Invalid PEM structure, -----END RSA PRIVATE KEY----- missing

1,357 views
Skip to first unread message

Matteo Perico

unread,
May 14, 2018, 12:21:00 PM5/14/18
to CDAP User
HI,

I'm running cdap-sandbox-4.3.3
I'm triyng to use the action plugin remote program executor to run some script from a remote machine.

I generated the rsa keys to authenticate and I copied the pub key in .ssh/authorized_keys

I have my private key in the .ssh/id_rsa file with the structure:


-----BEGIN RSA PRIVATE KEY-----

[KEY]

-----END RSA PRIVATE KEY-----


I paste it in the "Private Key" label in the remote program executor plugin.

It fails with this error:

java.lang.RuntimeException: java.io.IOException: Invalid PEM structure, -----END RSA PRIVATE KEY----- missing
at com.google.common.base.Throwables.propagate(Throwables.java:160) ~[com.google.guava.guava-13.0.1.jar:na]
at co.cask.cdap.internal.app.runtime.workflow.WorkflowDriver.executeAll(WorkflowDriver.java:650) ~[na:na]
at co.cask.cdap.internal.app.runtime.workflow.WorkflowDriver.run(WorkflowDriver.java:626) ~[na:na]
at com.google.common.util.concurrent.AbstractExecutionThreadService$1$1.run(AbstractExecutionThreadService.java:52) ~[com.google.guava.guava-13.0.1.jar:na]
at java.lang.Thread.run(Thread.java:748) [na:1.8.0_161]
Caused by: java.io.IOException: Invalid PEM structure, -----END RSA PRIVATE KEY----- missing
at ch.ethz.ssh2.crypto.PEMDecoder.parsePEM(PEMDecoder.java:165) ~[na:na]
at ch.ethz.ssh2.crypto.PEMDecoder.decode(PEMDecoder.java:321) ~[na:na]
at ch.ethz.ssh2.auth.AuthenticationManager.authenticatePublicKey(AuthenticationManager.java:240) ~[na:na]
at ch.ethz.ssh2.Connection.authenticateWithPublicKey(Connection.java:499) ~[na:na]
at co.cask.hydrator.plugin.batch.action.SSHAction.run(SSHAction.java:68) ~[na:na]
at co.cask.cdap.etl.common.plugin.WrappedAction$2.call(WrappedAction.java:54) ~[na:na]
at co.cask.cdap.etl.common.plugin.WrappedAction$2.call(WrappedAction.java:51) ~[na:na]
at co.cask.cdap.etl.common.plugin.Caller$1.call(Caller.java:30) ~[na:na]
at co.cask.cdap.etl.common.plugin.StageLoggingCaller.call(StageLoggingCaller.java:40) ~[na:na]
at co.cask.cdap.etl.common.plugin.WrappedAction.run(WrappedAction.java:51) ~[na:na]
at co.cask.cdap.etl.batch.customaction.PipelineAction.run(PipelineAction.java:92) ~[na:na]
at co.cask.cdap.internal.app.runtime.workflow.CustomActionExecutor$2.run(CustomActionExecutor.java:190) ~[na:na]
at co.cask.cdap.internal.app.runtime.AbstractContext.executeChecked(AbstractContext.java:561) ~[na:na]
at co.cask.cdap.internal.app.runtime.workflow.CustomActionExecutor.executeCustomAction(CustomActionExecutor.java:187) ~[na:na]
at co.cask.cdap.internal.app.runtime.workflow.CustomActionExecutor.execute(CustomActionExecutor.java:125) ~[na:na]
at co.cask.cdap.internal.app.runtime.workflow.WorkflowDriver.executeCustomAction(WorkflowDriver.java:444) ~[na:na]
at co.cask.cdap.internal.app.runtime.workflow.WorkflowDriver.executeNode(WorkflowDriver.java:467) ~[na:na]
at co.cask.cdap.internal.app.runtime.workflow.WorkflowDriver.executeAll(WorkflowDriver.java:640) ~[na:na]
... 3 common frames omitted


I really appreciate if someone clould help me since I spent all the day on this without any solutions.

Thank you very much,
Matteo

Ali Anwar

unread,
May 16, 2018, 7:10:27 PM5/16/18
to cdap...@googlegroups.com
Hi Matteo.

1. Did you copy the entire contents of the id_rsa file into the "Private Key" label, including the "-----END RSA PRIVATE KEY-----" part at the end?
2. How did you generate this key?

Regards,
Ali Anwar

--
You received this message because you are subscribed to the Google Groups "CDAP User" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cdap-user+unsubscribe@googlegroups.com.
To post to this group, send email to cdap...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/cdap-user/a783a0c5-129e-44a8-8fff-0afd1f5b69a8%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Matteo Perico

unread,
May 17, 2018, 4:19:26 AM5/17/18
to CDAP User
HI Ali, thank you very much for you answers.

