Rke: Regression with using passphrased SSH keys

Created on 3 Jan 2018  路  5Comments  路  Source: rancher/rke

RKE version:
v0.0.9-dev

Using ssh keys protected by passphrase causes two issues:

1- unexpected error:

INFO[0000] [dialer] Setup tunnel for host [x.x.x.x]
Passphrase for Private SSH Key:
FATA[0002] Failed to set up SSH tunneling for Etcd host [x.x.x.x]: Can't establish dialer connection: Failed to parse the private key: ssh: cannot decode encrypted private keys

this caused by wrong return of err instead of nil

2- After the first issue is resolved, user will have difficulty of running rke because rke will keep asking for passphrase due to the healthcheck addition

kinbug
Source
picture galal-hussein
👍1

Most helpful comment

This seems to have regressed again. 

$ rke --version
rke version v0.1.7

Using an SSH key with passphrase I get:

INFO[0000] Building Kubernetes cluster
INFO[0000] [dialer] Setup tunnel for host [docker-1.***]
WARN[0000] Failed to set up SSH tunneling for host [docker-1.***]: Can't retrieve Docker Info: error during connect: Get http://%2Fvar%2Frun%2Fdocker.sock/v1.24/info: Failed to dial ssh using address [docker-1.***:22]: Error configuring SSH: ssh: cannot decode encrypted private keys

_(hostnames redacted with *)_

picture marcusianlevine on 11 Jun 2018
👍3

All 5 comments

CC @vincent99

galal-hussein picture galal-hussein on 3 Jan 2018

Can be tested with v0.0.10-dev

galal-hussein picture galal-hussein on 14 Jan 2018

Reproduced the issue using encrypted ssh keys for hosts with rke version 0.0.9-dev

$ ./rke_darwin-amd64-0.0.9-dev up --config cluster.yml 
INFO[0000] Building Kubernetes cluster                  
INFO[0000] [dialer] Setup tunnel for host [x.y.z.a] 
Passphrase for Private SSH Key: 
FATA[0005] Failed to set up SSH tunneling for Etcd host [x.y.z.a]: Can't establish dialer connection: Failed to parse the private key: ssh: cannot decode encrypted private keys

Tested with rke version v0.0.12-dev

  1. Generated encrypted ssh keys and specified the ssh_key_path in the cluster.yml file.
  2. Created cluster with two nodes using ./rke up command
  3. Cluster creation was successful
soumyalj picture soumyalj on 17 Jan 2018

This seems to have regressed again. 

$ rke --version
rke version v0.1.7

Using an SSH key with passphrase I get:

INFO[0000] Building Kubernetes cluster
INFO[0000] [dialer] Setup tunnel for host [docker-1.***]
WARN[0000] Failed to set up SSH tunneling for host [docker-1.***]: Can't retrieve Docker Info: error during connect: Get http://%2Fvar%2Frun%2Fdocker.sock/v1.24/info: Failed to dial ssh using address [docker-1.***:22]: Error configuring SSH: ssh: cannot decode encrypted private keys

_(hostnames redacted with *)_

marcusianlevine picture marcusianlevine on 11 Jun 2018
👍3

I confirm the regression with rke_linux-amd64 version v0.1.7.
I can manually _ssh_ the nodes with those keys and SSH_AUTH_SOCK environment variable is set up properly.
However, running ./rke_linux-amd64 up --config rancher-cluster.yml ends up with a ssh: cannot decode encrypted private keys error.

bmenant picture bmenant on 19 Jun 2018
Was this page helpful?
0 / 5 - 0 ratings

Related issues

Hefeweizen picture Hefeweizen  路  4Comments
de13 picture de13  路  3Comments
galal-hussein picture galal-hussein  路  4Comments
rgl picture rgl  路  3Comments
stieler-it picture stieler-it  路  3Comments