common/ssh: error if encrypted key is used

01abbc44 · Mitchell Hashimoto · 76a82216 · 01abbc44 · 01abbc44
Commit 01abbc44 authored Sep 03, 2014 by Mitchell Hashimoto
Hide whitespace changes
Inline Side-by-side

Showing with 16 additions and 0 deletions

CHANGELOG.md CHANGELOG.md +2 -0

common/ssh/key.go common/ssh/key.go +14 -0

No files found.
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -20,6 +20,8 @@ IMPROVEMENTS:
 BUG FIXES:
+  * core: nicer error message if an encrypted private key is used for
+      SSH. [GH-1445]
  * builder/amazon-chroot: Can properly build HVM images now. [GH-1360]
  * builder/amazon-chroot: Fix crash in root device check. [GH-1360]
  * builder/amazon-instance: Fix deprecation warning for `ec2-bundle-vol`

--- a/common/ssh/key.go
+++ b/common/ssh/key.go
 package ssh
 import (
+	"encoding/pem"
 	"fmt"
 	"io/ioutil"
 	"os"
@@ -21,6 +22,19 @@ func FileSigner(path string) (ssh.Signer, error) {
 		return nil, err
 	}
+	// We parse the private key on our own first so that we can
+	// show a nicer error if the private key has a password.
+	block, _ := pem.Decode(keyBytes)
+	if block == nil {
+		return nil, fmt.Errorf(
+			"Failed to read key '%s': no key found", path)
+	}
+	if block.Headers["Proc-Type"] == "4,ENCRYPTED" {
+		return nil, fmt.Errorf(
+			"Failed to read key '%s': password protected keys are\n"+
+				"not supported. Please decrypt the key prior to use.", path)
+	}
 	signer, err := ssh.ParsePrivateKey(keyBytes)
 	if err != nil {
 		return nil, fmt.Errorf("Error setting up SSH config: %s", err)