It's not just ed25519. (and you were right about AWS not supporting it) I created a rsa key with length 8192, and the private key was also
-----BEGIN OPENSSH PRIVATE KEY----- This was accepted by Jenkins as a valid key, and also by AWS itself, but it wasn't accepted by the EC2 plugin. So I had to replace OPENSSH with RSA again. So my pull request is still valid. :) Could it be that more recent versions of ssh-keygen have replaced RSA with OPENSSH? On Wednesday, April 14, 2021 at 1:05:32 AM UTC+2 Thomas Matthijs wrote: > Currently AWS doesn't support ed25519 (at least last time i checked in > 2020) > People been asking for a few year, but maybe the plugin should accept > them already, hopefully only a matter of time till aws does > > On Tue, 13 Apr 2021 at 11:49, Amedee Van Gasse > <[email protected]> wrote: > > > > So I went ahead and submitted a pull request anyway: > > https://github.com/jenkinsci/ec2-plugin/pull/595 > > > > I'm sure it's not all up to standards but as it is my first > contribution, I assume that the Jenkins community will be very happy to > explain me where it can be improved. :-) > > > > On Tuesday, April 13, 2021 at 11:19:16 AM UTC+2 Amedee Van Gasse wrote: > >> > >> I have a question about https://github.com/jenkinsci/ec2-plugin. It > may be a bug, but I'd like to have confirmation before I try to find out > how to file a bug report. > >> > >> In > https://github.com/jenkinsci/ec2-plugin/blob/master/src/main/java/hudson/plugins/ec2/EC2Cloud.java > > there is the following validation in doCheckSshKeysCredentialsId: > >> > >> boolean hasStart = false, hasEnd = false; > >> BufferedReader br = new BufferedReader(new StringReader(privateKey)); > >> String line; > >> while ((line = br.readLine()) != null) { > >> if (line.equals("-----BEGIN RSA PRIVATE KEY-----")) > >> hasStart = true; > >> if (line.equals("-----END RSA PRIVATE KEY-----")) > >> hasEnd = true; > >> } > >> if (!hasStart) > >> return FormValidation.error("This doesn't look like a private key at > all"); > >> if (!hasEnd) > >> return FormValidation > >> .error("The private key is missing the trailing 'END RSA PRIVATE KEY' > marker. Copy&paste error?"); > >> > >> I have generated an ed25519 key, with > >> > >> ssh-keygen -t ed25519 -f ~/.ssh/id_ed25519 > >> > >> SSH version: > >> OpenSSH_8.4p1 Ubuntu-5ubuntu1, OpenSSL 1.1.1j 16 Feb 2021 > >> > >> This key looks like > >> > >> -----BEGIN OPENSSH PRIVATE KEY----- > >> (...) > >> -----END OPENSSH PRIVATE KEY----- > >> > >> I can successfully use this key to connect to manually started > instances (with Manage Nodes -> Add New Node). > >> > >> I can not use this key to connect to an instance started by the EC2 > plugin. The EC2 plugin tells me "This doesn't look like a private key at > all". > >> > >> It appears as if the validation is too strict. > >> > >> Workaround: > >> In the private key file, I replaced > >> -----BEGIN OPENSSH PRIVATE KEY----- > >> (...) > >> -----END OPENSSH PRIVATE KEY----- > >> > >> with > >> -----BEGIN RSA PRIVATE KEY----- > >> (...) > >> -----END RSA PRIVATE KEY----- > >> > >> > >> Can someone confirm if this is an actual bug, or is the problem at my > end? > >> If it is a bug, then how do I proceed to file a bug report? The repo at > https://github.com/jenkinsci/ec2-plugin only has pull requests, no issue > tracker. > > > > -- > > You received this message because you are subscribed to the Google > Groups "Jenkins Users" group. > > To unsubscribe from this group and stop receiving emails from it, send > an email to [email protected]. > > To view this discussion on the web visit > https://groups.google.com/d/msgid/jenkinsci-users/3abaa47f-7d0a-442f-ad7f-c12c57d7cc6en%40googlegroups.com > . > -- You received this message because you are subscribed to the Google Groups "Jenkins Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/cc104a69-6b24-4c78-af9e-bae5e5bb0f7bn%40googlegroups.com.
