"Unable to extract public key from private key" for ed25519

[LalitMaganti]

If an ed25519 SSH key is created during flux bootstrap adding a ImagePolicy causes the following error to be producer by the image-automation-contoller:

{"level":"error","ts":"2021-06-15T22:29:20.579Z","logger":"controller-runtime.manager.controller.imageupdateautomation","msg":"Reconciler error","reconciler group":"image.toolkit.fluxcd.io","reconciler kind":"ImageUpdateAutomation","name":"flux-system","namespace":"flux-system","error":"unable to clone '<url>', error: Failed to authenticate SSH session: Unable to extract public key from private key."}

Deleting the flux-system secret and changing to an RSA key (by not passing any argument to flux bootstrap) appears to fix the issue.

[LocalAreaNitwit]

Exactly the same issue here.

 {"level":"error","ts":"2021-06-17T09:46:35.545Z","logger":"controller-runtime.manager.controller.imageupdateautomation","msg":"Reconciler error","reconciler group":"image.toolkit.fluxcd.io","reconciler kind":"ImageUpdateAutomation","name":"flux-system","namespace":"flux-system","error":"unable to clone 'ssh://git@GITREPO', error: Failed to authenticate SSH session: Unable to extract public key from private key."}

I will try the work around to confirm it fixes it for us too.

Edit: Deleting flux-system secret and switching to the RSA key works.

[hiddeco]

We think this should have been solved in v0.13.0 of the controller, available in the latest flux release.

[bootc]

@hiddeco unfortunately no luck for me:

{"level":"error","ts":"2021-06-23T09:29:01.736Z","logger":"controller-runtime.manager.controller.imageupdateautomation","msg":"Reconciler error","reconciler group":"image.toolkit.fluxcd.io","reconciler kind":"ImageUpdateAutomation","name":"flux-kubernetes-gitops","namespace":"flux-system","error":"unable to clone 'ssh://[email protected]/bootc/flux-kubernetes-gitops.git', error: Failed to authenticate SSH session: Unable to extract public key from private key."}

[rjhenry]

I saw the same with the latest flux image, but was able to work around it by replacing the secret with a custom one featuring an SSH key that I generated on a machine. It appears as though the private key wasn't in the standard BEGIN OPENSSH PRIVATE KEY format.

[hiddeco]

The latest release of the image-automation-controller (v0.15.0) contains libgit2 linked against OpenSSL and LibSSH2, which based on my research and extensive testing, should solve most issues around private key formats.

[pjbgf]

Today we are releasing version v0.21.0 which consolidates the git implementation and upgrade libgit2 to version 1.3.0.

Can you test it again using the version v0.21.0 and let us know how you get on please?

[pjbgf]

The changes introduced on v0.21.0 should fix this due to the upgrade of libgit2 to 1.3.0.

Closing this due to lack of activity, but happy to re-open in case users are still experiencing the issue on the latest versions of the controller.