Issue metadata
Sign in to add a comment
|
nassh: Secure Shell not usable for connecting to EC2 instance from Chromebook
Reported by
a...@continusec.com,
Jul 28 2017
|
||||||||||||||||||||||||
Issue descriptionUserAgent: Mozilla/5.0 (X11; CrOS x86_64 9460.73.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/59.0.3071.134 Safari/537.36 Platform: 9460.73.0 (Official Build) stable-channel cave Steps to reproduce the problem: 1. Create an EC2 VM, select the option to create a new key pair, save the downloaded private key. 2. Install the "Secure Shell" extension. 3. Use it to attempt to connect to the EC2 instance, uploading the private key material downloaded from step 1. What is the expected behavior? Be able to successfully SSH to instance. What went wrong? Receive error message: Permission denied (publickey). NaCl plugin exited with status code 255. Did this work before? N/A Chrome version: 59.0.3071.134 Channel: stable OS Version: 9460.73.0 Flash Version: Per the FAQ (https://chromium.googlesource.com/apps/libapps/+/master/nassh/doc/FAQ.md#Can-I-connect-using-a-public-key-pair-or-certificate) and various internet advice (e.g. https://coderwall.com/p/f7luvw/connect-to-ec2-via-secure-shell-plugin-for-google-chrome), to make this work you need to: 1. Rename the file from "foo.pem" to "foo". 2. Generate the public key for it: "ssh-keygen -y -f foo > foo.pub". 3. Import both of these to the extension. Since you need a command line to do step 2 - it can't be done on a stock Chromebook, and thus I'm stuck having just created an EC2 instance through the AWS Console, but unable to log into it. OpenSSH (on the command-line) in general does not require the file be named specially, nor does it require the public key be in a separate file. Further even if the underlying SSH engine needs it in this manner, it would be much more helpful if the extension could automatically derive the public key from the private key material in the same manner that ssh-keygen does. Kindly requesting that the Secure Shell extension be fixed to accept just the private key for Import.
,
Oct 24 2017
,
Oct 24 2017
i've never used AWS. what format is "foo.pem" in ? can you create a key and attach it here (and obviously throw away that key) ?
,
Oct 24 2017
Hi @vapier, it's standard PEM encoded RSA PRIVATE KEY (the same as ssh-keygen will generate), ie: -----BEGIN RSA PRIVATE KEY----- ... -----END RSA PRIVATE KEY----- (real example one downloaded from AWS attached) The problem is that for some reason the extension requires that both the public and the private be uploaded, however the AWS Console only lets you download the private key (which is all that *should* be needed, since the public key can be derived automatically from the private key).
,
Oct 25 2017
Cc'ing vapier@ for more inputs and further investigation of this.
,
Oct 26 2017
this already works, it's just that the UI is not clear, and those docs you read are wrong simply import the pem file only and then add to your ssh command line: -i /.ssh/<name of file> going to dupe into an existing bug related to improving the UI |
|||||||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||||||
Comment 1 by eostroukhov@chromium.org
, Jul 31 2017