Getting AWS error `Key is not in valid OpenSSH public key format`

[rkpatel33]

OS / Environment

macOS Sierra 10.12.3 on Macbook Pro 2013

Ansible version

ansible 2.2.0.0
  config file = /Users/rishi/Projects/trailofbits-algo/ansible.cfg
  configured module search path = Default w/o overrides

Version of components from requirements.txt

adal==0.4.5
ansible==2.2.0.0
apache-libcloud==1.5.0
appdirs==1.4.3
asn1crypto==0.22.0
azure==2.0.0rc5
azure-batch==0.30.0rc5
azure-common==1.1.4
azure-graphrbac==0.30.0rc5
azure-mgmt==0.30.0rc5
azure-mgmt-authorization==0.30.0rc5
azure-mgmt-batch==0.30.0rc5
azure-mgmt-cdn==0.30.0rc5
azure-mgmt-cognitiveservices==0.30.0rc5
azure-mgmt-commerce==0.30.0rc5
azure-mgmt-compute==0.30.0rc5
azure-mgmt-keyvault==0.30.0rc5
azure-mgmt-logic==0.30.0rc5
azure-mgmt-network==0.30.0rc5
azure-mgmt-notificationhubs==0.30.0rc5
azure-mgmt-nspkg==1.0.0
azure-mgmt-powerbiembedded==0.30.0rc5
azure-mgmt-redis==0.30.0rc5
azure-mgmt-resource==0.30.0rc5
azure-mgmt-scheduler==0.30.0rc5
azure-mgmt-storage==0.30.0rc5
azure-mgmt-web==0.30.0rc5
azure-nspkg==1.0.0
azure-servicebus==0.20.2
azure-servicemanagement-legacy==0.20.3
azure-storage==0.32.0
boto==2.46.1
boto3==1.4.4
botocore==1.5.38
certifi==2017.1.23
cffi==1.10.0
chardet==2.3.0
cryptography==1.8.1
docutils==0.13.1
dopy==0.3.5
enum34==1.1.6
futures==3.0.5
idna==2.5
ipaddress==1.0.18
isodate==0.5.4
Jinja2==2.8
jmespath==0.9.2
keyring==10.3.1
MarkupSafe==1.0
msrest==0.4.1
msrestazure==0.4.7
oauthlib==2.0.2
packaging==16.8
paramiko==2.1.2
pyasn1==0.2.3
pycparser==2.17
pycrypto==2.6.1
PyJWT==1.4.2
pyOpenSSL==16.2.0
pyparsing==2.2.0
python-dateutil==2.6.0
PyYAML==3.12
requests==2.13.0
requests-oauthlib==0.8.0
s3transfer==0.1.10
six==1.10.0

Summary of the problem

Command ./algo fails on this step with the following message:

TASK [cloud-ec2 : Add ssh public key] ******************************************
An exception occurred during task execution. To see the full traceback, use -vvv. The error was: <Response><Errors><Error><Code>InvalidKey.Format</Code><Message>Key is not in valid OpenSSH public key format</Message></Error></Errors><RequestID>082c34d9-0aeb-47bf-90e0-ecb0bcdd67bb</RequestID></Response>

Steps to reproduce the behavior

1. ./algo
2. Paste AWS Access key ID at prompt [AKIA...]:
3. Paste AWS Secret access key at prompt [ABCD...]:
4. Name the server
5. Choose region 3, N. California
6. Yes to Do you want macOS/iOS clients to enable "VPN On Demand" when connected to cellular networks?
7. Yes to Do you want macOS/iOS clients to enable "VPN On Demand" when connected to Wi-Fi?
8. No to all other questions.

The way of deployment (cloud or local)

EC2

Expected behavior

Actual behavior

Full log

PLAY [Configure the server] ****************************************************

TASK [setup] *******************************************************************
ok: [localhost]

TASK [Generate the SSH private key] ********************************************
ok: [localhost -> localhost]

TASK [Generate the SSH public key] *********************************************
ok: [localhost -> localhost]

TASK [Change mode for the SSH private key] *************************************
ok: [localhost -> localhost]

TASK [Ensure the dynamic inventory exists] *************************************
ok: [localhost]

TASK [cloud-ec2 : Locate official Ubuntu 16.04 AMI for region] *****************
ok: [localhost]

TASK [cloud-ec2 : set_fact] ****************************************************
ok: [localhost]

