Can't Authenticate Keys from Amazon Web Services (AWS)

Feb 15, 2012 at 2:11 AM

Oleg, 

I am trying to use your SSH.NET library to send files and commands to a linux box on Amazon's cloud computing (AWS - Amazon Web Services).  I generate RSA keys according to the documentation here:

http://docs.amazonwebservices.com/AWSEC2/latest/UserGuide/generating-a-keypair.html

Here is one of my test private keys I am testing with:

 

-----BEGIN RSA PRIVATE KEY-----
MIIEpAIBAAKCAQEAigBFCTMPn267I7nTNf/AK+YmyAxz6mfEeLHR89suaDp3Q7BPkQBOE1VVBldd
I5ZOuVzF2vjtXrW/lYeutko/5YjYacgRYrGfFfhS3St0qIoavvqflzPNnlroRz39iVTQAYNFwhhy
hy3wpqloSCC0uPlvoXR7qs8TIeEFesFvm+UJjY3D1F0KZWOkXI9at4o33lZ4TnjIEjfe0ELwnkaG
VRNswPWPUuAKR7SDgCP03+xAEWTgNY860MMelUW+1cjwteV93jKbqh8DbAQC9Gm9o3nsUtu/J+Hj
9aEL/VNcfqxGvnp/T5pt5Uy/sZzpyfe8ByTFbpDX2U7bUmje7vFniwIDAQABAoIBABep8Cyhqt4l
+MUpikRKNMPSVXgcWowpexFPPLdaMF0DGYxr4Vj1+m1qRogt1vTRQ3KZq/vej6Wb+NxFRfpQRSCx
FJsfCYwo9SSpTlxKpVh5RhjVlSQyZ+HtqML+qEkyV/DKd93On2T6xbdueUlVAmhtrWy8MrCZjahT
k8L3BJJwtXNtiZ/BEIXGWGTdJS17Ae/c5ahtfvR83laZh+PFwDqG/KUps6r8guyWLBV4lD/gk5FS
bEN0kzFekTb5+g2QedMofxMLuGERMi5a2AbJ5+4cjn4+cOGv0ZfVlSqUfxGY4AtZkhszNeo+XazE
idgTAGKYDht7zNuND3V534VGvOECgYEAwYvy4igWH9SHpCr3rHob3K2uU9TQi0HraDOTTfW4EnK2
RzOcpWI+NHDjUN2AAeVOIcg7KjY+KqnrlT9Ebl2x/wz9rOsZ43tJGe+oBO2ZliNHg8Mj8mPhZikw
/isVKOurLFXomTEymdfl5PkTlP/MS+iNqEbX1wNc/XZysneiKKkCgYEAtofwJTVlY7Cj6bSKpkxe
1Wgs0sGpKa3QYqtEpmkCQ/L3KEhFWYuq8wSUZ+caAC5PIWLb29w3cZru/IVzglJmUqosg9PTEl+M
cP2WwXDJWXq3+cmaY2IUAeJTPMokGo9QtEIr/oVugA18iuuDTasfz02NZMkY5g+3Y/mLipD0KxMC
gYEAuc5kygC53Kzn2w703rwLa3vBU/GGk2ohWNPKopk2sV825nwB8jOyjB2j3MoITcmZjIzxX8Db
RZIC/DDUvS9t5fDOx+ab3+tHboLIxpJjU+NikHgSVmzUwoLg6eDqW3KDzfhbaFX2wgKmTX9g8TXx
Jx6Gf/oi0+QCrcG8suBu6KECgYAaDtYNuc27qZ/84TVaAFUZikG75MHNnW6+Z0zppNwZ7zmxmn+s
BPBmuSSmoKtpkzLgxUg13v5bTY8IpdSTqkfJTVoFh9v+J33ZM5quCvfzuj1Bf7J2ta29hx3y87ir
wgH3eerl7w6TYVmCS5T3JZLo+V1SIhNX5K59q0Zshb0V2QKBgQC377EdHX4Q84FI/R4ts+21I7AA
YPBBq09FA/i6u+dpfG9MDpEQzux4oMum7uwjl4z5zgaOrhRymCeoDppjczjql4Nlo4gxwlmaJnT7
Es1TemV8NDCHo4dKw8/O7u1pMJne62Mx2oqHVphVSsujAZK8Akw53K5NaId5vK01fdFsdw==
-----END RSA PRIVATE KEY-----

 

I started out by simply trying to create a PrivateKeyFile object:

 

PrivateKeyFile key = new PrivateKeyFile(@"AmazonTestKey.key");

 

When I step through your code I noticed it throws an exception on line 108 of your PrivateKeyFileClass, because this Amazon key doesn't match your regex for private keys:

private static Regex _privateKeyRegex = new Regex(@"^-----BEGIN (?<keyName>\w+) PRIVATE KEY-----\r?\n(Proc-Type: 4,ENCRYPTED\r?\nDEK-Info: (?<cipherName>[A-Z0-9-]+),(?<salt>[A-F0-9]+)\r?\n\r?\n)?(?<data>([a-zA-Z0-9/+=]{1,64}\r?\n)+)-----END \k<keyName> PRIVATE KEY-----.*", RegexOptions.Compiled | RegexOptions.Multiline);

Your SSH.NET Library would be VERY VERY useful to people who use Amazon's Cloud computing.  Would you have time to take a look at this?  

Thanks, 

Steve

 

 

 

Feb 15, 2012 at 5:49 AM

Oleg, 

I figured out what the issue was.  Amazon Web Services issues keys that have lines with character lengths of 76, while your library uses a regex expression to make sure it's 64.  

private static Regex _privateKeyRegex = new Regex(@"^-----BEGIN (?<keyName>\w+) PRIVATE KEY-----\r?\n(Proc-Type: 4,ENCRYPTED\r?\nDEK-Info: (?<cipherName>[A-Z0-9-]+),(?<salt>[A-F0-9]+)\r?\n\r?\n)?(?<data>([a-zA-Z0-9/+=]{1,64}\r?\n)+)-----END \k<keyName> PRIVATE KEY-----.*", RegexOptions.Compiled | RegexOptions.Multiline);

I simply changed the regex to accept either and I can now issue commands to my linux box on Amazon's cloud.  I have suggestion: don't validate the private key.  If the wrong key is used, the client object will not be able to connect.  This way you don't limit your library to keys of varying character lengths.

This is a great tool!  Thanks for building it.  It will make my job much easier to manage my servers on Amazon's cloud computing.  

Steve

Coordinator
Feb 15, 2012 at 11:26 AM

Hi,

 

Thanks for discovering it, I will make appropriate changes to the library later then, so this error does not repeat itself.

 

Unfortunatly I do need to parse the key to extract some information from it.

 

Thanks,

Oleg