search

zodern / meteor-up

Production Quality Meteor Deployment to Anywhere
http://meteor-up.com/
MIT License
1.27k stars 280 forks source link

Error: Cannot parse privateKey: Unsupported OpenSSH private key type: ssh-ed25519 #1333

Open make-github-pseudonymous-again opened 1 year ago

make-github-pseudonymous-again commented 1 year ago

Mup version (mup --version): tested with 1.5.5 and 1.5.9.

Mup config: checked valid, can share relevant parts if necessary.

Output of command

> mup deploy --config=.deploy/default/mup.js --settings=.deploy/default/settings.json
Started TaskList: Pushing Meteor App
[<hostname>] - Pushing Meteor App Bundle to the Server
Error: Cannot parse privateKey: Unsupported OpenSSH private key type: ssh-ed25519
    at Client.connect (node_modules/ssh2-classic/lib/client.js:243:13)
    at SSH.connect (node_modules/@zodern/nodemiral/lib/ssh.js:12:16)
    at Session._withSshClient (node_modules/@zodern/nodemiral/lib/session.js:45:29)
    at Session.copy (node_modules/@zodern/nodemiral/lib/session.js:84:10)
    at doCopy (node_modules/mup/lib/nodemiral.js:24:13)
    at Object.copy (node_modules/mup/lib/nodemiral.js:50:3)
    at runTask (node_modules/@zodern/nodemiral/lib/taskList.js:98:43)
    at TaskList._runTaskQueue (node_modules/@zodern/nodemiral/lib/taskList.js:87:3)
    at iterator (node_modules/@zodern/nodemiral/lib/taskList.js:53:10)
    at node_modules/async/dist/async.js:246:13
    at replenish (node_modules/async/dist/async.js:446:21)
    at node_modules/async/dist/async.js:451:13
    at eachOfLimit$1 (node_modules/async/dist/async.js:477:34)
    at awaitable (node_modules/async/dist/async.js:211:32)
    at eachOfSeries (node_modules/async/dist/async.js:813:16)
    at awaitable (node_modules/async/dist/async.js:211:32)

Private key is of type ed25519 and has header: -----BEGIN OPENSSH PRIVATE KEY-----. Publishing with this key has worked before, suddenly stopped working.

make-github-pseudonymous-again commented 1 year ago

Note that ssh -i $PRIV_KEY_PATH, npx mup ssh and npx mup status all work.

make-github-pseudonymous-again commented 1 year ago

Also works if I manually do:

const fs = require('fs');
const hostname = ...;
const username = ...;
const pem = fs.readFileSync('/path/to/private/key', 'utf8');

const nodemiral = require('@zodern/nodemiral');
const session = nodemiral.session(hostname, {username, pem});

session.execute('uname -a', function(err, code, logs) {
  console.log(logs.stdout);
});
make-github-pseudonymous-again commented 1 year ago

Haha! All those working examples were running on Node 19.3! If I do meteor node (Node v14.x) and run the following snippet (feature detection logic from ssh2-streams) I see the root cause of the problem:

var crypto = require('crypto');

var eddsaSupported = (function() {
  if (typeof crypto.sign === 'function'
      && typeof crypto.verify === 'function') {
    var key = '-----BEGIN PRIVATE KEY-----\r\nMC4CAQAwBQYDK2VwBCIEIHKj+sVa9WcD'
              + '/q2DJUJaf43Kptc8xYuUQA4bOFj9vC8T\r\n-----END PRIVATE KEY-----';
    var data = Buffer.from('a');
    var sig;
    var verified;
    try {
      sig = crypto.sign(null, data, key);
      verified = crypto.verify(null, data, key, sig);
    } catch (ex) {
        console.debug(ex);
    }
    return (Buffer.isBuffer(sig) && sig.length === 64 && verified === true);
  }

  return false;
})();

console.debug({
    eddsaSupported,
});
Error: error:25066067:DSO support routines:dlfcn_load:could not load the shared library
    at Object.signOneShot [as sign] (internal/crypto/sig.js:149:10)
    at test.js:12:29
    at Object.<anonymous> (test.js:21:3)
    at Module._compile (internal/modules/cjs/loader.js:1085:14)
    at Object.Module._extensions..js (internal/modules/cjs/loader.js:1114:10)
    at Module.load (internal/modules/cjs/loader.js:950:32)
    at Function.Module._load (internal/modules/cjs/loader.js:790:12)
    at Function.executeUserEntryPoint [as runMain] (internal/modules/run_main.js:76:12)
    at internal/main/run_main_module.js:17:47 {
  opensslErrorStack: [
    'error:0E076071:configuration file routines:module_run:unknown module name',
    'error:0E07506E:configuration file routines:module_load_dso:error loading dso',
    'error:25070067:DSO support routines:DSO_load:could not load the shared library'
  ],
  library: 'DSO support routines',
  function: 'dlfcn_load',
  reason: 'could not load the shared library',
  code: 'ERR_OSSL_DSO_COULD_NOT_LOAD_THE_SHARED_LIBRARY'
}
{ eddsaSupported: false }

I will try to reinstall Meteor to see if that fixes it. The systems shared library paths have probably been updated since the last successful deployment.

make-github-pseudonymous-again commented 1 year ago

Fixed by using Meteor 2.8.2 or Meteor 2.9. Feel free to close.