SSHKeys gibt 400er API-Fehler

[pascalku]

Hey,

ich versuche aktuell über die API meine SSH-Keys für eine virtuelle Maschine zu verändern. Wie in den API-Beschreibungen beschrieben sollte dies URL-Encoded werden.

Mein URL-Enkodierter String sieht wie folgt aus:

sshkeys=ssh-rsa+AAAAB3NzaC1yc2EAAAADAQABAAABAQDOHsJsOVOWp3cdkSLN8Nd5rY6YjNdc%2FaK%2B%2BwZ%2FMzol9OW0HrVwtWQe8aa0Wk546m0aLi1WRRDNSGhZbu3dlY3Gj8z9gonEo4IT8sEEq025%2B%2BsgzYe3GbgZZutwRcSQC7AOZY99d3bc5kHzAeHHAprHLPIXMHNWGlJl2U3ZNcxKDDneYJMCTtu5Z3HN0ZRJlPVsDAPn5jbruAsqXxNPCCP%2FAnbhkrzW4yPPrxSQFWjfIcKvYt3iByADLZbmqQCtgfhsEp0Q1MRkTzXgAMWBFS3sC2BPyXaXTwmTpYhXGxWAKHRKCiImmUp9z4FkkZB5ONdsq0gSM4FdIkuJwxXlQ%2FXJ+maxfritz%40Max-MBP.echo.box&ciuser=root

Ich enkodiere in Java wie folgt:

und dabei gibt es leider den folgenden Fehler:

java.io.IOException: Server returned HTTP response code: 400 for URL: https://192.168.178.131:8006/api2/json/nodes/pve/qemu/1203/config
    at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method) ~[na:1.8.0_192]
    at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62) ~[na:1.8.0_192]
    at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45) ~[na:1.8.0_192]
    at java.lang.reflect.Constructor.newInstance(Constructor.java:423) ~[na:1.8.0_192]
    at sun.net.www.protocol.http.HttpURLConnection$10.run(HttpURLConnection.java:1944) ~[na:1.8.0_192]
    at sun.net.www.protocol.http.HttpURLConnection$10.run(HttpURLConnection.java:1939) ~[na:1.8.0_192]
    at java.security.AccessController.doPrivileged(Native Method) ~[na:1.8.0_192]
    at sun.net.www.protocol.http.HttpURLConnection.getChainedException(HttpURLConnection.java:1938) ~[na:1.8.0_192]
    at sun.net.www.protocol.http.HttpURLConnection.getInputStream0(HttpURLConnection.java:1508) ~[na:1.8.0_192]
    at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1492) ~[na:1.8.0_192]
    at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:263) ~[na:1.8.0_192]
    at it.corsinvest.proxmoxve.api.PveClientBase.executeAction(PveClientBase.java:355) [main/:na]
    at it.corsinvest.proxmoxve.api.PveClientBase.create(PveClientBase.java:178) [main/:na]
    at it.corsinvest.proxmoxve.api.PveClient$PVENodes$PVEItemNode$PVEQemu$PVEItemVmid$PVEConfig.setRest(PveClient.java:9391) [main/:na]
    at de.vpsnow.restendpoint.service.impl.ProxmoxDeploymentService.lambda$createServer$0(ProxmoxDeploymentService.java:68) [main/:na]
    at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) ~[na:1.8.0_192]
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) ~[na:1.8.0_192]
    at java.lang.Thread.run(Thread.java:748) ~[na:1.8.0_192]
Caused by: java.io.IOException: Server returned HTTP response code: 400 for URL: https://192.168.178.131:8006/api2/json/nodes/pve/qemu/1203/config
    at sun.net.www.protocol.http.HttpURLConnection.getInputStream0(HttpURLConnection.java:1894) ~[na:1.8.0_192]
    at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1492) ~[na:1.8.0_192]
    at java.net.HttpURLConnection.getResponseCode(HttpURLConnection.java:480) ~[na:1.8.0_192]
    at sun.net.www.protocol.https.HttpsURLConnectionImpl.getResponseCode(HttpsURLConnectionImpl.java:347) ~[na:1.8.0_192]
    at it.corsinvest.proxmoxve.api.PveClientBase.executeAction(PveClientBase.java:352) [main/:na]
    ... 6 common frames omitted

 

[fabian]

sounds like this runs into the following check: https://git.proxmox.com/?p=pve-comm...b1e6906309410f65e5;hb=refs/heads/master#l1548

could you try running that command manually on your public key string (before URL encoding).

 

[pascalku]

I tested the following script using https://www.tutorialspoint.com/execute_perl_online.php:

$line = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQD4sCBpo90yk/J887feZQrmqW1hGjJ3rl7VlVVhF5hA6B8x6TP4JtpM4cPu09nrRbfsLDBxbIibXNqTlWYLeHgmr4ALp1UhvPPBuvKyEcQDdy/3YM1a0Od/lzQH40Vaueea9/OqYEqmlfWJpvw1i66clMPgykAnRTUm6xz7zKVhNZFPdDsnhAgTiRXOIHz9Vd85IU3XGSgbYsv9oifTimO9U4T13uwRpbT8UmMZBOrwynz+gy3NuRiMS54FNmyGXCilGalDYvxBCSyR3zpmPjr3vhRiwjLWkFaBgTSjAWE/FCohCAdTGu8WNHsy4ge2aaix7q5nMv5/WMVDecvPWwq1 maxmustemrann@max-MBP.fritz.box";

eval {
    my ($filename, $handle) = tempfile_contents($line);
    run_command(["ssh-keygen", "-l", "-f", $filename],
        outfunc => sub {}, errfunc => sub {});
};
die "SSH public key validation error\n" if $@;

Still saying that the validation fails. I also created a new key using ssh-keygen -t rsa and it also failed, any ideas?

 

[fabian]

yes - tempfile_contents and run_command are helpers shipped by PVE - that online perl thing does not know about them

I tried with your last key line and our code and it gets accepted. it also works with your original string when I replace the '+' with '%20', since there should be spaces at that part of the public key string. looks to me like your SSH key string gets escaped in a wrong fashion somewhere

 

[pascalku]

Now posting this and it results in an "400" exception where it says that the given key is invalid.

sshkeys=ssh-rsa%20AAAAB3NzaC1yc2EAAAADAQABAAABAQDOHsJsOVOWp3cdkSLN8Nd5rY6YjNdc%2FaK%2B%2BwZ%2FMzol9OW0HrVwtWQe8aa0Wk546m0aLi1WRRDNSGhZbu3dlY3Gj8z9gonEo4IT8sEEq025%2B%2BsgzYe3GbgZZutwRcSQC7AOZY99d3bc5kHzAeHHAprHLPIXMHNWGlJl2U3ZNcxKDDneYJMCTtu5Z3HN0ZRJlPVsDAPn5jbruAsqXxNPCCP%2FAnbhkrzW4yPPrxSQFWjfIcKvYt3iByADLZbmqQCtgfhsEp0Q1MRkTzXgAMWBFS3sC2BPyXaXTwmTpYhXGxWAKHRKCiImmUp9z4FkkZB5ONdsq0gSM4FdIkuJwxXlQ%2FXJ%20maxmustermann%40max-MBP.echo.box&ciuser=root

 

[fabian]

works here. is your client urlencoding the request body as well? if you can dump a request made by your client, and one made by the GUI, you should see the difference