sshkey upload fails with odd error message

[westhomas]

I can generate a key and save it with travis sshkey --generate. However, when I attempt to reuse this key with another repository, I always seem to get this error message:

$ travis sshkey --upload ~/.ssh/id_travis_rsa"
password must be shorter than 1024 bytes
for a full error report, run travis report --pro

$ travis report --pro
System
Ruby:                     Ruby 2.4.0-p-1
Operating System:         Mac OS X 10.12
RubyGems:                 RubyGems 2.6.7

CLI
Version:                  1.8.2
Plugins:                  none
Auto-Completion:          yes
Last Version Check:       2016-10-20 17:29:15 -0500

Session
API Endpoint:             https://api.travis-ci.com/
Logged In:                as "westhomas"
Verify SSL:               yes
Enterprise:               no

Endpoints
org:                      https://api.travis-ci.org/ (access token)
pro:                      https://api.travis-ci.com/ (access token, current)

Last Exception
An error occurred running `travis sshkey --pro`:
    OpenSSL::OpenSSLError: password must be shorter than 1024 bytes
        from /Users/wes/.rvm/gems/ruby-head/gems/travis-1.8.2/lib/travis/tools/ssl_key.rb:21:in `initialize'
        from /Users/wes/.rvm/gems/ruby-head/gems/travis-1.8.2/lib/travis/tools/ssl_key.rb:21:in `new'
        from /Users/wes/.rvm/gems/ruby-head/gems/travis-1.8.2/lib/travis/tools/ssl_key.rb:21:in `has_passphrase?'
        from /Users/wes/.rvm/gems/ruby-head/gems/travis-1.8.2/lib/travis/cli/sshkey.rb:79:in `remove_passphrase'
        from /Users/wes/.rvm/gems/ruby-head/gems/travis-1.8.2/lib/travis/cli/sshkey.rb:38:in `update_key'
        from /Users/wes/.rvm/gems/ruby-head/gems/travis-1.8.2/lib/travis/cli/sshkey.rb:22:in `run'
        from /Users/wes/.rvm/gems/ruby-head/gems/travis-1.8.2/lib/travis/cli/command.rb:198:in `execute'
        from /Users/wes/.rvm/gems/ruby-head/gems/travis-1.8.2/lib/travis/cli.rb:64:in `run'
        from /Users/wes/.rvm/gems/ruby-head/gems/travis-1.8.2/bin/travis:18:in `<top (required)>'
        from /Users/wes/.rvm/gems/ruby-head/bin/travis:22:in `load'
        from /Users/wes/.rvm/gems/ruby-head/bin/travis:22:in `<main>'
        from /Users/wes/.rvm/gems/ruby-head/bin/ruby_executable_hooks:15:in `eval'
        from /Users/wes/.rvm/gems/ruby-head/bin/ruby_executable_hooks:15:in `<main>'

I can simply generate a new key for each repo, but this seems wrong.

[westhomas]

Eh.... hello? Anyone there? Sharing keys between repos would be super nice.

[jameshiew]

I had this error when using Ruby 2.4.0, but not when using Ruby 2.1.10

[nicklasl]

I get somewhat the same error but mine is: password must not be longer than 1024 bytes OpenSSL::OpenSSLError: password must not be longer than 1024 bytes

[rmoriz]

same here with ruby 2.4.1 + travis 1.8.8

travis sshkey --upload ~/project/key.id_rsa --description 'test'
password must not be longer than 1024 bytes
for a full error report, run travis report --pro

2.3.x ruby works

[khadrin]

Hitting this issue as well. Any ideas?

