Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

invalidOpenSSHBoundary error while trying to connect to a server with a private key #66

Open
alexmocanu opened this issue May 11, 2024 · 3 comments
Open

invalidOpenSSHBoundary error while trying to connect to a server with a private key #66

alexmocanu opened this issue May 11, 2024 · 3 comments
Assignees
@Joannis

Comments

@alexmocanu
Copy link

Describe the bug
Trying to connect to a server using a RSA private key throws a invalidOpenSSHBoundary error without any other details.

Reproducer Sample

import Citadel
import CryptoKit

let host:String = "...server ip address..."

let port:Int = 22
let username: String = "root"

let sshFile = try String(contentsOfFile: "path_to_key")
let privateKey = try Insecure.RSA.PrivateKey(sshRsa: sshFile)

let client = try await SSHClient.connect(
    host: host,
    port: port,
    authenticationMethod: .rsa(username: username, privateKey: privateKey),
    hostKeyValidator: .acceptAnything(),
    reconnect: .never
)

let result = try await client.executeCommand("ls -l /")
print(String(buffer: result))

Expected behavior
It should connect to the server.

Client (please complete the following information):

  • OS: macOS sonoma 14.4.1 (23E224)
  • Client: Citadel
  • Version of Citadel, if applicable: 0.7.2

Server (please complete the following information):

  • OS: Ubuntu 22.04
  • Server: OpenSSH_8.9p1 Ubuntu-3ubuntu0.1, OpenSSL 3.0.2 15 Mar 2022
  • Version of Citadel, if applicable: none

Additional context
Using the same key from the command line with "ssh -i key root@server" works.
The key starts with "-----BEGIN RSA PRIVATE KEY-----" and ends with "-----END RSA PRIVATE KEY-----"

Not sure if related (feel free to delete this part if not): on another server I get a Citadel.SSHClientError.allAuthenticationOptionsFailed error.
That key uses "-----BEGIN OPENSSH PRIVATE KEY-----" and "-----END OPENSSH PRIVATE KEY-----" as bondaries. It was generated on macOs 14.4.1 with this comand: "ssh-keygen -t rsa -b 4096". When connecting from the command line it works.
@Joannis
Copy link
Member

Joannis commented May 11, 2024

That's interesting! I'm on macOS 14.4.1 as well, and generating an RSA key here has the -----BEGIN OPENSSH PRIVATE KEY----- header.

@Joannis
Copy link
Member

Joannis commented May 11, 2024

By the way, as far as I'm aware the -----BEGIN RSA PRIVATE KEY----- boundary is a PEM formatted rather than OpenSSH formatted key.

@alexmocanu
Copy link
Author

Thanks for the reply. So Citadel doesn't support PEM files?

PEM files are quite common with vps providers. AWS for example: When creating a new vps/instance, they generate keys in PEM or PPK format, using either the RSA or ED25519 algorithms which the user then downloads and uses for their purposes.

Is there any plan to support PEM keys?

For context, I'm evaluating Citadel for an app I'm working on that allows users to connect through ssh to their servers and run commands there. They would provide either a password or a key file (that can be a PEM key pair, a locally generated rsa file, etc.).

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@Joannis Joannis

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@alexmocanu @Joannis