Really strange problem with ed25519 key request

[AndreaBarghigiani]

Hi all, I am writing here even if there was an active discussion in the wordmove repository because I am running the Docker WordMove container and I got the same strange error as in the other discussion:

/usr/local/bundle/gems/net-ssh-4.2.0/lib/net/ssh/authentication/ed25519_loader.rb:19:in `raiseUnlessLoaded': OpenSSH keys only supported if ED25519 is available (NotImplementedError)
net-ssh requires the following gems for ed25519 support:
 * rbnacl (>= 3.2, < 5.0)
 * rbnacl-libsodium, if your system doesn't have libsodium installed.
 * bcrypt_pbkdf (>= 1.0, < 2.0)
See https://github.com/net-ssh/net-ssh/issues/478 for more information
Gem::MissingSpecError : "Could not find 'rbnacl' (>= 3.2.0, < 5.0) among 59 total gem(s)
Checked in 'GEM_PATH=/root/.gem/ruby/2.6.0:/usr/local/lib/ruby/gems/2.6.0:/usr/local/bundle', execute `gem env` for more information"

The problem is that on my laptop (MacBook Pro) that is updated in the same way of this Mac (recently formatted) I do not have the same error and the server from where I am pulling is the same.

As I read the solution of @TylerBurners here I've tryed to do the same but with no luck.

Reading about the differences of .bash_profile and .bashrc in this good article I've updated my .bash_profile as follow:

export PATH=/Users/abarghigiani/.wp-cli/bin:$PATH
export PATH=/usr/local/bin:$PATH
export PATH=~/.composer/vendor/bin:$PATH
export NVM_DIR=~/.nvm
export PATH="$HOME/.npm-packages/bin:$PATH"
[ -f /usr/local/etc/bash_completion ] && . /usr/local/etc/bash_completion
export NVM_DIR="$HOME/.nvm"
[ -s "$NVM_DIR/nvm.sh" ] && \. "$NVM_DIR/nvm.sh"  # This loads nvm
[ -s "$NVM_DIR/bash_completion" ] && \. "$NVM_DIR/bash_completion"  # This loads nvm bash_completion

alias ll='ls -FGlAhp'
alias firefoxdeveloperedition='/Applications/Firefox\ Developer\ Edition.app/Contents/MacOS/firefox'
alias ..='cd ../'                           # Go back 1 directory level
alias ...='cd ../../'                       # Go back 2 directory levels
alias ~="cd ~"                              # ~:            Go Home
alias c='clear'                             # c:            Clear terminal display

if [ -r ~/.bashrc ]; then
   source ~/.bashrc
fi

[[ -s "$HOME/.rvm/scripts/rvm" ]] && source "$HOME/.rvm/scripts/rvm" # Load RVM into a shell session *as a function*

This will let me read the function in .bashrc that should solve this problem as wrote here:

addSSHKey() {
    ssh-add /Users/abarghigiani/.ssh/id_rsa
}
addSSHKEY &> /dev/null

This soution does not work. Maybe because I am running in a container and the user is not abarghigiani but root.

FYI as I wrote here I'm used to run WordMove commands using /bin/bash/ as ENTRYPOINT like so:

docker exec -it container_wordmove_name /bin/bash

My hosting let me use only DSA or RSA keys and I can not use ED25519 😞

I've done many tests but I really do not understand where is the difference between this Mac and the MacBook.

Thank you in advance for your help guys, if you need any more information please ask!

[antoniomarcosferreira]

I am having the same problem with Ubuntu 19 when doing cap deploy

cap staging deploy                 
(Backtrace restricted to imported tasks)
cap aborted!
NotImplementedError: OpenSSH keys only supported if ED25519 is available
net-ssh requires the following gems for ed25519 support:
 * rbnacl (>= 3.2, < 5.0)
 * rbnacl-libsodium, if your system doesn't have libsodium installed.
 * bcrypt_pbkdf (>= 1.0, < 2.0)
See https://github.com/net-ssh/net-ssh/issues/478 for more information
Gem::LoadError : "rbnacl is not part of the bundle. Add it to your Gemfile."

Tasks: TOP => rvm:hook
(See full trace by running task with --trace)

[AndreaBarghigiani]

I do not know whats going on. I do not have much time to fing a solution right now and since it is only the database part and that during development is the not-so-updated part of a website for now I am just export/import the db manually.

[alessandro-fazzi]

Hi @AndreaBarghigiani ,

first of all, my bad, I'm really confused. For example I did not understand if you have the addSSHKey() function in you host machine or inside the docker image.

If it's in your docker image, you're probably mounting your host's .ssh folder on /root/.ssh? So why don't you try something like

addSSHKey() {
    ssh-add $HOME/.ssh/id_rsa
}

?

Next, for the stats: you'd like to use ED25519 cos it's more secure or, let me say, for science? Or you have sort of restrictions? If I had no restrictions, instead of relying on manual operations, I'd spawn out a new RSA key; at least temporarily.

This is even more confusing for me:

My hosting let me use only DSA or RSA keys and I can not use ED25519

Let's start saying that Wordmove does nowise search for a specific key. Your SSH is searching for that key, probably found it, and is trying to use it, but AFAIK Wordmove's breaking because (at least) its net-ssh implementation needs an update. But your machine is trying to use an ED25519 key, not Wordmove. It simply cannot. So you could try to find it, move, delete, don't know what.

