Can't connect to a server via SSH using an ed25519 key

jakob / Postico

Public issue tracking for Postico

https://eggerapps.at/postico/

476 stars 9 forks source link

Closed nedvedad closed 1 year ago

nedvedad commented 1 year ago

I got "Private Key could not be read - here was a problem with the SSH private key: Unable to extract public key from private key file: Wrong passphrase or invalid/unrecognized private key file format. To try again, please provide a passphrase for decrypting the private key file:" instead.
Establishing the SSH connection using the same key/passphrase works using ssh via Terminal.

Postico version:
2.1 dev (9640)

macOS version:
13.4.1 (22F82)

jakob commented 1 year ago

Before we look into this, could you try updating to build 9642? I've updated libssh2 in that build.
Make sure to select the private key, not the public key
I've seen a similar error in the past when the key was encrypted with an algorithm that libssh2 didn't support. If the problem persists with build 9642, can you try checking the key with this tool: https://github.com/jakob/ssh-keyinfo, and let me know which algorithm it uses for encryption

nedvedad commented 1 year ago

Thank you for the quick reply.

The output reads:

length = 302 bytes
Key File Format: OpenSSH Key File Format Version 1
ciphername: aes256-gcm@openssh.com
kdfname: bcrypt
...

jakob commented 1 year ago

Thank you for the details. It seems that there's a bug in libssh2 that prevents it from reading OpenSSH Key files encrypted with AES GCM methods.

I've been able to find the source of the bug, and submitted a pull request to the libssh2 project: https://github.com/libssh2/libssh2/pull/1133

It's probably going to take a while until this fix is released, so I've updated Postico to build with a patched version of libssh2.

If you update to build 9644 or newer, your GCM-encrypted key should work!

nedvedad commented 1 year ago

That's very impressive Jakob, the connection works on build 9644. Thank you very much for your amazing support!