Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-17683

Incorrect hash calculated for custom SSH keys

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Fixed
    • Icon: Major Major
    • ec2-plugin
    • None

      EC2 keypair fingerprints are generated in two different ways. Currently the EC2 plugin only recognizes keypairs generated via AWS. No imported keypairs are allowed.

      If you generate a public key from the private using ssh-keygen (ssh-keygen -y -f privatekey.pem) and then upload the public key, the fingerprint is calculated off the public key instead of the private key.

      You generate the same public key fingerprint that amazon gets via:

      openssl rsa -in privatekey.pem -outform DER -pubout | openssl md5 -c

      If I put in the ec2 plugin a private key that I generated and then uploaded the public key, the ec2 plugin cannot find the proper resulting fingerprint from the public key.

      Could the plugin be updated to either allow entering a public key and private key or have it generate a public key fingerprint as well as the private key fingerprint and check for either?

          [JENKINS-17683] Incorrect hash calculated for custom SSH keys

          Joseph Lawson created issue -

          Joseph Lawson added a comment -

          To convert an OpenSSH compatible public to to the PKCS#1 PEM encoded: ssh-keygen -f key.pub -e -m pem

          Joseph Lawson added a comment - To convert an OpenSSH compatible public to to the PKCS#1 PEM encoded: ssh-keygen -f key.pub -e -m pem
          Joseph Lawson made changes -
          Description Original: EC2 keypair fingerprints are generated in two different ways. Currently the EC2 plugin only recognizes keypairs generated via AWS. No imported keypairs are allowed.

          If AWS generates the keypair, the following command can generate the fingerprint resulting from the private key being hashed:

          openssl rsa -in privatekey.pem -outform DER -pubout | openssl sha1 -c

          If you generate a public key from the private using ssh-keygen (ssh-keygen -y -f privatekey.pem) and then upload the public key, the fingerprint is calculated off the public key instead of the private key.

          You generate the same public key fingerprint that amazon gets via:

          openssl rsa -in privatekey.pem -outform DER -pubout | openssl md5 -c

          If I put in the ec2 plugin a private key that I generated and then uploaded the public key, the ec2 plugin cannot find the proper resulting fingerprint from the public key.

          Could the plugin be updated to either allow entering a public key and private key or have it generate a public key fingerprint as well as the private key fingerprint and check for either?           		New: EC2 keypair fingerprints are generated in two different ways. Currently the EC2 plugin only recognizes keypairs generated via AWS. No imported keypairs are allowed.

          If you generate a public key from the private using ssh-keygen (ssh-keygen -y -f privatekey.pem) and then upload the public key, the fingerprint is calculated off the public key instead of the private key.

          You generate the same public key fingerprint that amazon gets via:

          openssl rsa -in privatekey.pem -outform DER -pubout | openssl md5 -c

          If I put in the ec2 plugin a private key that I generated and then uploaded the public key, the ec2 plugin cannot find the proper resulting fingerprint from the public key.

          Could the plugin be updated to either allow entering a public key and private key or have it generate a public key fingerprint as well as the private key fingerprint and check for either?

          Joseph Lawson added a comment -

          Hello I have made some simple changes to the plugin to support looking for the SSH Keypair's private key fingerprint as well as it's public key fingerprint as well.

          Unit test is included as well.

          https://github.com/jenkinsci/ec2-plugin/pull/45

          Joseph Lawson added a comment - Hello I have made some simple changes to the plugin to support looking for the SSH Keypair's private key fingerprint as well as it's public key fingerprint as well. Unit test is included as well. https://github.com/jenkinsci/ec2-plugin/pull/45

          SCM/JIRA link daemon added a comment -

          Code changed in jenkins
          User: Francis Upton
          Path:
          src/main/java/hudson/plugins/ec2/EC2PrivateKey.java
          src/test/java/hudson/plugins/ec2/EC2PrivateKeyTest.java
          http://jenkins-ci.org/commit/ec2-plugin/f4661e86b66cbf9662752d900686c341584203ae
          Log:
          Merge pull request #45 from joekiller/public-finger-print

          JENKINS-17683 Incorrect hash calculated for custom SSH keys

          Compare: https://github.com/jenkinsci/ec2-plugin/compare/f473c09f50f9...f4661e86b66c

          SCM/JIRA link daemon added a comment - Code changed in jenkins User: Francis Upton Path: src/main/java/hudson/plugins/ec2/EC2PrivateKey.java src/test/java/hudson/plugins/ec2/EC2PrivateKeyTest.java http://jenkins-ci.org/commit/ec2-plugin/f4661e86b66cbf9662752d900686c341584203ae Log: Merge pull request #45 from joekiller/public-finger-print JENKINS-17683 Incorrect hash calculated for custom SSH keys Compare: https://github.com/jenkinsci/ec2-plugin/compare/f473c09f50f9...f4661e86b66c
          Francis Upton made changes -
          Resolution New: Fixed [ 1 ]
          Status Original: Open [ 1 ] New: Resolved [ 5 ]
          R. Tyler Croy made changes -
          Workflow Original: JNJira [ 148863 ] New: JNJira + In-Review [ 192912 ]

            francisu Francis Upton
            joekiller Joseph Lawson
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated:
              Resolved: