Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

My key generated with default settings is incompatible with this extension #244

Closed
jcgoble3 opened this issue Mar 10, 2021 · 4 comments
Closed
Labels
bug Something isn't working waiting Waiting for confirmation, more information, ...

Comments

@jcgoble3
Copy link

jcgoble3 commented Mar 10, 2021

Hi,

Earlier this afternoon I posted a negative review on the Marketplace that the extension only seemed to work with *.pem keys. However, after some debugging with a friend who's nerdier than me I was able to get an RSA key to work only by creating a new 4,096-bit key.

It turns out that something in the chain (either this extension, VSCode, or Electron; my friend suspects Electron) has dropped support for RSA keys smaller than 4,096 bits. (For the record, the latest version of VSCode is using Electron 11.3.0.) Unfortunately, the default bits for ssh-keygen on my system (Debian testing) is 3,072 bits, meaning that keys generated with default settings produce this cryptic error:

Couldn't start a terminal for bender: Error while signing data with privateKey: error:06000066:public key routines:OPENSSL_internal:DECODE_ERROR (bender is the system I'm connecting to)

I've updated my review to be neutral and reflect the new discoveries, but since generating a key with default settings produces a key incompatible with this extension, then either the documentation should explain what the error means and the proper options to ssh-keygen to generate a compatible key, or the extension should be fixed to support these default-settings keys. (FWIW, Microsoft's own Remote Development - SSH extension does not have this limitation.)

@SchoofsKelvin
Copy link
Owner

SchoofsKelvin commented Mar 11, 2021

Now with that error, this is probably the same issue as in #162 which points to mscdex/ssh2-streams#164.

Can you list the command you use to produce an incompatible key? I've tried the following:

  • PuTTY RSA 3072 bits exported as OpenSSH key
  • openssl genrsa -des3 -out issue-244.pem 3072
  • ssh-keygen -C "issue #244" -f issue-244.pem (resulted in RSA 2048)
  • ssh-keygen -t rsa -b 3072 -C "issue #244" -f issue-244.pem (tested it both on my laptop and an Ubuntu 20.4 server)

All these generated keys worked for me. For good measure I also tried ssh-keygen -p -m PEM -f .\issue-244.pem to, according to the docs, use the "legacy PEM private key format" instead. If you could provide the "right" way to generate an incompatible key (and even provide a fresh one), that'd be great.

The only key that I could find (not generate though) that had this issue is from mscdex/ssh2-streams#163. I'll see if there's an easy quick fix. I might have to end up forking ssh2/ssh2-streams, as they're busy with a big rewrite since a few months, blocking PRs and releases.

@SchoofsKelvin SchoofsKelvin added bug Something isn't working waiting Waiting for confirmation, more information, ... labels Mar 11, 2021
@jcgoble3
Copy link
Author

The incompatible key was created a few months ago when I converted this computer to Linux (it ran Windows for a while out of necessity) by running ssh-keygen without arguments and pressing Enter at each interactive prompt (accepting all defaults with no passphrase).

I tried creating a new key this afternoon in the same manner, only providing a new filename of default_rsa. That key worked with this extension.

So it seems I can only reproduce the issue with my main key that is several months old and that I use for virtually everything (SSH shells, SFTP, Git, etc.), and that a freshly created key doesn't exhibit this problem. Yet that main key works perfectly fine on all of those other things; this extension is the only thing it doesn't work with. So I'm not sure what's wrong here.

Obviously I can't give you that key right now, but I probably ought to upgrade it to 4,096 bits and maybe a passphrase anyway, so if I have some time soon I may replace the key everywhere I have it and if I can confirm with certainty that it's no longer an authorized key anywhere, I may be able to give it to you then so you can test with it. I don't have a lot of places to find it; I just have to triple-check that I haven't missed a server.

@jcgoble3 jcgoble3 changed the title Keys generated with default settings are incompatible with this extension due to insufficient bits My key generated with default settings is incompatible with this extension Mar 11, 2021
@SchoofsKelvin
Copy link
Owner

In v1.20.0 of the extension, I switched from the official ssh2-streams to the fixed version from mscdex/ssh2-streams#164. The extension can now handle the key provided in mscdex/ssh2-streams#163, and perhaps the issue with your key is also solved now. Can you validate this?

@jcgoble3
Copy link
Author

I can confirm that it is indeed fixed and my main key is now working with this extension. Thanks for looking into it. :)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
bug Something isn't working waiting Waiting for confirmation, more information, ...
Projects
None yet
Development

No branches or pull requests

2 participants