Serving Git Packages on Rstudio Package Manager using ssh

Hello,

I'm trying to expose an internally developed R package tracked in Github using SSH but we're encountering issues with the SSH key passphrase. These are the steps I have followed so far:

  1. Created a user my_user_name in the rstudio-pm group
  2. Generated a new SSH key id_ed25519 that I added to the Github account. This command ssh-add -K ~/.ssh/id_ed25519 failed because the server is based on ubuntu, so I used ssh-add ~/.ssh/id_ed25519 instead.
  3. I ran rspm commands under su my_user_name
  4. When I tried to import the SSH key, it says that the key is passphrase protected
    rspm import --name=id_ed25519 --path=/home/ubuntu/.ssh/id_ed25519 --passphrase-path=/home/ubuntu/.ssh/passphrase
    Error: Unable to import key: Could not import SSH key: ssh: this private key is passphrase protected

I'm not sure how to make it see the passphrase. In rstudio documentation it says "passphrase file should just be text file with passphrase for key" so I created a text file (that I'm going to delete) where I put the passphrase but still getting the same error.

Any idea how to fix this?

Thanks!

Hey @Siham_Hachi ! Welcome to community, and thanks for asking!!

Our guess here is that this is a permission issue on your passpharase key. If you run the following commands (presuming your username is ubuntu):

chown ubuntu:ubuntu /home/ubuntu/.ssh/id_ed25519
chown ubuntu:ubuntu /home/ubuntu/.ssh/passphrase

Then you can test permissions with:

namei -l /home/ubuntu/.ssh/id_ed25519
namei -l /home/ubuntu/.ssh/passphrase

Can you give that a shot and see if it solves the problem? Also, what version of RStudio Package Manager are you using?

Moreover, because you are a professional customer (or trialing a professional product), you have access to our professional support team. We really appreciate you asking here, so that others can find the solution, but we can ensure things are handled more directly if you reach out to support@rstudio.com . Thanks!

Thank you so much for getting back to me so quickly Cole.
I have tried changing the ownership for those two files as you recommended, replacing ubuntu:ubuntu by the user I'm using but still getting the same error. Should the SSH key file and the passephrase be owned by the same user who owns rstudio-pm files and directories? (We have the latest version of RSPM, 1.2.2). Thanks!

Hi!

Were you able to solve this @cole ? I seem to have run into exactly the same issue, tried everything suggested but still no luck. Using RSPM 1.2.2-4.

Thanks

Just wanted to update here that we are taking a deeper look at this! We are concerned that our implementation does not handle keys generated by openssh properly, so we may have a bug on our hands!

Can one / all of y'all confirm whether or not your private key begins with -----BEGIN RSA PRIVATE KEY----- and has Proc-Type: 4,ENCRYPTED at the start of the key (if you cat the private key cat ~/.ssh/my-key - DO NOT SHARE THE ACTUAL KEY HERE :male_detective:)?

Or does your key start with something like -----BEGIN OPENSSH PRIVATE KEY----- and then just has a string of random characters?

To be clear - we would expect the former to work (RSA PRIVATE KEY), and the latter to fail (OPENSSH PRIVATE KEY).

Hi @cole thanks for looking into this!

My key has -----BEGIN OPENSSH PRIVATE KEY----- so that looks like that could be the issue.

Thanks for confirming @harryfisher ! Do you have another server with a different type of ssh installed? If you generate a key using a different ssh, that could be a workaround for now (hopefully it will work for you!). I used this to build one, if you're familiar with docker:

docker run -it --rm --name=ssh-keygen ubuntu:bionic bash
apt update && apt install ssh
ssh-keygen
# can get it out from another shell
docker cp ssh-keygen:/root/.ssh/id_rsa my-ssh-key
docker cp ssh-keygen:/root/.ssh/id_rsa.pub my-ssh-key.pub

Thanks @cole, that did the trick :+1:

1 Like

Thanks for this @cole
We ended up removing the passphrase and everything worked.