search

philr / putty-key

Ruby PuTTY private key (.ppk) library. Supports reading and writing with a refinement to OpenSSL::PKey to allow key conversion.
MIT License
7 stars 1 forks source link

Could not parse PKey: unsupported #1

Open wpietron opened 3 months ago

wpietron commented 3 months ago

Hi Guys, I hit some issue:

D:\git\vgwp\dbasm19>vagrant version
Installed Version: 2.4.1
Latest Version: 2.4.1

D:\git\vgwp\dbasm19>vagrant plugin install vagrant-multi-putty
Installing the 'vagrant-multi-putty' plugin. This can take a few minutes...
Fetching putty-key-1.1.1.gem
Fetching vagrant-multi-putty-1.6.0.gem
Installed the plugin 'vagrant-multi-putty (1.6.0)'!
D:\git\vgwp\dbasm19>vagrant ssh-config
Host default
  HostName 127.0.0.1
  User vagrant
  Port 2222
  UserKnownHostsFile /dev/null
  StrictHostKeyChecking no
  PasswordAuthentication no
  IdentityFile D:/git/vgwp/dbasm19/.vagrant/machines/default/virtualbox/private_key
  IdentitiesOnly yes
  LogLevel FATAL
  PubkeyAcceptedKeyTypes +ssh-rsa
  HostKeyAlgorithms +ssh-rsa
D:\git\vgwp\dbasm19>vagrant putty
d:/vghome/gems/3.1.4/gems/vagrant-multi-putty-1.6.0/lib/vagrant-multi-putty/command.rb:114:in `read': Could not parse PKey: unsupported (OpenSSL::PKey::PKeyError)
        from d:/vghome/gems/3.1.4/gems/vagrant-multi-putty-1.6.0/lib/vagrant-multi-putty/command.rb:114:in `block in get_putty_key_file'
        from <internal:kernel>:90:in `tap'
        from d:/vghome/gems/3.1.4/gems/vagrant-multi-putty-1.6.0/lib/vagrant-multi-putty/command.rb:112:in `get_putty_key_file'
        from d:/vghome/gems/3.1.4/gems/vagrant-multi-putty-1.6.0/lib/vagrant-multi-putty/command.rb:94:in `putty_connect'
        from d:/vghome/gems/3.1.4/gems/vagrant-multi-putty-1.6.0/lib/vagrant-multi-putty/command.rb:53:in `block in execute'
        from C:/Program Files/Vagrant/embedded/gems/gems/vagrant-2.4.1/lib/vagrant/plugin/v2/command.rb:249:in `block in with_target_vms'
        from C:/Program Files/Vagrant/embedded/gems/gems/vagrant-2.4.1/lib/vagrant/plugin/v2/command.rb:238:in `each'
        from C:/Program Files/Vagrant/embedded/gems/gems/vagrant-2.4.1/lib/vagrant/plugin/v2/command.rb:238:in `with_target_vms'
        from d:/vghome/gems/3.1.4/gems/vagrant-multi-putty-1.6.0/lib/vagrant-multi-putty/command.rb:51:in `execute'
        from C:/Program Files/Vagrant/embedded/gems/gems/vagrant-2.4.1/lib/vagrant/cli.rb:67:in `execute'
        from C:/Program Files/Vagrant/embedded/gems/gems/vagrant-2.4.1/lib/vagrant/environment.rb:319:in `cli'
        from C:/Program Files/Vagrant/embedded/gems/gems/vagrant-2.4.1/bin/vagrant:248:in `<main>'

I have no problems to convert D:\git\vgwp\dbasm19\.vagrant\machines\default\virtualbox\private_key with puttygen 0.8 with a confirmation comment "Successfully imported foreign key (OpenSSH SSH-2 private key (new format)) [...].

What else I may check to investigate this issue?

philr commented 3 months ago

Vagrant v2.4.0 changed the default generated private key type from RSA to Ed25519, with the key file now being saved using the new OpenSSH private key format (see hashicorp/vagrant#13219). This causes two problems:

  1. vagrant-multi-putty expects the private key file to be in PEM format and able to be opened using Ruby's OpenSSL::PKey class (see https://github.com/nickryand/vagrant-multi-putty/blob/4bd39e9df77a9d758b651b90cd4747d3c8c22fc1/lib/vagrant-multi-putty/command.rb#L114). The new OpenSSH private key format cannot be understood by OpenSSL. This causes the 'Could not parse PKey: unsupported (OpenSSL::PKey::PKeyError)' exception you are encountering.

  2. putty-key doesn't currently support conversion of Ed25519 keys. This is because it only supports conversion between OpenSSL::PKey objects and PuTTY private keys and support for Ed25519 has only been added to Ruby's OpenSSL bindings relatively recently.

As a workaround, you can have vagrant generate a RSA private key in PEM format that is supported by both vagrant-multi-putty and putty-key by setting config.ssh.key_type = :rsa in your Vagrantfile (see https://developer.hashicorp.com/vagrant/docs/vagrantfile/ssh_settings#config-ssh-key_type).

It looks like Vagrant should remove the default insecure public key from the VM after it is first provisioned (see https://github.com/hashicorp/vagrant/blob/d8fdc500b76c840cdeaa69869d0c000530b036b3/plugins/communicators/ssh/communicator.rb#L263). Changing the key type would therefore seem to require destroying the VM and re-provisioning.

In practice, I've found that it's failing to remove the insecure public key. I was able to run vagrant halt, change the Vagrantfile to set key_type, delete the .vagrant/machines/**/private_key files and then run vagrant up to re-provision with a new key.