Ed25519 key-pair does not seem to work with OpenSSH

dvusboy commented 9 months ago

So, in my Packer template, I set type = "ed25519". The build failed during Ansible provisioning with the following error:

    virtualbox-iso.helpdesk: TASK [Gathering Facts] *********************************************************
    virtualbox-iso.helpdesk: fatal: [default]: UNREACHABLE! => {"changed": false, "msg": "Failed to connect to the host via ssh: Warning: Permanently added '[127.0.0.1]:4313' (ED25519) to the list of known hosts.\r\nLoad key \"~/.cache/packer/ssh_private_key_packer_ed25519.pem\": invalid format\r\nroot@127.0.0.1: Permission denied (publickey,password).", "unreachable": true}

So, I try to SSH manually with the said key, and got an "invalid format" error message:

% ssh -i ~/.cache/packer/ssh_private_key_packer_ed25519.pem -p 4313 root@127.0.0.1
Load key "~/.cache/packer/ssh_private_key_packer_ed25519.pem": invalid format
root@127.0.0.1's password:

This is the content of the private key file:

% cat ~/.cache/packer/ssh_private_key_packer_ed25519.pem
-----BEGIN PRIVATE KEY-----
MC4CAQAwBQYDK2VwBCIEIBQ8cOgcVDOnss2apPPE3qDgyu9lhjvOtSfGEDkBSVRu
-----END PRIVATE KEY-----

Comparing this to an Ed25519 key-pair produced by ssh-keygen, it seems rather short:

After switching to type = "rsa", the Packer template worked.

jay7x commented 2 months ago

Just hit this also. Quick-googled some more details: https://stackoverflow.com/questions/71850135/generate-ed25519-key-pair-compatible-with-openssh

The x509 package does not support marshaling ed25519 key types in the format used by openssh, so as you've discovered, this code - which works with other key types - fails for ed25519 keys

There are few workarounds mentioned as well.

dvusboy commented 2 months ago

There lies the rub: the point of the plugin is to generate SSH keys, obviously requiring compatibility with OpenSSH. At this point, I would consider ed25519 not supported.

ivoronin / packer-plugin-sshkey

Ed25519 key-pair does not seem to work with OpenSSH #61