Giters

easingthemes / ssh-deploy

GitHub Action for deploying code via rsync over ssh. (with NodeJS)

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Bug: SSH fails: error in libcrypto; only when SSH not ended by new-line

jakubboucek opened this issue · comments

commented

State:

  • Environment: GitHub action, ubuntu-latest
  • SSH key: PEM format of ed25519 - stored at GitHub repository Secret, handled by ${{ secrets.SSH_PRIVATE_KEY }}

Unexpected state:

[FILE] writing /home/runner/.ssh/deploy_key_admin_1692259681649 file ... 433
...
Executing remote script: ssh -i /home/runner/.ssh/deploy_key_user_1692259681649 user@server.com
⚠️ [CMD] Remote script failed: Command failed: DEBIAN_FRONTEND=noninteractive ssh -p 22 -i /home/runner/.ssh/deploy_key_user_1692259681649 -o StrictHostKeyChecking=no user@server.com 'RSYNC_STDOUT="" bash -s' < local_ssh_script-before.sh
Load key "/home/runner/.ssh/deploy_key_user_1692259681649": error in libcrypto
user@server.com: Permission denied (publickey,keyboard-interactive).

Expected state:

[FILE] writing /home/runner/.ssh/deploy_key_admin_1692259681649 file ... 431
...
[FILE] writing /home/runner/work/org/repo/local_ssh_script-before.sh file ... 53
Executing remote script: ssh -i /home/runner/.ssh/deploy_key_user_1692267542804 user@server.com
✅ [CMD] Remote script executed. 
...

Whats wrong:

  • The loaded SSH key length mismatch by two bytes.
  • SSH crashes on read private key from file.

Found success bypass:

Action works great when I add on new-line at the end of private key. (I't not a file, it's secret variable putted into GitHub web Form).

Probably bug reason:

The OpenSSH does not accept Windows-like new line (\r\n) and requires only Linux-like new line (\n). But this project appends Windows new line chars info end of key file:

ssh-deploy/src/sshKey.js

Line 22 in cf583aa

writeToFile({ dir, filename, content: `${content}\r\n`, isRequired: true, mode: '0400' });

This theory is verified by simple test:

ssh-keygen -m PEM -t ed25519 -f test-key
unix2dos test-key
ssh -i test-key user@server.com

Causes to: Load key "test-key": error in libcrypto.

Theory is also verified when I append one superfluous new line (\n) at the end of the key – SSH requires Linux-like new line immediately after PEM envelope, but ignores following content in file.

Expected fix:

Remove hard-coded Windows new-line from sshKey.js script.

commented

I'm having the exact same issue. Thank you for your work figuring it out and submitting a PR. I hope it gets approved and merged soon!

commented

This issue is stale because it has been open 30 days with no activity. Remove stale label or comment or this will be closed in 5 days.

commented

@jakubboucek Is the issue fixed in v4.1.10?

commented

This issue is stale because it has been open 30 days with no activity. Remove stale label or comment or this will be closed in 5 days.