Have I added enough questions and confusion? 😄

[AndreaBarghigiani]

Hi @pioneerskies I understand that my post could be a bit messy and I thank you to propose the questions that help me clarify it.

1. Why don't you add $HOME in your path? Because I am an ignorant 😂 I didn't think about it. but now that I have done it I still have the same issue, I've also tryed to run the command in the WordMove container but I get the following error message:

root@e4206aba946a:/html# ssh-add $HOME/.ssh/id_rsa
Could not open a connection to your authentication agent.
root@e4206aba946a:/html# ssh-add /root/.ssh/id_rsa
Could not open a connection to your authentication agent.

My .ssh/ folder contains the correct files.

Running the same command from the shell of my OS works fine also.

Do you want to use ED25519? What about the hosting? I do not want to use this but I'm somewhat forced to do so because I get it requested by tha net-ssh installed in the container or by it's configuration.

It does not happen everywhere I have a laptop where I use the same dev environmnet, I've checked the installed gems and they are the same. ssh-net is the same version of the one that I am using on my workstation (where I get this problem).

Even the .bashrc and .bash_profile are the same (cannot be 100% on it because I do not have my laptop with me, but I'm pretty sure they are the same).

But on the laptop I can sync even the database with no ED25519 request.

SOLUTION 🎉🎉🎉

I found a solution but I hope you can help me understand why it is working...

I've Googled the error message Could not open a connection to your authentication agent. and I found a Stack Overflow answer saying that I have to start ssh-agent before to run this command.

So I've done it and added my key:

iMac-di-Andrea:bioam abarghigiani$ docker exec -it bioam_wordmove_1 /bin/bash
root@e4206aba946a:/html# eval `ssh-agent -s`
Agent pid 32
root@e4206aba946a:/html# ssh-add /root/.ssh/id_rsa
Enter passphrase for /root/.ssh/id_rsa: 
Identity added: /root/.ssh/id_rsa

Once I've done it I can push/pull also the database with no problems.

The question is why I have to start ssh-agent. I mean, I get connected to my server to sync files with no problem at all but only when I get to the database I get this error. As I told you previously I am not an expert with servers, but I get this error only with the database because I have to login into the database server from a SSH connection?

Anyway I am waiting your answer (you do not have to rush) before looking for a way to automate the start of ssh-agent in the WordMove container.

Thank you a lot for all your help, your comment let me figure out how to solve the problem 😉

[Gadgitmatic]

Try adding this to your docker-compose under wordmove

` volumes:

• ./public:/html
• ~/.ssh:/root/.ssh
• $SSH_AUTH_SOCK:/ssh-agent # Forward local machine SSH key to docker environment: SSH_AUTH_SOCK: /ssh-agent`

SOURCE

[AndreaBarghigiani]

Hi @Gadgitmatic and thank you for the suggestion but this solution is not good for me.

I've added the line like so:

  wordmove:
    tty: true
    depends_on:
      - wordpress
    links:
      - mariadb:mysql
    image: welaika/wordmove:php7
    restart: on-failure:5
    volumes:
      - ./public:/html
      - ~/.ssh:/root/.ssh
      - $SSH_AUTH_SOCK:/ssh-agent # Forward local machine SSH key to docker environment: SSH_AUTH_SOCK: /ssh-agent

But I still get the same error. I have to run eval and then add the SSH key to make it work properly.

[alessandro-fazzi]

FWIW I'm using GitLab CI to do continuous delivery using docker-wordmove and the official advised strategy is to use eval $(ssh-agent -s) (ref).

I think we should consider this a standard way to manage ssh-keys inside docker :)

Thus I'm going to closing this issue. Thanks to everyone who has contributed! 🎉

[jankocian]

Hi all, as of now, I still am facing the "ed25519" problem while using welaika/wordmove docker image. @AndreaBarghigiani's solution evalssh-agent -s&& ssh-add /root/.ssh/id_rsa works, but I'd like to automate it.

Any hints on how to do that?

Thanks a lot, Jan

[alessandro-fazzi]

@jankocian IMO it depends on the context where you're running the docker image.

Maybe overwriting the default entrypoint prepending those commands?

[jankocian]

I've integrated the wordmove image into a WP Local Docker environment.

My docker-compose.yml being (working config):

...
wordmove:
    tty: true
    image: welaika/wordmove:alpine
    restart: on-failure:5
    networks:
      - default
      - wplocaldocker
    volumes:
      - './bedrock:/html'
      - '~/.ssh:/root/.ssh'
      # - '~/.ssh:/tmp/.ssh:ro'
    entrypoint:
      - /bin/mount-ssh.sh
      # - /bin/sh
      # - -c
      # - eval $(ssh-agent -s) && ssh-add /root/.ssh/id_rsa && /bin/mount-ssh.sh
    command:
      - /bin/bash
      - -l

I run the wordmove as such 10updocker shell wordmove "wordmove push -t".

Forgive my inexperience with Docker, after an hour+ of googling & tinkering, I couldn't get it to work. Any change of the entrypoint resulted to the container exiting right after start.

I also had to set the "command" explicitly in docker-compose (just copied over from the Dockerfile), otherwise the container exited even with the default entrypoint of /bin/mount-ssh.sh.

Thanks a lot for help!

Btw. is there a reason not to include the "fix" into the mount-ssh.sh?