Closed bshelton229 closed 3 years ago
I was able to reproduce this with
package main
import (
"bytes"
"flag"
"fmt"
"os"
"os/exec"
)
// Unused generated private key with key-test@example.com email
// Raw string without trailing newline
const KEY = `-----BEGIN OPENSSH PRIVATE KEY-----
fill-in-any-key from: ssh-keygen -t ed25519 -C "key-test@example.com"
-----END OPENSSH PRIVATE KEY-----`
func main() {
work := flag.Bool("work", false, "Should we make this work?")
flag.Parse()
var key []byte
if *work {
// If we're supposed to work add a newline
key = []byte(KEY + "\n")
} else {
key = []byte(KEY)
}
cmd := exec.Command("ssh-add", "-")
cmd.Stdout = os.Stdout
cmd.Stderr = os.Stderr
cmd.Stdin = bytes.NewReader(key)
cmd.Env = os.Environ()
err := cmd.Run()
if err != nil {
fmt.Println(err)
} else {
fmt.Println("OK")
}
}
SSH on my OSX machine exits 1 and has an invalid key error. SSH on Amazon Linux 2 where the stack runs prompts for a password on stdin and just sits there, which explains the buildkite step hanging indefinitely.
On al2 you get Enter passphrase for (stdin):
This fix has been incorporated in v5.5.0 of the Elastic CI Stack for AWS :tada: I know you’ve updated your key generation to work around this problem but do let us know if you see any further issues like this 😄
This definitely isn't a huge deal, but it took us a big to debug after the upgrade to the stack containing this secrets plugin. It looks like when the s3 object containing the private key (at least for our ed25519 keys) doesn't contain a trailing newline the stdin stream adding to ssh-agent hangs indefinitely. It's not a huge deal, we just updated our automation to include the trailing newline, which is of course standard in keys generated on disk. But, I thought I'd bring it up just in case somebody else runs into it.