TASK [cloud-ec2 : Add ssh public key] ******************************************
An exception occurred during task execution. To see the full traceback, use -vvv. The error was: <Response><Errors><Error><Code>InvalidKey.Format</Code><Message>Key is not in valid OpenSSH public key format</Message></Error></Errors><RequestID>6929cc84-7f09-4b47-88e8-add91fa36e7e</RequestID></Response>
failed: [localhost] (item=ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKzvfE+qS09w+okgrO0gY7jryF0lSCxdEO/O0UaUhuZe algo@ssh) => {"failed": true, "item": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKzvfE+qS09w+okgrO0gY7jryF0lSCxdEO/O0UaUhuZe algo@ssh", "module_stderr": "Traceback (most recent call last):\n  File \"/var/folders/s4/yb1g_2f575jdyn2b3k7g0c9h0000gn/T/ansible_oQjgia/ansible_module_ec2_key.py\", line 244, in <module>\n    main()\n  File \"/var/folders/s4/yb1g_2f575jdyn2b3k7g0c9h0000gn/T/ansible_oQjgia/ansible_module_ec2_key.py\", line 207, in main\n    key = ec2.import_key_pair(name, key_material)\n  File \"/Users/rishi/Projects/trailofbits-algo/env/lib/python2.7/site-packages/boto/ec2/connection.py\", line 2940, in import_key_pair\n    return self.get_object('ImportKeyPair', params, KeyPair, verb='POST')\n  File \"/Users/rishi/Projects/trailofbits-algo/env/lib/python2.7/site-packages/boto/connection.py\", line 1208, in get_object\n    raise self.ResponseError(response.status, response.reason, body)\nboto.exception.EC2ResponseError: EC2ResponseError: 400 Bad Request\n<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<Response><Errors><Error><Code>InvalidKey.Format</Code><Message>Key is not in valid OpenSSH public key format</Message></Error></Errors><RequestID>6929cc84-7f09-4b47-88e8-add91fa36e7e</RequestID></Response>\n", "module_stdout": "", "msg": "MODULE FAILURE"}

[DavidBarrick]

I'm having the same issue.

[jpmaniac]

Add another to having this issue....

[charlesbdudley]

Seems like this is the offending commit: https://github.com/trailofbits/algo/commit/95e0134f2132ba08950327afe70de1db3d71fcc6

It works for me when I checkout the prior commit: https://github.com/trailofbits/algo/commit/e55ce03906b0bb34da6cecf249cef2c5337512e5

[defunctio]

Sure is, AWS does not support ed25519 keys.

[dguido]

Fixed in https://github.com/trailofbits/algo/commit/25e0e9085d879d034518d0bf09c59124d55fbf00

[charlesbdudley]

Thanks!

[rkpatel33]

I seem to be still getting this message after pulling master and running ./algo again, any ideas here? I have confirmed at I have the fix commit above.

TASK [cloud-ec2 : set_fact] ****************************************************
ok: [localhost]

TASK [cloud-ec2 : Add ssh public key] ******************************************
An exception occurred during task execution. To see the full traceback, use -vvv. The error was: <Response><Errors><Error><Code>InvalidKey.Format</Code><Message>Key is not in valid OpenSSH public key format</Message></Error></Errors><RequestID>4f7cb1a4-9039-4119-b499-a60c53c78858</RequestID></Response>
failed: [localhost] (item=ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKzvfE+qS09w+okgrO0gY7jryF0lSCxdEO/O0UaUhuZe algo@ssh) => {"failed": true, "item": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKzvfE+qS09w+okgrO0gY7jryF0lSCxdEO/O0UaUhuZe algo@ssh", "module_stderr": "Traceback (most recent call last):\n  File \"/var/folders/s4/yb1g_2f575jdyn2b3k7g0c9h0000gn/T/ansible_x_qELP/ansible_module_ec2_key.py\", line 244, in <module>\n    main()\n  File \"/var/folders/s4/yb1g_2f575jdyn2b3k7g0c9h0000gn/T/ansible_x_qELP/ansible_module_ec2_key.py\", line 207, in main\n    key = ec2.import_key_pair(name, key_material)\n  File \"/Users/rishi/.virtualenv/default/lib/python2.7/site-packages/boto/ec2/connection.py\", line 2940, in import_key_pair\n    return self.get_object('ImportKeyPair', params, KeyPair, verb='POST')\n  File \"/Users/rishi/.virtualenv/default/lib/python2.7/site-packages/boto/connection.py\", line 1208, in get_object\n    raise self.ResponseError(response.status, response.reason, body)\nboto.exception.EC2ResponseError: EC2ResponseError: 400 Bad Request\n<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<Response><Errors><Error><Code>InvalidKey.Format</Code><Message>Key is not in valid OpenSSH public key format</Message></Error></Errors><RequestID>4f7cb1a4-9039-4119-b499-a60c53c78858</RequestID></Response>\n", "module_stdout": "", "msg": "MODULE FAILURE"}

[jimmyjam6916]

Im getting it also

[jimmyjam6916]

Do I need to open new ticket since this is closed?

[jackivanov]

@jimmyjam6916 delete the old key rm -f configs/algo.pem and run algo agian

[rkpatel33]

That did it, thanks!