SSH only accepts RSA keys. Using ed25519 key fails with Error unpack requires 4 bytes.
How to reproduce the bug
Generate ed25519 key.
ssh-keygen -t ed25519 -C "your_email@example.com"
Create new database connection in Superset UI.
Use the key with an SSH connection.
Expected results
Connection Success
Actual results
Error: unpack requires 4 bytes.
Screenshots
Environment
- browser type and version: Chrome
- superset version: 2.1.0
- python version: python 3.8
- any feature flags active: SSH_TUNNELING
Checklist
Make sure to follow these steps before submitting your issue - thank you!
- [x ] I have checked the superset logs for python stacktraces and included it here as text if there are any.
- [ x] I have reproduced the issue with at least the latest released version of superset.
- [ x] I have checked the issue tracker for the same issue and I haven't found one similar.
Additional context
Looking at like 64 of ssh.py I see I referencing RSAKey.from_private_key.
if ssh_tunnel.password:
params["ssh_password"] = ssh_tunnel.password
elif ssh_tunnel.private_key:
private_key_file = StringIO(ssh_tunnel.private_key)
private_key = RSAKey.from_private_key(
private_key_file, ssh_tunnel.private_key_password
)
I don't know enough about python or SSH to fix this myself unfortunately as how do you identify a key type from a pasted value? Is this something where you try each type and hope one succeeds or provide a dropdown to identify the key type?
Comment From: bertrand-pledge-io
Can confirm the issue.
Comment From: rusackas
A couple of questions: • Is this still an issue in Superset 3.x or newer? • Is there documentation saying what forms of key Superset does or doesn't take (i.e. could a docs change clear this up)? • Is this a bug, or a feature request? I'm on the fence here :)
CC @eschutho
Comment From: metropolis-ameer
Answers: - It looks like it's still an issue based on what I see in the code, but don't know for certain as I haven't upgraded. - I wasn't aware of it in the documentation, I just ran into the issue and jumped into the code to find out why. - To me it is a bug because from the front end perspective, it accepts an SSH key, but doesn't state the RSA variety (again, based on when I last looked at this in SuperSet 2)
Answers aside, it looks like it could be a relatively easy fix based on what I see here: https://github.com/apache/superset/blob/master/superset/extensions/ssh.py#L68
Plus the fact that
paramiko.RSAKey.from_private_key_file reads RSA keys
paramiko.Ed25519Key.from_private_key_file reads ED25519 keys
So many another elif based on the key type?
Comment From: arrowcircle
This thing still exists in 4.0.0 and annoys a lot. Adding rsa key is working, but modern keys don't work
Comment From: rusackas
I was about to mark this as stale and close it since it's been silent for upward of a year. @metropolis-ameer was kind enough to give a pointer on where to look. Would anyone (e.g. @arrowcircle / @metropolis-ameer) be willing to open a PR?
CC @eschutho who might have some interest in this or be able to relay others for help.
Comment From: eschutho
Can someone test this out and let me know if it works for you? https://github.com/apache/superset/compare/elizabeth/test-ssh-key
If so, I can put up the pr for it.
Comment From: rusackas
Nobody seems to have tested this still... @eschutho would you want to just open the PR anyway?
If nobody can validate the fix, we might close this as not planned.
Comment From: splasky
May I try to fix this issue?
Comment From: eschutho
@splasky Yes, absolutely!
Comment From: splasky
@eschutho Thank you. I will take this tickit.
Comment From: X-arshiya-X
@splasky are you still working on this issue? If not I can try to fix the issue, If yes I'd be happy to help if I can
Comment From: Samuelinto
Good afternoon, My group and I are students in the Software Engineering (CSCD01) course at the University of Toronto. We were wondering if this issue is still open, and if we could be assigned to fix it. Additionally, in the case that this issue is still open, would it be a good idea to allow the use of other types of keys besides RSA and ed25519?
Thanks.