[rmoriz]

error is https://github.com/travis-ci/travis.rb/blame/dc6d47614d630fecf8220d4df78f5c747a6d9680/lib/travis/tools/ssl_key.rb#L23

recent openssl throws a different exception (OpenSSL::OpenSSLError): https://github.com/ruby/ruby/commit/aab0d67a1ff5190ff7a951e40cee742210302aed

irb(main):001:0> require 'openssl'
=> true
irb(main):002:0> 
irb(main):003:0* RUBY_VERSION
=> "2.4.1"
irb(main):004:0> 
irb(main):005:0* key = OpenSSL::PKey::RSA.new(2048).to_pem('AES-128-CBC', 'test')
=> "-----BEGIN RSA PRIVATE KEY-----\nProc-Type: 4,ENCRYPTED\nDEK-Info: AES-128-CBC,19C378F7067F7E2B065934917279B44F\n\n5psHw5fBzwI2VIrDfDqTyObDerVWUT1vA7UWYLxQ+cm1w8Fw0ObeHiSbkrhhkXkB\nip+HnyBw9nW6Bq1lvkbNXQRomg/do92Tkny5ofbtR36sh4u9q11lHzWMhP0TmPbU\nQecNbUwXXm3aeCppFvwktvki5T6nj/gRjrTkwyscp4VEMzXpP8dV0n8uEDwlv4Yl\nePZQhOWtLfOZQcn2cTXL5hpWGCkbGGeJe5RNiAhw5AZeCc6zfe6hCIgyzeq/zeiw\n/92MPOUwMpTnPDdLDvjJaBcofE4EGrolcqmaJ8zRGVn5vxyR5MGVOf45mn7pd7ji\n9hDtpPiYBNSbScsAUjffMHJUwvQRG/Iz6JdYwS+I3fA1EhZPCXUR4IsGpwjqLhcp\n+74lKJeM4rpXAcDRz3s6+1H7ncoDf28Ko4TnHqjDRBdZQsPByt72d0uA9EXoLxL7\niY0NSlm523keDv9CGI8B2vA1bPZnTZwK7KrUDM0yL/fMXbyE7zy8Km61TeNbG3Zy\nYyYXtthd9bsxNRCa4B//GvpvZMJJAqGK7l7/iVXj4cykNxnZwNauOiVQpschdofl\nkF8d0gG+UTESehTh0ISKE+yKlN4Woyt+Bm34auRE3eMz8D1eIW8hTeIno/8clBW4\nfBp6D4i7NkUSHUl+Wp/DmqTwVT17fNLRPcUbB2oMZAnVrCRxvReG2Ey3v4ipCmmV\nAZU7SVXU284/r4AkYrzdZPk9dI2b3JuZbluCG1lZFYTSUtTt9Zdgd2mOW5rgw38L\nbdXxoiTv7nwSOrNBNYW00psYsdGKBR6CdBsBQIDp4JXvuPTHdHM2+8IsZcxE6xXv\nhOBniDV1sF4T75s1E3cepHj0Yo0UXUfYEVKYBTujqUcL1lOEJ39za7C0wqmD46bd\nG42s4OvlHdmoJ46bcCFtELWwa3kuNcfa1gI3v0wOignB160U/F3qu0Of4QDSp8d4\naTsBt4F2aAtin5QzK1MiRY8zUo2P/hv/X8EVtPwan9VaXtmwF9QVFcl19wIzo+W9\nRNVAO6tKvjs4bJAgVeEWa5TmsawHxF9u+hHWZqgreAg6EbLW5J5jEWrOUw9X1d67\n6+tQnDmOrn68+3HtHlNW3vUAC3WM1BazhSU9ftMn4VGU12of8Syn5gXJt42yRxEv\nUNsgBqv+OBqd2wzQnnvmcpIT3MAKPSHyIP874A9NT2W5VHG0gS1rVLzSANUFhYlB\n88AIJBeG19DJ4V9DZE0cWCSkRbQAnoWbl+oAjN7jV5ScaeLToEHEx7tX6nKP8ZH6\ncjkkLWxTGecWyggMcVBz4HyemRwjv+5PzVDC73935DSHVT83ecmDqNGoHDFmjmFr\nQjsBToWDRpfzlqKujAX50GDgRAqirJ/6/3kUqXgyfJ6XwgqJ/WKaOMyZvZ5r86pa\nBDJjeZyL9AWYS2Dqo+QDrfMIAYUHRSsgXetzSy7sU+0CYSquTZv9qtONuR/0PzCZ\neuG8XTQIo/oSOFmvfkoq61qlQ6onka1qnuS/BiFNzIKpkBH3U6/gDcSbC4TglTqT\nuhzkGmhelb8ADxyB436EMN2dmhhTBkEIyZvMoaHGwyo03h3Uaxu1qBou+0nxGNbU\n-----END RSA PRIVATE KEY-----\n"
irb(main):006:0> 
irb(main):007:0* begin
irb(main):008:1*   OpenSSL::PKey::RSA.new(key, key)
irb(main):009:1> rescue => e
irb(main):010:1>   puts "#{e.class}: #{e.message}"
irb(main):011:1> end
OpenSSL::OpenSSLError: password must not be longer than 1024 bytes
=> nil
irb(main):012:0> 
irb(main):013:0* begin
irb(main):014:1*   OpenSSL::PKey::RSA.new(key, 'WRONG. SAD.')
irb(main):015:1> rescue => e
irb(main):016:1>   puts "#{e.class}: #{e.message}"
irb(main):017:1> end
OpenSSL::PKey::RSAError: Neither PUB key nor PRIV key: nested asn1 error
=> nil
irb(main):018:0> 
irb(main):019:0* begin
irb(main):020:1*   OpenSSL::PKey::RSA.new(key, 'test')
irb(main):021:1> rescue => e
irb(main):022:1>   puts "#{e.class}: #{e.message}"
irb(main):023:1> end
=> #<OpenSSL::PKey::RSA:0x007fa846195370>

