Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

RFE: doc is cpu able to use password protected keys ? #60

Open
truatpasteurdotfr opened this issue Feb 15, 2022 · 5 comments
Open

RFE: doc is cpu able to use password protected keys ? #60

truatpasteurdotfr opened this issue Feb 15, 2022 · 5 comments

Comments

@truatpasteurdotfr
Copy link

Hi,

I am trying to use cpu with an ssh host with a password protected key and fails... (here is just an alias for localhost)

[tru@elitebook840g3 cpu]$ ./cpu_linux_amd64 -d -bin `pwd`/cpud_linux_amd64 here  cat -r /tmp/toto
2022/02/15 17:15:40 
Running as client, to host "here", args "cat -r /tmp/toto"
2022/02/15 17:15:40 getKeyFile for ""
2022/02/15 17:15:40 key file from config is "~/.ssh/keys/5CG6481CF1/id_ed25519"
2022/02/15 17:15:40 getKeyFile returns "/home/tru/.ssh/keys/5CG6481CF1/id_ed25519"
2022/02/15 17:15:40 getPort("here", "")
2022/02/15 17:15:40 config.Get("here",""): "22"
2022/02/15 17:15:40 getPort: return default "23"
2022/02/15 17:15:40 returns "23"
2022/02/15 17:15:40 SSH error ParsePrivateKey /home/tru/.ssh/keys/5CG6481CF1/id_ed25519: ssh: this private key is passphrase protected

ssh-agent is running and the key is added:

[tru@elitebook840g3 cpu]$ ssh-add -l
...
256 SHA256:VIYMqpyDakJNiscj3srwC4VivwK1HYPIr9xh2UF/Occ 5CG6481CF1 (ED25519)
...
[tru@elitebook840g3 cpu]$ ssh here cat /tmp/toto
X11 forwarding request failed on channel 1
toto
@rminnich
Copy link
Member

rminnich commented Mar 7, 2022

that's weird, this should work, can you try again. I could have sworn the new ssh client package I'm using does this.

@truatpasteurdotfr
Copy link
Author

truatpasteurdotfr commented Mar 7, 2022
edited
Loading 

[tru@elitebook840g3 cpu]$ go version
go version go1.17 linux/amd64
[tru@elitebook840g3 cpu]$ git pull
Already up-to-date.
[tru@elitebook840g3 cpu]$ git status
# On branch main
# Changes not staged for commit:
#   (use "git add <file>..." to update what will be committed)
#   (use "git checkout -- <file>..." to discard changes in working directory)
#
#	modified:   go.mod
#
no changes added to commit (use "git add" and/or "git commit -a")
[tru@elitebook840g3 cpu]$ git diff
diff --git a/go.mod b/go.mod
index acb4545..8fb3b74 100644
--- a/go.mod
+++ b/go.mod
@@ -23,3 +23,5 @@ require (
        github.com/vishvananda/netlink v1.1.1-0.20211118161826-650dca95af54 // indirect
        github.com/vishvananda/netns v0.0.0-20210104183010-2eb08e3e575f // indirect
 )
+
+require github.com/hashicorp/errwrap v1.0.0 // indirect
[tru@elitebook840g3 cpu]$ ~/go/bin/gox -os="linux" -arch="amd64"  ./...
Number of parallel builds: 3

-->     linux/amd64: github.com/u-root/cpu/cmds/cpud
-->     linux/amd64: github.com/u-root/cpu/cmds/cpu

trying ssh and cpu:

[tru@elitebook840g3 cpu]$ ssh here cat /tmp/toto
titi
[tru@elitebook840g3 cpu]$ ./cpu_linux_amd64 -d -bin /home/tru/git/github.com/u-root/cpu/cpud_linux_amd64 here  cat -r /tmp/toto
2022/03/07 22:23:04 
Running as client, to host "here", args "cat -r /tmp/toto"
2022/03/07 22:23:04 getKeyFile for ""
2022/03/07 22:23:04 key file from config is "~/.ssh/keys/5CG6481CF1/id_ed25519"
2022/03/07 22:23:04 getKeyFile returns "/home/tru/.ssh/keys/5CG6481CF1/id_ed25519"
2022/03/07 22:23:04 getPort("here", "")
2022/03/07 22:23:04 config.Get("here",""): "22"
2022/03/07 22:23:04 getPort: return default "23"
2022/03/07 22:23:04 returns "23"
2022/03/07 22:23:04 SSH error ParsePrivateKey /home/tru/.ssh/keys/5CG6481CF1/id_ed25519: ssh: this private key is passphrase protected

@orangecms
Copy link
Member

Ah, that thing. This is because of an opinionated decision. Look closely at the port decision: cpu forces using port 23 when 22 is provided.

https://github.com/u-root/cpu/blob/59e1ebe6207a2294ce032c73b0476bbae956ceb6/cmds/cpu/cpu.go#L401-403

@orangecms
Copy link
Member

IIRC, the idea was to distinguish between regular SSH and this implementation of cpu building on top of it.

Should we add a flag in order to allow for using cpu as a regular SSH client?
Like, cpu -ssh remote-machine ls? It could imply the port 22 even.

@truatpasteurdotfr
Copy link
Author

I have added port 23 in my .ssh/config file:

Host localhost here
        hostname localhost
        IdentitiesOnly=yes
        IdentityFile ~/.ssh/keys/5CG6481CF1/id_ed25519
        ForwardX11 yes
        Port 23

I need to force the -p 22 to have ssh working:

[tru@elitebook840g3 cpu]$ ssh -p 22 here cat /tmp/toto
X11 forwarding request failed on channel 1
tototot

[tru@elitebook840g3 cpu]$ ./cpu_linux_amd64 -d -bin /home/tru/git/github.com/u-root/cpu/cpud_linux_amd64 here  cat -r /tmp/toto
2022/03/31 14:50:17 
Running as client, to host "here", args "cat -r /tmp/toto"
2022/03/31 14:50:17 getKeyFile for ""
2022/03/31 14:50:18 key file from config is "~/.ssh/keys/5CG6481CF1/id_ed25519"
2022/03/31 14:50:18 getKeyFile returns "/home/tru/.ssh/keys/5CG6481CF1/id_ed25519"
2022/03/31 14:50:18 getPort("here", "")
2022/03/31 14:50:18 config.Get("here",""): "23"
2022/03/31 14:50:18 returns "23"
2022/03/31 14:50:18 SSH error ParsePrivateKey /home/tru/.ssh/keys/5CG6481CF1/id_ed25519: ssh: this private key is passphrase protected

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@rminnich @orangecms @truatpasteurdotfr