Using CA signed SSH public key I get Paramiko error: not a valid OPENSSH private key file

Hi,

I’m testing StackStorm 3.1 with CentOS 7.7 and I’m getting a Paramiko error when I try to run an simple action via SSH using a SSH public key signed witha CA certificate. Do you know if I0m missing any step in the StackStorm config?

[root@stackstorm my-ca]# st2 run core.remote hosts=192.168.200.11 port=10022 cmd="whoami"
.
id: 5ea7f58c5cdb04063b9ed3cc
status: failed
parameters:
  cmd: whoami
  hosts: 192.168.200.11
  port: 10022
result:
  error: "Unable to connect to any one of the hosts: [u'192.168.200.11'].

 connect_errors={
  "192.168.200.11": {
    "failed": true,
    "traceback": "Traceback (most recent call last):  File \"/opt/stackstorm/st2/lib/python2.7/site-packages/st2common/runners/parallel_ssh.py\", line 258, in _connect    client.connect()  File \"/opt/stackstorm/st2/lib/python2.7/site-packages/st2common/runners/paramiko_ssh.py\", line 143, in connect    self.client = self._connect(host=self.hostname, socket=self.bastion_socket)  File \"/opt/stackstorm/st2/lib/python2.7/site-packages/st2common/runners/paramiko_ssh.py\", line 720, in _connect    raise SSHException(msg)SSHException: Error connecting to host 192.168.200.11 with connection parameters {'username': 'stanley', 'key_filename': '/home/stanley/.ssh/stanley_rsa', 'allow_agent': False, 'hostname': u'192.168.200.11', 'look_for_keys': False, 'timeout': 60, 'port': 10022}.Paramiko error: not a valid OPENSSH private key file.",
    "timeout": false,
    "succeeded": false,
    "stdout": "",
    "stderr": "",
    "error": "Connection error. Error connecting to host 192.168.200.11 with connection parameters {'username': 'stanley', 'key_filename': '/home/stanley/.ssh/stanley_rsa', 'allow_agent': False, 'hostname': u'192.168.200.11', 'look_for_keys': False, 'timeout': 60, 'port': 10022}.Paramiko error: not a valid OPENSSH private key file.",
    "return_code": 255
  }
}"
  traceback: "  File "/opt/stackstorm/st2/lib/python2.7/site-packages/st2actions/container/base.py", line 113, in _do_run
    runner.pre_run()
  File "/opt/stackstorm/st2/lib/python2.7/site-packages/st2common/runners/paramiko_ssh_runner.py", line 185, in pre_run
    self._parallel_ssh_client = ParallelSSHClient(**client_kwargs)
  File "/opt/stackstorm/st2/lib/python2.7/site-packages/st2common/runners/parallel_ssh.py", line 74, in __init__
    connect_results = self.connect(raise_on_any_error=raise_on_any_error)
  File "/opt/stackstorm/st2/lib/python2.7/site-packages/st2common/runners/parallel_ssh.py", line 104, in connect
    raise NoHostsConnectedToException(msg)
"

I have check the config of SSH and I can login using the standard CentOS ssh client.

When a I run with a “classic not signed” SSH public key it runs smoothly.

[stanley@stackstorm .ssh]$ st2 run core.remote hosts=192.168.200.11 port=10022 cmd="whoami" username="stanley"
.
id: 5ea7fdca5cdb04063b9ed3ea
status: succeeded
parameters:
  cmd: whoami
  hosts: 192.168.200.11
  port: 10022
  username: stanley
result:
  192.168.200.11:
    failed: false
    return_code: 0
    stderr: ''
    stdout: stanley
    succeeded: true
[stanley@stackstorm .ssh]$

It looks like you have the wrong key format. Try switching from PEM to RSA format.

Hi,

Thanks for your quick anwser but I’m sorry because I don’t quite understand your answer. The private key uses RSA algorithm in a PEM format file. Should it be different?


[stanley@stackstorm .ssh]$ cat stanley_rsa
-----BEGIN RSA PRIVATE KEY-----
MIIEowIBAAKCAQEA1zdWZdRbjUNVQ/L5OnQobJ+cXUdfzJsOO3X0Dj+QCpBs5/ET

So there is openssh and rsa keyformats.

I think I mistyped PEM before.

See here: https://security.stackexchange.com/questions/32768/converting-keys-between-openssl-and-openssh