Terraform: unsupported key type "OPENSSH PRIVATE KEY"

Created on 17 Feb 2016  ยท  7Comments  ยท  Source: hashicorp/terraform

Remote execution fails if you have a "new-format private key". This means you're not able to protect your private key with a KDF, which is a Good Thing to do.

Output received:

Error applying plan:

1 error(s) occurred:

* Failed to parse key file "[XXX PRIVATE KEY DATA XXX]": ssh: unsupported key type "OPENSSH PRIVATE KEY"

The OpenSSH man page section about KDF support:

     -a rounds
             When saving a new-format private key (i.e. an ed25519 key or any
             SSH protocol 2 key when the -o flag is set), this option speci-
             fies the number of KDF (key derivation function) rounds used.
             Higher numbers result in slower passphrase verification and
             increased resistance to brute-force password cracking (should the
             keys be stolen).
enhancement provisioneremote-exec
Source
picture brainsik
👍1

Most helpful comment

This should be reopened given the change was reverted.

picture passcod on 6 Dec 2016
👍7

All 7 comments

Hi @brainsik - this is a good idea, but I'm not sure if crypto/ssh supports it.

If we can figure out how to make this happen in Go - happy to add it as a feature!

phinze picture phinze on 19 Feb 2016

Any update on Go's underlying library updating?

vincecima picture vincecima on 11 Aug 2016

It looks like crypto/ssh has support for these keys: https://github.com/golang/crypto/blob/master/ssh/testdata/keys.go#L43-L50 added in: https://github.com/golang/crypto/commit/1e61df8d9ea476e2e1504cd9a32b40280c7c6c7e

passcod picture passcod on 12 Oct 2016

Closed via #9661

stack72 picture stack72 on 28 Oct 2016

This should be reopened given the change was reverted.

passcod picture passcod on 6 Dec 2016
👍7

Note you can work around this by setting agent = true in the connection block.

mkb picture mkb on 31 Jan 2017

I'm going to lock this issue because it has been closed for _30 days_ โณ. This helps our maintainers find and focus on the active issues.

If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.

hashibot[bot] picture hashibot[bot] on 17 Apr 2020
Was this page helpful?
0 / 5 - 0 ratings

Related issues

larstobi picture larstobi  ยท  3Comments
c4milo picture c4milo  ยท  3Comments
rnowosielski picture rnowosielski  ยท  3Comments
pawelsawicz picture pawelsawicz  ยท  3Comments
cpoole picture cpoole  ยท  3Comments