Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

az acs kubernetes get-credentials --ssh-key-file does not override searching in .ssh for release 2.0.4

See original GitHub issue

Description

Outline the issue here:

When using a custom ssh key with the command line option --ssh-key-file for az acs kubernetes get-credentials if a file exists in .ssh in the users home dir the command fails with Authentication Failed.

Looking at debug for

az acs kubernetes get-credentials --resource-group=<rg> --name=<acsn> --ssh-key-file=<key_rsa> --debug

results in the relevant output as follows:

...
paramiko.transport : kex engine KexGroup14 specified hash_algo <built-in function openssl_sha1>
paramiko.transport : Switch to new keys ...
paramiko.transport : Adding ssh-rsa host key for aitcacs-aitcpoc-59688e.westeurope.cloudapp.azure.com: <host key>
paramiko.transport : Trying discovered key <private key> in /root/.ssh/id_rsa
paramiko.transport : userauth is OK
paramiko.transport : Authentication (publickey) failed.
Authentication failed.
Traceback (most recent call last):
...

When using acs 2.0.3 the same command and section will result in

...
paramiko.transport : kex engine KexGroup14 specified hash_algo <built-in function openssl_sha1>
paramiko.transport : Switch to new keys ...
paramiko.transport : Adding ssh-rsa host key for aitcacs-aitcpoc-59688e.westeurope.cloudapp.azure.com: < host key >
paramiko.transport : Trying SSH key < custom private key >
paramiko.transport : userauth is OK
paramiko.transport : Authentication (publickey) successful!
...

The workaround is to use 2.0.3, install using

pip install azure-cli-acs==2.0.3

sudo as required.

Environment summary

Install Method: How did you install the CLI? (e.g. pip, interactive script, apt-get, Docker, MSI, nightly)
Answer here:

Inside Dockerfile.

pip install azure-cli

CLI Version: What version of the CLI and modules are installed? (Use az --version)
Answer here:

azure-cli (2.0.4)

acr (2.0.2)
acs (2.0.4)
appservice (0.1.4)
batch (2.0.2)
cloud (2.0.2)
command-modules-nspkg (2.0.0)
component (2.0.3)
configure (2.0.4)
container (0.1.4)
core (2.0.4)
documentdb (0.1.4)
feedback (2.0.2)
find (0.2.1)
iot (0.1.4)
keyvault (2.0.2)
lab (0.0.3)
monitor (0.0.3)
network (2.0.4)
nspkg (3.0.0)
profile (2.0.4)
redis (0.2.1)
resource (2.0.4)
role (2.0.3)
sql (2.0.2)
storage (2.0.4)
vm (2.0.4)

OS Version: What OS and version are you using?
Answer here:

uname -a

Linux c70b581eafa2 4.4.0-74-generic #95-Ubuntu SMP Wed Apr 12 09:50:34 UTC 2017 x86_64 GNU/Linux

Docker base image openjdk:8

Shell Type: What shell are you using? (e.g. bash, cmd.exe, Bash on Windows)
Answer here:

bash

Issue Analytics

State:
Created 6 years ago
Comments:5 (1 by maintainers)

Top GitHub Comments

1reaction

squillacecommented, May 31, 2017

Update: it is fixed, per the other issue about ssh-add. So, if you fail using a key that hasn’t been added:

az acs kubernetes get-credentials -g draft -n draft-kube-acs
Private key file is encrypted
Traceback (most recent call last):
  File "/usr/local/lib/python2.7/site-packages/azure/cli/main.py", line 36, in main
    cmd_result = APPLICATION.execute(args)
  File "/usr/local/lib/python2.7/site-packages/azure/cli/core/application.py", line 203, in execute
    result = expanded_arg.func(params)
  File "/usr/local/lib/python2.7/site-packages/azure/cli/core/commands/__init__.py", line 278, in __call__
    return self.handler(*args, **kwargs)
  File "/usr/local/lib/python2.7/site-packages/azure/cli/core/commands/__init__.py", line 473, in _execute_command
    reraise(*sys.exc_info())
  File "/usr/local/lib/python2.7/site-packages/azure/cli/core/commands/__init__.py", line 450, in _execute_command
    result = op(client, **kwargs) if client else op(**kwargs)
  File "/usr/local/lib/python2.7/site-packages/azure/cli/command_modules/acs/custom.py", line 690, in k8s_get_credentials
    _k8s_get_credentials_internal(name, acs_info, path, ssh_key_file)
  File "/usr/local/lib/python2.7/site-packages/azure/cli/command_modules/acs/custom.py", line 711, in _k8s_get_credentials_internal
    '.kube/config', path_candidate, key_filename=ssh_key_file)
  File "/usr/local/lib/python2.7/site-packages/azure/cli/command_modules/acs/acs_client.py", line 49, in SecureCopy
    ssh.connect(host, username=user, pkey=pkey)
  File "/usr/local/lib/python2.7/site-packages/paramiko/client.py", line 381, in connect
    look_for_keys, gss_auth, gss_kex, gss_deleg_creds, gss_host)
  File "/usr/local/lib/python2.7/site-packages/paramiko/client.py", line 622, in _auth
    raise saved_exception
PasswordRequiredException: Private key file is encrypted

Then you try adding it and import the creds again:

╰─ ssh-add ~/.ssh/id_rsa
Enter passphrase for /Users/ralphsquillace/.ssh/id_rsa:
Identity added: /Users/ralphsquillace/.ssh/id_rsa (/Users/ralphsquillace/.ssh/id_rsa)

you have success, per this item.

╰─ az acs kubernetes get-credentials -g draft -n draft-kube-acs
╭─ 🔋 61% (1:12) ~/work/go/src/github.com/Azure/draft/examples/python

0reactions

IainColledgecommented, Aug 17, 2017

Thanks very much everyone.

Top Results From Across the Web

Getting error while SSH to VM of Azure Kubernetes

For your issue, the steps in the link is no problem. When you check the VMSS with the command here: CLUSTER_RESOURCE_GROUP=$(az aks show ......

SSH keys on Windows for Kubernetes with Azure Container ...

But I was struggling with the SSH keys a couple of times now. ... Use the Command Prompt: az acs kubernetes get-credentials.

Config file isn't available when connecting - Azure

The az aks get-credentials command in Azure CLI, which is used to ... The kubectl command tries to search the C:\Users\A\.kube\config file.

How to Search for Files and Folders via SSH - SiteGround

SSH provides two different commands, which can be used to accomplish this. In order to search for a file location, you can use...

Troubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.

Start Free

Top Related Reddit Thread

No results found

Top Related Tweet

No results found

Top Related Dev.to Post

No results found

az acs kubernetes get-credentials --ssh-key-file does not override searching in .ssh for release 2.0.4

Description

Environment summary

Issue Analytics

Top GitHub Comments

Top Results From Across the Web

Top Related Medium Post

Top Related StackOverflow Question

Troubleshoot Live Code

Top Related Reddit Thread

Top Related Hackernoon Post

Top Related Tweet

Top Related Dev.to Post

Top Related Hashnode Post

[RBAC] Issues with Role Definition commands

[KeyVault] Get-default-policy returns gibberish in Python2