SSH command creates empty public key and errors

[ben-oxley-fnc]

Describe the bug

Running az ssh vm --ip {ip}

az ssh vm --ip 10.196.244.148
fdopen C:\\Users\\bjo.FNC\\AppData\\Local\\Temp\\aadsshcertkveyr768\\id_rsa.pub failed: eother
Could not parse public key. Error: Incorrectly formatted public key. Key must be format '<algorithm> <base64_key>'

Extension version:

PS C:\Users\bjo.FNC> az extension list
[
  {
    "experimental": false,
    "extensionType": "whl",
    "name": "ssh",
    "path": "C:\\CliExtensions\\ssh",
    "preview": false,
    "version": "1.1.6"
  }
]

Related command

az ssh vm --ip {ip}

Errors

Could not parse public key. Error: Incorrectly formatted public key. Key must be format ' <base64_key>'

Issue script & Debug output

PS C:\Users\bjo.FNC> az ssh vm --ip $ip --debug
cli.knack.cli: Command arguments: ['ssh', 'vm', '--ip', '10.196.244.148', '--debug']
cli.knack.cli: init debug log:
Enable color in terminal.
Enable VT mode.
cli.knack.cli: Event: Cli.PreExecute []
cli.knack.cli: Event: CommandParser.OnGlobalArgumentsCreate [<function CLILogging.on_global_arguments at 0x0310A388>, <function OutputProducer.on_global_arguments at 0x032D9B20>, <function CLIQuery.on_global_arguments at 0x032F7778>]
cli.knack.cli: Event: CommandInvoker.OnPreCommandTableCreate []
cli.azure.cli.core: Modules found from index for 'ssh': ['azext_ssh']
cli.azure.cli.core: Loading command modules:
cli.azure.cli.core: Name Load Time Groups Commands
cli.azure.cli.core: Total (0) 0.000 0 0
cli.azure.cli.core: These extensions are not installed and will be skipped: ['azext_ai_examples', 'azext_next']
cli.azure.cli.core: Loading extensions:
cli.azure.cli.core: Name Load Time Groups Commands Directory
cli.azure.cli.core: ssh 0.207 1 4 C:\CliExtensions\ssh
cli.azure.cli.core: Total (1) 0.207 1 4
cli.azure.cli.core: Loaded 1 groups, 4 commands.
cli.azure.cli.core: Found a match in the command table.
cli.azure.cli.core: Raw command : ssh vm
cli.azure.cli.core: Command table: ssh vm
cli.knack.cli: Event: CommandInvoker.OnPreCommandTableTruncate [<function AzCliLogging.init_command_file_logging at 0x03D151D8>]
cli.azure.cli.core.azlogging: metadata file logging enabled - writing logs to 'C:\Users\bjo.FNC.azure\commands\2023-07-27.10-34-36.ssh_vm.10476.log'.
az_command_data_logger: command args: ssh vm --ip {} --debug
cli.knack.cli: Event: CommandInvoker.OnPreArgumentLoad [<function register_global_subscription_argument..add_subscription_parameter at 0x03D3F2B0>]
cli.knack.cli: Event: CommandInvoker.OnPostArgumentLoad []
cli.knack.cli: Event: CommandInvoker.OnPostCommandTableCreate [<function register_ids_argument..add_ids_arguments at 0x03D4D1D8>, <function register_cache_arguments..add_cache_arguments at 0x03D4D3D0>]
cli.knack.cli: Event: CommandInvoker.OnCommandTableLoaded []
cli.knack.cli: Event: CommandInvoker.OnPreParseArgs []
cli.knack.cli: Event: CommandInvoker.OnPostParseArgs [<function OutputProducer.handle_output_argument at 0x032D9B68>, <function CLIQuery.handle_query_parameter at 0x032F77C0>, <function register_ids_argument..parse_ids_arguments at 0x03D4D388>]
az_command_data_logger: extension name: ssh
az_command_data_logger: extension version: 1.1.6
