Invalid PEM structure, -----END RSA PRIVATE KEY----- missing

[Matteo Perico]

HI,

I'm running cdap-sandbox-4.3.3

I'm triyng to use the action plugin remote program executor to run some script from a remote machine.

I generated the rsa keys to authenticate and I copied the pub key in .ssh/authorized_keys

I have my private key in the .ssh/id_rsa file with the structure:

-----BEGIN RSA PRIVATE KEY-----

[KEY]

-----END RSA PRIVATE KEY-----

I paste it in the "Private Key" label in the remote program executor plugin.

It fails with this error:

java.lang.RuntimeException: java.io.IOException: Invalid PEM structure, -----END RSA PRIVATE KEY----- missing

at com.google.common.base.Throwables.propagate(Throwables.java:160) ~[com.google.guava.guava-13.0.1.jar:na]

at co.cask.cdap.internal.app.runtime.workflow.WorkflowDriver.executeAll(WorkflowDriver.java:650) ~[na:na]

at co.cask.cdap.internal.app.runtime.workflow.WorkflowDriver.run(WorkflowDriver.java:626) ~[na:na]

at com.google.common.util.concurrent.AbstractExecutionThreadService$1$1.run(AbstractExecutionThreadService.java:52) ~[com.google.guava.guava-13.0.1.jar:na]

at java.lang.Thread.run(Thread.java:748) [na:1.8.0_161]

Caused by: java.io.IOException: Invalid PEM structure, -----END RSA PRIVATE KEY----- missing

at ch.ethz.ssh2.crypto.PEMDecoder.parsePEM(PEMDecoder.java:165) ~[na:na]

at ch.ethz.ssh2.crypto.PEMDecoder.decode(PEMDecoder.java:321) ~[na:na]

at ch.ethz.ssh2.auth.AuthenticationManager.authenticatePublicKey(AuthenticationManager.java:240) ~[na:na]

at ch.ethz.ssh2.Connection.authenticateWithPublicKey(Connection.java:499) ~[na:na]

at co.cask.hydrator.plugin.batch.action.SSHAction.run(SSHAction.java:68) ~[na:na]

at co.cask.cdap.etl.common.plugin.WrappedAction$2.call(WrappedAction.java:54) ~[na:na]

at co.cask.cdap.etl.common.plugin.WrappedAction$2.call(WrappedAction.java:51) ~[na:na]

at co.cask.cdap.etl.common.plugin.Caller$1.call(Caller.java:30) ~[na:na]

at co.cask.cdap.etl.common.plugin.StageLoggingCaller.call(StageLoggingCaller.java:40) ~[na:na]

at co.cask.cdap.etl.common.plugin.WrappedAction.run(WrappedAction.java:51) ~[na:na]

at co.cask.cdap.etl.batch.customaction.PipelineAction.run(PipelineAction.java:92) ~[na:na]

at co.cask.cdap.internal.app.runtime.workflow.CustomActionExecutor$2.run(CustomActionExecutor.java:190) ~[na:na]

at co.cask.cdap.internal.app.runtime.AbstractContext.executeChecked(AbstractContext.java:561) ~[na:na]

at co.cask.cdap.internal.app.runtime.workflow.CustomActionExecutor.executeCustomAction(CustomActionExecutor.java:187) ~[na:na]

at co.cask.cdap.internal.app.runtime.workflow.CustomActionExecutor.execute(CustomActionExecutor.java:125) ~[na:na]

at co.cask.cdap.internal.app.runtime.workflow.WorkflowDriver.executeCustomAction(WorkflowDriver.java:444) ~[na:na]

at co.cask.cdap.internal.app.runtime.workflow.WorkflowDriver.executeNode(WorkflowDriver.java:467) ~[na:na]

at co.cask.cdap.internal.app.runtime.workflow.WorkflowDriver.executeAll(WorkflowDriver.java:640) ~[na:na]

... 3 common frames omitted

I really appreciate if someone clould help me since I spent all the day on this without any solutions.

Thank you very much,

Matteo

[Ali Anwar]

Hi Matteo.

1. Did you copy the entire contents of the id_rsa file into the "Private Key" label, including the "-----END RSA PRIVATE KEY-----" part at the end?
2. How did you generate this key?

Regards,
Ali Anwar

--
You received this message because you are subscribed to the Google Groups "CDAP User" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cdap-user+unsubscribe@googlegroups.com.
To post to this group, send email to cdap...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/cdap-user/a783a0c5-129e-44a8-8fff-0afd1f5b69a8%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Matteo Perico]

HI Ali, thank you very much for you answers.

