canonical / charm-duplicity

A charm that provides functionality for both manual and automatic backups for a deployed application
0 stars 3 forks source link

Check if private_ssh_key is in pem format #6

Closed jneo8 closed 10 months ago

jneo8 commented 10 months ago

If you configure an ssh key in openssh format (which is the default format for ssh-keygen on my 22.04, e.g. ssh-keygen -f ./duptest-rsa4096 -b 4096), duplicity will complain about about invalid keys:

0 $ juju run-action --wait duplicity/5 do-backup
unit-duplicity-5:
  UnitId: duplicity/5
  id: "64"
  message: |
    Command "['duplicity', 'full', '/etc', 'sftp://ubuntu@10.55.217.195/backup//duplicity-5', '--ssh-options=-oIdentityFile=/root/.ssh/duplicity_id_rsa', '--no-encryption']" failed with return code "23" and error output:
    BackendException: ssh connection to ubuntu@10.55.217.195:22 failed: Invalid key
  results: {}
  status: failed

If I use a key in the pem format (ssh-keygen -f ./duptest-rsa4096pem -m pem -b 4096), it works:

1 $ juju config duplicity private_ssh_key="$(base64 -w0 ./duptest-rsa4096pem)"
0 $ juju run-action --wait duplicity/5 do-backup
unit-duplicity-5:
  UnitId: duplicity/5
  id: "68"
  results:
    output: |+
      Local and Remote metadata are synchronized, no sync needed.
      Last full backup date: none
      --------------[ Backup Statistics ]--------------
      StartTime 1676641484.57 (Fri Feb 17 13:44:44 2023)
      EndTime 1676641484.94 (Fri Feb 17 13:44:44 2023)
      ElapsedTime 0.37 (0.37 seconds)
      SourceFiles 1538
      SourceFileSize 2912855 (2.78 MB)
      NewFiles 1538
      NewFileSize 2912855 (2.78 MB)
      DeletedFiles 0
      ChangedFiles 0
      ChangedFileSize 0 (0 bytes)
      ChangedDeltaSize 0 (0 bytes)
      DeltaEntries 1538
      RawDeltaSize 1985103 (1.89 MB)
      TotalDestinationSizeChange 505788 (494 KB)
      Errors 0
      -------------------------------------------------

  status: completed

The issue lies with paramiko (https://github.com/paramiko/paramiko/issues/1313), but it would help to have a check here, or automatically convert it to the right format. The file itself is verbose enough to tell:

1 $ head -n 2 duptest-rsa4096 duptest-rsa4096pem
==> duptest-rsa4096 <==
-----BEGIN OPENSSH PRIVATE KEY-----
b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAACFwAAAAdzc2gtcn

==> duptest-rsa4096pem <==
-----BEGIN RSA PRIVATE KEY-----
MIIJJgIBAAKCAgEAs93Lftc4zacbwFqU0CvX/CzZeRG91vLsXQV4gePbw5euWWRb

Imported from Launchpad using lp2gh.