SSH Private Key password does not work / not supported

[Magmaruss]

I tried to connect to my VM using nanoCloud, but there is no possibility to set private-key-password. When I tried to set KEY_PASSWORD, there was no result. I see, that You use JSch inside project to connect with VM's and I tried to connect with clean JSch library and all is good, but in nanoCloud there is no possibility to set this JSch property. The JSch identity is added in SimpleSshSessionProvider in line: jsch.addIdentity(path)

I need one small fix to have possibility to set second argument of addIdentity method - "password" like this: jsch.addIdentity(path, sshPassword)

Below I paste the example of working key auth by JSch (maybe will be useful/helpful):

JSch jsch = new JSch();
jsch.addIdentity("path", "password");
Session session = jsch.getSession("user", "0.0.0.0", 22);
session.setConfig("PreferredAuthentications", "publickey,keyboard-interactive,password");
session.setConfig("StrictHostKeyChecking", "no");
session.connect();

[aragozin]

If PK is encrypted, JSch would try to prompt for passphrase on connection. Nanocloud would supply password configured for session as passphrase.

I'm not sure what do you mean by KEY_PASSWORD, all configuration are passed either via node properties of ~/ssh-credentials.prop (see https://github.com/gridkit/nanocloud/blob/vicluster-0.8/docs/NanoCloud_Configuring_SSH_credentials.md)

[Magmaruss]

I tried to configure ssh-credentials.prop, because before I was using configuration from Java, but result is the same. My configuration:

10.187.2.203=user
user@10.187.2.203!private-key=/home/user/key-file
user@10.187.2.203!password=mypassword

So the problem is that nanoCloud doesn't prompt for key password and the password in configuration is not used for my key but it's used for my user, but I don't have any user password. Above is part of trace from console:

578 [ViNode[10.187.2.203] init] DEBUG remoting.ssh.jsch  - Authentications that can continue: publickey,keyboard-interactive,password
578 [ViNode[10.187.2.203] init] DEBUG remoting.ssh.jsch  - Next authentication method: publickey
579 [ViNode[10.187.2.203] init] DEBUG org.gridkit.vicluster.telecontrol.ssh.SimpleSshSessionProvider  - [10.187.2.203] SSH: Passphrase for /home/kamil/bastion-key <- yes
579 [ViNode[10.187.2.203] init] DEBUG org.gridkit.vicluster.telecontrol.ssh.SimpleSshSessionProvider  - [10.187.2.203] SSH: passphrase = mypassword
579 [ViNode[10.187.2.203] init] DEBUG org.gridkit.vicluster.telecontrol.ssh.SimpleSshSessionProvider  - [10.187.2.203] SSH: Passphrase for /home/kamil/bastion-key <- yes
579 [ViNode[10.187.2.203] init] DEBUG org.gridkit.vicluster.telecontrol.ssh.SimpleSshSessionProvider  - [10.187.2.203] SSH: passphrase = mypassword
579 [ViNode[10.187.2.203] init] DEBUG org.gridkit.vicluster.telecontrol.ssh.SimpleSshSessionProvider  - [10.187.2.203] SSH: Passphrase for /home/kamil/bastion-key <- yes
579 [ViNode[10.187.2.203] init] DEBUG org.gridkit.vicluster.telecontrol.ssh.SimpleSshSessionProvider  - [10.187.2.203] SSH: passphrase = mypassword
579 [ViNode[10.187.2.203] init] DEBUG org.gridkit.vicluster.telecontrol.ssh.SimpleSshSessionProvider  - [10.187.2.203] SSH: Passphrase for /home/kamil/bastion-key <- yes
579 [ViNode[10.187.2.203] init] DEBUG org.gridkit.vicluster.telecontrol.ssh.SimpleSshSessionProvider  - [10.187.2.203] SSH: passphrase = mypassword
579 [ViNode[10.187.2.203] init] DEBUG org.gridkit.vicluster.telecontrol.ssh.SimpleSshSessionProvider  - [10.187.2.203] SSH: Passphrase for /home/kamil/bastion-key <- yes
579 [ViNode[10.187.2.203] init] DEBUG org.gridkit.vicluster.telecontrol.ssh.SimpleSshSessionProvider  - [10.187.2.203] SSH: passphrase = mypassword
579 [ViNode[10.187.2.203] init] DEBUG remoting.ssh.jsch  - Disconnecting from 10.187.2.203 port 22
586 [ViNode[10.187.2.203] init] ERROR org.gridkit.vicluster.ViNodeSet  - ViNode[10.187.2.203] initialization has failed
java.lang.RuntimeException: org.gridkit.internal.com.jcraft.jsch.JSchException: Auth fail
    at org.gridkit.nanocloud.telecontrol.ssh.RemoteConsoleInitializer$TunnelInitializer.ensureConsole(RemoteConsoleInitializer.java:195)
    at org.gridkit.nanocloud.telecontrol.ssh.RemoteConsoleInitializer$TunnelInitializer.getService(RemoteConsoleInitializer.java:154)
    at org.gridkit.nanocloud.telecontrol.ssh.RemoteConsoleInitializer$TunnelInitializer.getService(RemoteConsoleInitializer.java:137)
    at org.gridkit.vicluster.AbstractCloudContext.lookup(AbstractCloudContext.java:50)
    at org.gridkit.nanocloud.telecontrol.ssh.RemoteConsoleInitializer.initConsole(RemoteConsoleInitializer.java:61)
    at org.gridkit.nanocloud.telecontrol.ssh.RemoteConsoleInitializer.apply(RemoteConsoleInitializer.java:35)
    at org.gridkit.vicluster.ViEngine$InductiveRuleHook.rerun(ViEngine.java:867)
    at org.gridkit.vicluster.ViEngineGame.play(ViEngineGame.java:83)
    at org.gridkit.vicluster.ViEngine$Core.processPhase(ViEngine.java:301)
    at org.gridkit.vicluster.ViEngine$Core.ignite(ViEngine.java:151)
    at org.gridkit.vicluster.telecontrol.jvm.ViEngineNodeProvider.createNode(ViEngineNodeProvider.java:34)
    at org.gridkit.vicluster.ViManager$ManagedNode.createNode(ViManager.java:565)
    at org.gridkit.vicluster.ViManager$ManagedNode.access$900(ViManager.java:298)
    at org.gridkit.vicluster.ViManager$ManagedNode$InitTask.run(ViManager.java:576)
    at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
    at java.util.concurrent.FutureTask.run(FutureTask.java:266)
    at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
    at java.lang.Thread.run(Thread.java:748)
Caused by: org.gridkit.internal.com.jcraft.jsch.JSchException: Auth fail
    at org.gridkit.internal.com.jcraft.jsch.Session.connect(Session.java:488)
    at org.gridkit.internal.com.jcraft.jsch.Session.connect(Session.java:166)
    at org.gridkit.vicluster.telecontrol.ssh.SimpleSshSessionProvider.getSession(SimpleSshSessionProvider.java:112)
    at org.gridkit.nanocloud.telecontrol.ssh.RemoteConsoleInitializer$TunnelInitializer.ensureConsole(RemoteConsoleInitializer.java:193)
    ... 18 more

And look that if prop configuration is used then SimpleSshSessionProvider.java is used too and the setKeyFile method doesn't set any password for key in jsch.addIdentity method in line 74. There should be second configurable argument which set the key password for key in JSch lib. So the result is "Auth fail" but the exception is caused by JSch lib.