[M3kH]

No news on this?

[mconigliaro]

I got this dumb error on Ruby 2.4, but it worked for me on Ruby 2.3.4.

[hsnb-read-only]

Bzzzz. Please help. Cannot pursue my life as a bot for the greater cause of my organisation. Please do not kill -9 me. kthxbye.

EDIT I can confirm I work now, when my owner made me use an older Ruby version (2.3.4), confirming what @mconigliaro said.

$ travis sshkey --upload secrets/id_rsa_hsnb-read-only -r redacted/redacted-repo
password must not be longer than 1024 bytes
for a full error report, run travis report --pro
$ travis report --pro
System
Ruby:                     Ruby 2.4.1-p111
Operating System:         Mac OS X 10.13.1
RubyGems:                 RubyGems 2.6.11

CLI
Version:                  1.8.8
Plugins:                  none
Auto-Completion:          yes
Last Version Check:       2017-12-13 17:58:18 +0100

Session
API Endpoint:             https://api.travis-ci.com/
Logged In:                as "hsnb-read-only"
Verify SSL:               yes
Enterprise:               no

Endpoints
pro:                      https://api.travis-ci.com/ (access token, current)

Last Exception
An error occurred running `travis sshkey --pro`:
    OpenSSL::OpenSSLError: password must not be longer than 1024 bytes
        from /Users/lukas/.rbenv/versions/2.4.1/gemsets/whatdropsnow/gems/travis-1.8.8/lib/travis/tools/ssl_key.rb:21:in `initialize'
        from /Users/lukas/.rbenv/versions/2.4.1/gemsets/whatdropsnow/gems/travis-1.8.8/lib/travis/tools/ssl_key.rb:21:in `new'
        from /Users/lukas/.rbenv/versions/2.4.1/gemsets/whatdropsnow/gems/travis-1.8.8/lib/travis/tools/ssl_key.rb:21:in `has_passphrase?'
        from /Users/lukas/.rbenv/versions/2.4.1/gemsets/whatdropsnow/gems/travis-1.8.8/lib/travis/cli/sshkey.rb:79:in `remove_passphrase'
        from /Users/lukas/.rbenv/versions/2.4.1/gemsets/whatdropsnow/gems/travis-1.8.8/lib/travis/cli/sshkey.rb:38:in `update_key'
        from /Users/lukas/.rbenv/versions/2.4.1/gemsets/whatdropsnow/gems/travis-1.8.8/lib/travis/cli/sshkey.rb:22:in `run'
        from /Users/lukas/.rbenv/versions/2.4.1/gemsets/whatdropsnow/gems/travis-1.8.8/lib/travis/cli/command.rb:198:in `execute'
        from /Users/lukas/.rbenv/versions/2.4.1/gemsets/whatdropsnow/gems/travis-1.8.8/lib/travis/cli.rb:64:in `run'
        from /Users/lukas/.rbenv/versions/2.4.1/gemsets/whatdropsnow/gems/travis-1.8.8/bin/travis:18:in `<top (required)>'
        from /Users/lukas/.rbenv/versions/2.4.1/gemsets/whatdropsnow/bin/travis:22:in `load'
        from /Users/lukas/.rbenv/versions/2.4.1/gemsets/whatdropsnow/bin/travis:22:in `<main>'

