search

easingthemes / ssh-deploy

GitHub Action for deploying code via rsync over ssh. (with NodeJS)
MIT License
1.17k stars 144 forks source link

Bug: SSH fails: error in libcrypto; only when SSH not ended by new-line #160

Closed jakubboucek closed 10 months ago

jakubboucek commented 1 year ago

State:

Unexpected state:

[FILE] writing /home/runner/.ssh/deploy_key_admin_1692259681649 file ... 433
...
Executing remote script: ssh -i /home/runner/.ssh/deploy_key_user_1692259681649 user@server.com
⚠️ [CMD] Remote script failed: Command failed: DEBIAN_FRONTEND=noninteractive ssh -p 22 -i /home/runner/.ssh/deploy_key_user_1692259681649 -o StrictHostKeyChecking=no user@server.com 'RSYNC_STDOUT="" bash -s' < local_ssh_script-before.sh
Load key "/home/runner/.ssh/deploy_key_user_1692259681649": error in libcrypto
user@server.com: Permission denied (publickey,keyboard-interactive).

Expected state:

[FILE] writing /home/runner/.ssh/deploy_key_admin_1692259681649 file ... 431
...
[FILE] writing /home/runner/work/org/repo/local_ssh_script-before.sh file ... 53
Executing remote script: ssh -i /home/runner/.ssh/deploy_key_user_1692267542804 user@server.com
✅ [CMD] Remote script executed. 
...

Whats wrong:

Found success bypass:

Action works great when I add on new-line at the end of private key. (I't not a file, it's secret variable putted into GitHub web Form).

Probably bug reason:

The OpenSSH does not accept Windows-like new line (\r\n) and requires only Linux-like new line (\n). But this project appends Windows new line chars info end of key file:

https://github.com/easingthemes/ssh-deploy/blob/cf583aab4f795049a9b06ceab8404ea398a22f3f/src/sshKey.js#L22

This theory is verified by simple test:

ssh-keygen -m PEM -t ed25519 -f test-key
unix2dos test-key
ssh -i test-key user@server.com

Causes to: Load key "test-key": error in libcrypto.

Theory is also verified when I append one superfluous new line (\n) at the end of the key – SSH requires Linux-like new line immediately after PEM envelope, but ignores following content in file.

Expected fix:

Remove hard-coded Windows new-line from sshKey.js script.

isabisa commented 1 year ago

I'm having the exact same issue. Thank you for your work figuring it out and submitting a PR. I hope it gets approved and merged soon!

github-actions[bot] commented 11 months ago

This issue is stale because it has been open 30 days with no activity. Remove stale label or comment or this will be closed in 5 days.

easingthemes commented 11 months ago

Should be fixed in latest version https://github.com/easingthemes/ssh-deploy/releases/tag/v4.1.10

codespearhead commented 11 months ago

@jakubboucek Is the issue fixed in v4.1.10?

github-actions[bot] commented 10 months ago

This issue is stale because it has been open 30 days with no activity. Remove stale label or comment or this will be closed in 5 days.