SSH only accepts RSA keys. Using ed25519 key fails with Error unpack requires 4 bytes.
How to reproduce the bug
Generate ed25519 key.
ssh-keygen -t ed25519 -C "your_email@example.com"
Create new database connection in Superset UI.
Use the key with an SSH connection.
Expected results
Connection Success
Actual results
Error: unpack requires 4 bytes.
Screenshots
Environment
- browser type and version: Chrome
- superset version: 2.1.0
- python version: python 3.8
- any feature flags active: SSH_TUNNELING
Checklist
Make sure to follow these steps before submitting your issue - thank you!
- [x ] I have checked the superset logs for python stacktraces and included it here as text if there are any.
- [ x] I have reproduced the issue with at least the latest released version of superset.
- [ x] I have checked the issue tracker for the same issue and I haven't found one similar.
Additional context
Looking at like 64 of ssh.py I see I referencing RSAKey.from_private_key.
if ssh_tunnel.password:
params["ssh_password"] = ssh_tunnel.password
elif ssh_tunnel.private_key:
private_key_file = StringIO(ssh_tunnel.private_key)
private_key = RSAKey.from_private_key(
private_key_file, ssh_tunnel.private_key_password
)
I don't know enough about python or SSH to fix this myself unfortunately as how do you identify a key type from a pasted value? Is this something where you try each type and hope one succeeds or provide a dropdown to identify the key type?
Comment From: bertrand-pledge-io
Can confirm the issue.
Comment From: rusackas
A couple of questions: • Is this still an issue in Superset 3.x or newer? • Is there documentation saying what forms of key Superset does or doesn't take (i.e. could a docs change clear this up)? • Is this a bug, or a feature request? I'm on the fence here :)
CC @eschutho
Comment From: metropolis-ameer
Answers: - It looks like it's still an issue based on what I see in the code, but don't know for certain as I haven't upgraded. - I wasn't aware of it in the documentation, I just ran into the issue and jumped into the code to find out why. - To me it is a bug because from the front end perspective, it accepts an SSH key, but doesn't state the RSA variety (again, based on when I last looked at this in SuperSet 2)
Answers aside, it looks like it could be a relatively easy fix based on what I see here: https://github.com/apache/superset/blob/master/superset/extensions/ssh.py#L68
Plus the fact that
paramiko.RSAKey.from_private_key_file reads RSA keys
paramiko.Ed25519Key.from_private_key_file reads ED25519 keys
So many another elif based on the key type?
Comment From: arrowcircle
This thing still exists in 4.0.0 and annoys a lot. Adding rsa key is working, but modern keys don't work
Comment From: rusackas
I was about to mark this as stale and close it since it's been silent for upward of a year. @metropolis-ameer was kind enough to give a pointer on where to look. Would anyone (e.g. @arrowcircle / @metropolis-ameer) be willing to open a PR?
CC @eschutho who might have some interest in this or be able to relay others for help.
Comment From: eschutho
Can someone test this out and let me know if it works for you? https://github.com/apache/superset/compare/elizabeth/test-ssh-key
If so, I can put up the pr for it.
Comment From: rusackas
Nobody seems to have tested this still... @eschutho would you want to just open the PR anyway?
If nobody can validate the fix, we might close this as not planned.