Jump to content

SSH certificate import error during the "Install application remotely" task in KSC [KES for Linux]


Recommended Posts

Antipova Anna
Posted

Advice and Solutions (Forum Knowledgebase) Disclaimer. Read before using materials.

Problem

The "Install application remotely" task wizard presents an option to specify an SSH certificate as account credentials, if Linux package is selected for installation. 

image.png.c9987ab09e671ccc1a00060f1320bd5a.png

The wizard does not accept certain certificates and fails to provide informative error messages why this happens.

Examples:

Failed to upload the certificate.

Failed to import the private key of the certificate.

image.png.c1c32f8778f9df4bc729bb2997bd834c.png

Root cause

KSC 13.2 only accepts PEM certificates, they start with header line of the following format:

-----BEGIN RSA PRIVATE KEY-----

 

However, most modern Linux systems use openssh, which offers an ssh-keygen tool to generate certificates. Starting from ~2018 it generates certificates in its own openssh structure if used with default settings. The header looks as follows:

-----BEGIN OPENSSH PRIVATE KEY-----

Solution

As a workaround, generate a cetificate in the PEM/RSA format.

  • Using ssh-keygen (newer versions): use -m flag to switch to the old PEM format.

# ssh-keygen -t rsa -m PEM

  • Using PuTTYgen:

Generate the SSH-2 certificate, then navigate to Conversions → Export OpenSSH key (do not choose "force new file format").

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now


×
×
  • Create New...