Paramiko error: not a valid OPENSSH private key file

When I’m running core.remote_sudo from command line, its woking.

st2 run core.remote_sudo cmd=‘service nginx restart’ hosts=test username=ubuntu timeout=5
.
id: 5d322c61e925ea66db850b76
status: succeeded
parameters:
cmd: service nginx restart
hosts: test
timeout: 5
username: ubuntu
result:
test:
failed: false
return_code: 0
stderr: ‘’
stdout: ‘’
succeeded: true

But If I’m doing the same with in orquesta worklow taks then its failing

========================
task:

restart_nginx:
action: core.remote_sudo cmd=‘service nginx restart’ hosts=<% ctx().host %> username=ubuntu timeout=5
next:
- when: <% succeeded() %>
publish:
- message: “successfully restarted nginx on <% ctx().host %>”
do:
- message_slack

========================
error result

result:
errors:

  • message: Execution failed. See result for details.
    result:
    error: "Unable to connect to any one of the hosts: [u’test’].

connect_errors={
“test”: {
“failed”: true,
“traceback”: “Traceback (most recent call last): File “/opt/stackstorm/st2/local/lib/python2.7/site-packages/st2common/runners/parallel_ssh.py”, line 258, in _connect client.connect() File “/opt/stackstorm/st2/local/lib/python2.7/site-packages/st2common/runners/paramiko_ssh.py”, line 143, in connect self.client = self._connect(host=self.hostname, socket=self.bastion_socket) File “/opt/stackstorm/st2/local/lib/python2.7/site-packages/st2common/runners/paramiko_ssh.py”, line 720, in _connect raise SSHException(msg)SSHException: Error connecting to host test with connection parameters {‘username’: ‘stanley’, ‘key_filename’: ‘/home/stanley/.ssh/id_rsa’, ‘allow_agent’: False, ‘hostname’: u’test’, ‘look_for_keys’: False, ‘timeout’: 60, ‘port’: 22}.Paramiko error: not a valid OPENSSH private key file.”,
“timeout”: false,
“succeeded”: false,
“stdout”: “”,
“stderr”: “”,
“error”: “Connection error. Error connecting to host test with connection parameters {‘username’: ‘stanley’, ‘key_filename’: ‘/home/stanley/.ssh/id_rsa’, ‘allow_agent’: False, ‘hostname’: u’test’, ‘look_for_keys’: False, ‘timeout’: 60, ‘port’: 22}.Paramiko error: not a valid OPENSSH private key file.”,
“return_code”: 255
}
}"
traceback: " File “/opt/stackstorm/st2/local/lib/python2.7/site-packages/st2actions/container/base.py”, line 113, in _do_run
runner.pre_run()
File “/opt/stackstorm/st2/local/lib/python2.7/site-packages/st2common/runners/paramiko_ssh_runner.py”, line 185, in pre_run
self._parallel_ssh_client = ParallelSSHClient(**client_kwargs)
File “/opt/stackstorm/st2/local/lib/python2.7/site-packages/st2common/runners/parallel_ssh.py”, line 74, in init
connect_results = self.connect(raise_on_any_error=raise_on_any_error)
File “/opt/stackstorm/st2/local/lib/python2.7/site-packages/st2common/runners/parallel_ssh.py”, line 104, in connect
raise NoHostsConnectedToException(msg)
"
task_id: restart_nginx
type: error
output: null

How did you generate the SSH key? What type of key are you using?

Paramiko library which we use underneath only supports RSA, DSS and ECDSA key types in a PEM format.

I assume your key was generated by newer version of OpenSSH which includes a new style header (begin private key instead of begin rsa/dsa/ec private key) which paramiko doesn’t recognize.

In fact, I was just dealing with this problem in another library just a couple of days ago, so this section might help - https://libcloud.readthedocs.io/en/latest/compute/deployment.html#supported-private-ssh-key-types

Below is my header and footer. The mystery is when I use core.remote_sudo from command line it working. But if I’m running its as an action under a task its not.

-----BEGIN RSA PRIVATE KEY-----
-----END RSA PRIVATE KEY-----

Figured out the issue. There is a type in my action. I gave username=ubuntu instead of username=“ubuntu”.

action: core.remote_sudo cmd=‘service nginx restart’ hosts=<% ctx().host %> username=ubuntu timeout=5

Glad to hear that you have figured out.

We should still look at the code though and throw a more user-friendly exception. No idea why “not a valid openssh private key file” exception is bubbling up. If anything “authentication failure” should bubble up in such scenario.