cli.azure.cli.core.commands.client_factory: Getting management service client client_type=ComputeManagementClient
cli.azure.cli.core.auth.persistence: build_persistence: location='C:\Users\bjo.FNC\.azure\msal_token_cache.bin', encrypt=True
cli.azure.cli.core.auth.binary_cache: load: C:\Users\bjo.FNC.azure\msal_http_cache.bin
urllib3.util.retry: Converted retries value: 1 -> Retry(total=1, connect=None, read=None, redirect=None, status=None)
msal.authority: openid_config = {'token_endpoint': 'https://login.microsoftonline.com/d540db14-ce3e-4d18-adfb-75a65e88f7d7/oauth2/v2.0/token', 'token_endpoint_auth_methods_supported': ['client_secret_post', 'private_key_jwt', 'client_secret_basic'], 'jwks_uri': 'https://login.microsoftonline.com/d540db14-ce3e-4d18-adfb-75a65e88f7d7/discovery/v2.0/keys', 'response_modes_supported': ['query', 'fragment', 'form_post'], 'subject_types_supported': ['pairwise'], 'id_token_signing_alg_values_supported': ['RS256'], 'response_types_supported': ['code', 'id_token', 'code id_token', 'id_token token'], 'scopes_supported': ['openid', 'profile', 'email', 'offline_access'], 'issuer': 'https://login.microsoftonline.com/d540db14-ce3e-4d18-adfb-75a65e88f7d7/v2.0', 'request_uri_parameter_supported': False, 'userinfo_endpoint': 'https://graph.microsoft.com/oidc/userinfo', 'authorization_endpoint': 'https://login.microsoftonline.com/d540db14-ce3e-4d18-adfb-75a65e88f7d7/oauth2/v2.0/authorize', 'device_authorization_endpoint': 'https://login.microsoftonline.com/d540db14-ce3e-4d18-adfb-75a65e88f7d7/oauth2/v2.0/devicecode', 'http_logout_supported': True, 'frontchannel_logout_supported': True, 'end_session_endpoint': 'https://login.microsoftonline.com/d540db14-ce3e-4d18-adfb-75a65e88f7d7/oauth2/v2.0/logout', 'claims_supported': ['sub', 'iss', 'cloud_instance_name', 'cloud_instance_host_name', 'cloud_graph_host_name', 'msgraph_host', 'aud', 'exp', 'iat', 'auth_time', 'acr', 'nonce', 'preferred_username', 'name', 'tid', 'ver', 'at_hash', 'c_hash', 'email'], 'kerberos_endpoint': 'https://login.microsoftonline.com/d540db14-ce3e-4d18-adfb-75a65e88f7d7/kerberos', 'tenant_region_scope': 'EU', 'cloud_instance_name': 'microsoftonline.com', 'cloud_graph_host_name': 'graph.windows.net', 'msgraph_host': 'graph.microsoft.com', 'rbac_url': 'https://pas.windows.net'}
msal.application: Broker enabled? False
cli.azext_ssh.ssh_utils: Platform architecture: 32bit
cli.azext_ssh.ssh_utils: OS architecture: 64bit
cli.azext_ssh.ssh_utils: System Root: C:\Windows
cli.azext_ssh.ssh_utils: Attempting to run ssh-keygen from path C:\Windows\SysNative\openSSH\ssh-keygen.exe
cli.azext_ssh.ssh_utils: Running ssh-keygen command C:\Windows\SysNative\openSSH\ssh-keygen.exe -f C:\Users\bjo.FNC\AppData\Local\Temp\aadsshcertqe35r_03\id_rsa -t rsa -q -N
fdopen C:\Users\bjo.FNC\AppData\Local\Temp\aadsshcertqe35r_03\id_rsa.pub failed: eother
cli.azure.cli.core.azclierror: Traceback (most recent call last):
File "C:\CliExtensions\ssh\azext_ssh\custom.py", line 359, in _get_modulus_exponent
parser.parse(public_key_text)
File "C:\CliExtensions\ssh\azext_ssh\rsa_parser.py", line 26, in parse
raise ValueError(error_str)
ValueError: Incorrectly formatted public key. Key must be format ' <base64_key>'