For the questions:

1) Yes.

2) I used the command       ssh-keygen -t rsa

I checked if the key are correct.

It' wired because if I check the logs when the pipeline starts, it correctly receives the whole private key that I gave as input, no missing part. 

To unsubscribe from this group and stop receiving emails from it, send an email to cdap-user+...@googlegroups.com.

[das.bidy...@gmail.com]

Hi, did you get the answer for this, 'm facing the same issue

[Terence Yim]

Hi,

How did you generate the key? CDAP takes openssl keys in PEM format. It should begin with a line:

----BEGIN OPENSSH PRIVATE KEY-----

You can generate such key by ssh-keygen -m PEM -t rsa -b 4096

Regards,

Terence

--

You received this message because you are subscribed to the Google Groups "CDAP User" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cdap-user+...@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/cdap-user/0f95c77b-c0cf-4a64-bc8d-929f7801ab2a%40googlegroups.com.

--

Terence Yim | Staff Software Engineer | tere...@google.com | 

[das.bidy...@gmail.com]

Hi Terence,

Thanks for your reply.

I did generate with openssh only; but it was completely my mistake while putting the key in cdap.

I copied to a notepad and then copied from the notepad to cdap. It was giving me the error.

When I directly copied from ubuntu terminal to cdap, it worked well.

Regards

Bidyut

On Wednesday, April 29, 2020 at 1:36:31 PM UTC+5:30, Terence Yim wrote:

Hi,

How did you generate the key? CDAP takes openssl keys in PEM format. It should begin with a line:

----BEGIN OPENSSH PRIVATE KEY-----

You can generate such key by ssh-keygen -m PEM -t rsa -b 4096

Regards,

Terence

To unsubscribe from this group and stop receiving emails from it, send an email to cdap...@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/cdap-user/0f95c77b-c0cf-4a64-bc8d-929f7801ab2a%40googlegroups.com.

[Terence Yim]

Hi,

I am glad that you've figured it out.

Terence

To unsubscribe from this group and stop receiving emails from it, send an email to cdap-user+...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/cdap-user/f2a1d539-2af4-49fc-8081-cf0df71940a8%40googlegroups.com.

[Kushagra Jaiswal]

Hi Team, 

I am seeing this issue once more in data fusion, and i am getting the error:

java.io.IOException: Publickey authentication failed.    at ch.ethz.ssh2.auth.AuthenticationManager.authenticatePublicKey(AuthenticationManager.java:331) ~[na:na]    at ch.ethz.ssh2.Connection.authenticateWithPublicKey(Connection.java:499) ~[na:na]    at io.cdap.plugin.batch.action.SSHAction.run(SSHAction.java:81) ~[na:na]    at io.cdap.cdap.etl.common.plugin.WrappedAction.lambda$run$1(WrappedAction.java:49) ~[na:na]    at io.cdap.cdap.etl.common.plugin.Caller$1.call(Caller.java:30) ~[na:na]    at io.cdap.cdap.etl.common.plugin.WrappedAction.run(WrappedAction.java:48) ~[na:na]    at io.cdap.cdap.etl.batch.customaction.PipelineAction.run(PipelineAction.java:91) ~[na:na]    at io.cdap.cdap.internal.app.runtime.AbstractContext.execute(AbstractContext.java:567) ~[na:na]    at io.cdap.cdap.internal.app.runtime.workflow.CustomActionExecutor.execute(CustomActionExecutor.java:86) ~[na:na]    at io.cdap.cdap.internal.app.runtime.workflow.WorkflowDriver.executeCustomAction(WorkflowDriver.java:436) ~[na:na]    at io.cdap.cdap.internal.app.runtime.workflow.WorkflowDriver.executeNode(WorkflowDriver.java:473) ~[na:na]    at io.cdap.cdap.internal.app.runtime.workflow.WorkflowDriver.executeAll(WorkflowDriver.java:641) ~[na:na]    at io.cdap.cdap.internal.app.runtime.workflow.WorkflowDriver.run(WorkflowDriver.java:626) ~[na:na]

Tried the same ssh-keygen command and copying it from the terminal as well.

Please help me this.

Thanks,

Kushagra 

[Kushagra Jaiswal]

Hi Team, 

The issue has been resolved i was using an openssh key rather than a RSA key.

Thanks.