Sign in

SFTP and OpenSSL key format problem and workaround solution

  • This topic has 1 reply, 2 voices, and was last updated 6 months, 3 weeks ago by .
Viewing 2 posts - 1 through 2 (of 2 total)
  • Author
    Posts
  • #4528
    amdijefri

    I could not get Publii to successfully make a test connection to my web server, and I tracked it down to the format of the private key I was using. The clue was in deployment-process.log:

    [Sun, 15 Nov 2020 23:15:20 GMT] ERR (1): Error: Cannot parse privateKey: error:1e000065:Cipher functions:OPENSSL_internal:BAD_DECRYPT

    That led me to a lot of hits on Google, things about private keys that I have never bothered to really understand, but the main point is that OpenSSL changed the format of their private keys “recently” and many SSH libraries don’t play well with the new format yet. References:

    https://github.com/microsoft/azure-pipelines-tasks/issues/8818#issuecomment-465634694 and https://serverfault.com/a/950686

    ssh-keygen was able to downgrade the format without changing the actual private or public keys themselves (very handy if you don’t want to break your authentication to a lot of sites) with this command:

    ssh-keygen -p -m PEM -f ~/.ssh/id_rsa # where rsa may instead be dsa, ed25519, etc. based on what key type you have

    So, a) I hope this helps someone who wants to get SFTP working and b) I hope the Publii maintainers can upgrade the SSH library in a future version.

    #4658
    Tomasz Dziuda

    Hi,

    Thanks for the report of this problem – I will look what we can do with that in the next bigger release of Publii (v.0.38) 🙂

    --
    Do you appreciate the support you've received today? If so, consider donating to the Publii team by clicking here; we'll be sure to use your donation to make Publii even better!

Viewing 2 posts - 1 through 2 (of 2 total)
  • You must be logged in to reply to this topic.