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
File "D:\a_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\knack/cli.py", line 233, in invoke
File "D:\a_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/core/commands/init.py", line 663, in execute
File "D:\a_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/core/commands/init.py", line 726, in _run_jobs_serially
File "D:\a_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/core/commands/init.py", line 697, in _run_job
File "D:\a_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/core/commands/init.py", line 333, in call
File "D:\a_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/core/commands/command_operation.py", line 121, in handler
File "C:\CliExtensions\ssh\azext_ssh\custom.py", line 66, in ssh_vm
_do_ssh_op(cmd, ssh_session, op_call)
File "C:\CliExtensions\ssh\azext_ssh\custom.py", line 177, in _do_ssh_op
op_info.cert_file, op_info.local_user = _get_and_write_certificate(cmd, op_info.public_key_file,
File "C:\CliExtensions\ssh\azext_ssh\custom.py", line 219, in _get_and_write_certificate
data = _prepare_jwk_data(public_key_file)
File "C:\CliExtensions\ssh\azext_ssh\custom.py", line 248, in _prepare_jwk_data
modulus, exponent = _get_modulus_exponent(public_key_file)
File "C:\CliExtensions\ssh\azext_ssh\custom.py", line 361, in _get_modulus_exponent
raise azclierror.FileOperationError(f"Could not parse public key. Error: {str(e)}")
azure.cli.core.azclierror.FileOperationError: Could not parse public key. Error: Incorrectly formatted public key. Key must be format ' <base64_key>'

cli.azure.cli.core.azclierror: Could not parse public key. Error: Incorrectly formatted public key. Key must be format ' <base64_key>'
az_command_data_logger: Could not parse public key. Error: Incorrectly formatted public key. Key must be format ' <base64_key>'
cli.knack.cli: Event: Cli.PostExecute [<function AzCliLogging.deinit_cmd_metadata_logging at 0x03D152F8>]
az_command_data_logger: exit code: 1
cli.main: Command ran in 2.260 seconds (init: 0.499, invoke: 1.761)
telemetry.main: Begin splitting cli events and extra events, total events: 1
telemetry.client: Accumulated 0 events. Flush the clients.
telemetry.main: Finish splitting cli events and extra events, cli events: 1
telemetry.save: Save telemetry record of length 3531 in cache
telemetry.check: Returns Positive.
telemetry.main: Begin creating telemetry upload process.
telemetry.process: Creating upload process: "C:\Program Files (x86)\Microsoft SDKs\Azure\CLI2\python.exe C:\Program Files (x86)\Microsoft SDKs\Azure\CLI2\Lib\site-packages\azure\cli\telemetry_init_.pyc C:\Users\bjo.FNC.azure"
telemetry.process: Return from creating process
telemetry.main: Finish creating telemetry upload process.

Expected behavior

Shoulssh and connect automatically

Environment Summary

azure-cli 2.47.0 *

core 2.47.0 *
telemetry 1.0.8

Extensions:
ssh 1.1.6

Dependencies:
msal 1.20.0
azure-mgmt-resource 22.0.0

Python location 'C:\Program Files (x86)\Microsoft SDKs\Azure\CLI2\python.exe'
Extensions directory 'C:\CliExtensions'

Python (Windows) 3.10.10 (tags/v3.10.10:aad5f6a, Feb 7 2023, 17:05:00) [MSC v.1929 32 bit (Intel)]

Legal docs and information: aka.ms/AzureCliLegal

You have 2 update(s) available. Consider updating your CLI installation with 'az upgrade'

Additional context

Public key file referenced is an empty file

[yonzhan]

Thank you for opening this issue, we will look into it.

[ben-oxley-fnc]

Thanks for your quick response. On further investigation we believe this is likely to do with the fact that the user profile is mapped as an NTFS junction (via citrix user profile manager and vhdx file):
Running dir in cmd:

07/27/2023  10:16 AM    <JUNCTION>     bjo.FNC [\\?\Volume{eddf0591-ba76-46b6-a3cc-ce720cdab3f0}\Profiles]

[ben-oxley-fnc]

I can confirm that if I override the ssh to write to another location that is actually a local drive then it works:

az ssh config --overwrite --ip 10.196.244.148 --file C:\Users\Public\ssh
az ssh vm --ip 10.196.244.148 --private-key-file "C:\Users\Public\az_ssh_config\10.196.244.148\id_rsa" --public-key-file "C:\Users\Public\az_ssh_config\10.196.244.148\id_rsa.pub"

[navba-MSFT]

@ben-oxley-fnc Thanks for the update. Could you also try updating your ssh extension to the most recent version by running the below command check if that helps ? Awaiting your reply.

az extension update -n ssh

[ben-oxley-fnc]

I updated to 2.0.1 but I still get the same issue. This seems to be a common thing with NTFS junctions I suspect as I hit a similar problem in pip when trying to update the package. (pypa/pip#10597)

[navba-MSFT]

Adding Service team to look into this.