Description of problem: Having two appliances, if I want to fetch the v2_key from the other appliance, having the Public key authentication method in place (I created a keypair using ssh_keygen and distributed the public key to the OTHER_APPLIANCE_IP), the command `appliance_console_cli --fetch-key=OTHER_APPLIANCE_IP` fails Version-Release number of selected component (if applicable): cfme-5.11.5.0-1.el8cf.x86_64 How reproducible: 3/3 Steps to Reproduce: 1. ssh_keygen (generate passwordless RSA key) 2. ssh-copy-id OTHER_APPLIANCE_IP (do what it asks for) 3. appliance_console_cli --fetch-key=OTHER_APPLIANCE_IP Actual results: fetch encryption key Failed to fetch key: key was 385 bytes (Expected 32) Could not create encryption key (v2_key) Expected results: v2_key copied without a need to specify a ssh password Additional info: I found this when verifying BZ #1815568 Note that the password logins are often not encouraged as passwords are often weak.
*** This bug has been marked as a duplicate of bug 1815568 ***
From the BZ 815568: I think we figured this out together with Joe. The problem is that some part of the encryption tools is not supporting RSA for the SSH Pulic key authentication. Gems comming with cfme <= 5.11.4.2-1.el8cf.x86_64 seem to not handle neither the RSA nor the ed25519: # Before the fix: ## case when we have only the RSA-key: /opt/rh/cfme-gemset/gems/net-ssh-4.2.0/lib/net/ssh/authentication/ed25519_loader.rb:19:in `raiseUnlessLoaded': OpenSSH keys only supported if ED25519 is available (NotImplementedError) net-ssh requires the following gems for ed25519 support: * rbnacl (>= 3.2, < 5.0) * rbnacl-libsodium, if your system doesn't have libsodium installed. * bcrypt_pbkdf (>= 1.0, < 2.0) See https://github.com/net-ssh/net-ssh/issues/478 for more information Gem::LoadError : "rbnacl is not part of the bundle. Add it to your Gemfile." ## When ed25519 is available, there is slight difference in what is said: /opt/rh/cfme-gemset/gems/net-ssh-4.2.0/lib/net/ssh/authentication/ed25519_loader.rb:19:in `raiseUnlessLoaded': unsupported key type `ssh-ed25519' (NotImplementedError) net-ssh requires the following gems for ed25519 support: * rbnacl (>= 3.2, < 5.0) * rbnacl-libsodium, if your system doesn't have libsodium installed. * bcrypt_pbkdf (>= 1.0, < 2.0) See https://github.com/net-ssh/net-ssh/issues/478 for more information Gem::LoadError : "rbnacl is not part of the bundle. Add it to your Gemfile." # After the fix Gems comming with cfme-5.11.5.1-1.el8cf.x86_64 seem to not handle the RSA, but are ok with the ed25519. In my verification, I didn't create the ed25519 key, the RSA was used and failed thus I though this wasn't fixed. [root.Y ~]# appliance_console_cli --fetch-key X.X.X fetch encryption key Failed to fetch key: key was 385 bytes (Expected 32) Could not create encryption key (v2_key) In this case I would expect and appreciate an error message about the key is not of the type the tooling can handle (ed25519). When both (ed25519 and RSA) or just ed25519 Private and Public keys are present, the ed25519 is used and all goes fine. Note that it is good idea to NOT use the `--sshpassword` param of the command `appliance_console_cli` to not run into wrong conclusion that key have worked while only passphrase auth was used.