For the questions:

1) Yes.
2) I used the command       ssh-keygen -t rsa

I checked if the key are correct.
It' wired because if I check the logs when the pipeline starts, it correctly receives the whole private key that I gave as input, no missing part. 
To unsubscribe from this group and stop receiving emails from it, send an email to cdap-user+...@googlegroups.com.

das.bidy...@gmail.com

unread,
Apr 26, 2020, 5:59:50 AM4/26/20
to CDAP User
Hi, did you get the answer for this, 'm facing the same issue

Terence Yim

unread,
Apr 29, 2020, 4:06:31 AM4/29/20
to CDAP User
Hi,

How did you generate the key? CDAP takes openssl keys in PEM format. It should begin with a line:

----BEGIN OPENSSH PRIVATE KEY-----

You can generate such key by ssh-keygen -m PEM -t rsa -b 4096

Regards,
Terence

--
You received this message because you are subscribed to the Google Groups "CDAP User" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cdap-user+...@googlegroups.com.


--
Terence Yim | Staff Software Engineer | tere...@google.com | 

das.bidy...@gmail.com

unread,
Apr 29, 2020, 12:48:07 PM4/29/20
to CDAP User
Hi Terence,

Thanks for your reply.
I did generate with openssh only; but it was completely my mistake while putting the key in cdap.
I copied to a notepad and then copied from the notepad to cdap. It was giving me the error.

When I directly copied from ubuntu terminal to cdap, it worked well.

Regards
Bidyut


On Wednesday, April 29, 2020 at 1:36:31 PM UTC+5:30, Terence Yim wrote:
Hi,

How did you generate the key? CDAP takes openssl keys in PEM format. It should begin with a line:

----BEGIN OPENSSH PRIVATE KEY-----

You can generate such key by ssh-keygen -m PEM -t rsa -b 4096

Regards,
Terence

To unsubscribe from this group and stop receiving emails from it, send an email to cdap...@googlegroups.com.

Terence Yim

unread,
Apr 29, 2020, 12:52:07 PM4/29/20
to CDAP User
Hi,

I am glad that you've figured it out.

Terence

To unsubscribe from this group and stop receiving emails from it, send an email to cdap-user+...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/cdap-user/f2a1d539-2af4-49fc-8081-cf0df71940a8%40googlegroups.com.

Kushagra Jaiswal

unread,
Sep 21, 2022, 1:12:01 PM9/21/22
to CDAP User
Hi Team, 

I am seeing this issue once more in data fusion, and i am getting the error:

java.io.IOException: Publickey authentication failed.    at ch.ethz.ssh2.auth.AuthenticationManager.authenticatePublicKey(AuthenticationManager.java:331) ~[na:na]    at ch.ethz.ssh2.Connection.authenticateWithPublicKey(Connection.java:499) ~[na:na]    at io.cdap.plugin.batch.action.SSHAction.run(SSHAction.java:81) ~[na:na]    at io.cdap.cdap.etl.common.plugin.WrappedAction.lambda$run$1(WrappedAction.java:49) ~[na:na]    at io.cdap.cdap.etl.common.plugin.Caller$1.call(Caller.java:30) ~[na:na]    at io.cdap.cdap.etl.common.plugin.WrappedAction.run(WrappedAction.java:48) ~[na:na]    at io.cdap.cdap.etl.batch.customaction.PipelineAction.run(PipelineAction.java:91) ~[na:na]    at io.cdap.cdap.internal.app.runtime.AbstractContext.execute(AbstractContext.java:567) ~[na:na]    at io.cdap.cdap.internal.app.runtime.workflow.CustomActionExecutor.execute(CustomActionExecutor.java:86) ~[na:na]    at io.cdap.cdap.internal.app.runtime.workflow.WorkflowDriver.executeCustomAction(WorkflowDriver.java:436) ~[na:na]    at io.cdap.cdap.internal.app.runtime.workflow.WorkflowDriver.executeNode(WorkflowDriver.java:473) ~[na:na]    at io.cdap.cdap.internal.app.runtime.workflow.WorkflowDriver.executeAll(WorkflowDriver.java:641) ~[na:na]    at io.cdap.cdap.internal.app.runtime.workflow.WorkflowDriver.run(WorkflowDriver.java:626) ~[na:na]

Tried the same ssh-keygen command and copying it from the terminal as well.

Please help me this.

Thanks,
Kushagra 

Kushagra Jaiswal

unread,
Sep 22, 2022, 6:41:31 AM9/22/22
to CDAP User
Hi Team, 

The issue has been resolved i was using an openssh key rather than a RSA key.

Thanks.
Reply all
Reply to author
Forward
0 new messages