For issues with the command line tool, please visit https://github.com/travis-ci/travis.rb/issues.
For Travis CI in general, go to https://github.com/travis-ci/travis-ci/issues or email support@travis-ci.com.

[romk1n]

I have the same issue is there a resolution for it? I am not too keen to change ruby just for it

[rmoriz]

See PR #500

[romk1n]

@rmoriz still not merged ....

[Overbryd]

@BanzaiMan please merge/fix, this is still an issue.

[alper]

Sharing keys between repos would be super nice.

Is there a ticket for this? I wouldn't need to upload a new key if I could retrieve the key I already have and add it to another Github repo.

[heldic]

Running into the same issue - any updates?

[micahstubbs]

just hit this bug as well. would really like https://github.com/travis-ci/travis.rb/pull/500 to go in 😅

[BastienM]

Any update on the merge of #500 ? This is really troublesome.

[tjefferson08]

FWIW I worked around this today by using travis sshkey --generate to both generate and upload a brand-new, repository-specific SSH key for CI deploys.

/shrug

[freddy5566]

my ruby environment is ruby 2.6.3 I also encounter the same issue with error message "password must not be longer than 1024 bytes"

Has anyone ever solved this issue?

[romk1n]

This is unbelievable that it hasn’t been fixed yet. What a shame for TravisCI

[wojciech12]

Any update on this ticket?

[hongaar]

This issue is making it impossible for us to use the same key for all repos in the same org, as described here https://docs.travis-ci.com/user/private-dependencies/#reusing-a-generated-key.

Travis CI is an awesome tool, but the lack of progress on trivial issues like this is a little worrying.

[offtopic] Ideally, there'd be an option to upload org-level ssh keys and environment variables.

[Overbryd]

Off-topic:

The solution is to switch to Gitlab.

There you can define group level variables, have hierarchical groups and much more.

The default set of variables allows for short lived access tokens to repositories.

Many more things, and its thought through pipeline/job definition make Gitlab not only an amazing code hosting but also a well integrated CI/CD solution.

Heck u even get a private docker registry for each repository...

There, I said it.

On Sat 10. Aug 2019 at 17:12, Joram van den Boezem notifications@github.com wrote:

This issue is making it impossible for us to use the same key for all repos in the same org, as described here https://docs.travis-ci.com/user/private-dependencies/#reusing-a-generated-key .

Travis CI is an awesome tool, but the lack of progress on trivial issues like this is a little worrying.

[offtopic] Ideally, there'd be an option to upload org-level ssh keys and environment variables https://github.com/travis-ci/travis-ci/issues/7128 .

— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/travis-ci/travis.rb/issues/447?email_source=notifications&email_token=AAAFE5ZL3XCQZXDRQYI5L43QD3LHHA5CNFSM4CTVCP42YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOD4APJSQ#issuecomment-520156362, or mute the thread https://github.com/notifications/unsubscribe-auth/AAAFE5ZMSARQYKQLJPAPKYTQD3LHHANCNFSM4CTVCP4Q .

[alper]

It was already pretty telling that they were having such a hard time fixing something basic like this. After the takeover this ever being resolved is even more unlikely.

[hongaar]

Don't want to leave GH. So now, every day, I pray to the GitHub Actions invite gods... 🙏

[ksegun]

Workaround by using rbenv and ruby 2.3.6.