[COMPASS-3558] Add Support for Ed25519 SSH keys Created: 09/Apr/19  Updated: 10/Jan/24  Resolved: 30/Jun/22

Status: Closed
Project: Compass
Component/s: Connectivity
Affects Version/s: 1.17.0
Fix Version/s: None

Type: New Feature Priority: Major - P3
Reporter: Mark Garrett Assignee: Unassigned
Resolution: Declined Votes: 1
Labels: internal
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified
Environment:

macOS 10.14.4


Issue Links:
Depends
depends on COMPASS-4069 Update ssh2 dependency Closed
Story Points: 2
Sprint: Iteration Urial, Iteration Vicuña

 Description   

Compass is currently unable to use Ed25519 keys generated by OpenSSL. After doing some digging, this is due to the underlying node module ssh-streams not handling EdDSA in the most recent version. There is a fix that was recently committed. I've put in an issue to get the fix version tagged. This would also require compiling against OpenSSL 1.1 or equivalent.

/Applications/MongoDB Compass Community.app/Contents/Resources/app.asar/node_modules/react-dom/cjs/react-dom.production.min.js:21 Uncaught Error: Cannot parse privateKey: Unsupported key format
    at Client.connect (/Applications/MongoDB Compass Community.app/Contents/Resources/app.asar/node_modules/ssh2/lib/client.js:230)
    at SSHTunnel.createTunnel (/Applications/MongoDB Compass Community.app/Contents/Resources/app.asar/node_modules/mongodb-connection-model/lib/ssh-tunnel.js:53)
    at /Applications/MongoDB Compass Community.app/Contents/Resources/app.asar/node_modules/mongodb-connection-model/node_modules/async/dist/async.js:3880
    at replenish (/Applications/MongoDB Compass Community.app/Contents/Resources/app.asar/node_modules/mongodb-connection-model/node_modules/async/dist/async.js:1011)
    at /Applications/MongoDB Compass Community.app/Contents/Resources/app.asar/node_modules/mongodb-connection-model/node_modules/async/dist/async.js:1016
    at eachOfLimit (/Applications/MongoDB Compass Community.app/Contents/Resources/app.asar/node_modules/mongodb-connection-model/node_modules/async/dist/async.js:1041)
    at /Applications/MongoDB Compass Community.app/Contents/Resources/app.asar/node_modules/mongodb-connection-model/node_modules/async/dist/async.js:1046
    at _parallel (/Applications/MongoDB Compass Community.app/Contents/Resources/app.asar/node_modules/mongodb-connection-model/node_modules/async/dist/async.js:3879)
    at Object.series (/Applications/MongoDB Compass Community.app/Contents/Resources/app.asar/node_modules/mongodb-connection-model/node_modules/async/dist/async.js:4735)
    at SSHTunnel.listen (/Applications/MongoDB Compass Community.app/Contents/Resources/app.asar/node_modules/mongodb-connection-model/lib/ssh-tunnel.js:138)



 Comments   
Comment by Jessica Sigafoos [ 30/Jun/22 ]

Thank you for your feedback! If this issue is still relevant to you, please vote on or file a feature request at https://feedback.mongodb.com/

Comment by Lucas Hrabovsky (Inactive) [ 09/Jan/20 ]

COMPASS-4069 will address this

Comment by Mark Garrett [ 09/Aug/19 ]

Scot, you will need to create your key with "-m PEM" which will create it in the older format.

Comment by Scot Mcphee [ 09/Aug/19 ]

I've been trying to use ssh in Compass - on a Mac, which has open SSH on it. When I try this, to connect to our Atlas installation, I get the following:

Uncaught Error: Cannot parse privateKey: Unsupported key format

cat new_id_rsa
BEGIN OPENSSH PRIVATE KEY

Support chat said:
 

The certificate files start with BEGIN OPENSSH PRIVATE KEY rather than BEGIN RSA PRIVATE KEY mostly indicates the ed25519 key type which currently not supported by Compass.

 
And pointed me to this ticket.

However ssh-keygen generates this header no matter the type of key i generate so i'm not sure about the applicability of this. The key above is an RSA key.

 

Comment by Mark Garrett [ 10/Apr/19 ]

It seems that the ssh-streams fix won't be tagged and released until roughly node 12 as it requires compiling against OpenSSL 1.1.1, which is a bit new. Tracking issue at nodejs.

Generated at Wed Feb 07 22:33:33 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.