Fix broken keyPath to ssh-keygen #7024
Open
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
When keyPath contains spaces, ex. `/Users/username/Library/Application Support/Code/User/globalStorage/amazonwebservices.aws-toolkit-vscode/aws-ec2-key` the ssh-keygen command fails with "Too many arguments", and doesn't get caught by the "Unknown key type" failure check. This results in log output like [error] aws.ec2.openRemoteConnection: Error: Unable to connect to target instance <id> on region <region>. Testing SSM connection to instance failed: Warning: Permanently added 'aws-ec2-<id>' (ED25519) to the list of known hosts. no such identity: /Users/username/Library/Application Support/Code/User/globalStorage/amazonwebservices.aws-toolkit-vscode/aws-ec2-key: No such file or directory ec2-user@aws-ec2-<id>: Permission denied (publickey,gssapi-keyex,gssapi-with-mic). [EC2SSMTestConnect] Workaround: manually run the command with a double quoted path to create the key in this path.
|
|
Thanks for looking into this. Did you confirm that this change fixes the issue? I am surprised if it does, because the list form of arguments should already do that. By adding quotes as you've done here, it will send literal If that fixes the issue, that might indicate a bug in ssh-keygen. It's certainly worth a workaround to avoid such a bug, but we need to make sure it doesn't regress anything. |
justinmk3
reviewed
Apr 11, 2025
| @@ -81,7 +81,7 @@ export class SshKeyPair { | |||
| } | |||
| return await tryRun( | |||
| 'ssh-keygen', | |||
| ['-t', keyType, '-N', '', '-q', '-f', keyPath], | |||
| ['-t', keyType, '-N', '', '-q', '-f', concat('"', keyPath, '"')], | |||
There was a problem hiding this comment.
npm error src/awsService/ec2/sshKeyPair.ts(84,51): error TS2304: Cannot find name 'concat'.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Problem
When keyPath contains spaces, ex.
/Users/username/Library/Application Support/Code/User/globalStorage/amazonwebservices.aws-toolkit-vscode/aws-ec2-keythe ssh-keygen command fails with "Too many arguments", and doesn't get caught by the "Unknown key type" failure check.This results in log output like
[error] aws.ec2.openRemoteConnection: Error: Unable to connect to target instance on region . Testing SSM connection to instance failed: Warning: Permanently added 'aws-ec2-' (ED25519) to the list of known hosts.
no such identity: /Users/username/Library/Application Support/Code/User/globalStorage/amazonwebservices.aws-toolkit-vscode/aws-ec2-key: No such file or directory
ec2-user@aws-ec2-: Permission denied (publickey,gssapi-keyex,gssapi-with-mic). [EC2SSMTestConnect]
Workaround
Manually run the command with a double quoted path to create the key in this path.
Solution
Double quote the path in the command arg
feature/xbranches will not be squash-merged at release time.