rundeck-ssh doesn't work with keys other than rsa?
2,710 views
Skip to first unread message
arabek
Apr 21, 2017, 12:18:49 PM4/21/17
to rundeck-discuss
Hello list,
Recently for added security i have tried to run a job with an ssh key generated with the
Execution failed: 9 in project test-project: [Workflow result: , step failures: {1=Dispatch failed on 1 nodes: [my.test.server: SSHProtocolFailure: invalid privatekey: [B@61ae67ca]}, Node failures: {my.test.server=[SSHProtocolFailure: invalid privatekey: [B@61ae67ca]}, status: failed]
Recently for added security i have tried to run a job with an ssh key generated with the
$ ssh-keygen -t ed25519
command.
Ed25519 is an elliptic curve signature scheme that offers better security than ECDSA and DSA and good performance.
command.
Ed25519 is an elliptic curve signature scheme that offers better security than ECDSA and DSA and good performance.
(as taken from the Arch wiki)
Yet to my huge surprise i got this in the debug output:
Changing to a normal (rsa, 4096bits) key worked just fine.
Will ecdsa and ed25519 be supported in the future?
Greg Schueler
Apr 21, 2017, 5:03:33 PM4/21/17
to rundeck...@googlegroups.com
The built-in ssh implementation uses the Jsch library http://www.jcraft.com/jsch/. From what I can tell, it does not support ed25519 keys.
You can try switching to using openssh, i.e via the commandline `ssh` command, such as the example here: https://github.com/rundeck/rundeck/tree/master/examples/ssh-script-plugin
--
You received this message because you are subscribed to the Google Groups "rundeck-discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email to rundeck-discu...@googlegroups.com.
To post to this group, send email to rundeck...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/rundeck-discuss/427cb71e-776e-4fcc-84ff-f37c2d7ebf73%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Referat WDV
Jan 30, 2023, 6:56:39 AM1/30/23
to rundeck-discuss
This issue appears to be still current, as can be seen e.g. in https://github.com/rundeck/rundeck/issues/6312 (closed without solution offered).
We get the impression that Rundeck not only does not support ed25519 elliptic curves but not even rsa 2048 or 4096 private keys, which would give a poor impression.
I would be happy to learn that this is not true ...
Kind regards, Tom
rac...@rundeck.com
Jan 30, 2023, 7:22:45 AM1/30/23
to rundeck-discuss
Hi Tom,
In that case use SSHJ node executor instead of default SSH (JSCH).
To Change it go to Project Settings > Edit Configuration > Default Node Executor (tab) and select "SSHJ-SSH" on the node executor dropdown menu.
Regards.
Referat WDV
Jan 30, 2023, 10:20:04 AM1/30/23
to rundeck-discuss
Ah, that really helped, thanks.
For scipts to run successfully, we needed to change the Default File Copier, too (to SSHJ-SCP), as a script will be copied to the remote node before execution.
Isn't it high time, that you change the default node executor to SSHJ-SSH and the default copier to SSHJ-SCP?
Reply all
Reply to author
Forward
0 new messages