-
Type:
Task
-
Resolution: Fixed
-
Priority:
Major - P3
-
Affects Version/s: None
-
Component/s: Connectivity
-
None
-
Iteration Urial, Iteration Vicuña
Latest: Dec 3, 2019 v0.8.7
connection-model current: Nov 8, 2016 v0.5.4
https://github.com/mongodb-js/compass/issues/1882
While attempting to connect via SSH tunnel using an identity file and passphrase on the latest stable community version, I was only able to get it to work with an RSA key encrypted with AES-128-CBC or DES-EDE3-CBC. It failed to work with AES-192-CBC, AES-256-CBC, or with an openssh private key.
I got a variety of errors when using these other ciphers, including Uncaught Error: Expected 0x2: got 0x18, Uncaught Error: encoding too long, and Uncaught Error: Cannot parse privateKey: Unsupported key format.
Please add support at least for at least longer key lengths of AES, and potentially for other ciphers and key formats.
Confirmed that I get this same issue on current tip of master for at least AES-256-CBC
These algorithms are supported but not enabled by default. COMPASS-4069 will update ssh2 and when combined with COMPASS-3933 adding the below to client/server construction in ssh-tunnel.js will resolve this problem.
{ algorithms: { cipher: require('ssh2-streams').constants.ALGORITHMS.SUPPORTED_CIPHER } }
- depends on
-
-
- Closed
-
- is depended on by
-
COMPASS-3558 Add Support for Ed25519 SSH keys
-
- Closed
-
- is related to
-
COMPASS-2407 When using SSH tunnel, COMPASS does not send client SSL certificate
-
- Closed
-
-
-
- Closed
-
-
-
- Closed
-
- related to
-
-
- Closed
-