols). This affects only ed25519 key, RSA key was imported using the same actions successfully.

AirDrop is another thing that doesn't work — when I try to export key via AirDrop from the old device, it shows up on a new one and asks to open App Store despite the fact that blink is installed and even active in foreground.

[carloscabanero]

Obvious question but, have you tried on the same device? Does it work there if you immediately copy and import from clipboard?

[maxgashkov]

No, I haven't. Unfortunately, I can no longer check that, because in the end I had to recreate the key and update authorized_keys on every host I connect to. After that I wiped the old device.

[carloscabanero]

I will keep an eye on this nonetheless. We are trying to crash as many bugs as possible on these layers atm.

[ghost]

Getting the same error as UrsaDK with importing keys. How do I do this?

[jonnrb]

+1 ed25519 keys don't import. This is rather frustrating but I guess I'll just have to generate a new key which is probably best anyway :)

[thatspassion]

I had the same experience. Just vi the key and concat the string to one line:

cat .ssh/id_ed25519

-----BEGIN OPENSSH PRIVATE KEY-----
b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW
QyNTUxOQAAACDTMK8EF5a6w07EFoAV8WysyIDCGRrBgUxJ6FOYIak1eQAAAJCU1J/6lNSf
+gAAAAtzc2gtZWQyNTUxOQAAACDTMK8EF5a6w07EFoAV8WysyIDCGRrBgUxJ6FOYIak1eQ
AAAEAj9uMgSXqHY9S2mYXwm3q+CHVSgnKU3XvvjCfVxmk0TNMwrwQXlrrDTsQWgBXxbKzI
gMIZGsGBTEnoU5ghqTV5AAAAC2JsYUBibGEuY29tAQI=
-----END OPENSSH PRIVATE KEY-----

that's the linux generated key and it's wrong formatted for blink. should be like this.

-----BEGIN OPENSSH PRIVATE KEY-----
b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZWQyNTUxOQAAACDTMK8EF5a6w07EFoAV8WysyIDCGRrBgUxJ6FOYIak1eQAAAJCU1J/6lNSf+gAAAAtzc2gtZWQyNTUxOQAAACDTMK8EF5a6w07EFoAV8WysyIDCGRrBgUxJ6FOYIak1eQAAAEAj9uMgSXqHY9S2mYXwm3q+CHVSgnKU3XvvjCfVxmk0TNMwrwQXlrrDTsQWgBXxbKzIgMIZGsGBTEnoU5ghqTV5AAAAC2JsYUBibGEuY29tAQI=
-----END OPENSSH PRIVATE KEY-----

Hope i could help. Cheers!

[carloscabanero]

Thanks for the example, they should actually work with the proper format anyway. Will take a look. If someone else has an issue, please do not remove the key, rename it or store it to a file so we can properly test if there may be other scenarios.

We are blaming an issue between OpenSSH and LibSSH, and we will get a battery of tests ready so we can ensure everything is properly nailed down.

[ralyodio]

Still doesn’t work for me. I get invalid key format on iOS. I just sent myself my id_rsa.pub file using signal. Tried to import as file. Get invalid key.

Key is from Linux desktop

I deleted and reinstalled blink. Same issue.

[carloscabanero]

You cannot import a public key, you need to import the private key.