Error trying to connect to a jumpstation using private key

Hi!

I’m trying to create a template which can execute a script in a jumpstation. The problem comes when during the execution the server tries to connect via SSH using a private key. In the failing task I’ve put the path to the private key in the server.

After the execution this is the output:

#### Output:

#### Error stream:
com.xebialabs.overthere.RuntimeIOException: Cannot connect to ssh:scp://MYUSER@MYSERVERIP:22
        at com.xebialabs.overthere.ssh.SshConnection.connect(SshConnection.java:209)
        at com.xebialabs.overthere.ssh.SshConnectionBuilder.connect(SshConnectionBuilder.java:528)
        at com.xebialabs.overthere.OverthereConnector.buildConnection(OverthereConnector.java:86)
        at com.xebialabs.overthere.OverthereConnector.getConnection(OverthereConnector.java:67)
        at com.xebialabs.overthere.Overthere.getConnection(Overthere.java:85)
        at com.xebialabs.xlrelease.plugin.overthere.RemoteScript.execute(RemoteScript.java:95)
        at sun.reflect.GeneratedMethodAccessor1025.invoke(Unknown Source)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
        at java.lang.reflect.Method.invoke(Method.java:498)
        at org.python.core.PyReflectedFunction.__call__(PyReflectedFunction.java:188)
        at org.python.core.PyReflectedFunction.__call__(PyReflectedFunction.java:206)
        at org.python.core.PyObject.__call__(PyObject.java:480)
        at org.python.core.PyObject.__call__(PyObject.java:484)
        at org.python.core.PyMethod.__call__(PyMethod.java:126)
        at org.python.pycode._pyx576502.f$0(<script>:24)
        at org.python.pycode._pyx576502.call_function(<script>)
        at org.python.core.PyTableCode.call(PyTableCode.java:171)
        at org.python.core.PyCode.call(PyCode.java:18)
        at org.python.core.Py.runCode(Py.java:1614)
        at org.python.core.__builtin__.eval(__builtin__.java:497)
        at org.python.core.__builtin__.eval(__builtin__.java:501)
        at org.python.util.PythonInterpreter.eval(PythonInterpreter.java:259)
        at org.python.jsr223.PyScriptEngine.eval(PyScriptEngine.java:57)
        at org.python.jsr223.PyScriptEngine.eval(PyScriptEngine.java:31)
        at com.xebialabs.xlrelease.script.Jsr223ScriptExecutor.lambda$doPrivileged$0(Jsr223ScriptExecutor.java:71)
        at java.security.AccessController.doPrivileged(Native Method)
        at com.xebialabs.xlrelease.script.Jsr223ScriptExecutor.doPrivileged(Jsr223ScriptExecutor.java:71)
        at com.xebialabs.xlrelease.script.jython.JythonScriptExecutor.evalScriptPrivileged(JythonScriptExecutor.java:67)
        at com.xebialabs.xlrelease.script.jython.JythonScriptExecutor.evalScriptWithUtilities(JythonScriptExecutor.java:80)
        at com.xebialabs.xlrelease.script.jython.JythonScriptExecutor.evalScriptWithApi(JythonScriptExecutor.java:56)
        at com.xebialabs.xlrelease.script.DefaultScriptService.executeScript(DefaultScriptService.java:815)
        at com.xebialabs.xlrelease.script.DefaultScriptService.lambda$executeCustomScriptTask$1(DefaultScriptService.java:230)
        at com.xebialabs.deployit.plumbing.scheduler.Scheduler.lambda$withLoggedExceptions$0(Scheduler.java:69)
        at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
        at java.util.concurrent.FutureTask.run(FutureTask.java:266)
        at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$201(ScheduledThreadPoolExecutor.java:180)
        at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:293)
        at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
        at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
        at java.lang.Thread.run(Thread.java:748)
Caused by: net.schmizz.sshj.userauth.UserAuthException: Exhausted available authentication methods
        at net.schmizz.sshj.SSHClient.auth(SSHClient.java:230)
        at net.schmizz.sshj.SSHClient.authPublickey(SSHClient.java:345)
        at net.schmizz.sshj.SSHClient.authPublickey(SSHClient.java:363)
        at com.xebialabs.overthere.ssh.SshConnection.connect(SshConnection.java:199)
        ... 39 more
Caused by: net.schmizz.sshj.userauth.UserAuthException: Problem getting public key from PKCS8KeyFile{resource=[PrivateKeyFileResource] /path/to/private/key}
        at net.schmizz.sshj.userauth.method.KeyedAuthMethod.putPubKey(KeyedAuthMethod.java:46)
        at net.schmizz.sshj.userauth.method.AuthPublickey.buildReq(AuthPublickey.java:62)
        at net.schmizz.sshj.userauth.method.AuthPublickey.buildReq(AuthPublickey.java:81)
        at net.schmizz.sshj.userauth.method.AbstractAuthMethod.request(AbstractAuthMethod.java:68)
        at net.schmizz.sshj.userauth.UserAuthImpl.authenticate(UserAuthImpl.java:72)
        at net.schmizz.sshj.SSHClient.auth(SSHClient.java:224)
        ... 42 more
Caused by: java.io.IOException: Could not read key pair from: [PrivateKeyFileResource] /path/to/private/key
        at net.schmizz.sshj.userauth.keyprovider.PKCS8KeyFile.readKeyPair(PKCS8KeyFile.java:96)
        at net.schmizz.sshj.userauth.keyprovider.BaseFileKeyProvider.getPublic(BaseFileKeyProvider.java:81)
        at net.schmizz.sshj.userauth.method.KeyedAuthMethod.putPubKey(KeyedAuthMethod.java:44)
        ... 47 more

It seems to be a format issue with the private key, but it seems to have the correct format. After searching a lot I have no idea about what it can be.

Can you turn on DEBUG logging on package net.schmizz.sshj.userauth.keyprovider?

https://docs.xebialabs.com/v.22.1/release/concept/logging-in-xl-release/

I’ve added that package in logback.xml:

<logger name="net.schmizz.sshj.userauth.keyprovider" level="debug" />

restarted the server and tried again, and I’m getting the same output. I don’t know if I’m doing something wrong.

Do you have the logs from when the problem occurs? The logs may provide clues to why it’s failing.

Did you check that the key is in PKCS#8 format?

I’ve added the package as said and no log were generated in log folder of the XL Release server more than the output of the execution.
I’ve checked the key and it is in PKCS#8 format, even if I try to connect via SSH from a shell it works.

It seems that support for PKCS#8 private key files was added to a later version of SSHJ than the one we use in the product.

Release uses SSHJ 0.27.0; support for PKCS#8 private key files was added in SSHJ 0.32.0 (See https://github.com/hierynomus/sshj/blob/master/README.adoc)

Please log an issue for this through the Digital.ai support system.

In the meanwhile, would it be possible to use a different private key format?

Kind regards,

Hes Siemelink

1 Like

I guess it will be better to use a different key format for now as you said.

Thank you!